Legal
Checkout.com Privacy Notice
Introduction
This notice was last updated on 03 November 2024.
Checkout provides services which help businesses thrive in the digital economy. These services include payment processing and optimization, tools to manage and reduce fraud, and identity verification solutions. This notice is designed to provide you with clear information about how we use personal data when we provide our services, so that you can continue to trust Checkout to handle your data fairly, lawfully, and securely. We want to make sure you understand what personal data we may collect about you when you interact with us, how we use your personal data, and how we keep it safe. Personal data means data from which you can be identified either directly (e.g. via your name) or indirectly (e.g. via your IP address).
If you have any questions about how we use your personal data, you can get in touch by one of the methods set out in the Contact us section.
This is a global notice that applies to the activities of The Checkout.com group, which includes Checkout Ltd and all affiliated companies (“Checkout”, “we”, “our”, or “us”). The Checkout entity which is the data controller and therefore primarily responsible for your personal data will depend on which Checkout entity has provided you with our services in your jurisdiction. You can find details of the relevant Checkout entities here.
You can scroll down to read the entire notice, or you can jump to the section you are interested in by clicking on one of the headings below:
What personal data do we collect?
The personal data we collect, and the ways in which we process it depend on your relationship with us. This notice relates to the information we process about you if you are:
This notice applies where Checkout act as a data controller, but we may sometimes operate as a data processor for Merchant Customer data where we carry out instructions and process data on a Merchant’s behalf. In these instances, you should refer to the privacy notice of the Merchant for details regarding how they process your information.
Merchant Representatives:
Merchant Customers:
Please note that where you are a Merchant Customer you should also consult the privacy notice of the Merchant from whom you are making a purchase to understand how they may process and share your personal data.
Website Users:
The purposes for which we process personal data and our lawful basis for doing so
Merchant Representatives
Merchant Customers
Website Users
Automated decision making and profiling
In the course of providing our services, we may make decisions using your data which are partially or wholly automated to help make our decisions and services secure and efficient.
We use automated decision-making in the following circumstances:
-Fraud detection: Where you are a Merchant Customer and you initiate a transaction with a Merchant that uses our fraud detection services, your information may be processed by Checkout for the purposes of fraud detection and prevention. In some cases, this may lead to an automated decision for a transaction to be declined or for further information to be requested from you in order to proceed. We perform this activity where we have a legal obligation to do so to protect you and our Merchants, and to otherwise ensure the security of our services. Any such automated decision will be based on your contact, cardholder, transaction, and technical information, as further outlined in the What personal data do we collect section of this notice.
-Identity verification: Where you are a Merchant Representative or Merchant Customer and we ask you to provide identity information to sign up to one of our services, or you use our identity verification product, the information you provide may be subject to partially or wholly automated decisions as to whether we are able to verify your identity. In the event we are unable to effectively verify your identity, this could have the impact of delaying or denying you access to a product or service operated by Checkout or one of our Merchants. We perform this activity to ensure we comply with our own legal obligations, or on our Merchants’ behalf where they use our identity verification product. We use verification information to perform these checks, as well as any audio, visual and biometric information you submit to our Identity verification product, as further outlined in the What personal data do we collect section of this notice.
You have a right to object to any automated decisions we have made and request that any such decisions are reviewed by a human. For information on how to exercise this right please see Your Choices and Rights.
Your choices and rights
You have rights and choices over the way your information is used by us:
Right to opt-out of direct marketing communications: This enables you to opt-out of receiving marketing communications from us. You can do this at any time by clicking on the ‘unsubscribe’ link included in any email marketing material we send to you, or by informing us by emailing [email protected]
Right to request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some cases, you have a right to receive a copy of this information in a reusable format and have it transmitted to another organisation
Right to request correction of the personal data we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected
Right to request erasure of your personal data: This enables you to ask us to delete or remove your personal data. Please note that in some cases, for example if we need to retain your data to comply with legal obligations, we may be unable to comply with such requests
Right to object to processing of your personal data: In addition to your right to object to direct marketing communications, in certain circumstances you can object to our processing of your personal data for example when we rely on legitimate interests to process your personal data
Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios
Withdrawal of consent: You can withdraw consent at any time where we are relying on consent to process your personal data
Right to object to automated individual decision-making and profiling: This includes the right to request human intervention where we have relied on automated decision making or profiling.
