PayPal Giving Fund UK Privacy Statement
Effective Date: 23 June, 2023
Please contact us if you have any questions regarding this Privacy Statement or in general questions regarding your Personal Data. Your information will be used to provide our Services and in accordance with this Privacy Statement and the PayPal Giving Fund UK Charity User Agreement.
- Overview
- PayPal Giving Fund’s Role as a Data Controller.
- Categories of Personal Data We Collect about You.
- What Personal Data Is Used and for which Legal Basis?
- Do We Share Personal Data, and Why?
- How Long Do We Store Your Personal Data?
- International Transfers of Personal Data.
- Use of Cookies and Tracking Technologies.
- Your Data Protection Rights
- How Do We Protect Your Personal Data?
- Can Children Use Our Services?
- Updates to this Privacy Statement.
- Definitions.
- Our Contact Information.
1. Overview
PayPal Giving Fund is a registered charity that raises funds for charitable purposes. We use PayPal technology to enable users of websites and online services with which we partner to donate to PayPal Giving Fund. In making donations, donors may also recommend that we make a corresponding grant in support of a Participating Charity.
We adopted and implemented this Privacy Statement as part of our commitment to protecting your Personal Data. This Privacy Statement aims to provide you with sufficient information regarding our use of your Personal Data when you donate to PayPal Giving Fund, enroll with PayPal Giving Fund as a Participating Charity, or otherwise access or use our content, features, donation functions, and services (collectively, the Services.
Certain capitalized terms that are not otherwise defined in the Statement are explained in Section 13 (“Definitions”) at the end of this statement.
2. PayPal Giving Fund’s Role as a Data Controller.
PayPal Giving Fund is the data controller for the Personal Data Processed in connection with your donation to PayPal Giving Fund, enrollment with PayPal Giving Fund as a Participating Charity, and throughout your continued use of our Services in the United Kingdom (UK).
PayPal is a payment processor for donations made to PPGF. The PayPal Giving Fund website is also hosted by PayPal. When you make donations to PPGF using your PayPal account or your credit or debit card, or interact with our website or other PayPal technology, PayPal is an independent data controller of data collected, used, and disclosed in connection with those interactions. Please visit the PayPal Privacy Statement to learn how your information is processed by PayPal and what privacy rights and choices you might have in connection with your use of the PayPal services.
Some of the third parties that we share Personal Data with, such as Participating Charities or authorities, are also independent data controllers. When your data is shared with independent data controllers, their data policies will apply. We encourage you to read their privacy policies and know your privacy rights before interacting with them.
For more information about how we protect your Personal Data when transferred outside of the UK, please see Section 7 (“International Transfers of Personal Data”).
3.Categories of Personal Data We Collect about You.
In order to enable your access to and use of our Services, in particular to assist you in making donations to PayPal Giving Fund, we collect certain Personal Data. This information is collected directly from you and other sources when you use our Services and make donations to PayPal Giving Fund.
Categories of Personal Data collected from you, including from your interactions with us and use of the Services:
Information you provide when you enroll a Participating Charity with PPGF. When you enroll a Charity with PayPal Giving Fund, you may provide a contact with the Participating Charity to receive updates from PayPal Giving Fund. The information we collect includes a contact’s first and last name, job title, phone number, and email address.
Information you provide when you respond to our surveys. If you decide to participate in our survey of Participating Charities, you may be asked to provide certain personal data, such as first and last name, job title, and email address.
Information you provide when you contact us. Information you disclose when you contact PPGF directly, such as your contact information. This may include information about others if you choose to share it with us.
Categories of Personal Data collected from third parties:
PayPal user profile information. When you enroll a charity with PayPal Giving Fund using a PayPal Confirmed Charity account, PayPal will link the account to PayPal Giving Fund and share the following account user profile information with us: first and last name and email address of the individuals who registered the charity with us.
