Policy Updates

 
 

>> View all legal agreements

>> View past policy updates

Policy Updates

 

Policy Updates

Last update: September 11, 2018

 

This page shall serve as advance information for PayPal Users with regards to important upcoming changes of PayPal Services, the PayPal User Agreement, and other policies (collectively, the “Legal Agreements”).

Please read this document carefully. PayPal will change the Legal Agreements with effect to December 11, 2018.

You do not need to do anything to accept the changes as they will automatically come into effect on December 11, 2018.

Should you decide you do not wish to accept the changes, you can notify us prior to August 31, 2018 to close your account (https://www.paypal.com/de/cgi-bin/?&cmd=_close-account) immediately without incurring any additional charges. 

All changes and updates to the Legal Agreements are on this page highlighted in italic. This highlighting shall ensure better traceability of the changes and updates applied.

Amendments made for linguistic adjustment, to correct or remove orthographical and grammatical mistakes, or changes to the formatting are not highlighted. This does also apply where we have corrected or standardized numbering and references.

 

Updates to the PayPal User Agreement

We have made the following amendments to our PayPal User Agreement:

 

3.1. Linking Your Funding Source

At the end of clause 3.1. we have extended the previous last sentence and added another one to explain what we can do with regards to updates to your Funding Source information:

3.1. Linking Your Funding Source

You can link or unlink a credit card or a bank account as a Funding Source for your PayPal Account. Please keep your Funding Source information current (i.e. credit card number and expiration date). If this information changes, we may update it at our sole discretion without any action on your part according to information provided by your bank or card issuer and third parties (including but not limited to our financial services partners and the card networks). If you do not want us to update your Funding Source information, you may contact your bank or card issue to request this or remove the Funding Source in your Account Profile. If we update your Funding Source information, we may retain any preference setting attached to it.

 

4.6. Refused Transactions

Again at the end of a clause, in this case at the end of clause 4.6., we have added a description of which actions we take in the cases we are describing in clause 4.6.:

4.6. Refused Transactions

When you send E-Money and although the E-Money is available to the recipient, the recipient is not required to accept it. In case the recipient denies, refunds, or does not accept the payment within 30 days, we shall credit the amount to your PayPal Account. If you have used your credit card as Funding Source, we shall credit the amount to your credit card. You agree that you will not hold PayPal liable for any damages resulting from a recipient's decision to not to accept a payment made through the PayPal Services. We will:

a.         Quickly return any refunded or denied payment to your Balance or, as appropriate, your original Funding Source (in some case instead we may decide to not charge your original Funding Source); and

b.         Return any unclaimed payment to your Balance within 30 days after the date you initiated the payment.

 

6b. PayPal PLUS

Section 6b. has seen the most extensive changes, mainly due to the General Data Protection Regulation (GDPR). What has previously been the entire Section 6b., is now clause "6b.1. General Principles" (we haven't changed the text) and is followed by clauses 6b.2., 6b.3., and 6b.4. dealing with data protection matters when it comes to PayPal PLUS:

6b.2. Data Processing Schedule

 This Data Processing Schedule applies only to the extent that PayPal acts as a processor or Sub-processor to the Merchant. Capitalized terms used but not defined in this Section 6b. shall have the meaning set out in the User Agreement

a.         Definitions and Interpretation

The following terms have the following meaning when used in this Section 6b.:

"Customer" means a European Union customer of Merchant who uses the PayPal Services and for the purposes of this clause 6b.2., is a data subject.

"Customer Data" means the personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Merchant of the PayPal Services.

"Data Controller" (or simply "Controller") and "Data Processor" (or simply "Processor") and "Data Subject" have the meanings given to those terms under the Data Protection Laws.

"Data Protection Laws" means General Data Protection Regulation (EU) 2016/679 (GDPR) and any associated regulations or instruments and any other data protection laws, regulations, regulatory requirements and codes of conduct of EU Member States applicable to PayPal's provision of the PayPal Services.

"Personal Data" has the meaning given to it in the Data Protection Laws.

"Processing" has the meaning given to it in the Data Protection Laws and "process", "processes" and "processed" will be interpreted accordingly.