If you wish to exercise any of the rights set out above, or any additional rights noted in the Country-specific section of this notice, please contact [email protected]. You can also submit a request via an authorized representative, in which case we will confirm the representative has authority to act on your behalf before we carry out the request.
If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, this could mean that we cannot provide certain products or services to you or we cannot perform the actions necessary to achieve the purposes described (see The purposes for which we process your personal data).
How we share your personal data with third parties
In order to provide our services to you we may share your personal data with the following parties:
Members of the Checkout Group: Your information may be shared with our affiliates within the Checkout.com group, to provide you with our services.
Third party service providers: We may also use third-party service providers acting on our behalf. These service providers help us with data and cloud services, website hosting, data analysis, background and screening, application services, advertising networks, information technology and related infrastructure, customer service, communications, and auditing.
Payment partners: We may share your personal data with third parties across the payments ecosystem as necessary to securely and effectively process payments. This includes banks, card schemes, alternative payment method providers and issuers.
Law enforcement and regulators: We may share information in response to a law enforcement, government agency or regulator request where permitted to or required by law. We may also share information when we or a third party is investigating potential fraud.
We may also share your personal data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition or any other transaction affecting all or any portion of our business, assets or stock.
Checkout.com does not sell personal data to third parties.
International data transfers
Checkout is a global business and in the provision of our services personal data may be transferred to Checkout group companies or third-party service providers located in a different country than your home country. We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred, and we will only transfer your personal data in accordance with applicable laws and regulations. Where data is transferred from the UK or EEA to a third country that is not deemed by the EU Commission or UK Secretary of State to have adequate protections in place, we rely on the EU Standard Contractual Clauses (SCCs) or contractual clauses approved by the ICO (such as the UK Addendum to the EU SCCs) respectively, to transfer your data to that third country and ensure it remains secure. We also carry out transfer impact assessments before transferring your personal data, to assess the level of risk to you and your rights and protections in that third country.
You can find the EU SCCs here and the UK Addendum to the EU SCCs here. Please Contact us if you would like to know more about how we transfer your personal data overseas.
How we protect your personal data
Checkout is committed to building a secure and trusted environment for businesses and their communities to thrive in the digital economy. Whilst we cannot guarantee your personal data will be 100% secure, we put in place appropriate measures to secure personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorized manner. We continually review the security measures we have in place to ensure they are appropriate.
We are PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliant, which is the highest standard set by the payment card industry to ensure that cardholder data is processed, stored, and transmitted in a secure environment. Checkout’s systems are also ISO27001 certified.
When deciding how long to keep your personal data, we think about how much and what kind of personal data we have, how sensitive it is, the risk of unauthorized use or disclosure, why we are using your personal data, and if there is another way to achieve these purposes, as well as what the laws and regulations tell us. We will only retain your personal data for as long as reasonably necessary to fulfil the following purposes:
-to comply with any legal, accounting, tax and reporting requirements
-to deliver and develop our products and services securely and effectively
-to perform analysis and undertake internal research
Once the data is no longer required for these purposes, we securely erase it.
Contact us & updates to this notice
If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer (DPO) using the details set out below.
Email address: [email protected]
Postal Address:
Data Protection Officer, Checkout Ltd
Wenlock Works, Shepherdess Walk,
London,
N1 7BQ
United Kingdom
You can also contact or complain to your local supervisory authority (for example the UK Information Commissioner’s Office (ICO) here), however please consider contacting us first so that we can address your question directly.
Biometric Data
If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted by law, you agree that we may collect your imagery of the face, and voice recordings, from which an identifier template such as a faceprint, a minutiae template, or a voiceprint, can be extracted in order to verify your identity using Checkout’s verification services. Your biometric information may be shared with our third party cloud providers Outscale SAS and Amazon Web Services. We will delete your biometric information no later than 365 days after the date you provide it.
Country-specific notices
Notice relating to our operations under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”)
Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of California as defined in the CCPA.