PayPal transaction details. PayPal acts as our payment processor. When you make a donation to PayPal Giving Fund, we collect your transaction details from PayPal to make grants to Participating Charities and maintain records of transactions conducted through our Services. This information includes your name, address, email address, phone number, name of the charity that you support and the information about your donation.
Information you provide when you contact PayPal customer support. When you contact PayPal customer support teams about PPGF services, PayPal may share with us information you provided to PayPal, such as your name, PPGF Services you have used, information about your donor transaction, recorded conversations, chat conversations and email correspondence with customer support.
PayPal-inferred risk assessments. PayPal shares with us risk assessment inferences drawn from donor’s Personal Data processed by PayPal.
Our partners, such as those who may operate websites or apps that enable donations to PayPal Giving Fund. Our partners might share details of past donations with us, such as donor’s name, the amount and date of the donation, and the charity selected by the donor.
Categories of Personal Data automatically collected about you, including through cookies and similar tracking technologies, and your devices:
Data collected from cookies and other tracking technologies, such as email open rate analytics.
4. What Personal Data Is Used and for which Legal Basis?
We may Process your Personal Data for a variety of reasons that are permitted under data protection laws applicable in the UK, and in accordance with the lawful bases below:
We use Personal Data as necessary to provide and operate our Services and to fulfil our pre-contractual and contractual obligations to you.
These activities include:
- to provide our Services, to fulfil relevant agreements with and to otherwise administer our relationship with you;
- to receive and manage donations;
- to provide donation and/or grant information to donors and Participating Charities;
- to provide donation receipts and appropriate tax documentation to donors;
- to claim Gift Aid on eligible donations;
- to perform customer service;
- to communicate with you in relation to our Services;
- to comply with our internal procedures;
- to administer our Services, and for internal operations;
- to comply with laws and enforce our agreements with you and other people who use our Services.
We have a legitimate interest in ensuring that PayPal Giving Fund’s Services are secure, that we continue to offer our Services in ways that are innovative and of interest to you, and that we promptly resolve any issues in connection with the donations and grants to Participating Charities. We do this where our legitimate interests are not outweighed by your right not to have your data processed for this purpose.
These activities include:
- to manage and improve our Services. For example, we do user research to improve our products’ performance and abilities;
- to protect our Services and users from risk and fraud, including fraud that involves our partners;
- to contact donors to resolve issues with their donations, for example when we are unable to make a grant to the charity donors have recommended;
- to contact Participating Charities to resolve any difficulties with their enrollment with PayPal Giving Fund (for instance, in the event that we are unable to pay a grant to a charity).
We have a legal obligation under applicable laws to conduct certain processing activities. We do this where it is necessary to comply with applicable laws.
These activities include:
- to provide our Services;
- to establish, exercise or defend a legal claim or collection procedures;
- to prevent misuse of our Services as part of our efforts to keep our Services safe and secure;
- to confirm with Participating Charities that the grants we make are used to further their charitable purposes;
- to disclose donor’s Gift Aid declaration to HM Revenue and Customs to reclaim the Gift Aid;
- to disclose information collected through the PayPal Giving Fund Services to third parties to comply with our legal obligations in certain circumstances, such as crime prevention.
We rely on your explicit and voluntary consent to process your Personal Data for the following processing activities:
- When you use our Services and choose a Participating Charity to be the intended beneficiary of a donation, we may, with your consent, disclose your name and email address to the enrolled Participating Charity that you have designated. We do not share that information with charities until they enroll with PayPal Giving Fund and accept our terms and conditions. When we share your contact information with the charity, we match it with the donation details we share with the charity, including the amount of your donation.
- At the point of enrollment, Participating Charities may nominate a contact and opt in to receive updates from PayPal Giving Fund. We use this data to contact Participating Charities about our Services, for example to make charities aware of new opportunities to benefit from funds raised by PayPal Giving Fund and to invite charities to participate in competitions and other initiatives that may benefit them.
- Participating Charities may opt in to share their contact information with our partners so that partners can contact them directly about charity campaigns that might benefit Participating Charities.
