PayPal Privacy Statement

Please contact us if you have any questions regarding this Privacy Statement or in general questions regarding your Personal Data. Your information will be used to provide the Services and in accordance with this Privacy Statement and the relevant PayPal User Agreement.

PayPal UK Ltd (“we,” “our,” “us,” “PayPal”) provides this Privacy Statement to describe our use of your Personal Data when you use your PayPal account, Xoom account, visit our websites, apply for, or use our services (collectively, the “Services”). This Privacy Statement does not apply to Other Services, such as Hyperwallet. We encourage you to read this Privacy Statement and to use it to help you make informed decisions.

Certain capitalized terms that are not otherwise defined in the Statement are explained in the “Definitions” section below.

In the United Kingdom (UK), PayPal UK Ltd is the data controller for the Personal Data collected and processed in connection with Personal Data obtained when you visit our website, during the registration and application process, and throughout your continued use of the services.

Some of the third-parties that we share Personal Data with are independent data controllers. This means that we are not the ones that dictate how the data that we share will be processed. Examples are authorities, credit bureaus, acquirers, and other financial institutions. When your data is shared with independent data controllers, their data policies will apply. We encourage you to read their privacy policies and know your privacy rights before interacting with them.

For more information about how we protect your Personal Data when transferred outside of the UK, please see Section 8, (“International Transfers of Personal Data”).

For most of our Services, we act as a “data controller”, however there are some products and features where PayPal may also act as a “data processor” when providing services to our Partners and Merchants. The “data controller” (each as defined under applicable data protection laws) is the entity that has the control over the purposes and means by which the data processing is performed. The “data processor” (each as defined under applicable data protection laws) is the entity that processes the Personal Information for the data controller, for the data controller’s specific purposes, and as otherwise permitted under applicable data protection laws.

Our Services may be accessed by individuals without a PayPal or Xoom account. We will collect Personal Data from you even if you are a non-account holder when you use our Services, such as when you use our Pay Without a PayPal account, use Unbranded Payment Services (e.g. Braintree), use PayPal Groups, use a Fastlane profile, or when you receive a payment through our Services from account holders (“Recipient”). If you use Pay Without a PayPal account, we may link your transaction information with your PayPal account, if you have one at the time you use the Service without logging in, or if you create a PayPal account later. We use the term “User” to apply to account and non-account holders. If you are a non-account holder, your Personal Data will be used to provide the Services and in accordance with this Privacy Statement and the relevant PayPal User Agreement.

With a Fastlane profile, individuals can store their payment methods and other Personal Data with PayPal so that they can complete the checkout process faster, create a store or loyalty account, or facilitate other transactions at participating Partners and Merchants with payment card, contact information, shipping data or other data they save in their Fastlane profile as relevant to the specific interaction, participating Partner or Merchant, all without having to manually input payment method details and other Personal Data each time they check out (“Fastlane”).

When you create a Fastlane profile, PayPal will store your Personal Data, including your name, email, phone number, address information, billing information and payment method details, and other data that will be relevant to specific Partner or Merchant interactions, and pre-populate that information in the checkout flows or other interactive features of participating Partners and Merchants so that you can enjoy a faster Partner and Merchant experience by not having to manually input your payment or other information. We will also collect transaction and other Partner or Merchant data related to your purchases and other Partner and Merchant interactions when you use Fastlane. If you have a Fastlane profile, we may recognize you as a Fastlane user when you shop on the participating Partners and Merchants sites and we may prompt you to engage in participating Partner or Merchant interactions, such as register for a store or loyalty account using your Fastlane profile information. If you choose to interact with participating Partners or Merchants through Fastlane, you agree to let PayPal disclose your Fastlane profile information to the Participating Partners and Merchants and their service providers, and to facilitate your transaction and shopping experience on the participating Partners and Merchants sites.

When you shop on Partner and Merchant sites, the Partner and Merchant may disclose Personal Data with PayPal that we will use in accordance with this Privacy Statement and the relevant PayPal user agreement.

