PayPal Plus Agreement

>> View all legal agreements

PayPal Plus Agreement

Effective Date: You agree that this PayPal Plus Agreement shall be effective starting December 18, 2020.



1. Introduction and Important Information

2. PayPal Plus Integration and Requirements

3. Data Security; Data Protection; Data Portability

4. PayPal Seller Protection


1. Introduction and Important Information.

PayPal Plus is an optimized checkout for Receiving Users that enables individuals who do not hold a PayPal Account to process payments (“PayPal Plus”).

PayPal Plus is only available to eligible Receiving Users and upon prior application. Eligibility to PayPal Plus is at PayPal’s sole discretion, as set forth in Section 2 (“PayPal Plus Integration and Requirements”) below.

This PayPal Plus Agreement ("PayPal Plus Agreement") is a contract entered into by and between you, Receiving User, and PayPal do Brasil Serviços de Pagamentos Ltda. (“PayPal”), a company organized and existing under the laws of Brazil, enrolled in the Corporate Taxpayers’ Register of the Ministry of Finance (“CNPJ/MF”) under No. 10.878.448/0001-66, with offices in the City of São Paulo, State of São Paulo, at Avenida Paulista, 1048, 13th and 14th floors, CEP 01310-100, and applies to your use of the PayPal Services to accept online payments using PayPal Plus.

All capitalized words and expressions used herein shall have the meanings ascribed to them in this PayPal Plus Agreement or in PayPal User Agreement. The headings below are for reference only and do not limit the scope of each section.

You must read, agree with and accept all of the terms and conditions contained in this PayPal Plus Agreement in order to use PayPal Plus to accept online payments. By using PayPal Plus, you acknowledge that you have agreed to this PayPal Plus Agreement.

This PayPal Plus Agreement, with the PayPal User Agreement and any other agreement in which you have entered into with PayPal (collectively " PayPal Agreements"), apply to your use of PayPal Plus. If any inconsistency exists between the terms of the PayPal User Agreement and this PayPal Plus Agreement, PayPal Plus Agreement shall control your use of PayPal Plus.

PayPal Agreements are electronic agreements available on PayPal Legal Agreements Page, as well as the policies that are part of PayPal Agreements and that are available on the same page.

PayPal reserves the right to amend the terms of PayPal Plus Agreement at any time, without prior notice, by posting a revised version on its website, through the PayPal Plus Agreement’s link. Any new revised version will be effective at the time it is posted on the aforesaid link. If such version includes a Substantial Change, we will provide you with a, at least, 30-day prior notice of any Substantial Change by email or by posting a notice on the "Agreement Updates" page of our website, through the Policy Update link.

This PayPal Plus Agreement amends and restates any other agreement entered by you and PayPal in the past in connection with your use of PayPal Plus, unless otherwise agreed between you and PayPal.

The continuous use of PayPal Plus after the new revised version of this PayPal Plus Agreement becomes effective, shall automatically imply Receiving User’s full knowledge and acceptance of all terms and conditions thereof.

PayPal reserves the right to suspend or limit your access to PayPal Plus and/or PayPal Services immediately if you violate any terms of this PayPal Plus Agreement, PayPal User Agreement and any other PayPal policy. Please note the following risks of using the PayPal Services, as set forth on PayPal User Agreement:

i. If you qualify as a Receiving User, the payments received in your Account may be reversed at a later time, for example, if a payment is subject to a Chargeback, Reversal, Claim, or is otherwise invalidated. This means that a payment may be reversed from your Account after you, as a Receiving User, have provided the products or services that were purchased by a Paying User.

ii. Receiving Users may lower the risk of a payment being reversed from their Account by following the criteria set out in PayPal’s User Agreement and by following the other security guidelines provided in the "Security Center" page of the PayPal website; and

iii. PayPal reserves the right to close, suspend, or limit your access to your Account or to the PayPal Services, and/or limit access to the funds held in your Account if you violate the PayPal User Agreement, the PayPal Acceptable Use Policy, or any other agreement you may have entered into with PayPal.