"Sub-processor" means any processor engaged by PayPal and/or its affiliates in the processing of personal data.

b.         Processing of Personal Data in Connection with the Services

i.          Merchant data controller

With regard to any Customer Data to be processed by PayPal in connection with this User Agreement, Merchant will be a controller and PayPal will be a processor in respect of such processing. Merchant will be solely responsible for determining the purposes for which and the manner in which Customer Data are, or are to be, processed.

ii.          Merchant written instructions

PayPal shall only process Customer Data on behalf of and in accordance with Merchant’s written instructions. PayPal and Merchant agree that this clause 6b.2. is Merchant's complete and final written instruction to PayPal in relation to Customer Data. Additional instructions outside the scope of this clause 6b.2. (if any) require prior written agreement between PayPal and Merchant, including agreement of any additional fees payable by Merchant to PayPal for carrying out such additional instructions. Merchant shall ensure that its instructions comply with all applicable laws, including Data Protection Laws, and that the processing of Customer Data in accordance with Merchant's instructions will not cause PayPal to be in breach of Data Protection Laws. The provisions of this clause 6b.2. are subject to the provisions of clause 6b.2.n. on Security. Merchant hereby instructs PayPal to process Customer Data for the following purposes:

•           As reasonably necessary to provide the PayPal services to Merchant and its Customer;

•           After anonymizing the Customer Data, to use that anonymized Customer Data, directly or indirectly, which is no longer identifiable personal data, for any purpose whatsoever.

c.         PayPal cooperation

In relation to Customer Data processed by PayPal under this Agreement, PayPal shall co-operate with Merchant to the extent reasonably necessary to enable Merchant to adequately discharge its responsibility as a controller under Data Protection Laws, including without limitation as Merchant requires in relation to:

•           Assisting Merchant in the preparation of data protection impact assessments to the extent required of Merchant under Data Protection Laws; and

•           Responding to binding requests from data protection authorities for the disclosure of Customer Data as required by applicable laws.

d.         Scope and Details of Customer Data processed by PayPal

The objective of processing Customer Data by PayPal is the performance of the PayPal Services pursuant to the User Agreement. PayPal shall process the Customer Data in accordance with the specified duration, purpose, type and categories of data subjects as set out in clause 6b.4. (Data Processing of Customer Data).

e.         Compliance with Laws

PayPal and Merchant will at all times comply with Data Protection Laws.

f.          Correction, Blocking and Deletion

To the extent Merchant, in its use of the PayPal services, does not have the ability to correct, amend, block or delete Customer Data, as required by Data Protection Laws, PayPal shall comply with any commercially reasonable request by Merchant to facilitate such actions to the extent PayPal is legally permitted to do so. To the extent legally permitted, Merchant shall be responsible for any costs arising from PayPal’s provision of such assistance.

g.         Data Subject Requests

PayPal shall, to the extent legally permitted, promptly notify Merchant if it receives a request from a Customer for access to, correction, amendment or deletion of that Customer’s personal data. Merchant shall be responsible for responding to all such requests. If legally permitted, PayPal shall provide Merchant with commercially reasonable cooperation and assistance regarding such Customer's request and Merchant shall be responsible for any costs arising from PayPal’s assistance.

h.         Training

PayPal undertakes to provide training as necessary from time to time to the PayPal personnel with respect to PayPal's obligations in this Section 6b. to ensure that the PayPal personnel are aware of and comply with such obligations.

i.          Limitation of Access

PayPal shall ensure that access by PayPal's personnel to Customer Data is limited to those personnel performing PayPal Services in accordance with the User Agreement.

j.          Sub-processors

Merchant specifically authorizes the engagement of members of the PayPal Group as Sub-processors in connection with the provision of the PayPal Services. In addition, Merchant generally authorizes the engagement of any other third parties as Sub-processors in connection with the provision of the PayPal Services. When engaging any Sub-processor, PayPal will execute a written contract with the Sub-processor, which contains terms for the protection of Customer Data which are no less protective than the terms set out in this Section 6b. PayPal shall make available to Merchant a current list of Sub-processors for the respective PayPal Services with the identities of those Sub-processors.

