Legal

Checkout.com Privacy Notice

Introduction

This notice was last updated on 03 November 2024.

Checkout provides services which help businesses thrive in the digital economy. These services include payment processing and optimization, tools to manage and reduce fraud, and identity verification solutions. This notice is designed to provide you with clear information about how we use personal data when we provide our services, so that you can continue to trust Checkout to handle your data fairly, lawfully, and securely. We want to make sure you understand what personal data we may collect about you when you interact with us, how we use your personal data, and how we keep it safe. Personal data means data from which you can be identified either directly (e.g. via your name) or indirectly (e.g. via your IP address). 

If you have any questions about how we use your personal data, you can get in touch by one of the methods set out in the Contact us section.

This is a global notice that applies to the activities of The Checkout.com group, which includes Checkout Ltd and all affiliated companies (“Checkout”, “we”, “our”, or “us”). The Checkout entity which is the data controller and therefore primarily responsible for your personal data will depend on which Checkout entity has provided you with our services in your jurisdiction. You can find details of the relevant Checkout entities here.

You can scroll down to read the entire notice, or you can jump to the section you are interested in by clicking on one of the headings below:

Link

What personal data do we collect?

The personal data we collect, and the ways in which we process it depend on your relationship with us. This notice relates to the information we process about you if you are:


A Merchant Representative: you represent the businesses and prospective businesses that we support.	A Merchant Customer: you are an individual customer who purchases goods and services from our Merchants, applies for a card issued by Checkout, or uses our verification services	A Website User: you are a visitor to our website, including utilising our sandbox environment

This notice applies where Checkout act as a data controller, but we may sometimes operate as a data processor for Merchant Customer data where we carry out instructions and process data on a Merchant’s behalf. In these instances, you should refer to the privacy notice of the Merchant for details regarding how they process your information.

‍

Merchant Representatives:

Data we collect

Where we collect it

Contact information: your name, job title, email address, phone number, personal or business postal address

Where you provide it to us by enquiring about, or registering for, our services

From certain trusted third parties, for example those with whom you may have shared your data, and companies which aggregate business contact information

From publicly available sources, for example Companies House in the UK

Verification information: proof of address, copy of a personal identification card or passport, financial information and other information as required to validate your identity and background

Where you provide it to us directly in the course of registering a Merchant for our services

From certain trusted third parties, for example those with whom you may have shared your data, including companies which provide information on company directors and shareholding

‍

Merchant Customers:

Data we collect	Where we collect it
Contact information: your name, email address, phone number, personal or business postal address	Where you make a purchase through a Merchant that uses Checkout to process payments, utilize a physical or virtual card issued by Checkout, or use our services (including Remember Me (as described in section 2 of this notice) or verification services).
Cardholder information: your payment card details and billing address	Where you make a purchase through a Merchant that uses Checkout to process payments, utilize a physical or virtual card issued by Checkout or use our services (including Remember Me, as described in section 2 of this notice).
Transaction information: information relating to a purchase, including currency, amount, and the identity of the Merchant	Where you make a purchase through a Merchant that uses Checkout to process payments or utilize a physical or virtual card issued by Checkout
Technical information: your IP address,device information (including the type of browser and operating system and version you use, unique device identifier, and mobile network information), and where you use one of our services online (such as Remember Me) your activity when using the service including information on when, where and how you used the relevant service.	Where you make a purchase through a Merchant that uses Checkout to process payments, or use our services (including Remember Me (as described in section 2 of this notice) or verification services). We may also use cookies, server logs and other technologies, such as web beacons, to collect this information (e.g. when you are logged into your Remember Me account). Please refer to our Cookies Notice for further information about how we use cookies and similar technologies.
Verification information: proof of address, copy of a personal identification card or passport and other information as required to validate your identity	Where you apply for a physical or virtual card issued by Checkout or use our verification services
Audio visual and biometric information: any videos, images, copies of relevant identity documents, and biometric data derived from images of you (for example, an image of your face from a face scan)	Where you upload this information while validating your identity using Checkout’s identity verification services

Please note that where you are a Merchant Customer you should also consult the privacy notice of the Merchant from whom you are making a purchase to understand how they may process and share your personal data.

