Alpha This is a new service – your feedback will help us to improve it.

Menu Search


The information on this page is from the privacy notice published by iZettle.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

Organisation information


Point of sale products for small businesses

Registration country


Registration number


Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

This section hasn't been completed yet. Help us by updating it on GitHub.

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • Credit history

  • Device information

  • Email address

  • Names

  • Online activity

  • Passwords

  • Postal address

  • Telephone number


Examples given under broader categories

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.


"To be able to administer participation in competitions and/or events"

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Rest of iZettle Group

  • Merchants (when a customer is using an iZettle Merchant)

  • Bisnode

  • Schufa

  • Experian

  • Callcredit

  • LexisNexis

  • Creditsafe

  • UC AB

  • Designated banks and relevant card networks

  • IT suppliers

  • Marketing suppliers

  • Tax authorities

  • Law enforcement

How specific is this information?

Third parties are listed as groups


Credit agency partners are listed by name

Retention rules

Organisations must give details about how long data is kept.


Preventing, detecting and investigating money laundering, terrorist financing and fraud: minimum five (5) years after termination of the business connection

Bookkeeping regulations: seven (7) years

Details on performance of an agreement: up to ten (10) years after end of customer relationship to defend against possible claims

Recorded telephone calls to our support: up to ninety (90) days from telephone call to support.


States that retention rules vary from country to country. Retention rules relate to reasons for keeping data.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions


This information is available on the privacy policy under "What information do we process about you, for what purposes and how is it lawful for us to do it?" Each processing activity is sometimes split across two lawful bases

Security standards

Organisations must ensure that data is stored and processed securely.


Appropriate technical measures have been implemented. iZettle is PCI-DSS Level 1 certified.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.


Adequate protections are provided by this organisations Terms of Service


Uses Standard Contractual Clauses for third country transfer, and Privacy Shield for US transfer. Also mentions transfer to Australia under standard clauses.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.


This organisation does not use automated decision making

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.


This privacy notice contains information about to make a complaint to a data protection regulator


Details for Swedish and British data regulators.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.


This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:15 • Download as JSONAPI documentationView on GitHubView on OpenCorporates