Privacy Policy

Last Updated: April 7, 2022

This Privacy Policy (“Privacy Policy”) describes how SumUp, Inc. and our U.S. affiliates and subsidiaries (collectively, “SumUp,” “us,” “we,” or “our”) collect, use, and share personal information in connection with our website at www.sumup.com and any other websites or digital properties that we operate and that post a link to this Privacy Policy (collectively, the “Site”), our mobile applications (collectively, the “App”) our email communications, our card acceptance devices (each, a “Terminal”), and our payment processing, gift card program, and other products and services (together, the “Services”).

We may change this Privacy Policy from time to time by posting the updates to this page. We advise you to review this page regularly to stay informed and to make sure that you keep up to date with any changes. If we make material changes to this Privacy Policy, we will post those changes to this Privacy Policy and update the “Last Updated” date above. If required by law, we will notify you about material changes by email, through posting a notification when you log into our website or when you open our mobile application, or through another manner that is reasonably expected to reach you. In all cases, your continued use of the Services following posting of changes constitutes your acceptance of such changes.

1. COLLECTION OF PERSONAL INFORMATION

1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:

A. Individual Identifiers and Demographic Information

  • Contact data (such as first and last name, alias, postal address, telephone number, and email address)

  • Business data (such as your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, company registration, the directors and ultimate beneficial owners)

  • Online identifiers (such as IP address and other unique identifiers)

  • Device data (such as device ID, computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, and general location information such as city, state or geographic area)

  • Account data (such as username and profile information)

  • Identity data (such as Social Security number, date of birth, driver’s license number, passport number, and previous residences)

B. Sensitive Personal Information

  • Financial data (such as your bank account numbers, credit rating and report, financial history, share capital and account balances)

  • Credit/debit card information

  • Identity data

  • Criminal history data (such as court judgements against you)

C. Geolocation Data

  • Geolocation data (such as precise physical location or movements in connection with the App or Terminal)

D. Sensory Data

  • Audio data (such as customer service call recordings)

E. Commercial Information

  • Transaction data (such as order history and other records of products or services you have purchased from us, including your consuming histories or tendencies and records of gift cards you have purchased)

  • Marketing data (such as your preferences for receiving marketing communications)

  • Survey data (such as the responses you provide in connection with surveys and other promotions)

  • POS data (such as time, location, transaction amount, payment method and cardholder details)

  • Online activity data (such as browsing history, search history, IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time, the website you visited before browsing to our website, your visit behavior and other information about your interaction with the Services)

F. Internet or Network Activity

  • Online activity data

  • Device data

  • Online identifiers

G. Professional or Employment-Related Information

  • Business data

H. Inferences Drawn from Personal Information

  • May be derived from your financial data, transaction data, identity data, business data, criminal history data, and other information we collect as part of the merchant registration process

1.2. Sources of Personal Information. We obtain the categories of personal information listed above via the following categories of sources:

  • Personal Information You Provide. SumUp collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information when you create an account on the Services, register with us as a merchant, sign up to receive our promotional communications, white papers, or other materials, use or access the Services through the Site or the App, participate in one of our surveys or other promotions, submit a request to our customer service team, interact with our social media pages or otherwise interact with us or other Users through the Platform.

  • Automatic Collection. SumUp may indirectly collect other information from you automatically through the Services. For example, we receive personal information when you navigate to the Site, install and use the App, enable location-based features on the App, and connect a Terminal. We, our service providers and our partners may also collect personal information about you over time and across different websites, apps, and devices and on the Services. Like many online companies, we collect some personal information automatically using cookies or other online tracking technologies as described in our Cookie Policy, available at https://sumup.com/cookies/.

  • Third Parties. SumUp may receive personal information about you from other third party sources. For example, we receive personal information from our affiliates, business partners (such as merchants), social media sites, third party services that you connect to your account on the Services, public sources, and/or companies that provide personal information to supplement what we already know about you (including identity verification companies and data providers). We may merge or combine such personal information with the other personal information we collect about you. SumUp may also receive information about gift card recipients from the purchaser of a gift card, including the recipient’s name and email address. Some merchants and other users may also refer colleagues or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.

2. USE OF PERSONAL INFORMATION

We use personal information for various purposes, including for the purposes set out below and as otherwise described in this Privacy Policy or at the point of collection:

2.1. To Provide Our Products and Services. We use personal information collected about you in order to provide our products and services, including to process your orders and transactions and facilitate delivery, process gift cards, respond to your inquiries and requests, and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.