We collect the following categories of information about you to provide our Services, continually improve your user experience, manage and improve our business. The types of Personal Data we collect about you are described below.

Categories of Personal Data collected from you, including from your interactions with us and use of the Services:

Registration and Contact Information. Depending on the Services you choose, we will collect your name, mailing address, email, income, telephone number, tax ID, Payment Information, profession, employment or business information, and other information necessary to establish an account or profile and use our Services.

Identification and Signature Information. Depending on the Services you choose, we will collect information to verify your name, address, email, phone number, government- issued identification, age and biometric data as well as to create and issue your electronic signature.

Payment Information. Information such as amount you send or request, your payment instrument, card, or financial or funding account used in connection with the Services, including issuer name, card type, country code, payment account number, CVV, username, and IBAN information.

Information about your imported contacts. If you choose to import your contact lists, we will collect Information you enter or import about your contacts, such as name, address, phone number, images, email address or usernames associated with the contacts you import or enter manually.

Information in your PayPal Account Profile. Information you choose to enter such as your username, email, mobile number, profile picture, preferred language, or personal description which may include sensitive Personal Data that reveals religious beliefs, political or philosophical views, disability, sexual orientation as well as biometric data. You can set your profile to “Private” at any time.

Information you provide when you contact us. Information you disclose when you respond to surveys, or contact our customer support teams, such as Services you have used, recorded conversations, chat conversations with us, email correspondence with us, account or profile status, repayment history, voice identification. This may include information about others if you choose to share it with us.

Device Information. Information that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about your device’s web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data.

Inferred data. We may derive inferences from your transactions and personal data when you use the Services. We do this, for example, to help keep your account and profile secure and protect your use of the Services from fraud. We may draw inferences that reflect your behaviour patterns and personal preferences, browsing and purchasing habits, and creditworthiness.

Categories of Personal Data collected from third parties, including from identity verification vendors, data brokers, vendors that help us with fraud detection, your bank, Partners and Merchants or third party platforms you engage with using our Services:

Information from your connected third party accounts. If you choose to connect non-financial or financial account such as your personal email, social media, or bank or credit accounts, we will collect information consistent with the disclosed purpose for which it was linked. For example, if you choose to participate in Open Banking, we will collect account credentials, account balances, account transactions, and information about your financial standing from your linked accounts. You may change your mind about use of this feature and unlink your connected accounts at any time.

Information from Credit Reporting Agencies. Where permitted by law, we collect credit-related information such as outstanding and historical debt, repayment history, previous credit approvals, current employment relationship, and relationship with other financial institutions within the framework of your use of our Services.

Transaction Information. Information about your order details and purchases, such as item description, quantity, price, currency, shipping address, online shopping cart information, seller and buyer information, and Payment Information. This includes information from your transactions where you use our Services without a PayPal account (e.g. Guest checkout).

Information related to legal requirements. Consistent with applicable law (such as anti-money laundering laws), this may include information from external sanction lists such as name, date of birth, place of birth, occupation, and the reason why the person is on the list in question.

Third party applications. Information from others from your use of third-party applications, such as the Apple App Store or Google Play Store, social networking sites, such as name, your social network ID, Location Information, email, device ID, browser ID, and profile picture. Your use of third-party applications is subject to the privacy notice and terms of service for such applications.

Categories of Personal Data automatically collected about you, including through your access to our website or mobile app, from cookies and similar tracking technologies, and your devices:

Technical Usage Data. Information about response time for web pages, download errors and date and time when you used the service, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies (“Technical Usage Data”).

Information from your device. Information about your language settings, IP address, browser ID, device ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, and data collected from cookies or other tracking technologies,

Location Information. Information from IP-based geolocation such as latitude and longitude data, and Global Positioning System (GPS) information when you give us permission through your device settings.

Inferred data. Inferences drawn to create a profile about you that may reflect behavior patterns and personal preferences, such as gender, income, browsing and purchasing habits, and creditworthiness.

We may process your Personal Data for a variety of reasons that are permitted under data protection laws applicable in the UK and in accordance with the lawful bases below:

We collect the following Personal Data we consider necessary to fulfil our pre-contractual and contractual obligations to you and without which you will not be able to use the Services.

