PAYPAL ZETTLE TERMS AND CONDITIONS
Effective as of June 30, 2021
These PayPal Zettle Terms and Conditions, including the terms, policies, guidelines, and instructions referred to herein (“Terms”), comprise an agreement between PayPal Inc. (“PayPal”, “we”, “our”, or “us”) and you, the company, or other business entity (“Merchant”, “you”, or “your”), and govern your access to and use of the PayPal Zettle payment processing services (the “PayPal Zettle Services”).
By signing up for and using the PayPal Zettle Services, you accept and agree to comply with these Terms. If you do not agree to these Terms, you are not permitted to access or use the PayPal Zettle Services.
These Terms, along with the PayPal User Agreement and any other agreement you have entered into with PayPal (collectively "PayPal Agreements"), apply to your use of the PayPal Zettle Services, and the PayPal User Agreement shall be deemed an integral part of these Terms. The PayPal services, as described in the PayPal User Agreement, include the PayPal Zettle Services, except that any pricing generally applicable to those services shall not apply to the PayPal Zettle Services unless expressly agreed to by PayPal. In the event of any inconsistency between the terms of the PayPal User Agreement, or other agreement you have entered into with PayPal, and these Terms, these Terms shall prevail on the subject matter of these Terms.
Defined terms used in these Terms will have the same meaning as those used in the PayPal User Agreement, unless otherwise defined herein.
We facilitate the processing of payment transactions and, in order for us to do this, we have partnered with acquiring banks (“Acquirers”).
In addition to these Terms and any applicable laws, rules, or regulations, the PayPal Zettle Services are also governed by the requirements and guidelines established by our Acquirers as well as the requirements and guidelines (together, the “Card Scheme Rules”) established by Visa, MasterCard, American Express, and other applicable card schemes (together, the “Card Schemes”).
For the purposes of these Terms, “business PayPal account” shall have the same meaning as set forth in the PayPal User Agreement. Any terms and conditions in the PayPal User Agreement that pertain to a PayPal business account shall also be deemed to extend to your PayPal Zettle Account (as defined below), unless otherwise set forth herein.
PART 1 – ACCESS TO AND USE OF THE PAYPAL ZETTLE SERVICES
In addition to opening and maintaining a business PayPal account, you must accept these Terms and open a specific PayPal Zettle account (“PayPal Zettle Account”) in order to access the PayPal Zettle Services. The PayPal Zettle Services are only available to businesses selling goods and services; it is not available for personal, family, or household purposes. You may create only one PayPal Zettle Account, unless we approve the creation of additional PayPal Zettle Accounts.
You warrant to us that: a) you are either a legal resident or citizen of the United States or a company or other business entity duly authorized to conduct business in said country, b) you will use the PayPal Zettle Services solely for the selling of goods and services for trade, business, or professional purposes in such country, c) you will not directly or indirectly use the PayPal Zettle Services in or into any other country outside the United States unless otherwise agreed with us, and d) you, as a natural person, are at least 18 years old and have full legal capacity to accept and perform under these Terms and use of the PayPal Zettle Services in the manner prescribed by us. If you sign up on behalf of a company or under a business name, you represent that you are a legal representative of the business, and that you are authorized to provide any information about the business and accept these Terms on its behalf. If you sign up as a sole proprietor, you represent that you are not acting on behalf of, or for the benefit of, anyone else.
Through your PayPal Zettle Account settings, you may create sub-accounts and authorize your employees and other eligible representatives (each, an “Authorized User”) to use such sub-accounts to use the PayPal Zettle Services on your behalf for your business. You must register each Authorized User with us and create a username and password for each Authorized User to be able to use the PayPal Zettle Services. We reserve the right to limit the number of Authorized Users you may have or refuse the registration of an Authorized User. Your Authorized Users will have the ability to perform those limited actions that you select in your PayPal Zettle Account settings.
It is your responsibility to ensure that your Authorized Users comply with these Terms when using the PayPal Zettle Services. We reserve the right to deny any Authorized User access to the PayPal Zettle Services at any time. In addition to the terms set out in the PayPal User Agreement, you agree that you are at all times liable for the actions or omissions of your Authorized Users and that you will indemnify and hold us harmless from any actions or omissions of your Authorized Users in connection with their use or misuse of the PayPal Zettle Services.
