Legal

Checkout.com Privacy Notice

Introduction

This notice was last updated on 03 November 2024.

Checkout provides services which help businesses thrive in the digital economy. These services include payment processing and optimization, tools to manage and reduce fraud, and identity verification solutions. This notice is designed to provide you with clear information about how we use personal data when we provide our services, so that you can continue to trust Checkout to handle your data fairly, lawfully, and securely. We want to make sure you understand what personal data we may collect about you when you interact with us, how we use your personal data, and how we keep it safe. Personal data means data from which you can be identified either directly (e.g. via your name) or indirectly (e.g. via your IP address). 

If you have any questions about how we use your personal data, you can get in touch by one of the methods set out in the Contact us section.

This is a global notice that applies to the activities of The Checkout.com group, which includes Checkout Ltd and all affiliated companies (“Checkout”, “we”, “our”, or “us”). The Checkout entity which is the data controller and therefore primarily responsible for your personal data will depend on which Checkout entity has provided you with our services in your jurisdiction. You can find details of the relevant Checkout entities here.

You can scroll down to read the entire notice, or you can jump to the section you are interested in by clicking on one of the headings below:

Link

What personal data do we collect?

The personal data we collect, and the ways in which we process it depend on your relationship with us. This notice relates to the information we process about you if you are:


A Merchant Representative: you represent the businesses and prospective businesses that we support.	A Merchant Customer: you are an individual customer who purchases goods and services from our Merchants, applies for a card issued by Checkout, or uses our verification services	A Website User: you are a visitor to our website, including utilising our sandbox environment

This notice applies where Checkout act as a data controller, but we may sometimes operate as a data processor for Merchant Customer data where we carry out instructions and process data on a Merchant’s behalf. In these instances, you should refer to the privacy notice of the Merchant for details regarding how they process your information.

‍

Merchant Representatives:

Data we collect

Where we collect it

Contact information: your name, job title, email address, phone number, personal or business postal address

Where you provide it to us by enquiring about, or registering for, our services

From certain trusted third parties, for example those with whom you may have shared your data, and companies which aggregate business contact information

From publicly available sources, for example Companies House in the UK

Verification information: proof of address, copy of a personal identification card or passport, financial information and other information as required to validate your identity and background

Where you provide it to us directly in the course of registering a Merchant for our services

From certain trusted third parties, for example those with whom you may have shared your data, including companies which provide information on company directors and shareholding

‍

Merchant Customers:

Data we collect	Where we collect it
Contact information: your name, email address, phone number, personal or business postal address	Where you make a purchase through a Merchant that uses Checkout to process payments, utilize a physical or virtual card issued by Checkout, or use our services (including Remember Me (as described in section 2 of this notice) or verification services).
Cardholder information: your payment card details and billing address	Where you make a purchase through a Merchant that uses Checkout to process payments, utilize a physical or virtual card issued by Checkout or use our services (including Remember Me, as described in section 2 of this notice).
Transaction information: information relating to a purchase, including currency, amount, and the identity of the Merchant	Where you make a purchase through a Merchant that uses Checkout to process payments or utilize a physical or virtual card issued by Checkout
Technical information: your IP address,device information (including the type of browser and operating system and version you use, unique device identifier, and mobile network information), and where you use one of our services online (such as Remember Me) your activity when using the service including information on when, where and how you used the relevant service.	Where you make a purchase through a Merchant that uses Checkout to process payments, or use our services (including Remember Me (as described in section 2 of this notice) or verification services). We may also use cookies, server logs and other technologies, such as web beacons, to collect this information (e.g. when you are logged into your Remember Me account). Please refer to our Cookies Notice for further information about how we use cookies and similar technologies.
Verification information: proof of address, copy of a personal identification card or passport and other information as required to validate your identity	Where you apply for a physical or virtual card issued by Checkout or use our verification services
Audio visual and biometric information: any videos, images, copies of relevant identity documents, and biometric data derived from images of you (for example, an image of your face from a face scan)	Where you upload this information while validating your identity using Checkout’s identity verification services

Please note that where you are a Merchant Customer you should also consult the privacy notice of the Merchant from whom you are making a purchase to understand how they may process and share your personal data.