Necessary categories of Personal Data include:

• Registration and Contact Information
• Identification and Signature Information
• Payment Information
• Information related to legal requirements
• Information you provide when you contact us
• Transaction information
• Package Tracking
• Service-specific Personal Data
• Information from credit reporting agencies and financial institutions
• Information from your connected financial accounts
• Information from your use of the Services
• Technical usage data
• Device information
• Location data

These activities include:

• to provide our Services, to fulfil relevant agreements with you and to otherwise administer our business relationship with you. If you are using Fastlane, we will also use your Personal Data and payment method details to determine whether the payment you are making with a participating Partner or Merchant is authorised by you and likely to be successfully authorised by the payment method you choose to use when you make a purchase using details from your Fastlane profile.
• to administer your payment for products and the customer relationship.
• to assess your creditworthiness in connection with your application, confirm your identity and your contact information, and protect you and others from fraud.
• to confirm your identity, also through the use of electronic signature, and verify your personal and contact details.
• to prove that transactions have been executed.
• to establish, exercise or defend a legal claim or collection procedures.
• to comply with internal procedures.
• to assess which payment options and services to offer you, for example by carrying out internal and external credit assessments.
• for customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research and statistical purposes.
• to communicate with you in relation to our Services.
• to comply with applicable UK laws, such as anti-money laundering and booking keeping laws and rules issued by our designated banks and relevant card networks.

We have a legitimate interest in ensuring that PayPal remains a secure financial service and continuing to offer services that are innovative and of interest to you. We do this where our legitimate interests are not outweighed by your right not to have your data processed for this purpose.

These activities include:

• to ensure that content is presented in the most effective way for you and your device.
• to prevent misuse of our Services as part of our efforts to keep our platform safe and secure.
• to determine your eligibility for and to communicate with you about Services for which you may qualify or that may be of interest to you, for example by carrying out internal credit assessments.
• to carry out risk analysis, fraud prevention and risk management.
• to improve our Services and for general business development purposes, for example improving risk models to minimize fraud, develop new products and features and explore new business opportunities.
• To keep your account, profile and financial information accurate and up to date.
• for marketing, product and customer analysis, including testing, for example to improve our product range and optimize our customer offerings.
• to comply with applicable laws, such as anti-money laundering, bookkeeping laws, regulatory capital adequacy requirements, and rules issued by our designated banks and relevant card networks. For example, when we process Personal Data for know-your-customer (“KYC”) requirements, to prevent, detect and investigate money laundering, terrorist financing and fraud. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities where we are not compelled by UK law but where we have a good faith belief that sharing the information is necessary to comply with applicable law.
• to facilitate your participation in competitions, offerings, and events.
• to conduct financial risk management obligations such as credit performance and quality, insurance risks and compliance with capital adequacy requirements under applicable law
• to process information about your contacts to make it easy for you to find and connect them and improve payment accuracy. By providing us with information about your contacts you certify that you have permission to provide that information to PayPal for the purposes described in this Privacy Statement.
• to provide you with information, news, and marketing about our Services, including where we partner with others to offer similar services.
• to associate information about you to identify your use of Services without a PayPal account (e.g. Pay Without a PayPal account), and to associate such transactions with your PayPal account, if you have one or later establish an account.
• to remember your preferences for the next time you use the Services, such as which of your payment methods you prefer or whether you choose to receive digital receipts via email or text when you checkout.

We have a legal obligation under UK laws to conduct certain processing activities. We do this where it is necessary to comply with applicable laws.

These activities include:

• to provide our Services and products.
• to certify your identity, also for signature purposes, and verify your personal and contact details.
• to establish, exercise or defend a legal claim or collection procedures.
• to prevent misuse of our Services as part of our efforts to keep our platform safe and secure.
• to carry out risk analysis, fraud prevention and risk management.
• to comply with applicable laws, such as anti-money laundering and bookkeeping laws and regulatory capital adequacy requirements and rules issued by our designated banks and relevant card networks. For example, when we process Personal Data for know-your-customer (“KYC”) requirements, to prevent, detect and investigate money laundering, terrorist financing and fraud. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities.