- Our role
The PayPal Zettle Services will enable you to accept and process payments from your customers (a) by Card (as defined below) or by using their smartphone, tablet, or other compatible mobile device which enables them to make contactless smartphone/device transactions through the use of the App installed on your smartphone, tablet, or other compatible mobile device connected to your Reader (as defined below), and (b) by redeeming gift cards issued by you using our gift card service (the “PayPal Zettle Gift Card Service”).
In providing the PayPal Zettle Services, we will facilitate the processing of payment transactions carried out through the use of the PayPal Zettle Services on your behalf, credit the funds received by us from such transactions on your PayPal Zettle Account, and settle such funds (less our Fees, Chargebacks, reversals, claims, and other funds owed to us or another company within the PayPal Group) to your business PayPal account in accordance with these Terms.
You authorize and instruct us to receive, hold, and disburse funds in accordance with these Terms on your behalf. This authorization and instruction will remain in full force and effect until your PayPal Zettle Account is closed or terminated.
- PayPal is Your Agent for Receiving Payment
You represent and warrant to us that each transaction that you process using the PayPal Zettle Services is solely in payment for your provision of bona fide goods and/or services to your customers (each, a “Payor”). To the extent any transaction funds are received by us from your Payors, you hereby designate us, and we hereby agree to serve, as your limited agent for the sole purpose of receiving such payments on your behalf from your Payors. You agree that upon us receiving payment from a Payor: (a) you shall be deemed to have received payment from such Payor, (b) such Payor’s obligation to you in connection with such payment shall be satisfied in full, (c) any claim you have for such payment against such Payor shall be extinguished, and (d) you are obligated to deliver the applicable goods and/or services to the Payor, in each case regardless of whether or when we remit the transaction funds to you. We will remit to you in accordance with these Terms, or apply as an offset to any obligation you may have to us, any payments we receive on your behalf. You shall identify to your Payors that PayPal is acting as your agent for purposes of receiving payment on your behalf. Any receipt provided to the Payor shall be binding on you and shall satisfy all applicable regulatory requirements. This section 3 states the entirety of PayPal’s duties as your agent for receipt of payments, and no other duties shall be implied by PayPal’s undertaking to act in that capacity.
- Card Scheme Rules
We may revise these Terms from time to time. The revised version will be effective at the time we post it unless otherwise noted. If our changes reduce your rights or increase your responsibilities, we will post a notice on the Policy updates page of our website and provide you with the same length of advance notice as set forth in the PayPal User Agreement. By continuing to use the PayPal Zettle Services after any changes to these Terms, you agree to abide and be bound by those changes. If you do not agree with any changes to these Terms, you may terminate your use of the PayPal Zettle Services before such changes become effective and/or close your PayPal Zettle account.
- PayPal Zettle App and PayPal Zettle Reader
Any compatible card reader device (“Reader”) purchase will be subject to our separate delivery terms. You must download and use the most recent version of the Zettle app (the “App”) that is available, including downloading and installing any updates that become available from time to time.
You are responsible to contact us if you suspect that your Reader has been tampered with or stolen.
- Restrictions and limitations
In addition to any other obligations, requirements, restrictions, or limitations set out in these Terms, you agree that you will not: a) apply a price threshold for accepting a Card, b) apply a higher price or additional fees for the use of a Card in connection with a transaction, unless permitted to do so under any laws, rules, and regulations of your specific jurisdiction, c) carry out transactions in territories other than the United States and in currencies other than USD, d) discriminate between Cards for any reason, unless permitted to do so under any laws, rules, and regulations of your specific jurisdiction, e) submit any transaction for processing that does not arise from your sale of products or services to your customer (i.e., you may not submit any transaction for processing originating from sales or activities offered by other parties), f) submit for processing any transaction representing the refinancing of an existing obligation of a customer, g) require any customer to waive his/her right to dispute a transaction, h) require any customer to disclose his/her PIN at any point during a Card transaction, i) print data referencing any customer's PIN on any receipt where a customer uses a chip and PIN Card, or j) process one purchase of goods and/or services as several payment transactions unless otherwise authorized by us.
You may not use the PayPal Zettle Services provided to you to carry out Card transactions with your own Cards or any Cards that are issued in your name.
Unless otherwise authorized by us, you may not in any way refer to us, our Acquirers, or the Card Schemes as having endorsed your products and/or services.
The use of the PayPal Zettle Services is subject to certain limits relating to daily Card transaction volume as further specified on our website.
