Privacy Policy

Last Updated: 13/06/2024

Your privacy is very important to us. This Privacy Policy applies to information we collect when you sign up for products and services provided by SumUp Payments Pty Ltd ACN 645 440 772 ("SumUp", "we", "our" or "us"), when you access or use any of our websites, mobile applications and products, when you speak to our staff, or when you otherwise interact with us (collectively, the “Services”). This policy also applies to information we collect if you have not signed up for our Services, but if you are making payment transactions through our Services.

We may change this Privacy Policy from time to time by posting the updated version on our website. We advise you to review this page regularly to stay informed and to make sure that you are happy with any changes. If we make material changes to this Privacy Policy we will notify you by email or through posting a notification when you log into our website or when you open our mobile application.

In order to use our Services you must accept all terms of this Privacy Policy.

1. The Personal Information We Collect and Hold 

1.1. When you register for a SumUp Account (“Account”) we collect personal information about you including your full name, address, date of birth, email address and telephone number. We also collect information about your business, which may be personal information including your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, the directors and ultimate beneficial owners.

1.2. In order to perform payouts to you based on the transactions that you perform we collect your bank account details.

1.3. For research surveys or marketing purposes we may from time to time collect other information when you register including your preferences and interests.

1.4. In order to verify your identity as required by applicable anti-money laundering laws and in order to prevent fraud we may collect identity information about you from third party agencies. 

1.5. When you use our Services we collect information relating to your transactions including time, location, transaction amount, payment method and cardholder details.

1.6. When you access our website or use any of our mobile applications we may automatically collect information including, but without limitation, your IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time and your visit behaviour.

1.7 We may collect your personal information in relation to your ongoing or potential engagement as an employee, contractor or service provider, including, but without limitation, your employment history, education and training, qualifications, salary and reference information from referees.

1.8 When you use one of our products such as Online Store or Invoices, we may store data related to your end customer such as 

  • Contact information: e.g. your name, phone number, address and email address, if you receive receipts from our Merchants or you are earning loyalty points. 

  • Transactional information: If you are an End Customer, when you make payments to, get refunds from or otherwise transact with a Merchant that uses us to provide payment processing, we will receive transaction data. We process payment method data, credit and debit card information such as card number, expiry date and CVV code, card holder name, transactional data and history, details about what products and/or services you have purchased, loyalty points earned.

  • Information related to legal requirements: e.g. customer due diligence and anti-money laundering requirements, bookkeeping.

  • Behavioural and tracking details: e.g. location data, behavioural patterns, log in data, browser type and version, mobile network information, personal preferences, IP-number, cookie identifiers, unique identifier of devices you use to access and use the Services and our Websites.

  • Communication Data and any other data you give us - Information that you voluntarily provide when contacting us, our support, call recordings, emails or social media, including your inquiries to us, survey responses.

1.9 All information is collected directly from you or generated by you during the course of using our products and services.

2. Collecting, Holding and Using Your Personal Information 

2.1. We collect, use and hold your personal information to provide our Services and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.

2.2. We also collect, use and hold your personal information to improve and personalise our Services. For instance, we may enable features in our mobile applications specific to your business.

2.3. We may collect, use and hold your personal information to communicate with you about news and updates to our Services and to inform you about any promotions, incentives and rewards offered by us and/or our partners, our SumUp Group partners, unless you choose to opt out of such communications.

You can choose to opt out of receiving such communications via the dashboard or by emailing your request to revoke this consent to DPO@sumup.com. We can continue to offer you the SumUp service without this additional service.

2.4. We may also collect, use and hold your personal information collected through cookies and web beacons (see section 6 for more details) to track and analyse usage behaviour and any actions relevant for promotions, incentives and rewards in connection with our Services.

2.5. We may collect, use or hold your personal information to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services.

2.6. We may collect use or hold personal information in relation to your potential or ongoing engagement as an employee, contractor or service provider

3. Disclosing Your Personal Information

3.1. We may disclose your personal information with any member of our group of companies, including subsidiaries, our ultimate holding company and its subsidiaries. This information will be transferred in order to allow us to provide a full service to you, where other companies within our group perform components of the full service offering. These other services include customer support, anti-money laundering, settlements and internal audit.