We rely on your explicit and voluntary consent to process your Personal Data to participate in certain features that while not necessary for use of the Services may be of interest to you, such as syncing your contact list to your account, providing biometric data, targeted advertising, linking your email account for package tracking or connecting to a third-party platform. You may change your mind about use of these features at any time through your account settings. Note that withdrawing your consent will not affect the lawfulness of any processing we have conducted prior to your withdrawal. Please refer to Section 10 (“Your data protection rights”) for more information on your right to withdraw your consent.

We will share your Personal Data with third parties where there is a lawful basis to do so.

This includes:

• With other Other Services, in order to provide you with the Services and for our own legitimate interests in conducting our business. These interests are described further in Section 5 (“What Personal Data is used and for which legal basis?”).
• With authorities, to the extent we are under a legal obligation to do so. Such authorities include tax authorities, police authorities, enforcement authorities and supervisory authorities in relevant countries. We may also be required to provide competent authorities information about your use of our Services, for example revenue or tax authorities, which may include your name, address and information regarding card transactions processed by us on your behalf through our Services. The legal basis for complying with disclosure obligations under UK law is legal obligation and where acting under non-UK law, on the basis of our legitimate interest to comply with relevant laws to deter illegal conduct.
• With other financial institutions and card networks, for example to facilitate payment processing, to jointly offer a product or to add cards to your electronic wallet. For payment transactions with Fastlane, your Personal Data will be shared with the provider of the payment services for the participating Partner and Merchant to enable the processing of the payment transaction. The payment provider for the Partner and Merchant may be PayPal or a third party payment provider. The legal basis for our disclosure is performance of our contract with you. These parties may also access your Personal Data for other legitimate purposes such as identity verification, fraud prevention and risk management. The legal basis for this processing is the legitimate interest of ourselves and our Partners and Merchants to deter fraudulent and illegal conduct.
• With fraud prevention and identity verification agencies, for example to assist us in detecting activities suggestive of fraud. The legal basis for this processing is the legitimate interest of ourselves and our Partners and Merchants to deter fraudulent and illegal conduct.
• With debt collection agencies, for example to collect unpaid overdue debts through a third party such as a debt collection agency. We do this on the basis of our legitimate interest to conduct business and recover debts. Please be aware that these parties’ privacy notice applies to the processing of Personal Data that you share directly with them, and they may report your unpaid debts to credit reporting agencies which may affect your creditworthiness or ability to secure future credit.
• With service providers that operate at our direction and on our behalf to perform services we outsource to them, such as marketing, IT development, maintenance, hosting and support and customer service operations. The legal basis for this processing is the performance of our contractual obligations to you.
• With other Users in accordance with your account settings. You may display or make certain information available to other Users, such as your profile photo, first and last name, username, or city in accordance with your account settings. The legal basis for this processing is your consent. Please note that you can change your profile settings at any time and at no cost to you.
• With financial institutions in connection with your participation in Open Banking, for example when you initiate an account connection with another bank, card account, or aggregator. We do this to check if you have sufficient funds or confirm your ownership of the account. When you choose to link your account the legal basis for accessing your account data is performance of our contractual obligations to you.
• With Partners and Merchants, their service providers and others involved in a transaction, for example when you use the Services to initiate online purchases, save your payment information with Fastlane, pay other Users, use the Services, or return goods we may share information about you and your account or Fastlane profile with the other parties (or their service providers) involved in processing your transactions. The legal basis for this processing is the performance of our contractual obligations to you and for our legitimate interests. We may also disclose Personal Data to Partners and Merchants to enable their use of our Services to facilitate your transactions. For example, when you visit a participating Merchant site or app, the Merchant can check whether you are a user of PayPal services and present a recommended payment method to you to simplify your checkout process. If you choose to interact with participating Partners and Merchants through Fastlane, we will disclose your Fastlane profile information with the participating Partners and Merchants and their services providers, and facilitate your transaction, shopping experience or other interaction on participating Partners and Merchants sites.
• Please note that Personal Data shared with Partners and Merchants (or their service providers) involved in a transaction is subject to the Partners and Merchants’ own privacy policies and procedures. We are not responsible for the privacy or security practices of Partners and Merchants.
• With third parties that are independent data controllers, for example when we share Personal Data to credit reference agencies, acquirers and other financial institutions, or security products to prevent bots from accessing our Services. Please be aware that these parties’ privacy notice applies to the processing of Personal Data that you share directly with them. For example, we use Google’s reCAPTCHA to prevent misuse of our Services, when you access our mobile application. Google’s Privacy Policy and Terms of Use apply to the processing of Personal Data you share with them. For more information specific to credit reference agencies we partner to assess your creditworthiness, see Section 12, (“Credit Reference Agency Information Notice”).
• With buyers or in connection with business transfer, for example if we sell business or assets, we may share your Personal Data to a buyer of those business or assets. If PayPal or a significant portion of PayPal’s assets are acquired by a third party, Personal Data may also be shared. PayPal has a legitimate interest in being able to carry out these transactions.