- Your right to access the personal information we hold about you. You may request a copy of the personal information that we have collected about you
- Your right to request the deletion of your personal information. Subject to certain limitations under applicable law, you may request that we delete the personal confirmation we have collected from you.
- Non-discrimination. You have the right not to be discriminated against for exercising any of your rights under CCPA.
- Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent, and contact us as set forth in “Contact us & updates to this notice” below.
- Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.
“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
- Your right to opt-out of cross-context behavioral advertising. You may opt-out of the sharing of your personal information for cross-context behavioral advertising. Please click the link here or contact us at [email protected] to submit a request to opt-out of cross-context behavioral advertising
- Sale of personal information: Checkout does not sell personal information, as such we do not knowingly sell personal information relating to minors
- Contact. To submit a request to exercise any of your rights, you can contact our Data Protection Officer using the contact details provided above.
Notice relating to our operations under the Colorado Privacy Act (“CPA”)
Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of Colorado as defined in the CPA.
- Processing of Sensitive Information. In some situations, we may need your explicit consent to process your sensitive personal information (e.g., government issued identification, biometric information, financial information) for the purpose of providing Services and/or other purposes stated in this Privacy Notice, in each case as required by applicable law.
Notice relating to our operations in France
Checkout.com is providing the following supplemental information for individuals whose personal information is collected or held by Checkout SAS or any of its affiliated companies.
- Instruction on the processing of your Personal Data after your death. For data subjects in France or if your data is processed by Checkout SAS, you have the right to issue general or specific instructions regarding the fate of your Personal Data after your death, in accordance with the terms of Article 85 of French Law No. 78-17.
Consumers terms of serviceRemember Me Terms of Service
These Remember Me Terms of Service (the “Consumer Terms”) form a legal agreement between Checkout Payment Ireland Limited ("Checkout.com") and the user of Remember Me (the "User," “you,” “your”). By using Remember Me, the User agrees to be bound by these Consumer Terms from the date the User first uses Remember Me until the date upon which the User’s account is deleted.
By signing up, you agree to Checkout.com's Consumer Terms and acknowledge that you have read Checkout.com's Privacy Notice.
1. Remember Me
Remember Me enables the User to (1) securely save your payment details when you make a transaction with a Merchant; (2) re-use the saved payment details for transactions with other Merchants; and (3) access the Dashboard.
2. Checkout.com
[Checkout Ltd] is registered in [England] with registration number [08037323] with its registered office at [Wenlock Works, Shepherdess Walk, London, England, N1 7BQ]. [We are regulated by the [UK Financial Conduct Authority] as an electronic money institution under number [900816] and are registered with [the Information Commissioner’s Office] under number [ZA071209]].Checkout Payment Ireland Limited is registered in Ireland with registration number 08037323 with its registered office at Fourth Floor, One Molesworth Street, Dublin 2, Dublin, Ireland.
Checkout.com may transfer Checkout.com’s rights under these Consumer Terms to any party without your consent and will notify you if Checkout.com does this. You may not transfer your rights without Checkout.com’s prior written consent.
3. Access to Remember Me and the Dashboard
The User may access Remember Me by: (1) entering and validating an email address; and (2) requesting a verification code (“OTP”) to the mobile phone number or email address provided to Checkout.com by the User. By requesting an OTP, the User confirms that the mobile phone number or email address provided is accurate, belongs to the User, and is within the User’s possession and control. The User’s email address, mobile phone number and any OTP together form the “Access Information.”
4. User Responsibilities
The User must:
- access and use Remember Me only for the User’s own private use and in compliance with all Applicable Laws;
- keep the Access Information safe and secure and ensure that the OTP is not shared with anyone;
- immediately inform and co-operate with Checkout.com if the User knows or suspects that all or some of the Access Information or any of the saved payment details have been compromised;
- take all necessary measures within the User's control to ensure that any device used by the User to access Remember Me is free of any material or code which is malicious or technologically harmful; and
- update any the Access Information or saved payment details as necessary to ensure that they remain accurate.
The User must not:
- attempt to re-sell or profit from Remember Me or the Dashboard;
- attempt to access to Checkout.com’s website or any system connected to it or any element of Remember Me or the Dashboard beyond those to which Checkout.com gives the User access; or
- use any payment details in connection with Remember Me which the User is not authorised to use.