- Accepted Cards
The PayPal Zettle Services can be used to accept card transactions with most credit, debit, and other payment cards (each a “Card”) bearing the trademark of the Card Schemes as further specified on our website. We may remove or add Cards we accept at any time without prior notice to you. We will only process Card transactions that have been authorized by the applicable Card Scheme or Card issuer.
You agree that you are solely responsible for verifying the identity of your customers and the eligibility of each presented Card used to purchase your products and services and for all reversed or charged back transactions, regardless of the reason for, or timing of, the reversal or chargeback as further described herein.
You will undertake to inform your customers of the possibility to pay by Card by displaying signage for all Card options provided by us as possible payment methods in your physical store.
For the use of the PayPal Zettle Services you agree to pay the fees (“Fees”), assessed and calculated by us, as set out on the Fees page.
We reserve the right to amend our fees at any time in accordance with the PayPal User Agreement. Fees will be assessed at the time a transaction is processed and will be deducted from the funds received by us and credited to your business PayPal account.
- Processing payment transactions
You must comply with any and all instructions provided by us to you regarding the acceptance and authorization of payment transactions. You undertake to ensure that all your employees and other eligible representatives who handle payment transactions on your behalf are informed of the content of these Terms in advance.
You must provide customers with a receipt if they request one. Customers may receive an electronic receipt via email or SMS, rather than a paper receipt. You are solely responsible for ensuring that each of your Payors has agreed to be contacted by email or text message, as applicable, and to inform them that you will use the App to send them a receipt via email or text message. By using the PayPal Zettle Services, you represent that the emails or phone numbers you use to contact your Payors are provided to you by each Payor, and that your use of the PayPal Zettle Services to contact your Payors complies with applicable laws and regulations. You understand that you may not use the PayPal Zettle Services to send marketing messages for your business.
An authorized payment transaction may not be withdrawn by you or your customer after the end of the day on which your customer authorized the transaction.
We reserve the right not to authorize or process any payment transaction that you submit through the PayPal Zettle Services that we believe may be in violation of the Terms, the PayPal User Agreement, or any applicable laws, rules or regulations or may expose you or us to harm, including but not limited to fraud or other criminal acts. You authorize us to share information with law enforcement about you, your transactions, or your use of the PayPal Zettle Services if we reasonably suspect that these have been used for unauthorized, illegal, or criminal purposes.
In addition to your obligations set out in the PayPal User Agreement, you authorize and instruct our Acquirers and us to, from time to time, retrieve information about you from, and provide information about you to, third parties, including credit reporting agencies or bureaus and other information providers, and you authorize and instruct such third parties to compile and provide such information to us.
- Processing Card transactions
If a customer’s Card includes an electronic chip, you must always prioritize obtaining chip and PIN authorization before obtaining a signature. You must always prioritize to process a transaction by inserting the Card into the Reader and obtain the customer’s PIN or the customer’s signature when your customer’s Card is present.
You may not process a contactless transaction with a value exceeding the prevailing amount limit for that transaction set by an Acquirer, a Card Scheme, and/or us from time to time, as set out on herein.
You must submit all requests for refunds for returns of your products and services through the PayPal Zettle Services in accordance with these Terms and the applicable Card Scheme Rules. All refunds related to Card transactions must be made to the customer’s Card. You undertake to: a) maintain a fair return and cancelation policy, b) disclose your return or cancelation policy to customers at the time of purchase, c) not give cash refunds to a customer in connection with a Card transaction, unless required by law, and d) not accept cash or any other item of value for preparing a Card transaction refund.
Full refunds must be for the exact amount of the original transaction including tax and handling charges. The refund amount may not exceed the original sale amount except by an amount equal to any reimbursements to the customer for postage costs incurred for product returns. Refunds processed through the PayPal Zettle Services must be submitted within 30 days of the original transaction. For approved refunds, we will deduct the refund amount (including any applicable fees) from funds owed to you from the processing of other transactions. If these funds are not sufficient, you agree to pay all funds owed to us immediately on demand. You are solely responsible for accepting and processing returns of your products or services.
Any amount attributable to a payment transaction may be reversed or charged back to your PayPal Zettle Account (a “Chargeback”) if the transaction: a) is disputed in any way, b) is reversed for any reason by the Card Scheme, our Acquirers, the cardholder or the Card issuer, c) was not authorized or we have reason to believe that it was not authorized, and/or d) is alleged to be illegal, suspicious or in violation of these Terms.