We retain Personal Data for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law.

The criteria used to determine our retention period is as follows:

• Personal Data used for the ongoing relationship between you and PayPal is stored for the duration of the relationship plus a period of 10 years
• Personal Data in relation to a legal obligation to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations.
• We retain Personal Data for the least amount of time necessary where retention is advisable in light of litigation, investigations, audit and compliance practices, or to protect against legal claims.

We operate in many countries, and we (or our service providers) may move your data and process it outside the country where you live. We use third-party service providers to process and store your information in the United States and other countries. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with UK data protection laws, to protect your Personal Data. For transfers of Personal Data from the EU within PayPal and Other Services, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). For transfers of personal data from the UK, these are based on the UK Addendum (approved by the Information Commissioner’s Office) to the EU standard contractual clauses, approved by the European Commission, to help ensure your information is afforded a high standard of protection and that your privacy rights are respected.

When you interact with our Services, open email we send you, or visit a third-party website for which we provide Services, we and our partners use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, “Cookies”) to recognise you as a User, customise your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you decline certain Cookies, your use of the Sites and Services may be limited or not possible.

We use Cookies to collect your device information, internet activity information, and inferences as described above.

Cookies help us to do the following:

• Remember your information so you do not have to re-enter it
• Track and understand how you use and interact with our online services and emails
• Tailor our online services to your preferences
• Measure how useful and effective our services and communications are to you
• Otherwise manage and enhance our products and services

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. At this time our Sites are not designed to respond to DNT signals or similar mechanisms from browsers.

Please review our Statement on Cookies and Tracking Technologies to learn more about our use of Cookies.

Under applicable data protection law, you have certain rights to control our collection and use of your Personal Data. Your rights include:

Access, rectification, deletion, objection, portability, and restriction of your Personal Data

• We recognize the importance of your ability to control use of your Personal Data and provide several ways for you to exercise your rights to access (right to know), rectification (correction or update), deletion (erasure), objection, portability (transferring), and to restrict process in whole or in part.
• If you have an account you can exercise your data protection rights by accessing “Data and Privacy” from account settings in the PayPal app. If you, or an authorised agent, want to exercise any of your rights relating to your Personal Data in your Fastlane profile, contact us at the number provided in the Our Contact Information section or submit your request from your Fastlane profile management portal.
• Even if you do not you have a PayPal account (for example, where you use Pay without a PayPal account), you can submit a request for access, modification, correction, or deletion of your information Personal Data by contacting us at the number provided in the Our Contact Information section. You can submit a request related to someone else’s information, if you are their authorised agent, by contacting us. Please note that we may require you to provide additional information for verification.

Your right to object to the Automated Decisions and profiling

• If you are not approved under the Automated Decisions described below, you will not have access to our services, such as our payment methods. PayPal has several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can contact us, and we will determine whether the procedure was performed appropriately.
• You have the right to object to an Automated Decision with legal consequences or decisions which can otherwise significantly affect you (together with the relevant profiling) by contacting us. We will then review the decision, taking into account relevant additional circumstances.