k.         Audits and Certifications

Where requested by Merchant, subject to the confidentiality obligations set forth in the User Agreement, PayPal shall make available to Merchant (or Merchant’s independent, third-party auditor that is not a competitor of PayPal or any members of PayPal or the PayPal Group) information regarding PayPal’s compliance with the obligations set forth in this Section 6b. in the form of the third-party certifications and audits (if any) set forth in the Privacy Policy set out on the PayPal Website. Merchant may contact PayPal in accordance with the User Agreement to request an on-site audit of the procedures relevant to the protection of personal data. Merchant shall reimburse PayPal for any time expended for any such on-site audit at PayPal’s then-current professional PayPal services rates, which shall be made available to Merchant upon request. Before the commencement of any such on-site audit, Merchant and PayPal shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Merchant shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by PayPal. Merchant shall promptly notify PayPal with information regarding any non-compliance discovered during the course of an audit.

l.          Security

PayPal shall, as a minimum, implement and maintain appropriate technical and organizational measures as described in clause 6b.3. to keep Customer Data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage in relation to the provision of the PayPal Services. Since PayPal provides the PayPal Services to all Merchants uniformly via a hosted, web-based application, all appropriate and then-current technical and organizational measures apply to PayPal’s entire customer base hosted out of the same data center and subscribed to the same service. Merchant understands and agrees that the technical and organizational measures are subject to technical progress and development. In that regard, PayPal is expressly permitted to implement adequate alternative measures as long as the security level of the measures is maintained in relation to the provision of the PayPal Services.

m.        Security Incident Notification

If PayPal becomes aware of a Security Incident in connection with the processing of Customer Data, PayPal will, in accordance with Data Protection Laws: (a) notify Merchant of the Security Incident promptly and without undue delay; (b) promptly take reasonable steps to minimize harm and secure Customer Data; (c) describe, to the extent possible, reasonable details of the Security Incident, including steps taken to mitigate the potential risks; and (d) deliver its notification to Merchant's administrators by any means PayPal selects, including via email. Merchant is solely responsible for maintaining accurate contact information and ensuring that any contact information is current and valid.

n.         Deletion

Upon termination or expiry of the User Agreement, PayPal will delete or return to Merchant all Customer Data  processed on behalf of the Merchant, and PayPal shall delete existing copies of such Customer Data except where necessary to retain such Customer Data strictly for the purposes of compliance with applicable law.

o.         Data Portability

Upon any termination or expiry of this Agreement, PayPal agrees, upon written request from Merchant, to provide Merchant’s new acquiring bank or payment service provider (“Data Recipient”) with any available credit card information including personal data relating to Merchant’s Customers (“Card Information”). In order to do so, Merchant must provide PayPal with all requested information including proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements and is level 1 PCI compliant. PayPal agrees to transfer the Card Information to the Data Recipient so long as the following applies: (a) Merchant provides PayPal with proof that the Data Recipient is in compliance with the Association PCI-DSS Requirements (Level 1 PCI compliant) by providing PayPal a certificate or report on compliance with the Association PCI-DSS Requirements from a qualified provider and any other information reasonably requested by PayPal; (b) the transfer of such Card Information is compliant with the latest version of the Association PCI-DSS Requirements; and (c) the transfer of such Card Information is allowed under the applicable Association Rules, and any applicable laws, rules or regulations (including Data Protection Laws).

6b.3. Technical and Organizational Measures

The following technical and organizational measures will be implemented:

a.         Measures taken to prevent any unauthorized person from accessing the facilities used for data processing;

b.         Measures taken to prevent data media from being read, copied, amended or moved by any unauthorized persons;

c.         Measures taken to prevent the unauthorized introduction of any data into the information system, as well as any unauthorized knowledge, amendment or deletion of the recorded data;

d.         Measures taken to prevent data processing systems from being used by unauthorized person using data transmission facilities;

e.         Measures taken to guarantee that authorized persons when using an automated data processing system may access only data that are within their competence;

f.          Measures taken to guarantee the checking and recording of the identity of third parties to whom the data can be transmitted by transmission facilities;

g.         Measures taken to guarantee that the identity of the persons having had access to the information system and the data introduced into the system can be checked and recorded ex post facto at any time and by any authorized person;

h.         Measures taken to prevent data from being read, copied, amended or deleted in an unauthorized manner when data are disclosed and data media transported;

i.          Measures taken to safeguard data by creating backup copies.