‍

Website Users:

Data we collect

Where we collect it

Technical information: IP address and device information (including the type of browser and operating system and version you use, unique device identifier and mobile network information) and your activity when using this website including information on your access times to this website (for example time zone settings and location), pages viewed, URLs clicked on and the pages you visited before and after navigating to this website

We use cookies, server logs and other technologies, such as web beacons, to collect this information. Please refer to our Cookies Notice for further information about how we use cookies and similar technologies.

Contact information: your name, email address, phone number, personal or business postal address

Where you provide it to us directly by using an enquiry or event sign up form on our website

‍

The purposes for which we process personal data and our lawful basis for doing so

‍

Merchant Representatives

Purposes for which we process data	Our lawful basis
We use your contact information to facilitate and enable our relationship with you as a prospective, new or existing merchant We use your contact information to send you marketing communications via email or text about relevant products and services	We process this information based on our legitimate interest in contacting you to in the course of offering or providing relevant products and services to you Where required by law we rely on your consent in order to send you direct marketing
We use your verification information, in order to validate your identity, fulfil our regulatory obligations, and conduct due diligence in the form of Know Your Customer (“KYC”) or Know Your Business (“KYB”) checks	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact information and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services

‍

Merchant Customers

Purposes for which we process data	Our lawful basis
We use your contact, cardholder, transaction, technical and verification information to process payments and otherwise provide our services to you	We process this information where it is in our legitimate interests to do so to securely and effectively deliver our services (For individuals in Canada, we process this information based on implied consent reasonably inferred from your use of our services via the services provided by the Merchant from whom you are making a purchase)
We use your contact, cardholder and technical information to provide you with our Remember Me service, which includes allowing you to make payments to Merchants for goods or services that you are purchasing, permitting you to manage your Remember Me account through our portal (including to reset your password) and to provide you essential services messages relating to this service.	Necessary for the performance of a contract. This contract consists of the terms and conditions that you agree to when you create your Remember Me account.
We use your contact, cardholder, transaction, technical and verification information to detect and prevent fraudulent activity, financial crime and any other illegal or unauthorized use of Checkout services	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact, cardholder, transaction, technical and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We use your contact, and audio visual and biometric information to validate your identity (when using Checkout’s Identity Verification Services)	Necessary for the performance of a contract We only process biometric information with your explicit consent
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services (For individuals in Canada, we process this information based on implied consent reasonably inferred from your use of our services via the services provided by the Merchant from whom you are making a purchase)

‍

Website Users

Purposes for which we process data	Our lawful basis
We use your technical information to perform data analytics to improve and optimize our website, products, services, marketing, customer relationships and experiences as further described in our Cookies Notice	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our website Where we use certain types of cookies, we will ask for your consent. We explain this further in our Cookies Notice
We use your technical information to administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	We process this information where it is in our legitimate interests to do so to protect and secure our website
We use your contact information to respond to you where you make an enquiry on our website	We process this information where it is in our legitimate interests to do so in responding to your enquiries

‍

Automated decision making and profiling

In the course of providing our services, we may make decisions using your data which are partially or wholly automated to help make our decisions and services secure and efficient.

We use automated decision-making in the following circumstances:

-Fraud detection: Where you are a Merchant Customer and you initiate a transaction with a Merchant that uses our fraud detection services, your information may be processed by Checkout for the purposes of fraud detection and prevention. In some cases, this may lead to an automated decision for a transaction to be declined or for further information to be requested from you in order to proceed. We perform this activity where we have a legal obligation to do so to protect you and our Merchants, and to otherwise ensure the security of our services. Any such automated decision will be based on your contact, cardholder, transaction, and technical information, as further outlined in the What personal data do we collect section of this notice.

-Identity verification: Where you are a Merchant Representative or Merchant Customer and we ask you to provide identity information to sign up to one of our services, or you use our identity verification product, the information you provide may be subject to partially or wholly automated decisions as to whether we are able to verify your identity. In the event we are unable to effectively verify your identity, this could have the impact of delaying or denying you access to a product or service operated by Checkout or one of our Merchants. We perform this activity to ensure we comply with our own legal obligations, or on our Merchants’ behalf where they use our identity verification product. We use verification information to perform these checks, as well as any audio, visual and biometric information you submit to our Identity verification product, as further outlined in the What personal data do we collect section of this notice.

You have a right to object to any automated decisions we have made and request that any such decisions are reviewed by a human. For information on how to exercise this right please see Your Choices and Rights.