Consent

• Generally, if we use your Personal Data with your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on a lawful processing ground other than consent.

How do you exercise your rights and how can you contact us or the data protection authority?

• If you are unhappy with our processing of your Personal Data for any reason, you have the right to lodge a complaint with the supervisory authority for data protection in your country.
• By contacting our Data Protection Officer, please see Section 18 (“Our Contact Information”).
• You may also seek a remedy through local courts if you believe your rights have been breached.
• You may also lodge a complaint with your local data protection authority, which in the UK is the Information Commissioner’s Office: website: https://ico.org.uk/, address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

“Automated-decision making” is the process of making a decision by fully automated means without human involvement. In some cases these decisions could have a legal or similarly significant effect on you as an individual. “Profiling” means analysis of an individual's personality, behaviour, interest and habits to make predictions or decisions about them. Where authorised under UK law or where necessary for the entry into or performance of a contract, we may in some cases use automated decision-making or profiling for decisions. An example of our use of automated decision making is evaluation of your creditworthiness to assess your suitability for certain credit products.

We believe that by making such decisions automatically, PayPal increases its objectivity and transparency in deciding which services to offer you. We deploy several safety mechanisms to ensure the decisions are appropriate. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. You can always ask for a manual decision-making process instead, express your opinion or contest decision making based solely on automated processing, including profiling, if such a decision would produce legal effects or otherwise similarly significantly affect you. You can find out more about how to object to these decisions in Section 10 (“Your data protection rights”).

Contact our Data Protection Officer (DPO) Online if you require more information on our use of Automated-decision making or Profiling.

If you have applied for or use our credit Services, in order to process your application, we may supply your Personal Data to credit reference agencies (CRAs) and they will give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, trace and recover debts and prevent criminal activity.

The legal bases for such transmissions are found in Article 6, paragraph 1, letter b (contractual) and Article 6, paragraph 1, letter f (legitimate interest) of the UK General Data Protection Regulation (“UK GDPR”).

We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. This information may be supplied by CRAs to other organizations to perform similar checks and to trace your whereabouts and recover debts that you owe.

Your data will also be linked to the data of any joint applicants or other financial associates.

How to Find Out More

Contact our Data Protection Officer (DPO) Online for details of which CRA we have used for a specific search.

The list of CRAs used in the UK and EEA, can be found here, including identities of the CRAs used in each relevant country, and a link to their privacy notice from which you can determine the ways in which they use and share Personal Data, including how long they will retain such Personal Data. You can contact the credit reference agencies operating in the country in which you live directly if you have any questions regarding their services, your credit score or the information they have stored about you, or if you wish to exercise your data subject rights towards them.

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorisation controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorised.

We do not knowingly collect information, including Personal Data, from children under the age of 16 or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data.

Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.

We revise this Privacy Statement from time to time to reflect changes to our business, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the "Policy Updates" or "Privacy Statement" page of our website, otherwise the revised Privacy Statement will be effective as of the published effective date. If you are a new User or are receiving this Privacy Statement for the first time and there is an upcoming change described on the Policy Updates or Privacy Statement page at the time you receive this Privacy Statement, such upcoming change will apply to you on the indicated effective date.

In order to provide the PayPal Services, certain of the information we collect (as set out in this Privacy Statement) may be required to be transferred to other PayPal related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country.

Specifically, you acknowledge that PayPal may do any and all of the following with your information:

1. Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self-regulatory authorities or organisations and other third parties, including PayPal Group companies, that (i) we are legally compelled and permitted to comply with, including but without limitation laws implementing the US Foreign Account Tax Compliance Act (“FATCA”) and OECD Common Reporting Standard (“CRS”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our User Agreement (including without limitation, your funding source or credit or debit card provider).

If you are covered by FATCA or CRS, we are required to give you notice of the information about you that we may transfer to various authorities.

We and other organisations, including parties that accept PayPal, may also share, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us if you want to receive further details of the relevant fraud prevention agencies.