For any payment transaction we determine may result in a Chargeback, we have the right to withhold the potential amount of the Chargeback in a reserve. We may recover the amount of any Chargeback and any associated fees, fines, and/or penalties assessed by the Card Schemes or our Acquirers from funds credited to your business PayPal account or any other funds due to you under these Terms. If we believe that a Chargeback is likely with respect to any payment transaction, we may withhold the amount of the potential Chargeback from payments due to you under these Terms until such time that: a) a Chargeback is assessed due to a customer’s complaint, in which case we will retain the funds, b) the period of time under applicable law or regulation by which the customer may dispute the transaction has expired, or c) we determine that a Chargeback on the transaction will not occur. If we are unable to recover funds related to a Chargeback for which you are liable, you will pay us the full amount of the Chargeback immediately on demand. You agree to pay all costs and expenses, including without limitation attorneys’ fees and other legal expenses, incurred by or on behalf of us in connection with the collection of all balances unpaid by you.
If we determine that you are incurring an excessive number of Chargebacks or that Chargebacks related to you are too frequent, we may establish controls or conditions governing your PayPal Zettle Account, including without limitation: a) creating a reserve in an amount reasonably determined by us to cover anticipated Chargebacks and related fees, penalties, or fines, b) suspending your access to and use of the PayPal Zettle Services, and/or c) terminating and closing your PayPal Zettle Account and your business PayPal account.
You agree to assist us when requested, at your expense, to investigate any transaction processed through the PayPal Zettle Services. You further agree that we may share information about a Chargeback with your customer, the customer’s financial institution, and your financial institution in order to investigate and/or mediate a Chargeback. You acknowledge that your failure to assist us in a timely manner when investigating a transaction, including providing necessary information and documentation within ten days of our request, may result in an irreversible Chargeback. We reserve the right, upon notice to you, to charge a fee for mediating and/or investigating Chargeback disputes.
- Your privacy and security
The PayPal Privacy Statement applies to your use of the PayPal Zettle Services. Likewise, information you receive from us about your customers must be kept confidential, stored securely, and only used for the purpose of the PayPal Zettle Services, in accordance with these Terms and as agreed to in the PayPal Privacy Statement.
You acknowledge that we are required to report your business name and the name of your beneficial owners and/or principals to the MATCH listing maintained by MasterCard and accessed and updated by American Express, the VMAS database upheld by Visa, if applicable, pursuant to the requirements of the Card Scheme Rules. You acknowledge that we must fulfil the obligations related to such listing and reporting, and you waive and agree to hold us harmless from all claims and liabilities you may have as a result of such listing and reporting.
We are responsible for protecting the security of Card information in our possession. We have implemented administrative, technical, and organizational procedures to protect Card information that is stored in our servers from unauthorized access and accidental loss, modification, or disclosure.
You are fully responsible for the security of data in your possession or control as a result of using the PayPal Zettle Services. You shall comply with all applicable laws pertaining to the privacy, secrecy, confidentiality, collection, usage, sharing, security, protection, disposal, or international transfer, of any personal, financial, Card, or transaction information (“Data”), including laws applicable to direct marketing, telemarketing, and unsolicited e-mails or text messages.
You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI DSS) and the Payment Application Data Security Standards (PA DSS), as applicable, and refrain from any actions which may lead to us to fail to comply with such standards.
If we believe that a security breach or compromise of Data has occurred, we may require you to have a third-party auditor approved by us conduct a security audit of your systems and facilities.
You and we agree to comply with the Data Protection Schedule attached hereto as Schedule 1 (the “Data Protection Schedule”), which forms part of this Agreement. The terms of the Data Protection Schedule shall prevail over any conflicting terms in this Agreement relating to data protection and privacy.
- Your additional warranties
You warrant to us that: a) the name identified by you when you registered is your name or business name under which you sell products and/or services, b) you and your use of the PayPal Zettle Services will comply with all laws, rules, and regulations applicable to your business, c) you will fulfil all of your obligations to each customer on behalf of whom you submit a payment transaction and will resolve any customer dispute or complaint directly with the customer, and d) except in the ordinary course of business, no payment transaction submitted by you through the PayPal Zettle Services will represent a sale to any principal, partner, proprietor, or owner of your business.