‍

Your choices and rights

You have rights and choices over the way your information is used by us:

Right to opt-out of direct marketing communications: This enables you to opt-out of receiving marketing communications from us. You can do this at any time by clicking on the ‘unsubscribe’ link included in any email marketing material we send to you, or by informing us by emailing [email protected]

Right to request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some cases, you have a right to receive a copy of this information in a reusable format and have it transmitted to another organisation

Right to request correction of the personal data we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected

Right to request erasure of your personal data: This enables you to ask us to delete or remove your personal data. Please note that in some cases, for example if we need to retain your data to comply with legal obligations, we may be unable to comply with such requests

Right to object to processing of your personal data: In addition to your right to object to direct marketing communications, in certain circumstances you can object to our processing of your personal data for example when we rely on legitimate interests to process your personal data

Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios

Withdrawal of consent: You can withdraw consent at any time where we are relying on consent to process your personal data

Right to object to automated individual decision-making and profiling: This includes the right to request human intervention where we have relied on automated decision making or profiling.

If you wish to exercise any of the rights set out above, or any additional rights noted in the Country-specific section of this notice, please contact [email protected]. You can also submit a request via an authorized representative, in which case we will confirm the representative has authority to act on your behalf before we carry out the request.

If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, this could mean that we cannot provide certain products or services to you or we cannot perform the actions necessary to achieve the purposes described (see The purposes for which we process your personal data).

‍

How we share your personal data with third parties

In order to provide our services to you we may share your personal data with the following parties:

Members of the Checkout Group: Your information may be shared with our affiliates within the Checkout.com group, to provide you with our services.

Third party service providers: We may also use third-party service providers acting on our behalf. These service providers help us with data and cloud services, website hosting, data analysis, background and screening, application services, advertising networks, information technology and related infrastructure, customer service, communications, and auditing.

Payment partners: We may share your personal data with third parties across the payments ecosystem as necessary to securely and effectively process payments. This includes banks, card schemes, alternative payment method providers and issuers.

Law enforcement and regulators: We may share information in response to a law enforcement, government agency or regulator request where permitted to or required by law. We may also share information when we or a third party is investigating potential fraud.

We may also share your personal data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition or any other transaction affecting all or any portion of our business, assets or stock.

Checkout.com does not sell personal data to third parties.

‍

International data transfers

Checkout is a global business and in the provision of our services personal data may be transferred to Checkout group companies or third-party service providers located in a different country than your home country. We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred, and we will only transfer your personal data in accordance with applicable laws and regulations. Where data is transferred from the UK or EEA to a third country that is not deemed by the EU Commission or UK Secretary of State to have adequate protections in place, we rely on the EU Standard Contractual Clauses (SCCs) or contractual clauses approved by the ICO (such as the UK Addendum to the EU SCCs) respectively, to transfer your data to that third country and ensure it remains secure. We also carry out transfer impact assessments before transferring your personal data, to assess the level of risk to you and your rights and protections in that third country.

You can find the EU SCCs here and the UK Addendum to the EU SCCs here. Please Contact us if you would like to know more about how we transfer your personal data overseas.

‍

How we protect your personal data

Checkout is committed to building a secure and trusted environment for businesses and their communities to thrive in the digital economy. Whilst we cannot guarantee your personal data will be 100% secure, we put in place appropriate measures to secure personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorized manner. We continually review the security measures we have in place to ensure they are appropriate.

We are PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliant, which is the highest standard set by the payment card industry to ensure that cardholder data is processed, stored, and transmitted in a secure environment. Checkout’s systems are also ISO27001 certified.

When deciding how long to keep your personal data, we think about how much and what kind of personal data we have, how sensitive it is, the risk of unauthorized use or disclosure, why we are using your personal data, and if there is another way to achieve these purposes, as well as what the laws and regulations tell us. We will only retain your personal data for as long as reasonably necessary to fulfil the following purposes:

-to comply with any legal, accounting, tax and reporting requirements

-to deliver and develop our products and services securely and effectively

-to perform analysis and undertake internal research

Once the data is no longer required for these purposes, we securely erase it.

‍

Contact us & updates to this notice

If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer (DPO) using the details set out below.

Email address: [email protected]

Postal Address:

Data Protection Officer, Checkout Ltd

Wenlock Works, Shepherdess Walk,

London,

N1 7BQ

United Kingdom

‍

You can also contact or complain to your local supervisory authority (for example the UK Information Commissioner’s Office (ICO) here), however please consider contacting us first so that we can address your question directly.