2. Disclose account Information to intellectual property right owners if under applicable law they have a claim against PayPal for an out-of-court information disclosure due to an infringement of their intellectual property rights for which PayPal Services have been used.
3. Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.
4. Disclose your name and PayPal link in the PayPal user directory. Your details will be confirmed to other PayPal users in response to a user searching using your name, email address or telephone number, or part of these details. This is to ensure people make payments to the correct user. This feature can be turned off in the PayPal profile settings.
5. If you as a Partner and Merchant use a third party to access or integrate PayPal, we may disclose to any such third party necessary information for the purpose of facilitating and maintaining such an arrangement (including, without limitation, the status of your PayPal integration, whether you have an active PayPal account and whether you may already be working with a different PayPal integration partner).
6. Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide PayPal Services to you. We also set out in the list of third parties, under each "Category", non-exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose your account information or to whom we may consider disclosing your account information, together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was shared).
7. Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
8. Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Manchester. However, this aggregated information is not tied to Personal Data.
9. Share necessary account information with unaffiliated third parties (listed here) for their use for the following purposes:
   1. Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk.
   2. Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
   3. Shipping: in connection with shipping and related services for purchases made using PayPal.
   4. Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.
   5. Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.

• Device Information means data that can be automatically collected from any device used to access the Site or Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; information about your device’s web browser and internet connection you use to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data.
• Other Services means companies or separate brands, affiliates or subsidiaries of PayPal, Inc., and who process Personal Data in accordance with their terms of service and privacy policies. Examples include Honey Science LLC, Paidy Inc., and Hyperwallet.
• Geolocation Information means information that identifies, with precise specificity, your location by using, for instance, longitude and latitude coordinates obtained through your GPS, or your device settings.
• Location Information means information that identifies, with reasonable specificity, your approximate location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
• Partner and Merchant means the merchant or business that our Users transact with for the purpose of obtaining goods or services.
• Pay Without a PayPal account means our Services may be accessed by individuals without using a PayPal account, a Fastlane profile, or the Unbranded Payment Services.
• PayPal means PayPal UK Ltd, which offers PayPal, Xoom, Unbranded Payment Services and Fastlane profile services.
• Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person. “Personal Data” can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, government-issued credentials (e.g., driver’s license number, national ID, passport number), and biometrics.
• Processing means any method or way that we handle Personal Data or sets of Personal Data, whether by automated means, such as by collection, recording, categorization, structuring, storage, adaptation or alteration, retrieval, and consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
• Services  means any PayPal Unbranded Payment Services, Pay Without a PayPal account, PayPal Groups, Fastlane, Xoom, credit products and services, content, features, technologies, or functions, and all related websites, applications and services offered to you by PayPal, with the exception of the Other Services. Your use of the Services includes use of our Sites.
• Sites means the websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services and which has posted or linked to this Privacy Statement.
• Unbranded Payment Services means you are interacting with and making payments to Partners and Merchants using our card and/or direct debit payment services that do not carry the PayPal brand, or when you use our Braintree services.
• User is any person who uses the Services as a consumer for personal or household use. For the purposes of this Notice, “User” includes “you” and “your”.

Contact our Data Protection Officer (DPO) Online or offline at PayPal UK Ltd at 5 Fleet Place, London, United Kingdom, EC4M 7RD.

• Click here to contact us about your PayPal Account or Service or Unbranded Payment Services.
• Click here to contact us about your Xoom Account or Service.
• To contact us about your Fastlane profile: visit your Fastlane profile management portal.

PayPal UK Ltd is authorised and regulated by the Financial Conduct Authority (FCA) as an electronic money institution (firm reference number 994790); in relation to its regulated consumer credit activities (firm reference number 996405); and for the provision of cryptocurrency services (firm reference number 1000741). Some products and services, such as PayPal Pay in 3 and PayPal Working Capital, are not regulated by the FCA and may offer a lower level of protection. Please read product terms for further details. PayPal UK Ltd's company number is 14741686. Its registered office is 5 Fleet Place, London, United Kingdom, EC4M 7RD.