5. Checkout.com’sRole and Responsibilities
Checkout.com will offer Remember Me and the Dashboard to the User free of charge. Checkout.com does not warrant that Remember Me or the Dashboard will always be available or that the User’s use of or access to them will be uninterrupted or error-free or that the information contained on the Dashboard will be accurate or up to date.
6. Limitation of liability
Nothing in these Consumer Terms excludes or limits Checkout.com’s liability for death or personal injury arising from Checkout.com’s negligence, or Checkout.com’s fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by Applicable Law.
Checkout.com is not responsible for any losses (including business losses) that are unforeseeable, caused by a delaying event outside of Checkout.com’s control or that could have been avoided by the User having taken any reasonable action.
7. User Information
Checkout.com will collect and store information from the User which may include the User’s name, contact information, transaction information and stored payment details. For more detail on the type of information Checkout.com collects and how Checkout.com processes it, see Checkout.com’s Privacy Notice.
The User can remove stored cards from Remember Me at any time by following the instructions within the Dashboard or contacting Checkout.com at [email protected].
8. Support
If the User needs further information or needs to contact Checkout.com in relation to Remember Me or the Dashboard they can do so through the Dashboard. If the User has any questions or issues relating to a transaction made using their payment details, they should contact the relevant Merchant.
9. Termination
Because Remember Me is used on a purchase-by-purchase basis the User can choose not to use its saved details at any time. The User can also terminate Remember Me by deleting their account through the Dashboard. Ending the User’s use of Remember Me or access to the Dashboard will not automatically withdraw the User’s consent granted separately to Merchant to use the User’s saved details for future payments to that Merchant (e.g. subscription or recurring payments) in accordance with their terms. Please contact the relevant Merchant directly to withdraw consent in relation to the aforesaid use of the User’s saved details. When access to the Dashboard is terminated by the User, Checkout.com may retain the User’s information for such period as is required to enable Checkout.com to comply with Applicable Laws and in accordance with fraud prevention measures.
10. Variation
Checkout.com may make changes to these Consumer Terms at any time and will provide reasonable advance notice of the changes. The current version of the Consumer Terms will be accessible at any time on the Dashboard.
Checkout.com may make changes to the functionality and features of Remember Me or the Dashboard at any time. Checkout.com may suspend or cease to make available any part of Remember Me or the Dashboard at any time and will notify the User 30 days in advance if this is the case and applies to purchases made after the effective date of the change.
11. Entire Agreement
The Consumer Terms constitute the entire agreement between Checkout.com and the User with respect to Remember Me or the Dashboard and supersede all prior representations, communications and agreements, whether written or verbal, regarding the subject matter of these Consumer Terms.
12. Governing Law and disputes
Any dispute or claim arising out of or in connection with these Consumer Terms will be governed by and construed in accordance with the laws of England and Wales and the courts of England and Wales will have exclusive jurisdiction over any dispute arising out of, or in connection with, these Consumer Terms.
13. Survival
Any provision of these Consumer Terms which is expressly or impliedly intended to survive beyond the point the User’s use of Remember Me or the Dashboard permanently ends will continue in full force and effect beyond that point.
14. Interpretation
Any provision of these Consumer Terms which is found by any court of competent jurisdiction to be unenforceable or invalid will, subject to applicable law, be amended or eliminated to the minimum extent necessary so that the Consumer Terms otherwise apply in full force and effect between Checkout.com and the User.
15. Language
These Consumer Terms are available in both French and English language versions. The French version can be accessed by clicking here. You hereby confirm that you have requested that these Consumer Terms and all related documents be drafted in English, that you have been provided with a French language version of these Consumer Terms and that you have agreed to be bound by the English language version of these Consumer Terms.Les présentes modalités de consommation sont disponibles en français et en anglais. La version française est accessible en cliquant ici. Vous confirmez par les présentes que vous avez demandé que les présentes modalités de consommation et tous les documents y étant afférents soient rédigés en anglais, que vous avez reçu une version française des présentes modalités de consommation et que vous avez accepté d'être lié par la version anglaise des présentes modalités de consommation.
16. Definitions
16.1 Capitalised terms used in these Consumer Terms will have the following meanings.