Alpha This is a new service – your feedback will help us to improve it.

Menu Search

Stripe

The information on this page is from the privacy notice published by Stripe.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

  • See data they hold about you

    You can ask to see what data Stripe has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Change data they hold about you

    You can ask Stripe to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Delete data they hold about you

    You can ask that Stripe delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Limit how they use data about you

    You can ask that Stripe only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Stop their use of data about you

    You can ask Stripe to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Export data they hold about you

    You can ask Stripe to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

  • Challenge an automated decision

    You can ask Stripe to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    Through their website

    https://www.stripe.com/contact

    By post

    FAO: Stripe Legal, Stripe, 185 Berry Street, Suite 550, San Francisco, CA 94107

Organisation information

Description

Payment initiation service provider

Registration country

USA - Delaware

Registration number

270465600

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

dpo@stripe.com

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • Date of birth

  • Device information

  • Email address

  • Names

  • Postal address

  • Social security number

  • Telephone number

Observations

Stripe indicate that they may also collect information about online activities on third-party websites, devices, apps and other online features and services.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Other stripe entities

  • Identity verification services

  • Website hosting services

  • Data analysis services

  • Information technology services

  • Customer service companies

  • Auditing services

  • Third-party business partners (such as credit card networks)

  • Companies which Stripe acquires or merges with, or who acquire or merge with Stripe

  • Law enforcement agencies, regulatory agencies, and other public and government authorities

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Stripe retain personal data for as long as a customer uses Stripe services, and then for as long as is necessary to comply with their legal and regulatory obligations. Stripe indicate that they also retain personal data to comply with tax, accounting, and financial reporting obligations.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Contract

    We use Personal Data for the purpose of entering into business relationships with prospective Stripe Users, and to perform the contractual obligations under the contacts that we have with Stripe Users. Activities that we conduct in this context include:

    * Creation and management of Stripe accounts and Stripe account credentials, including the evaluation of applications to commence or expand the use of our Services;
    * Creation and management of Stripe Checkout accounts;
    * Accounting, auditing, and billing activities; and
    * Processing of payments with Stripe Checkout, communications regarding such payments, and related customer service.

  • Legal obligation

    We use Personal Data to verify the identity of our Users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as AML (Anti-Money Laundering) and KYC (Know-Your-Customer) obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.

  • Legitimate interests

    We rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes that we have identified as legitimate. In determining the content of this list, we balanced our interests against the legitimate interests and rights of the individuals whose Personal Data we process. We:

    * Monitor, prevent and detect fraud and unauthorized payment transactions;
    * Mitigate financial loss, claims, liabilities or other harm to Users and Stripe;
    * Respond to inquiries, send service notices and provide customer support;
    * Promote, analyze, modify and improve our products, systems, and tools, and develop new products and services;
    * Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;
    * Analyze and advertise our products and services;
    * Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
    * Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
    * Ensure network and information security throughout Stripe and our Services; and
    * Transmit Personal Data within our affiliates for internal administrative purposes.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

The privacy policy contains some basic information about the methods Stripe uses to secure data, including their use of access control among personnel.

How specific is this information?

This organisation provides specific details about how they secure data

US-EU Privacy Shield

Some US organisations use the Privacy Shield Framework to provide adequate protections when data leaves the EEA.

URL

https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

This privacy notice does not appear to have this information.

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

The privacy policy indicates that the general contact form linked throughout the policy can also be used to submit complaints, as well as the postal address.

The policy does not contain any contact details for any European data protection supervisory authorities.

How specific is this information?

This privacy notice doesn't contain specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:15 • Download as JSONAPI documentationView on GitHubView on OpenCorporates