You may change your mind and withdraw your consent at any time by contacting us here. Note that withdrawing your consent will not affect the lawfulness of any processing we have conducted prior to your withdrawal. Please refer to Section 9 (“Your Data Protection Rights”) for more information on your right to withdraw your consent.
5.Do We Share Personal Data, and Why?
We will share your Personal Data with third parties where there is a lawful basis to do so
This includes:
- With PayPal and PayPal Companies, to provide you with the Services and for our own legitimate interests in conducting our business. These interests are described further in Section 4 (“What Personal Data Is Used and for which Legal Basis?”). The receiving PayPal company will process your Personal Data in accordance with this Privacy Statement.
- With service providers that operate at our direction and on our behalf to perform services we outsource to them, such as compliance and audits. The legal basis for this processing is the performance of our contractual obligations to you and our legitimate interest in conducting our business.
- With authorities, to the extent we are under a legal obligation to do so. Such authorities include courts, tax authorities, police authorities, enforcement authorities, and supervisory authorities in relevant countries. We may also be required to provide competent authorities, such as revenue or tax authorities, information about your use of our Services, which may include your name and address. The legal basis for complying with disclosure obligations under the UK law is legal obligation and where acting under other law, on the basis of our legitimate interest to comply with relevant laws to deter illegal conduct.
- With Participating Charities, when we share donation details, such as the amount of the donation and the program and campaign through which the donation was made, with the benefiting charity. The legal basis for this processing is operation of our Services.
- With Participating Charities which have enrolled with PayPal Giving Fund, when donors consent to share their contact information with the Charity. The legal basis for this processing is consent.
- With PayPal Giving Fund’s partners, whether and when the donated funds were granted to the benefiting charity. We may also share information to enable partners to transmit donation receipts to their users on behalf of PPGF. The legal basis for these processing activities is operation of our Services.
- With PayPal Giving Fund’s partners, when Participating Charities opt in to share their contact information so that partners can contact them directly about charity campaigns that might benefit Participating Charities. The legal basis for this processing is consent.
- With third parties that are independent data controllers, for example when we share Personal Data with authorities or acquirers. Please be aware that these parties’ privacy notices apply to the processing of Personal Data that you share directly with them.
- With buyers or acquirers in connection with a business transfer, for example if we merge with, or are acquired by another entity, we may share your Personal Data with an acquiring entity. We have a legitimate interest in being able to carry out these transactions.
6. How Long Do We Store Your Personal Data?
We retain Personal Data for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law.
The criteria used to determine our retention period is as follows:
- Personal Data used for the ongoing relationship between you and PayPal Giving Fund is stored for the duration of the relationship plus a period of 10 years.
- Personal Data in relation to a legal obligation to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations.
- We retain Personal Data for the least amount of time necessary where retention is advisable in light of litigation, investigations, audit and compliance practices, or to protect against legal claims.
7. International Transfers of Personal Data.
We (or our service providers) may move your data and process it outside the country where you live. We use third-party service providers to process and store your information in the United States and other countries. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EU and UK data protection laws, to protect your Personal Data. For transfers of your Personal Data within PayPal and PayPal Companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). Other transfers are based on standard contractual clauses, approved by the European Commission, to help ensure your information is afforded a high standard of protection and that your privacy rights are respected.
8. Use of Cookies and Tracking Technologies.
When you interact with our website and Services or open email we send you, we, PayPal, or our partners may use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, “Cookies”) to recognise you as a website user, customise your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across PayPal Sites and Services. Certain aspects and features of our website and Services are only available through the use of Cookies, so if you decline certain Cookies, your use of our site and Services may be limited or not possible.
PayPal uses Cookies to collect your device information, internet activity information, and inferences as described in the PayPal Privacy Statement.
Cookies help us and PayPal to do the following:
- Remember your information so you do not have to re-enter it
- Track and understand how you use and interact with our online services and emails
- Tailor our online services to your preferences
- Measure how useful and effective our services and communications are to you
- Otherwise manage and enhance our products and services
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. At this time PayPal Sites are not designed to respond to DNT signals or similar mechanisms from browsers.