Back to top


2. PayPal Plus Integration and Requirements.

At PayPal’s exclusive criteria, PayPal Plus may be integrated on your website in two different formats: i) in context screen or ii) mini browser.

You may request PayPal Plus integration on your website by contacting PayPal Customer Service or your PayPal account manager. If your website is hosted in a Platform that offers PayPal Plus as a checkout option, you may request PayPal Plus integration by sending your request through the Platform.

To be eligible to use PayPal Plus, you must have a PayPal Account in good standing and provide certain business, operations and/or financial information as requested by PayPal, in order to PayPal to proceed with a review of your business and website. You also need to be compliant with Payment Card Industry Data Security Standards (PCI DSS) and Payment Application Data Security Standards (PA DSS) if you integrate PayPal Plus with in context screen, as set forth in Section 3 (“Data Security”) below.

PayPal will review the information provided by you and answer, in a timely manner, if you are approved or not to use PayPal Plus. You must be previously approved by PayPal to use PayPal Plus.

After your request to use PayPal Plus is approved, you may integrate PayPal Plus, according to PayPal Plus’ integration guidelines that will be informed to you by PayPal.

PayPal reserves the right to reassess your eligibility for PayPal Plus at any time if your business and/or website become different from the information you provided when you requested PayPal Plus integration.

Back to top


3. Data Security; Data Protection; Data Portability

You agree to comply with all applicable laws and rules in connection with the collection, security and sharing of any personal or transaction information ("Data") on your website. You are fully responsible for the security of any Data on your website or otherwise in your possession or control. With regard to any personal data processed by either you or PayPal in connection with this PayPal Plus Agreement, you and PayPal will respectively each be a data controller in respect of such processing. You and PayPal each agrees to comply with the requirements of the data protection laws applicable to data controllers in respect of the provision of the services provided under this PayPal Plus Agreement and otherwise in connection with this agreement, including with respect to the information provided by PayPal to you pursuant to the PayPal Privacy Statement. For the avoidance of doubt, you and PayPal each have their own, independently determined privacy policies, notices and procedures for the personal data they hold and are each a data controller (and not joint data controllers). In complying with the data protection laws, you and PayPal each shall, without limitation:

  1. implement and maintain at all times all appropriate security measures in relation to the processing of personal data;
  2. maintain a record of all processing activities carried out under this PayPal Plus Agreement; and
  3. not knowingly do anything or permit anything to be done which might lead to a breach by the other party of the applicable data protection laws.

With respect to your data transfers to PayPal of your customers located in the European Union, Switzerland, the Europeans Economic Area, and/or their member states and the United Kingdom, we each agree that (i) your signing of the Agreement will be deemed to be signature and acceptance of the Controller to Controller Standard Contractual Clauses approved by EC Commission Decision of 27 December 2004 (C(2004)5721) (“C2C Transfer Clauses”) by Merchant, as the data exporter and (ii) PayPal’s signature of this Agreement will be deemed to be signature and acceptance of the C2C Transfer Clauses by PayPal, as the data importer. In the event the European Commission revises and thereafter publishes new C2C Transfer Clauses or as otherwise required or implemented by the European Commission, the parties agree that such new C2C Transfer Clauses will supersede the present C2C Transfer Clauses. The C2C Transfer Clauses will be incorporated into the Agreement by reference and will be considered duly executed between the parties upon entering into force of this Agreement subject to the following details:

  1. PayPal agrees it will process the personal data of your customers in accordance with Set II, clauses II(h)(iii) of the C2C Transfer Clauses and by signing the Agreement it will be deemed to duly initial and accept such clause II(h)(iii); and
  2. The parties agree that the details required under the C2C transfer Clauses Annex B are as set forth on Annex 1.

You agree that you shall be compliant with the PCI DSS and the PA DSS at all times while using PayPal Plus with in context screen, to the extent required for integrating and maintaining PayPal Plus on your website.