3.2. We may disclose your personal information to the extent necessary with third parties who perform functions on our behalf including in order to process payment transactions for you including fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process.

3.3. We may also disclose your personal information with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, unless you choose to opt out of such communications.

3.4. We may disclose your personal information with third parties in connection with any merger, sale of company shares or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business.

3.5. We may also disclose your personal information collected if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; and (iv) to protect our rights.

4. Overseas disclosures of personal information 

4.1. We may transfer your personal information to members of our group of companies and third parties acting on our behalf that may be located in countries outside Australia. In particular, we may disclose personal information to recipients in the European Union. 

5. Holding Your Personal Information

5.1. We hold personal information in hardcopy files and electronic form, and use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold about you. 

6. Cookies & Web Beacons

6.1. We use a number of cookies and web beacons within our website and applications. Cookies are small data files which are placed on your computer, mobile device or any other device as you browse our website or use any of our applications or web-based software. Web beacons are small graphic images or other web programming code which may be included in the website and any of our email messages.

6.2. We may use cookies and web beacons for the following purposes: (i) To personalise our Services to you as an individual and to tailor our Services to you based on the preferences you may choose; (ii) to facilitate the effective operation of our websites and applications; (iii) to track website traffic or application usage for statistical purposes and to monitor which pages or features users find useful or not; (iv) to identify you upon Account login and to assist you when resetting your password; (v) to assist in meeting our regulatory obligations, such as anti-money laundering and anti-fraud obligations, and prevent your Account from being hijacked; or (vi) to enable us to link to our group companies’ websites.

6.3. Some cookies may not be related to SumUp. When you visit a page on our website with content embedded from, for example, YouTube or Facebook, cookies may be stored on your computer from these websites. We do not control the dissemination of such third party cookies and you should check these third party websites for more information about these cookies and their privacy policy.

6.4. The cookies or web beacons will never enable us to access any other information about you on your computer, mobile device or any other device other than the information you choose to share with us.

6.5. Most web browsers automatically accept cookies but you may modify your browser settings to decline cookies. Rejecting cookies used by our website, mobile application or web-based software may prevent you from taking full advantage of them and may stop them from operating properly when you use them.

6.6. If you do not consent to our use of the cookies, you must disable the cookies by deleting them or changing your cookie settings on your computer, mobile device or other device or you must stop using the Services. Information on deleting or controlling cookies is available at www.aboutcookies.org.

7. Linking to Other Websites

If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. We do not accept any responsibility or liability for these privacy policies. You should check and review these privacy policies before you submit any information about you to these websites.

8. Your Right to Access and Request Correction of Personal Information

8.1. If you would like to request access to your personal information, or to correct certain personal information, you can do so on the dashboard or alternatively contact us at DPO@sumup.com with your request. We will respond to all requests for access to or correction of personal information within a reasonable period.

9. Complaints 

9.1. If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Data Privacy Officer at the details below.

9.2. We will respond to complaints within a reasonable period of time.

9.3 If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing enquiries@oaic.gov.au.

10. Governing Law and Jurisdiction

10.1. This Privacy Policy shall be governed by and construed under and in accordance with the Law of New South Wales.

10.2. The English language version of this Privacy Policy shall be binding. Any translation or other language version of this Privacy Policy shall be provided for convenience only. In the event of a conflict between the English version and any translation or other language version of this Privacy Policy, the English-language version shall prevail.

10.3. This Privacy Policy (including, if applicable, our Terms and Conditions) specify the entire agreement between you and us and supersede any and all prior agreements, terms, warranties and/or representations to the fullest extent permitted by the Law.

11. Contact

If you would like any further information about how we handle personal information, please lodge a request with our Data Privacy Officer whose contact details are provided below:

SumUp Payments Pty Limited

Email: DPO@sumup.com