- Partner applications
Through your PayPal Zettle Account settings, you may give, remove and manage authorizations for certain third-party service providers (”Partners”) to take certain actions on your behalf by connecting to your PayPal Zettle Account, such as to access and retrieve your PayPal Zettle Account data. By authorizing a third-party software application (a “Partner App”) to connect to your PayPal Zettle Account you are authorizing and instructing us to permit the Partner App to take such actions as are permitted by your authorizations. A Partner App, once authorized, will continue to have access to your PayPal Zettle Account and be authorized to take such actions as are permitted by your authorizations until you actively withdraw your authorization by changing the settings in your PayPal Zettle Account. You acknowledge that the access to your PayPal Zettle Account data by a Partner and the use of any service of a Partner is governed solely by the terms and conditions and policies of such Partner. You are solely responsible for your access to and use of Partner Apps and you are therefore advised to carefully read any terms and conditions and policies concerning your access to and use of Partner Apps.
- Your additional liability and indemnification
Notwithstanding the above or any other provision of these Terms and in addition to what is set out in the PayPal User Agreement, you agree to defend, indemnify, and hold us, our Acquirers, the Card Schemes, and each of our respective directors, agents, affiliates, and representatives harmless from and against any claim (including all third-party claims), cost, suit, demand, loss, liability, damage, action, proceeding judgment, penalty, interest, and expense (including without limitation reasonable attorneys’ fees) arising out of or relating to: a) any actual or alleged breach by you of any provision of these Terms, the Card Scheme Rules, and/or applicable law, and b) any payment transaction submitted by you through the PayPal Zettle Services.
- Our liability
We are liable to ensure that funds credited to your PayPal Zettle Account are paid out to your business PayPal account, provided that we have received such funds from the relevant Card Scheme, Acquirer, or third-party financial institution.
If an authorized payment transaction is not executed properly or not executed at all, we will, upon your request, use reasonable endeavors to trace the transaction and attempt to rectify any errors that you or we discover and notify you of the result. We will only attempt to correct transactions that you process incorrectly if you notify us of such error without undue delay and no later than 60 days of when the error first appeared on your electronic transaction history.
In addition to what is stated in the PayPal User Agreement, we may terminate these Terms or your use of all or part of the PayPal Zettle Services, or suspend or close your PayPal Zettle Account and business PayPal account, without prior notice to you: a) upon request of a Card Scheme or an Acquirer, b) if our agreement with an Acquirer or Card Scheme expires or terminates for any reason, c) if we are de-registered as a payment facilitator by a Card Scheme or an Acquirer, d) if, in our reasonable opinion, your activities or actions are damaging or may damage our image or reputation or the image or reputation of a Card Scheme or an Acquirer, e) if you have signed up for the PayPal Zettle Services as a company or other business entity and there is a change of control of such company or other business entity, f) if owners or other persons associated with you appear on European or American sanction lists (such as OFAC’s SDN list and the EU’s list of economic sanctions or list of terrorists), g) if we determine that your use of the PayPal Zettle Services carries an unacceptable amount of risk, including credit or fraud risk, or h) if your business PayPal account is closed down, either by us or by you.
- Specific terms relating to the PayPal Zettle Gift Card Service
The PayPal Zettle Gift Card Service provides you a platform where you can offer your customers gift cards to use in your physical store for your products and services and manage and administer the sale of gift cards. The PayPal Zettle Gift Card Service is integrated into your PayPal Zettle Account and enables you to sell, track, and redeem gift cards in your physical store. The PayPal Zettle Gift Card Service does not include the supply of physical cards or other value certificates.
You agree you are solely responsible for issuance and management of your gift cards. We assume no liability to verify or otherwise control gift cards issued by you to customers, and you are solely responsible for providing accurate descriptions, information, and content relating to gift cards issued by you under the PayPal Zettle Gift Card Service.
Gift cards issued by you must only be redeemable at your store(s) for goods and/or services provided by you at your premise(s).
Gift cards you sell to your customers shall only be redeemable for your goods and services. You agree to pay PayPal the fees on each gift card you issue as well as all other fees under these Terms. PayPal does not assess a fee to redeem a gift card for customer purchases from you, and you shall not assess or impose on your customers any fees or charges on the issuance, maintenance, or redemption of gift cards. You may not issue a gift card with a value less than $1 or in a value in excess of $100 or add value to a previously issued gift card so that the total funds loaded on a gift card in any single day exceed $100. Further, you may not issue more than $10,000 in gift cards to any single person in any one day. You may not impose an expiration date on gift cards and any unused balance of a gift card must remain available to the holder of the gift card until fully redeemed, even if your PayPal Zettle Account is closed, suspended, or terminated.
