PayPal

We read PayPal's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a request

Organisation information

Description

Payment initiation service provider

Registration country

Luxembourg

Registration number

B118349

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

dpo@paypal.com

Postal address

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank transactions

  • Credit history

  • Device information

  • Email address

  • Location

  • Names

  • Postal address

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Payment processors

  • Auditing services

  • Customer service outsourcing

  • Credit reference and fraud agencies

  • Financial products services

  • Commercial partnerships

  • Marketing and public relations

  • Operational services

  • Other PayPal Group companies

  • Legal services

  • Agencies

How specific is this information?

Third parties are listed by name

Observations

PayPal provide a breakdown of specific named third-parties with which data may be shared. This list is very long and is available at: https://www.paypal.com/uk/webapps/mpp/ua/third-parties-list

Retention rules

Organisations must give details about how long data is kept.

This privacy notice does not appear to have this information.

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    - To market to you by delivering marketing materials about PayPal products and online Services and the products and services of unaffiliated businesses
    - To provide personalised Services offered by PayPal on third-party websites
    - To provide you with location-specific options, functionality or offers
    - To make it easier for you to find and connect with others
    - To respond to your requests

  • Contract

    - To operate the Sites and provide the Services

  • Legal obligation

    - To comply with our obligations and to enforce the terms of our Sites and Services
    - To manage risk and protect the Sites, the Services and you from fraud by verifying your identity

  • Legitimate interests

    - To manage our business needs
    - To enforce the terms of our Sites and Services;
    - To manage our everyday business needs, such as monitoring, analysing
    - To anonymise Personal data in order to provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services.
    - To manage risk and protect the Sites, the Services and you from fraud by verifying your identity

Observations

PayPal do not break down their justifications for processing data into individual interests.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

PayPal's privacy policy contains a section about securing personal data but it does not mention any of the specific measures they take to do so.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

They indicate that automated decision making is used with user consent for decisions concerning credit, or where it is "necessary for the entry into or performance of a contract", or where it is authorised by Union or Member State law.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

This privacy notice does not contain information about to make a complaint to a data protection regulator.

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a request

  • See data they hold about you

    You can ask to see what data PayPal has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Change data they hold about you

    You can ask PayPal to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Delete data they hold about you

    You can ask that PayPal delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Limit how they use data about you

    You can ask that PayPal only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Stop their use of data about you

    You can ask PayPal to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Export data they hold about you

    You can ask PayPal to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

  • Challenge an automated decision

    You can ask PayPal to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    By email

    Email dpo@paypal.com using a template.

    Template

    Copy template to clipboard

    By post

    PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg

    Observations from contributor

    "Please contact us if you require more information on automated-decision making."

Last updated 2019-01-31 at 10:01:06 • Download as JSONAPI documentationView on GitHubView on OpenCorporates