Last Updated: May 7, 2020
1. COLLECTION OF PERSONAL INFORMATION
1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:
A. Individual Identifiers and Demographic Information
Contact data (such as first and last name, alias, postal address, telephone number, and email address)
Business data (such as your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, company registration, the directors and ultimate beneficial owners)
Online identifiers (such as IP address and other unique identifiers)
Device data (such as device ID, computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, and general location information such as city, state or geographic area)
Account data (such as username and profile information)
Identity data (such as Social Security number, date of birth, driver’s license number, passport number, and previous residences)
B. Sensitive Personal Information
Financial data (such as your bank account numbers, credit rating and report, financial history, share capital and account balances)
Credit/debit card information
Criminal history data (such as court judgements against you)
C. Geolocation Data
Geolocation data (such as precise physical location or movements in connection with the App or Terminal)
D. Sensory Data
Audio data (such as customer service call recordings)
E. Commercial Information
Transaction data (such as order history and other records of products or services you have purchased from us, including your consuming histories or tendencies and records of gift cards you have purchased)
Marketing data (such as your preferences for receiving marketing communications)
Survey data (such as the responses your provide in connection with surveys and other promotions)
POS data (such as time, location, transaction amount, payment method and cardholder details)
Online activity data (such as browsing history, search history, IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time, the website you visited before browsing to our website, your visit behavior and other information about your interaction with the Services)
F. Internet or Network Activity
Online activity data
G. Professional or Employment-Related Information
H. Inferences Drawn from Personal Information
May be derived from your financial data, transaction data, identity data, business data, criminal history data, and other information we collect as part of the merchant registration process.
1.2. Sources of Personal Information. We obtain the categories of personal information listed above via the following categories of sources:
Personal Information You Provide. SumUp collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information when you create an account on the Services, register with us as a merchant, sign up to receive our promotional communications, use or access the Services through the Site or the App, participate in one of our surveys or other promotions, submit a request to our customer service team, interact with our social media pages or otherwise interact with us or other Users through the Platform.
Third Parties. Sumup may receive personal information about you from other third party sources. For example, we receive personal information from our affiliates, business partners, social media sites, or companies that provide personal information to supplement what we already know about you (including identity verification companies and data providers). We may merge or combine such personal information with the other personal information we collect about you. SumUp may also receive information about gift card recipients from the purchaser of a gift card, including the recipient’s name and email address.
2. USE OF PERSONAL INFORMATION
2.1. To Provide Our Products and Services. We use personal information collected about you in order to provide our products and services, including to process your orders and transactions and facilitate delivery, process gift cards, respond to your inquiries and requests, and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.
2.2. To Improve Our Products and Services. We use personal information collected about you in order to improve and personalize our Services, conduct research surveys, understand and analyze usage trends and user preferences, diagnose technical issues, prevent fraud, and develop new features and functionality. For instance, we may enable features in our mobile applications specific to your business.
2.4. To Set Up Your Account. We use your personal information to establish your account. For example, this may include verifying your age, date of birth, and place of residence. If you set up an account to use our Services, we will use the registration information you provide in relation to that account creation to create, maintain, customize, and secure your account.
2.5. Identity Verification and Merchant Registration. If you apply to be a merchant, we use your personal information to verify your identity and determine eligibility for some of our products, services, and promotions. For example, this may include verifying your business data, financial information, criminal history and other information we may be required to process for compliance with anti-money laundering and other laws and fraud prevention.
2.6. Compliance and Safety. We may use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services. We also use personal information to maintain the security, and integrity of our Services, the products and services we offer, our databases and other technology assets, our business, and other users.
2.8. As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.
3. SHARING OF PERSONAL INFORMATION
3.1. Related Companies. We may share information collected about you with any member of our group of companies, including subsidiaries, our ultimate holding company and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full service offering. These other services include customer support, legal compliance and fraud monitoring, settlements and internal audit.
3.2. Service Providers. We share personal information with third parties and individuals who perform functions on our behalf and help us run our business. For example, service providers that help us process payment transactions for you include fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process. Service providers also help us perform website hosting, app design, maintenance services, database management, web analytics, app analytics, billing, payment processing, credit risk reduction, marketing, and other purposes.
3.3. Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, or that collect information about your activity on the Site and the App and other online services to help us advertise our products and service, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.
3.4. Business Transferees. We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).
3.5. Authorities and Others. We may also disclose information collected about you if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; (iv) to protect our rights; and (v) for the compliance and safety purposes set forth in Section 2.
3.6. Professional Advisors. We may share your personal information with our professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
3.7. Business Partners. We may share your personal information with our business partners, such as lenders and other companies who facilitate merchant enrollment.
3.8. Gift Cards. If you send a gift card through the Services and provide your name or other personal information, we will disclose that information to the gift card recipient. We may also share personal information with merchants about gift card purchasers and recipients, including contact information. Please note, we are not responsible for the privacy practices of merchants who use our Services or offer gift cards for sale through our Services.
4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
SumUp is based in the United States of America. If you are from a country outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. We may also transfer personal information collected about you to members of our group of companies and third parties acting on our behalf that may be located in countries outside of the USA should this be necessary to facilitate our service to you. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the terms of service related to the use of and access to the Services.
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
6. OTHER WEBSITES AND SERVICES
If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. These links are not an endorsement of or representation that we are affiliated with any such third party. In addition, our content may be included on websites or other online services that are not associated with us. We do not accept any responsibility or liability for these other websites and services. You should check and review the third parties’ privacy policies before you submit any information about you to these websites and services.
7. YOUR CHOICES
7.1. Access to Your Personal Information. You may request access to your personal information by contacting us as described below.
7.2. Changes to Your Personal Information. You may make changes to your personal information by logging into your account and updating or correcting your profile and registration information. You may also request to change your personal information by contacting us as described below.
7.4. Promotional Emails. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us as described below. You may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.
7.7. Privacy Settings and Location Data. Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.
7.8. Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
7.9. Declining to Provide Information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
8. RESIDENTS OF CALIFORNIA
This section applies only to residents of California.
8.3. Notice of Disclosure for Direct Marketing. Under California Civil Code sections 1798.83-1798.84, California residents who have an established business relationship with SumUp are entitled to ask us for a notice describing what categories of personal information we share with third parties for their direct marketing purposes. This notice will identify the categories of information shared with and will include a list of the third parties with which it is shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit your request to the address listed in the section titled “CONTACTING US” below.
9. EXERCISING YOUR PRIVACY RIGHTS
No Fee Usually Required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.
What We May Need from You. When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time to Respond. We try to respond to all legitimate requests within 30 days of your request. Occasionally it may take us longer than 30 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
No Discrimination. You will not be subject to discrimination as a result of exercising the rights described herein. In some cases, when you exercise one of your rights, we will be unable to comply with the request due to legal obligations or otherwise, or we will be unable to provide you certain products or services. These responses are not discrimination and our reasons for declining your request or ceasing services will be provided at that time.
Authorized Agent. You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide the requester’s identification information, the authorized agent’s identification information, and/or any other information that we may request in order to verify the request or the agent’s authority.
10. CONTACTING US