Please review PayPal Statement on Cookies and Tracking Technologies to learn more about the use of Cookies.
9. Your Data Protection Rights.
Under applicable data protection law, you have certain rights to control our collection and use of your Personal Data. Your rights include:
Access, rectification, deletion, objection, portability, and restriction of your information
- We recognize the importance of your ability to control use of your Personal Data and provide several ways for you to exercise your rights to access (right to know), rectification (correction or update), deletion (erasure), objection, portability (transferring), and to restrict process in whole or in part.
- If you are a donor and have a PayPal account, you can exercise your data protection rights by accessing “Data and Privacy” from Account Settings in the PayPal app. Even if you do not have a PayPal account, you can submit a request for access, modification, correction, or deletion of your information by contacting us. You can submit a request related to someone else’s information, if you are their authorized agent, by contacting us. Please note that we may require you to provide additional information for verification.
- If you are an individual associated with a Participating Charity, you may exercise your data protection rights by contacting us.
Consent
- Generally, if we use your Personal Data with your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on a lawful processing ground other than consent.
Right to object to Direct Marketing
- If we use your Personal Data for direct marketing, you can always modify your permissions, object and opt out of future direct marketing messages using the unsubscribe link in electronic communications or through your account settings.
Right to object to Legitimate Interest processing
If we use your Personal Data to pursue our legitimate interests or those of a third-party, you have the right to object to our use for that purpose. See Section 4 (“What Personal Data Is Used and for which Legal Basis?”)
How do you exercise your rights and how can you contact us or the data protection authority?
- If you are unhappy with our processing of your Personal Data for any reason, you have the right to lodge a complaint with the supervisory authority for data protection in your country, which in the UK is the Information Commissioner’s Office: website - https://ico.org.uk/; address - Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
- Our Data Protection Officer can be contacted online or by post at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
- You may also seek a remedy through local courts if you believe your rights have been breached.
10. How Do We Protect Your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorised access, disclosure, and alteration.
The security measures include firewalls, data encryption, physical access controls to our buildings and files, and information access authorisation controls.
While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of any password(s) and account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current.
11. Can Children Use Our Services?
We do not knowingly collect information, including Personal Data, from children under the age of 16 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal Data from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data.
Please contact us if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.
12. Updates to this Privacy Statement.
We revise this Privacy Statement from time to time to reflect changes to our operations, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the Policies page of our website, otherwise the revised Privacy Statement will be effective as of the published effective date.
13. Definitions.
- PayPal means PayPal, Inc., PayPal UK Ltd., PayPal (Europe) S.a.r.l. et Cie, S.C.A., and also includes Braintree.
- PayPal Companies means companies or separate brands, affiliates or subsidiaries of PayPal who process Personal Data in accordance with their terms of service and privacy statements. PayPal Companies include PayPal Charitable Giving Fund, a parent company of PayPal Giving Fund UK, and its subsidiaries.
- PayPal Giving Fund, “we”, “our” or “us” means PayPal Giving Fund UK.
- Participating Charities means charities registered to the Charity Commission for England and Wales and includes charities enrolled with PayPal Giving Fund UK and charities that have not enrolled with the PayPal Giving Fund UK.
- Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person. “Personal Data” can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s license number, national ID, passport number).
- Processing means any method or way that we handle Personal Data or sets of Personal Data, whether by automated means, such as by collection, recording, categorization, structuring, storage, adaptation or alteration, retrieval, and consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
- You in this statement means a Participating Charity or a donor.
14. Our Contact Information.
You may contact us if you have general questions or concerns about this Privacy Statement or the way in which we handle your Personal Data. Please click here to contact us about your privacy concerns.
You may also write to us at 5 Fleet Place, London, United Kingdom, EC4M 7RD.
Contact our Data Protection Officer (DPO) Online or offline at PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.