6b.4. Data Processing of Customer Data

a.         Categories of data subjects

Customer Data – The personal data that the Customer provides to Merchant and Merchant passes on to PayPal through the use by the Customer of the PayPal Services.

b.         Subject-matter of the processing

The payment processing services offered by PayPal which provides Merchant with the ability to accept credit cards, debit cards, and other payment methods on a website or mobile application from Customers.

c.         Nature and purpose of the processing

PayPal processes Customer Data that is sent by the Merchant to PayPal for purposes of obtaining verification or authorization of the Customer’s payment method as payment to the Merchant for the sale goods or services.

d.         Type of personal data

Customer Data – Merchant shall inform PayPal of the type of Customer Data PayPal is required to process under this User Agreement. Should there be any changes to the type of Customer Data PayPal is required to process then Merchant shall notify PayPal immediately. PayPal processes the following Customer Data, as may be provided by the Merchant to PayPal from time to time:

•           Full name

•           Date of birth

•           Home address

•           Shipping address

•           Work address

•           Billing address

•           Email address

•           Telephone number

•           Fax number

•           Government ID number

•           Bank account number and bank routing number

•           Financial account number

•           Card or payment instrument type

•           Card Primary Account Number (PAN) or Device-specific Primary Account Number (DPAN)

•           Card Verification Value (CVV)

•           Card expiration date

•           Business tax ID

•           Username

•           Password

•           IP address

•           Device Data

•           Browser data.

e.         Special categories of data (if relevant)

The transfer of special categories of data is not anticipated.

f.          Duration of Processing

The term of the User Agreement.

 

8.2. Currency Conversion

We have amended the wording in clause 8.2. and are now – hopefully more clearly than before – referring to a "transaction exchange rate":

8.2. Currency Conversion

Where a currency conversion is required, it will be completed at the transaction exchange rate we set for the relevant currency exchange.

The transaction exchange rate is adjusted regularly and includes a Currency Conversion Fee applied and retained by us on a base exchange rate to form the rate applicable to your conversion. The based base exchange rate is set on the basis of rates within the wholesale currency markets, or if required by law or regulation, at the relevant government reference rate(s), in each case on the conversion date or the prior business day.

The transaction exchange rate applied to your conversion may be applied immediately and without notice to you.

The “Currency Converter” tool can be accessed through your PayPal Account and used to see what transaction exchange rates apply for certain currency exchanges at the time you use the tool.

Where a currency conversion is offered by PayPal to you when you make your transaction (e.g. at the point of sale), you will be shown the transaction exchange rate that will be applied to the transaction before you proceed with your Authorization of the payment transaction. By proceeding with your Authorization of the payment transaction you are agreeing to the currency conversion on the basis of the transaction exchange shown.

Where your payment is funded by Bank or Credit Card and involves a currency conversion by PayPal, by entering into this Agreement you consent to and authorize PayPal to convert the currency in place of your Bank or Credit card issuer.

Depending on the type of Funding Source used for your payment you may opt out of a currency conversion by PayPal before you complete your payment during checkout, in which case PayPal has no liability to you for your use of other currency conversion options.

Where a currency conversion is offered at the point of sale by the Merchant, not by PayPal, and you choose to Authorize the payment transaction on the basis of the Merchant's exchange rate and charges, PayPal has no liability to you for such currency conversion by a Merchant.

Where your payment is funded by credit card and involves a currency conversion, by entering into this User Agreement you consent to and Authorize PayPal to convert the currency in place of your credit card issuer.

Where transactions are funded with direct debit, we will, unless we have a special agreement with you, always debit your bank account in euros (EUR) and, if required for the transaction, offer a currency conversion.

If you receive a payment in a currency other than the primary currency of your PayPal Account from anyone who doesn’t have a PayPal Account, the payment amount will be converted into the primary currency of your PayPal Account by PayPal for you at the time the payment is made, in accordance with this Section 8.2. (except where otherwise agreed by PayPal) and you agree to bear the Currency Conversion Fee at section A4.1. of Schedule 1 of this User Agreement (which is included in the transaction exchange rate you pay), before any other transaction fees apply.

 

10.2. Actions by PayPal

In clause 10.2., we have removed the last paragraph

Unless otherwise directed by us, you must not use or attempt to use your Payment Instrument or PayPal Account while it is suspended or has been closed. You must ensure that all agreements with Merchants or other third parties that involve third party initiated payments (including Pre-approved Payments) set up from your PayPal Account are cancelled immediately upon the termination, suspension or closure of your PayPal Account. You remain liable under this User Agreement in respect of all charges and other amounts incurred through the use of your PayPal Account at any time, irrespective of termination, suspension or closure.

in its entirety. If we close or suspend your PayPal Account, you cannot access it and this is our responsibility, not yours.

