Menu

Braintree Privacy Statement

Braintree Privacy Statement

Last updated on 31 July 2020

Braintree Privacy Statement

Effective Date: The Braintree Privacy Statement is effective on 31 July 2020 for Merchants who signed up before 23 March 2020 or immediately for all new Merchants who signed up on or after 23 March 2020.

1. Overview

This privacy statement explains how and why PayPal Pte. Ltd., as a controller, collects, stores, uses, shares and transfers personal data when you visit our websites offering Braintree services or use the Braintree services. Reading it will help you understand your privacy rights and the choices may you have.

“Personal data” in this statement means information about you, including your identity, financial information, contact information, and online behavior.

2. Your privacy rights and choices

When it comes to how your personal data is collected, stored, used, and shared, you have rights and choices.

  1. Understanding your rights

You may review some personal data after logging into your Account, if you are a merchant using our services so your customers can pay you. If you are a merchant or use our services to pay for goods and services and have questions about your personal data, just contact us.

  1. Understanding your choices

Here are some of the ways we communicate with you and the choices you have to limit these communications.

How we communicate with you

Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered.

If you use our services to pay for goods and services, we may contact you via email, telephone, or send you paper mail. We do this when we reply to a message from you or when we have to communicate with you to comply with a law or other obligation. These messages contain important information and you may not opt out of receiving them.

If you are an existing merchant using our services so your customers can pay you, we may contact you using a telephone, email, text, paper mail, and send notifications to your merchant dashboard to help manage your account, deliver important information to you, and market our products and services.

If you are a merchant inquiring about our payment services, we may contact you via email or telephone to market our products and services and answer questions you may have about how our services work.

Depending on how we send the marketing communications, you can either click the unsubscribe link in any marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device to stop receiving these types of messages.

3. The personal data we collect

We may collect your personal data when you visit our websites, create a merchant account, or use our payment services to buy or sell goods and services.

Here are the kinds of personal data that we may collect when you use our services to purchase goods and services or contact us:

  1. Information that identifies you, for example:
    • First and last name
    • Shipping address
    • IP address
    • Information collected from cookies or other tracking technologies
  2. Records and financial information, for example:
    • Credit and debit card information
  3. Commercial information, for example:
    • Transaction information
  4. Internet or network activity, for example:
    • Interactions with our services
  5. Geolocation information, for example:
    • IP-based geolocation
  6. Audio, electronic, visual, or similar information, for example:
    • Call recordings when you talk to customer service
  7. Information we infer based on your personal data, for example:
    • Fraud and risk assessments

Here are the kinds of personal data that we may collect when you inquire about our services, create a merchant account with us, or use our services so your customers can pay you. This may also include the personal data of your employees:

  1. Information that identifies you, for example:
    • First and last name
    • IP address
    • Information collected from cookies or other tracking technologies
  2. Records and financial information, for example:
    • National identification Number
    • Government-issued identification
    • Bank account and routing numbers
  3. Personal characteristics, for example:
    • Age
  4. Internet or network activity, for example:
    • Interactions with our services or websites
  5. Geolocation data, for example:
    • IP-based geolocation
  6. Audio, electronic, visual, or similar information, for example:
    • Call recordings when you call us
    • Photo IDs
  7. Professional or employment information, for example:
    • Business information, contact emails and phone numbers
    • Tax IDs
  8. Information we infer based on your personal data, for example:
    • Fraud and risk assessments

Here are the kinds of personal data that we may collect when you visit our websites:

  1. Information that may identify you, for example:
    • IP address
    • Email address
    • Information collected from cookies or other tracking technologies
  2. Internet or network activity, for example:
    • Interactions with our services or websites
  3. Information we infer based on your data, for example:
    • Fraud and risk assessments

4. Where personal data comes from

We may collect personal information about you from various sources, for example from:

  • Website visitors and those who inquire about our services
  • Merchants and their employees
  • Your customers when they pay you using our services
  • Our payment partners, such as card networks and payment processors
  • Credit bureaus
  • Service providers, such as companies that help us manage risk and fraud, deliver services to you, and market our services

a. How we use tracking technologies

We or our authorized service providers may use cookies and similar tracking technologies to collect data whenever you use our services, visit our websites, or visit websites that offer our services. The information collected with these technologies helps us deliver our services, measure the effect of our ads, prevent fraud and enhance the security of our websites and service.

You can disable or decline some cookies for our websites and services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.

To learn how to opt-out of this kind of tracking technology, visit About Ads

5. Why we collect personal data

We collect personal data for many reasons, including to improve your experience, and to run our business. Let’s look at some specific reasons why we collect your personal data.