You may not provide a cash refund on gift cards except to the extent required by law. You may not redeem a previously issued gift card with another gift card. If a purchase exceeds the holder’s gift card balance, the holder must pay the remaining amount with another payment method. You agree any liability for the use or misuse of your gift cards, and any third-party claims arising from or relating to your gift cards, are your sole responsibility.
You may only accept payment of gift cards through such payment methods offered by us from time to time in your jurisdiction, such as Card payments or cash.
You are responsible for providing information to your customers about the terms in these Terms applying to issued gift cards, for example that you may not provide a cash refund, that amount thresholds apply and that there are only certain payment methods that are accepted.
You are solely responsible for compliance with laws and regulations that apply to your gift cards, including but not limited to notice and disclosure requirements, expiration dates and fees, refunds, unclaimed property or escheat requirements, including to tracking, reporting, and remittance of unclaimed property balances in all states, and customer service for customers and gift card holders. You are also responsible for providing customer services for buyers and holders of gift cards.
DATA PROTECTION SCHEDULE
This Data Protection Schedule applies to your use of the PayPal Zettle Services.
Capitalized terms used but not defined in this Schedule shall have the meaning set out in the Terms.
The following terms have the following meanings when used in this Schedule:
“Controller” means an entity that determines the purposes and means of the processing of Personal Data, or, if such term (or terms addressing similar data protection and privacy roles) is defined in Data Protection Law, “Controller” shall have the meaning as defined in the applicable Data Protection Law including a “Business” as defined in the CCPA.
"Customer" means your customers who use the PayPal Zettle Services and, for the purposes of this Schedule, are data subjects.
"Customer Data" means the Personal Data that the Customer provides to you and you pass on to PayPal through the use by you of the PayPal Zettle Services, excluding any Receipts Data.
"Data Protection Laws" means any applicable data protection laws, regulations, directives, and regulatory requirements applicable to our provision of the PayPal Zettle Services, including any amendments thereto and any associated regulations or instruments (e.g., the the California Consumer Privacy Act 2018, Cal. Civ. Code § 1798.100 et seq (“CCPA”), the General Data Protection Regulation (EU) 2016/679 (GDPR), the Australian Privacy Act 1988 (Cth) the Personal Information Protection and Electronic Documents Act (Canada), the Personal Data (Privacy) Ordinance (Cap.486) (Hong Kong), the Brazilian General Data Protection Law, Federal Law no. 13,709/2018 and the Personal Data Protection Act 2012 (Singapore))..
"Personal Data" means any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Process", "Processes", and "Processed" means any operation or set of operations performed upon Personal Data, including collection, recording, retention, sharing, organization, storage, access, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, blocking, deleting, erasure, or destruction.
PayPal as a Controller
PayPal shall comply with the requirements of the Data Protection Laws applicable to Controllers in respect of the Processing of Customer Data under this Schedule (including without limitation, by implementing and maintaining at all times all appropriate security measures in relation to the Processing of Customer Data) and shall not knowingly do anything or permit anything to be done with respect to the Customer Data that likely would lead to a breach by Merchant of the Data Protection Laws. PayPal shall only transfer Customer Data to third parties, sub-processors or members of the PayPal Group Entity who shall sign written agreements which contain terms for the protection of Customer Data, which are no less protective than the terms set out in this Schedule.
The parties acknowledge and agree that Merchant and PayPal are each independent Controllers in respect of all Customer Data Processed in connection with the PayPal Zettle Services. As such, PayPal independently determines the purpose and the means of the Processing of such Customer Data and is not a joint Controller with Merchant with respect to such Customer Data.
The parties acknowledge and agree that PayPal is permitted to use, reproduce and Process Customer Data and payment transaction data for the following limited purposes:
- as reasonably necessary to provide and improve the PayPal Zettle Services to you and your Customers, including in connection with PayPal’s fraud protection tools;
- to monitor, prevent, and detect fraudulent payment transactions, and to prevent harm to you, PayPal, and to third parties;
- to comply with legal or regulatory obligations applicable to the Processing and retention of payment data to which PayPal is subject, including applicable anti-money laundering and identity verification obligations;
- to analyze, develop and improve PayPal’s products and services;
- internal usage, including but not limited to, data analytics and metrics;
- to compile and disclose Customer Data and payment transaction data in the aggregate where your individual or customer Personal Data is not identifiable, including calculating your averages by region or industry;
- to comply with applicable legal requirements and assisting law enforcement agencies by responding to requests for the disclosure of information in accordance with laws; and
- any other purpose that PayPal notifies you of and in accordance with the Data Protection Laws.