‍

Biometric Data

If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted by law, you agree that we may collect your imagery of the face, and voice recordings, from which an identifier template such as a faceprint, a minutiae template, or a voiceprint, can be extracted in order to verify your identity using Checkout’s verification services. Your biometric information may be shared with our third party cloud providers Outscale SAS and Amazon Web Services. We will delete your biometric information no later than 365 days after the date you provide it.

‍

Country-specific notices

Notice relating to our operations under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”)

Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of California as defined in the CCPA.

Your right to access the personal information we hold about you. You may request a copy of the personal information that we have collected about you
Your right to request the deletion of your personal information. Subject to certain limitations under applicable law, you may request that we delete the personal confirmation we have collected from you.
Non-discrimination. You have the right not to be discriminated against for exercising any of your rights under CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent, and contact us as set forth in “Contact us & updates to this notice” below.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.

“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Your right to opt-out of cross-context behavioral advertising. You may opt-out of the sharing of your personal information for cross-context behavioral advertising. Please click the link here or contact us at [email protected] to submit a request to opt-out of cross-context behavioral advertising
Sale of personal information: Checkout does not sell personal information, as such we do not knowingly sell personal information relating to minors
Contact. To submit a request to exercise any of your rights, you can contact our Data Protection Officer using the contact details provided above.

‍

Notice relating to our operations under the Colorado Privacy Act (“CPA”)

Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of Colorado as defined in the CPA.

Processing of Sensitive Information. In some situations, we may need your explicit consent to process your sensitive personal information (e.g., government issued identification, biometric information, financial information) for the purpose of providing Services and/or other purposes stated in this Privacy Notice, in each case as required by applicable law.

‍

Notice relating to our operations in France

Checkout.com is providing the following supplemental information for individuals whose personal information is collected or held by Checkout SAS or any of its affiliated companies.

‍Instruction on the processing of your Personal Data after your death. For data subjects in France or if your data is processed by Checkout SAS, you have the right to issue general or specific instructions regarding the fate of your Personal Data after your death, in accordance with the terms of Article 85 of French Law No. 78-17.

Consumers terms of service

These Checkout.com for Consumers Terms of Service (“terms”) set out how we will provide Checkout.com for Consumers and the Checkout.com for Consumers Dashboard and form a legal agreement between [Checkout Ltd] ("we" or "us") and the user of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard (as applicable) ("you"). By using Checkout.com for Consumers or the Checkout.com for Consumers Dashboard you agree to be bound by these terms from the date you first use Checkout.com for Consumers until your use of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard permanently ends.

1. Checkout.com for Consumers and the Checkout.com for Consumers Dashboard

Checkout.com for Consumers enables you to ask us to securely save and your payment details when you make a transaction with a merchant that we provide payment services to and which has Checkout.com for Consumers enabled ("Merchant") and to re-use such payment details for transactions with other Merchants. The Checkout.com for Consumers Dashboard is a web-based application that enables you to review transactions made with Merchants using your saved payment details, manage your saved payment details, and access your information in relation to Checkout.com for Consumers.

2. Information about us

[Checkout Ltd] is registered in [England] with registration number [08037323] with its registered office at [Wenlock Works, Shepherdess Walk, London, England, N1 7BQ]. [We are regulated by the [UK Financial Conduct Authority] as an electronic money institution under number [900816] and are registered with [the Information Commissioner’s Office] under number [ZA071209]].

3. Changing these terms

We may revise these terms at any time and unless the changes have been made to reflect changes in laws, rules, and regulations (“Laws”), or to make minor adjustments or improvements, we will notify you in advance. You can access the current terms at any time on the Checkout.com for Consumers Dashboard.

4. Accessing Checkout.com for Consumers and the Checkout.com for Consumers Dashboard

You can use Checkout.com for Consumers and access the Checkout.com for Consumers Dashboard by entering your email address and the verification code (“OTP”) we send at your request to the mobile phone number or email address (subject to you having verified your email address) which you provide or is provided by the Merchant and in each case confirmed by you.] By requesting a OTP you confirm that the mobile phone number or email address we display to you at that time is correct and accurate and that any mobile device or email account linked to that number or address belongs to you and is in your possession and control. Your email address, mobile phone number and any OTP together form your “Access Information”.

