Privacy Policy
Last Updated: May 7, 2020
This Privacy Policy (“Privacy Policy”) describes how SumUp, Inc. and our U.S. affiliates and subsidiaries (collectively, “SumUp,” “us,” “we,” or “our”) collect, use, and share personal information in connection with our website at https://www.sumup.com and any other websites or digital properties that we operate and that post a link to this Privacy Policy (collectively, the “Site”), our mobile applications (collectively, the “App”) our email communications, our card acceptance devices (each, a “Terminal”), and our payment processing, gift card program, and other products and services (together, the “Services”).
We may change this Privacy Policy from time to time by posting the updates to this page. We advise you to review this page regularly to stay informed and to make sure that you keep up to date with any changes. If we make material changes to this Privacy Policy, we will post those changes to this Privacy Policy and update the “Last Updated” date above. If required by law, we will notify you about material changes by email, through posting a notification when you log into our website or when you open our mobile application, or through another manner that is reasonably expected to reach you. In all cases, your continued use of the Services following posting of changes constitutes your acceptance of such changes.
1. COLLECTION OF PERSONAL INFORMATION
1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:
A. Individual Identifiers and Demographic Information
Contact data (such as first and last name, alias, postal address, telephone number, and email address)
Business data (such as your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, company registration, the directors and ultimate beneficial owners)
Online identifiers (such as IP address and other unique identifiers)
Device data (such as device ID, computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, and general location information such as city, state or geographic area)
Account data (such as username and profile information)
Identity data (such as Social Security number, date of birth, driver’s license number, passport number, and previous residences)
B. Sensitive Personal Information
Financial data (such as your bank account numbers, credit rating and report, financial history, share capital and account balances)
Credit/debit card information
Identity data
Criminal history data (such as court judgements against you)
C. Geolocation Data
Geolocation data (such as precise physical location or movements in connection with the App or Terminal)
D. Sensory Data
Audio data (such as customer service call recordings)
E. Commercial Information
Transaction data (such as order history and other records of products or services you have purchased from us, including your consuming histories or tendencies and records of gift cards you have purchased)
Marketing data (such as your preferences for receiving marketing communications)
Survey data (such as the responses your provide in connection with surveys and other promotions)
POS data (such as time, location, transaction amount, payment method and cardholder details)
Online activity data (such as browsing history, search history, IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time, the website you visited before browsing to our website, your visit behavior and other information about your interaction with the Services)
F. Internet or Network Activity
Online activity data
Device data
Online identifiers
G. Professional or Employment-Related Information
Business data
H. Inferences Drawn from Personal Information
May be derived from your financial data, transaction data, identity data, business data, criminal history data, and other information we collect as part of the merchant registration process.
1.2. Sources of Personal Information. We obtain the categories of personal information listed above via the following categories of sources:
Personal Information You Provide. SumUp collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information when you create an account on the Services, register with us as a merchant, sign up to receive our promotional communications, use or access the Services through the Site or the App, participate in one of our surveys or other promotions, submit a request to our customer service team, interact with our social media pages or otherwise interact with us or other Users through the Platform.
Automatic Collection. SumUp may indirectly collect other information from you automatically through the Services. For example, we receive personal information when you navigate to the Site, install and use the App, enable location-based features on the App, and connect a Terminal. We, our service providers and our partners may also collect personal information about you over time and across different websites, apps, and devices and on the Services. Like many online companies, we collect some personal information automatically using cookies or other online tracking technologies as described in our Cookie Policy, available at https://sumup.com/cookies/.
Third Parties. Sumup may receive personal information about you from other third party sources. For example, we receive personal information from our affiliates, business partners, social media sites, or companies that provide personal information to supplement what we already know about you (including identity verification companies and data providers). We may merge or combine such personal information with the other personal information we collect about you. SumUp may also receive information about gift card recipients from the purchaser of a gift card, including the recipient’s name and email address.
2. USE OF PERSONAL INFORMATION
We use personal information for various purposes, including for the purposes set out below and as otherwise described in this Privacy Policy or at the point of collection:
2.1. To Provide Our Products and Services. We use personal information collected about you in order to provide our products and services, including to process your orders and transactions and facilitate delivery, process gift cards, respond to your inquiries and requests, and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.
2.2. To Improve Our Products and Services. We use personal information collected about you in order to improve and personalize our Services, conduct research surveys, understand and analyze usage trends and user preferences, diagnose technical issues, prevent fraud, and develop new features and functionality. For instance, we may enable features in our mobile applications specific to your business.
2.3. Direct Marketing and Interest-Based Advertising. We may use personal information collected about you to communicate with you and inform you about any promotions, incentives and rewards offered by us and/or our partners. For example, we may use cookies or other online tracking technologies to provide customized advertisements, content, and information; monitor and analyze the effectiveness of marketing activities; and track your entries, submissions, and status in any promotions. These might be third party offers we think you might find interesting. These communications may come in the form of interest-based advertising using information gathered across multiple websites, devices, or other platforms.
2.4. To Set Up Your Account. We use your personal information to establish your account. For example, this may include verifying your age, date of birth, and place of residence. If you set up an account to use our Services, we will use the registration information you provide in relation to that account creation to create, maintain, customize, and secure your account.
2.5. Identity Verification and Merchant Registration. If you apply to be a merchant, we use your personal information to verify your identity and determine eligibility for some of our products, services, and promotions. For example, this may include verifying your business data, financial information, criminal history and other information we may be required to process for compliance with anti-money laundering and other laws and fraud prevention.