Merchant Notice to Customers
The parties agree to co-operate with each other to the extent reasonably necessary to enable the other party to adequately discharge their responsibility as an independent Controller under Data Protection Laws. The parties agree that to the extent Merchant receives a subject access request or any exercise by a Customer of its rights under Data Protection Laws, Merchant shall respond to such Customer’s access request directly. Merchant also shall inform the Customer that they may exercise their data subject rights in connection with the PayPal Zettle Services with PayPal according to the instructions described in the Privacy Statement available at www.paypal.com. In addition, if in connection with any security incident, PayPal determines in its sole decision that it must notify affected Customers and PayPal does not have the necessary contact information about an affected Customer to make such communication, then Merchant shall use commercially reasonable efforts to provide PayPal with information about Customer that Merchant may possess for the limited purpose of PayPal’s compliance with applicable notification obligations regarding affected Customers under Data Protection Laws.
Cross Border Data Transfers
The parties agree that PayPal may transfer Customer Data Processed under this Schedule outside the country where it was collected as necessary to provide the PayPal Zettle Services. If PayPal transfers Customer Data protected under this Schedule to a jurisdiction for which the applicable regulatory authority for the country in which the data was collected has not issued an adequacy decision, PayPal will ensure that appropriate safeguards have been implemented for the transfer of Customer Data in accordance with applicable Data Protection Laws. For example, and for purposes of compliance with the GDPR, we rely on Binding Corporate Rules approved by competent supervisory authorities and other data transfer mechanisms for transfers of Customer Data within the PayPal Group.
With respect to your data transfers to PayPal of your Customers located in the European Union, Switzerland, the Europeans Economic Area, and/or their member states and the United Kingdom at the time of the transaction, we each agree that (i) your signing of the Agreement will be deemed to be signature and acceptance of the Controller to Controller Standard Contractual Clauses approved by EC Commission Decision of 27 December 2004 (C(2004)5721) (“C2C Transfer Clauses”) by Merchant, as the data exporter and (ii) PayPal’s signature of this Agreement will be deemed to be signature and acceptance of the C2C Transfer Clauses by PayPal, as the data importer. In the event the European Commission revises and thereafter publishes new C2C Transfer Clauses or as otherwise required or implemented by the European Commission, the Parties agree that such new C2C Transfer Clauses will supersede the present C2C Transfer Clauses. The C2C Transfer Clauses will be incorporated into the Agreement by reference and will be considered duly executed between the parties upon entering into force of this Agreement subject to the following details:
- PayPal agrees it will process the Customer Data in accordance with Set II, clauses II(h)(iii) of the C2C Transfer Clauses and by signing the Agreement it will be deemed to duly initial and accept such clause II(h)(iii); and
- The parties agree that the details required under the C2C transfer Clauses Annex B are as set forth on Attachment 1.
C2C Transfer Clauses Annex B
The Personal Data transferred concern the following categories of data subjects:
The data exporter and its Customers.
Purposes of the transfer(s)
The transfer is made for the following purposes:
Performance of the services provided by data importer to data exporter in accordance with the Agreement.
Categories of data
The Personal data transferred may include the following categories of data:
Customer name, amount to be charged, date/time, bank account details, payment card details, CVC code, post code, country code, address, email address, fax, phone, website, expiry data, shipping details, tax status, unique customer identifier, IP Address, location, and any other data received by PayPal under the Agreement.
The personal data transferred may be disclosed only to the following recipients:
The importer’s service providers, affiliates, and personnel performing services in accordance with the Agreement.
Sensitive data (if appropriate)
The personal data transferred concern the following categories of sensitive data:
Not applicable, unless Merchant configures the service to capture such data.
Data protection registration information of data exporter (where applicable)
Additional useful information (storage limits and other relevant information)
As set forth in the Agreement.
Contact points for data protection enquiries
Data importer: Contact points for Data importer can be found in the Agreement.
Data exporter: Contact points for Data importer can be found in the Agreement.