If you use our services to pay for goods and services or contact us, we may use your information for our legitimate interests to:

  1. Communicate with you when you need us, such as answering a question you sent to our customer service team.
  2. Run our websites and provide payment processing services.
  3. Manage and improve our business.
  4. Protect you from risk and fraud.
  5. Comply with laws.

If you are a merchant (or the merchant’s employee) who use our services so your customer can pay you, we may use your information to fulfill our contract with you and for our legitimate interests to:

  1. Communicate with you when you need us, such as answering a question you sent to our customer service team.
  2. Run our websites and provide services, for example to verify access to your account and enable payment processing.
  3. Manage and improve our business.
  4. Protect our business and our customers from risk and fraud.
  5. Market our products and services.
  6. Personalize your experience when you use our websites and services.
  7. Contact you when you need us, such as answering a question you sent to our customer service team.
  8. Comply with laws and enforce our agreements with you and other people who use our services.

If you visit our websites or inquire about our services, we may use your information in our legitimate interests to:

  1. Communicate with you when you need us, such as answering a question you sent to our customer service team.
  2. Manage everyday business needs.
  3. Protect our business and our customers from risk and fraud.
  4. Analyze and improve our services.
  5. Market our products and services.
  6. Comply with laws.

6. How and why we share personal data

We do not sell your personal data. However, we may share data across our services and with other members of the PayPal corporate family. Sometimes we also share the personal data we collect with third parties to help us provide services, protect our customers from risk and fraud, market our products to merchants and those who inquire about our services, and comply with legal obligations.

You can review the kinds of personal data that we may share by reviewing The personal data we collect section.

We may share personal data with:

  1. Other members of the PayPal corporate family
  2. Merchants to help us manage risk, fraud and to help provide us with information to effectively communicate with you to meet our legal obligations
  3. Service providers that help us with processing payments, marketing, research, compliance, audits, corporate governance, communications, and security
  4. Card networks and payment processors
  5. Courts, governments, regulators and law enforcement when accompanied by a subpoena or other legal documentation that requires PayPal or members of our corporate family to respond
  6. Third-party tools used to help fight spam and abuse.
  7. Other third parties to:
    • Comply with laws
    • Investigate or enforce violations of our user agreement
    • Facilitate a merger, purchase, or sale of part or all of our business
    • Comply with card association rules
    • To prevent physical harm or illegal activity

7. How we protect your personal data

Helping to keep your personal data safe against loss, misuse, unauthorized access, disclosure, and alteration is our top priority.

To protect your personal data, we use technical, physical, and administrative security measures that include:

  • Firewalls
  • Data encryption
  • Physical access controls at our data centers

While we protect our systems and services, you’re responsible for keeping your password(s) and account information private. Also, you’re responsible for making sure your personal information is accurate and up to date.

8. How long do we keep your personal data

We retain personal data for the time necessary to fulfil your request and our legal obligations. We may maintain personal data for longer periods if it is our legitimate business interests and not prohibited by law. If you no longer use our services, we may keep your personal data and other information as required by law and according to our data retention policy. If we do, we’ll continue to handle it as we describe in this statement.

9. How and where we transfer your personal data

Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers store and process your personal data outside Singapore, in the United States and elsewhere in the world. We will protect your information as described in this Privacy Statement if your personal data is transferred to other countries/regions. By using our websites and services, you consent to your personal data being transferred to other countries, including countries/regions that have different data protection rules than your country. Please contact us for more information about this.

10. How this statement changes over time

We’ll make changes to this privacy statement from time to time. This helps us stay up to date with changes to our business and the most current laws. After a new version is published, we’ll collect, store, use, and protect your personal data as we outline in that revised statement. If the new version reduces your rights or increases your responsibilities, we’ll post it on the Policy Updates or Privacy Statement page of our website at least 21 days before it becomes effective. We may also notify you about these changes through email or other communications.

11. Children’s privacy

Our services are for a general audience and are not directed at individuals under the age of majority. We do not knowingly collect information from children and individuals who are not legally able to use our services. If we realize that information has been collected from a child, we will move to promptly delete it, unless we are legally required to keep this information. You can help us by informing us if you believe that we have unintentionally collected information from a child, please contact us.

12. Contact Us

If you wish to learn more about our privacy practices or have questions about this Privacy Statement, please contact us following the instructions below. You can ask questions about PayPal services or Braintree services (card payments made on a merchant’s website) by visiting PayPal’s website, and submitting your inquiry using the contact information provided in our privacy statement. Effective Date: The Braintree Privacy Policy shall be effective for Merchants who signed up before 23 March 2020 until the Braintree Privacy Statement becomes effective on 31 July 2020. The Braintree Privacy Policy shall not be in effect for new Merchants who signed up on or after 23 March 2020. Effective Date: May 25, 2018