2.2. To Improve Our Products and Services. We use personal information collected about you in order to improve and personalize our Services, conduct research surveys, understand and analyze usage trends and user preferences, diagnose technical issues, prevent fraud, and develop new features and functionality. For instance, we may enable features in our mobile applications specific to your business.

2.3. Direct Marketing and Interest-Based Advertising. We may use personal information collected about you to communicate with you and inform you about any promotions, incentives and rewards offered by us and/or our partners. For example, we may use cookies or other online tracking technologies to provide customized advertisements, content, and information; monitor and analyze the effectiveness of marketing activities; and track your entries, submissions, and status in any promotions. These might be third party offers we think you might find interesting. These communications may come in the form of interest-based advertising using information gathered across multiple websites, devices, or other platforms.

2.4. To Set Up Your Account. We use your personal information to establish your account. For example, this may include verifying your age, date of birth, and place of residence. If you set up an account to use our Services, we will use the registration information you provide in relation to that account creation to create, maintain, customize, and secure your account.

2.5. Identity Verification and Merchant Registration. If you apply to be a merchant, we use your personal information to verify your identity and determine eligibility for some of our products, services, and promotions. For example, this may include verifying your business data, financial information, criminal history, credit history, and other information we may be required to process for compliance with anti-money laundering and other laws and fraud prevention.

2.6. Compliance and Safety. We may use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services. We also use personal information to maintain the security, and integrity of our Services, the products and services we offer, our databases and other technology assets, our business, and other users.

2.7. To Communicate with You. We may communicate with you about your account or our relationship. We may also contact you about this Privacy Policy or the terms that govern the Services or our other products or services.

2.8. As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.

3. SHARING OF PERSONAL INFORMATION

We may share your personal information with the entities and individuals listed below or as otherwise described in this Privacy Policy or at the point of collection.

3.1. Related Companies. We may share information collected about you with any member of our group of companies, including subsidiaries, affiliates, our ultimate holding company and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full service offering. These other services include customer support, legal compliance and fraud monitoring, settlements and internal audit.

3.2. Service Providers. We share personal information with third parties and individuals who perform functions on our behalf and help us run our business. For example, service providers that help us process payment transactions for you include fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process. Service providers also help us perform website hosting, app design, maintenance services, database management, web analytics, app analytics, billing, payment processing, credit risk reduction, marketing, and other purposes.

3.3. Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, including affiliate marketing partners. Some of our advertising partners may collect information about your activity on the Site and the App and across other websites and online services to help us advertise our products and services, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

3.4. Affiliate Marketing Services. We use affiliates to generate traffic and leads. These may collect collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes.

Our current affiliates:

Rakuten - https://rakutenadvertising.com/legal-notices/services-privacy-policy/

CJ - https://www.cj.com/legal/privacy-policy-services

Awin - https://www.awin.com/ie/privacy

Tune - https://www.tune.com/resources/data-and-privacy/privacy-policies/

3.5. Business Transferees. We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).

3.6. Authorities and Others. We may also disclose information collected about you if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; (iv) to protect our rights; and (v) for the compliance and safety purposes set forth in Section 2.

3.7. Professional Advisors. We may share your personal information with our professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.

3.8. Business Partners. We may share your personal information with our business partners, such as lenders, banks, and other companies who facilitate merchant enrollment. If you connect the Services to a third party service or account, such as your bank or other financial services provider, we will share certain personal information with the third party service.

3.9. Gift Cards. If you send a gift card through the Services and provide your name or other personal information, we will disclose that information to the gift card recipient. We may also share personal information with merchants about gift card purchasers and recipients, including contact information. Please note, we are not responsible for the privacy practices of merchants who use our Services or offer gift cards for sale through our Services.

3.10. Other Users and the Public. If you post or otherwise provide a testimonial, review, or other form of feedback to us through the Services, your information may be displayed to other users or the public and we may use it for our marketing and other business purposes. For example, if you submit a review to any product pages, your username, review, and other information that you provide may be posted publicly for review by others.

4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

SumUp is based in the United States of America. For users outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. We may also transfer personal information collected about you to members of our group of companies and third parties acting on our behalf that may be located in countries outside of the USA should this be necessary to facilitate our service to you. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the terms of service related to the use of and access to the Services.

5. SECURITY

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.