 

14.2. ECC-Net, CSSF and ODR

In clause 14.2. we have updated the hyperlink to the complaint portal of the European Consumer Centre (ECC).

 

16. Definitions

In Section 16., we have removed the useless numbering (as we've never referred to it anyway) and some redundant definitions without proper benefit ("… has the meaning attributed to it in clause XY.").

 

A2. Fees for Personal Transactions 

When sending a Personal Transaction, the sender will pay the Fee.

The Fee for a Personal Transaction will be shown at the time of payment.

A2.1. Fees for Domestic Personal Transactions

Activity

Fees

Sending a Domestic Personal Transaction payment

Free (when no currency conversion is involved)

A2.2. Fees for Cross-Border Personal Transactions 

A2.2.1 Cross Border Personal Transaction payments sent to the EEA in Euro or Swedish Krona

Activity

Fee

Sending a Domestic Personal Transaction payment to the EEA in Euro or Swedish Krona

Free (when no currency conversion is involved)

A2.2.2 Other Cross-Border Personal Transactions

To determine the Fees for Cross-Border Personal Transactions sent to a User in a specific country please follow the steps below:

  1. Find the country and related country group, in which the recipient's registered address is located (see clause A1.4. for further reference or ask the recipient if you are not sure) (second column).
  2. Then find the applicable Personal Transaction payment Fee in the third, fourth, and fifth columns.

FEES FOR CROSS-BORDER PERSONAL TRANSACTIONS

Activity

Country Group in which recipient’s Account is registered

Fee for transaction amounts of:^

 

Amount sent in euros (EUR)

EUR 0.00 – 49.99

EUR 50.00 – 99.99

EUR 100.00+

Sending a Cross Border Personal Transaction payment

Northern Europe, North America, Europe I, Europe II

EUR 0.99 †

EUR 1.99 †

EUR 1.99 †

LATAM, APAC, Rest of World

EUR 0.99 †

EUR 1.99 †

EUR 3.99 †

 

^If the transaction is funded in a currency other than EUR, it will be converted to an equivalent amount in EUR for rating, calculated using the prevailing base exchange rate.

†If funded in a foreign currency, then a comparable amount in that currency.

 

A4.1. Currency Conversion Fee

According to the change in clause 8.2., we are now referring to the transaction exchange rate in clause A4.1. as well. Otherwise, we haven't touched this.

 

Update to the PayPal Buyer Protection Policy

In the PayPal Buyer Protection Policy, we have removed the last two bullet points in clause 3.1. and amended the wording as follows:

3.1. Payment methods

The Buyer has purchased an item and paid for it;

•           Using PayPal from a registered PayPal Account, or

•           Using PayPal, “Kauf auf Rechnung”, Kreditkarte oder Lastschrift  on the German eBay website www.ebay.de (please note the specific requirements in clause 5.3.); or

•           Using the PayPal payment upon installment service (“Ratenzahlung Powered by PayPal").

Other than that, we have not applied further changes to the PayPal Buyer Protection Policy.

 

Notice of amendment to the PayPal User Agreement.

Effective Date: November 13, 2018

 

  1. Local payment methods (LPMs)

    The opening paragraph of Section 5. of the PayPal User Agreement has been amended to clarify how further terms of use apply to merchants when they integrate into their online checkout/platform any functionality intended to enable a customer without a PayPal Account to send a payment to the merchant’s PayPal Account (for instance, using alternative local payment methods). This includes the PayPal Local Payment Methods Agreement.  The opening paragraph of Section 5. now reads as follows:

    5. Receiving E-Money

    PayPal may allow anybody (with or without a PayPal Account) to initiate a payment resulting in the issuance or transfer of E-Money to your PayPal Account. By integrating into your online checkout/platform any functionality intended to enable a payer without a PayPal Account to send a payment to your PayPal Account, you agree to all further terms of use of that functionality which PayPal will make available to you on any page on the PayPal or Braintree website (including any page for developers and our Legal Agreements page) or online platform.  Such further terms include the PayPal Local Payment Methods Agreement.