In order to integrate and maintain PayPal Plus with in context screen, you shall fill in and/or provide any and all documentation required to be compliant with PCI DSS and PA DSS. You agree to promptly provide PayPal with any documentation evidencing compliance with PCI DSS and/or PA DSS upon request by PayPal. Failure to comply with such requirement shall be deemed a Restricted Activity, pursuant to PayPal’s User Agreement, and may result in the adoption of the measures described in PayPal’s User Agreement, including, but not limited to placing Reserves on funds held in your PayPal Account and immediate suspension of PayPal Plus processing capabilities, without incurring in any penalty to PayPal.

If PayPal believes that a security breach and/or compromise of Data on your website has occurred and/or that you are not compliant with PCI DSS and/or PA DSS when using PayPal Plus with in context screen, you may be required to hire a forensic examiner or specialist, at your own cost, to certify that you can keep using PayPal Plus, without limiting the ability of PayPal to adopt the measures described in PayPal’s User Agreement. You agree to indemnify PayPal for any and all damages and/or losses, including but not limited to fines and/or penalties related to potential security breach and/or compromise of Data on your website.

You agree that PayPal may hire third parties services to periodically review the security of your website (“Inspectors”), with the purpose of verifying potential vulnerabilities that may put the Data and/or PayPal and/or PayPal customers’ information at risk. You agree to cooperate with the Inspectors so that they may perform the verifications on your website, giving to the Inspectors and/or to PayPal access to your systems and all documentation related to the security of the Data.

You expressly waive to any act against PayPal and/or PayPal Affiliates originated from the verifications mentioned above and/or damages caused by the Inspectors. You accept that the Inspectors are solely responsible for the verifications performed.

Upon any termination or expiry of this Agreement, PayPal agrees, upon written request from you, to provide your new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to your customers (“Card Information”). In order to do so, you must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) you provide PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Association Rules, and any applicable laws, rules or regulations (including data protection laws).

Back to top


4. PayPal Seller Protection

You, Receiving User approved to use PayPal Plus, may be eligible to PayPal Seller Protection for transactions with PayPal Plus if, besides fulfilling all the requirements set forth in PayPal’s User Agreement, you also share with PayPal the shipping address, email and phone number from your customers who paid their purchases using PayPal Plus. This data sharing is necessary to verify fulfillment of PayPal Seller Protection requirements, pursuant to PayPal’s User Agreement.

You undertake to obtain prior and express consent from your customers to share their personal data described above with PayPal, according to the applicable legislation; and PayPal shall store this data on the same way PayPal Users personal data is stored, pursuant to PayPal Privacy Statement.

You shall clearly inform your customers on your privacy policy about the services rendered by PayPal. Also, your privacy policy must state that your customers’ personal data to be shared with PayPal may be used to:

i. Facilitate the payment processing;

ii. Avoid, detect, mitigate and investigate potentially illegal acts, frauds and/or security breaches, evaluate and manage risks; and

iii. Provide customer support services.

If PayPal believes that you did not obtain the prior express consent from your customers to share their personal Data with PayPal as described above, PayPal may suspend PayPal Seller Protection and/or PayPal Plus processing capabilities immediately, without incurring in any penalty.


Annex 1

C2C Transfer Clauses Annex B


Data subjects
The Personal Data transferred concern the following categories of data subjects:

The data exporter and its Customers.

Purposes of the transfer(s)
The transfer is made for the following purposes:

Performance of the services provided by data importer to data exporter in accordance with the Agreement.

Categories of data
The Personal data transferred may include the following categories of data:

Customer name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, fax, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location, and any other data received by PayPal under the Agreement.

The personal data transferred may be disclosed only to the following recipients:

The importer’s service providers, affiliates, and personnel performing services in accordance with the Agreement.

Sensitive data (if appropriate)
The personal data transferred concern the following categories of sensitive data:

Not applicable, unless Merchant configures the service to capture such data.

Data protection registration information of data exporter (where applicable)

Not applicable.

Additional useful information (storage limits and other relevant information)

As set forth in the Agreement.

Contact points for data protection enquiries

Data importer: Contact points for Data importer can be found in the Agreement.

Data exporter: Contact points for Data importer can be found in the Agreement.

Back to top