5. Your responsibilities

You must:

access and use Checkout.com for Consumers and the Checkout.com for Consumers Dashboard only for your own private use and in compliance with all Laws that apply to your use of them;
keep your Access Information safe and secure;
inform us immediately and co-operate with us if you know or suspect that all or some of your Access Information or any saved payment details have been compromised;
take all necessary measures to ensure that any device you use to access Checkout.com for Consumers or the Checkout.com for Consumers Dashboard is free of any material or code which is malicious or technologically harmful and not knowingly introduce such material or code to Checkout.com for Consumers or the Checkout.com for Consumers Dashboard; and
update any details relating to you or your payment details on the Checkout.com for Consumers Dashboard if they are inaccurate or not up to date.

You must not:

share your Access Information with anybody else;
attempt to re-sell or profit from Checkout.com for Consumers or the Checkout.com for Consumers Dashboard;
attempt to access to our website or any system connected to it or any element of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard beyond those to which we give you access; or
use any payment details in connection with Checkout.com for Consumers which you are not authorised to use.

6. Our Role and Responsibilities

We will offer Checkout.com for Consumers and the Checkout.com for Consumers Dashboard to you free of charge. They are provided ‘as is’ and we do not warrant that they will always be available or that your use of or access to them will be uninterrupted or error-free or that the information contained on the Checkout.com for Consumers Dashboard will be accurate or up to date or make any other representations or warranties in respect of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard.

We will provide Checkout.com for Consumers and the Checkout.com for Consumers Dashboard in compliance with all Laws that apply to our provision of them including in respect of your payment details and in accordance with the terms in place between us and each Merchant in relation to the payment services we provide to them. Further information as to how we comply with our obligations under Law, including our (i) Payments and E-Money Regulation Policy Statement, (ii) Anti-Money Laundering Policy Statement and (iii) Complaints Handling Policy can be found [here]

7. Limitation of liability

Nothing in these terms excludes or limits our liability for death or personal injury arising from our negligence, or our fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by English law.

We are not responsible for any losses that are unforeseeable, caused by a delaying event outside of our control, could have been avoided by you having taken reasonable action or any business losses.

8. Your Information

When you use Checkout.com for Consumers we will collect and store information from you which may include your name, contact information, transaction information and stored payment details. For more detail on the type of information we collect and how we process it, see our Privacy Notice.

You can remove stored cards from Checkout.com for Consumers at any time by following the instructions within your Checkout.com for Consumers Dashboard or contacting us at [[email protected]]

9. Support

If you need further information or need to contact us in relation to Checkout.com for Consumers or the Checkout.com for Consumers Dashboard you can do so through the Checkout.com for Consumers Dashboard. If you have any questions or issues relating to a transaction you made using your payment details you should contact the relevant Merchant.

10. Ending your use of Checkout.com for Consumers

Because Checkout.com for Consumers is used on a purchase by purchase basis you can choose not to use it at any time. You can also end your access to the Checkout.com for Consumers Dashboard through the Checkout.com for Consumers Dashboard. Ending your use of Checkout.com for Consumers or your access to the Checkout.com for Consumers Dashboard will not affect any future payments to a Merchant (e.g. subscription or recurring payments) which any payment details previously saved using Checkout.com for Consumers may be used for by that Merchant. When you end your access to the Checkout.com for Consumers Dashboard we may retain your information for such period as is required to enable us to comply with applicable Laws and in accordance with fraud prevention measures.

11. Our rights to change or suspend or cease Checkout.com for Consumers

We may make changes to the functionality and features of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard at any time. We may suspend or cease to make available any part of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard at any time and will notify you if this is the case.

12. General

These terms constitute the entire agreement between you and us with respect to your use of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard and are governed by [English law] and the courts of England and Wales will have exclusive jurisdiction over any dispute arising out of or in connection with these terms.
We reserve the right to use any third party to enable us to provide Checkout.com for Consumers or the Checkout.com for Consumers Dashboard.

Any provision of these terms which is expressly or impliedly intended to survive beyond the point your use of Checkout.com for Consumers or the Checkout.com for Consumers Dashboard permanently ends will continue in full force and effect beyond that point.

We may transfer our rights under these terms to any party without your consent and will notify you if we do this. You may not transfer your rights without our written consent.

Any provision of these terms which is found by any court of competent jurisdiction to be unenforceable or invalid will be amended or eliminated to the minimum extent necessary so that these terms otherwise apply in full force and effect between you and us.