2.6. Compliance and Safety. We may use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services. We also use personal information to maintain the security, and integrity of our Services, the products and services we offer, our databases and other technology assets, our business, and other users.
2.7. To Communicate with You. We may communicate with you about your account or our relationship. We may also contact you about this Privacy Policy or the terms that govern the Services or our other products or services.
2.8. As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.
3. SHARING OF PERSONAL INFORMATION
We may share your personal information with the entities and individuals listed below or as otherwise described in this Privacy Policy or at the point of collection.
3.1. Related Companies. We may share information collected about you with any member of our group of companies, including subsidiaries, our ultimate holding company and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full service offering. These other services include customer support, legal compliance and fraud monitoring, settlements and internal audit.
3.2. Service Providers. We share personal information with third parties and individuals who perform functions on our behalf and help us run our business. For example, service providers that help us process payment transactions for you include fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process. Service providers also help us perform website hosting, app design, maintenance services, database management, web analytics, app analytics, billing, payment processing, credit risk reduction, marketing, and other purposes.
3.3. Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, or that collect information about your activity on the Site and the App and other online services to help us advertise our products and service, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.
3.4. Business Transferees. We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).
3.5. Authorities and Others. We may also disclose information collected about you if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; (iv) to protect our rights; and (v) for the compliance and safety purposes set forth in Section 2.
3.6. Professional Advisors. We may share your personal information with our professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
3.7. Business Partners. We may share your personal information with our business partners, such as lenders and other companies who facilitate merchant enrollment.
3.8. Gift Cards. If you send a gift card through the Services and provide your name or other personal information, we will disclose that information to the gift card recipient. We may also share personal information with merchants about gift card purchasers and recipients, including contact information. Please note, we are not responsible for the privacy practices of merchants who use our Services or offer gift cards for sale through our Services.
4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
SumUp is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. We may also transfer personal information collected about you to members of our group of companies and third parties acting on our behalf that may be located in countries outside of the USA should this be necessary to facilitate our service to you. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the terms of service related to the use of and access to the Services.
5. SECURITY
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
6. OTHER WEBSITES AND SERVICES
If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. These links are not an endorsement of or representation that we are affiliated with any such third party. In addition, our content may be included on websites or other online services that are not associated with us. We do not accept any responsibility or liability for these other websites and services. You should check and review the third parties’ privacy policies before you submit any information about you to these websites and services.
7. YOUR CHOICES
7.1. Access to Your Personal Information. You may request access to your personal information by contacting us as described below.
7.2. Changes to Your Personal Information. You may make changes to your personal information by logging into your account and updating or correcting your profile and registration information. You may also request to change your personal information by contacting us as described below.
7.3. Deletion of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. If you wish to delete any of your personal information, you may contact us as described below. We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Except as provided above, we will delete, aggregate, or de-identify all of your personal information as described in this subsection within the timeframes required by law.
7.4. Promotional Emails. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.
7.5. Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. For more information about your choices in connection with cookies and similar technologies, see out Cookie Policy, available at https://sumup.com/cookies/.
7.6. Interest-Based Advertising. We participate in interest-based advertising. For more information on your choices in connection with these practices, see our Cookie Policy, available at https://sumup.com/cookies/.
7.7. Privacy Settings and Location Data. Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.
7.8. Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
7.9. Declining to Provide Information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
8. RESIDENTS OF CALIFORNIA
This section applies only to residents of California.
8.1. Notice to California Residents. The section above titled “Collection of Personal Information” describes the personal information we collect, the source of such personal information, and the personal information we disclose for a business purpose by reference to the categories specified in the CCPA, and our practices during the 12 months preceding the last modified date of this Privacy Policy. These categories are used for the business/ commercial purposes described in the section titled “Use of Personal Information,” above. The section titled “Sharing of Personal Information,” above, describes the categories of third parties to whom the personal information was disclosed.
8.2. We Do Not Sell Your Personal Information. Based on our understanding of the term “sell” under the CCPA, we do not “sell” your personal information and have not sold it to third parties for a business or commercial purpose in the 12 months preceding the last modified date of this Privacy Policy.
8.3. Notice of Disclosure for Direct Marketing. Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with SumUp are entitled to ask us for a notice describing what categories of personal information we share with third parties for their direct marketing purposes. This notice will identify the categories of information shared with and will include a list of the third parties with which it is shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the section titled “CONTACTING US” below.
9. EXERCISING YOUR PRIVACY RIGHTS
When exercising the rights or options described in this Privacy Policy, the following guidelines apply:
No Fee Usually Required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.
What We May Need from You. When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time to Respond. We try to respond to all legitimate requests within 30 days of your request. Occasionally it may take us longer than 30 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
No Discrimination. You will not be subject to discrimination as a result of exercising the rights described herein. In some cases, when you exercise one of your rights, we will be unable to comply with the request due to legal obligations or otherwise, or we will be unable to provide you certain products or services. These responses are not discrimination and our reasons for declining your request or ceasing services will be provided at that time.
Authorized Agent. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide the requester’s identification information, the authorized agent’s identification information, and/or any other information that we may request in order to verify the request or the agent’s authority.
10. CONTACTING US
If you have questions or concerns about our Privacy Policy or any other privacy or security issue, or wish to request to exercise one of the rights described in this Privacy Policy, please contact us by email at [email protected] or by phone at 888-250-2164.