6. OTHER WEBSITES AND SERVICES

If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. These links are not an endorsement of or representation that we are affiliated with any such third party. In addition, our content may be included on websites or other online services that are not associated with us. We do not accept any responsibility or liability for these other websites and services. You should check and review the third parties’ privacy policies before you submit any information about you to these websites and services.

7. YOUR CHOICES

7.1. Access to Your Personal Information. You may request access to your personal information by contacting us as described below.

7.2. Changes to Your Personal Information. You may make changes to your personal information by logging into your account and updating or correcting your profile and registration information. You may also request to change your personal information by contacting us as described below.

7.3. Deletion of Your Personal Information. Typically, we retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. If you wish to delete any of your personal information, you may contact us as described below. We will grant a request to delete information as required by law, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another one of our business purposes. Except as provided above, we will delete, aggregate, or de-identify all of your personal information as described in this subsection within the timeframes required by law.

7.4. Promotional Emails and Text Messages. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.7.5. Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser’s settings. For more information about your choices in connection with cookies and similar technologies, see out Cookie Policy, available at https://sumup.com/cookies/.

7.6. Interest-Based Advertising. We participate in interest-based advertising. For more information on your choices in connection with these practices, see our Cookie Policy, available at https://sumup.com/cookies/.

7.7. Privacy Settings and Location Data. Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.

7.8. Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

7.9. Declining to Provide Information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.

8. RESIDENTS OF CALIFORNIA

This section applies only to residents of California. It describes how we collect, use and share personal information of California residents when we act as a “business” as defined under California privacy laws, and their rights with respect to their personal information.

8.1. Notice to California Residents. The section above titled “Collection of Personal Information” describes the personal information we have collected in the preceding twelve months and the source of such personal information. the business and commercial purposes for which we collected such personal information is described in the section titled “Use of Personal Information,” above. The section titled “Sharing of Personal Information,” above, describes the categories of third parties to whom the personal information was disclosed.

Each of the personal information categories described above in the section called “Collection of Personal Information” may be disclosed for the business purposes described in this Privacy Policy. In addition, when we share personal information with certain third parties, such as our advertising partners like Google and Facebook, it may be considered a “sale” of personal information under California privacy laws. In the preceding twelve months, we have disclosed the following categories of personal information (as described in the “Collection of Personal Information” section) for purposes that may qualify as a “sale” under California law:

  • Contact data (Individual Identifiers and Demographic Information);

  • Online identifiers (Individual Identifiers and Demographic Information, Internet or Network Activity);

  • Device data (Individual Identifiers and Demographic Information, Internet or Network Activity);

  • Transaction data (Commercial Information);

  • Marketing data (Commercial Information); and

  • Online activity data (Commercial Information, Internet or Network Activity).

8.2. Your California Privacy Rights. California privacy laws may provide California residents with the rights listed below:

  • Right to Access. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve months, including:

    • The categories of personal information we collected about you;

    • The categories of sources of the personal information we collected about you;

    • Our business or commercial purpose for collecting or selling that personal information;

    • The categories of third parties with whom we share that personal information; and

    • The specific pieces of personal information we collected about you.

  • Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

  • Right to Opt-Out of Sales. If we “sell” your personal information or pro, you can opt-out. Requests to opt-out will also be treated as a request under

  • Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form or legally prohibited increases in the price or decreases in the quality of our products and services.

Please note, these rights are not absolute and in some cases we may not be able to respond your request, such as when a legal exemption applies or if we are not able to verify your identity.

8.3. How to Exercise Your California Privacy Rights

  • Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us and provide the information we request that is required to verify your request by:

    • Emailing us at [email protected], or

    • Sending us mail at 2000 Central Ave Suite 100, Boulder, CO 80301, United States.

Right to Opt-Out of the “Sale” of Personal Information. Under California law, some of the data we share with our advertising partners may qualify as a “sale” as defined under the CCPA. To exercise your right to opt-out of such “sale”, please email us at [email protected] or contact us by phone at 888-250-2164, You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.

When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within 45 days of your request. Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.

You may also designate an authorized agent to make a request on your behalf. If you do so, we may require the requester’s proof of identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify your request, including evidence of valid permission for the authorized agent to act on your behalf.

10. CONTACTING US

If you have questions or concerns about our Privacy Policy or any other privacy or security issue, or wish to request to exercise one of the rights described in this Privacy Policy, please contact us by email at [email protected] or by phone at 888-250-2164.