‍

Website Users:

Data we collect

Where we collect it

Technical information: IP address and device information (including the type of browser and operating system and version you use, unique device identifier and mobile network information) and your activity when using this website including information on your access times to this website (for example time zone settings and location), pages viewed, URLs clicked on and the pages you visited before and after navigating to this website

We use cookies, server logs and other technologies, such as web beacons, to collect this information. Please refer to our Cookies Notice for further information about how we use cookies and similar technologies.

Contact information: your name, email address, phone number, personal or business postal address

Where you provide it to us directly by using an enquiry or event sign up form on our website

‍

The purposes for which we process personal data and our lawful basis for doing so

‍

Merchant Representatives

Purposes for which we process data	Our lawful basis
We use your contact information to facilitate and enable our relationship with you as a prospective, new or existing merchant We use your contact information to send you marketing communications via email or text about relevant products and services	We process this information based on our legitimate interest in contacting you to in the course of offering or providing relevant products and services to you Where required by law we rely on your consent in order to send you direct marketing
We use your verification information, in order to validate your identity, fulfil our regulatory obligations, and conduct due diligence in the form of Know Your Customer (“KYC”) or Know Your Business (“KYB”) checks	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact information and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services

‍

Merchant Customers

Purposes for which we process data	Our lawful basis
We use your contact, cardholder, transaction, technical and verification information to process payments and otherwise provide our services to you	We process this information where it is in our legitimate interests to do so to securely and effectively deliver our services (For individuals in Canada, we process this information based on implied consent reasonably inferred from your use of our services via the services provided by the Merchant from whom you are making a purchase)
We use your contact, cardholder and technical information to provide you with our Remember Me service, which includes allowing you to make payments to Merchants for goods or services that you are purchasing, permitting you to manage your Remember Me account through our portal (including to reset your password) and to provide you essential services messages relating to this service.	Necessary for the performance of a contract. This contract consists of the terms and conditions that you agree to when you create your Remember Me account.
We use your contact, cardholder, transaction, technical and verification information to detect and prevent fraudulent activity, financial crime and any other illegal or unauthorized use of Checkout services	We process this information where it is necessary to comply with a legal obligation We also process this information where it is in our legitimate interests to do so to detect and prevent fraud and money laundering
We use your contact, cardholder, transaction, technical and verification information to comply with our legal and regulatory obligations	We process this information where it is necessary to comply with a legal obligation
We use your contact, and audio visual and biometric information to validate your identity (when using Checkout’s Identity Verification Services)	Necessary for the performance of a contract We only process biometric information with your explicit consent
We anonymize and aggregate your information and process it to ensure the security, stability, performance and development of our services	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our products and services (For individuals in Canada, we process this information based on implied consent reasonably inferred from your use of our services via the services provided by the Merchant from whom you are making a purchase)

‍

Website Users

Purposes for which we process data	Our lawful basis
We use your technical information to perform data analytics to improve and optimize our website, products, services, marketing, customer relationships and experiences as further described in our Cookies Notice	We process this information where it is in our legitimate interests to do so to securely and effectively maintain and develop our website Where we use certain types of cookies, we will ask for your consent. We explain this further in our Cookies Notice
We use your technical information to administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	We process this information where it is in our legitimate interests to do so to protect and secure our website
We use your contact information to respond to you where you make an enquiry on our website	We process this information where it is in our legitimate interests to do so in responding to your enquiries

‍

Automated decision making and profiling

In the course of providing our services, we may make decisions using your data which are partially or wholly automated to help make our decisions and services secure and efficient.

We use automated decision-making in the following circumstances:

-Fraud detection: Where you are a Merchant Customer and you initiate a transaction with a Merchant that uses our fraud detection services, your information may be processed by Checkout for the purposes of fraud detection and prevention. In some cases, this may lead to an automated decision for a transaction to be declined or for further information to be requested from you in order to proceed. We perform this activity where we have a legal obligation to do so to protect you and our Merchants, and to otherwise ensure the security of our services. Any such automated decision will be based on your contact, cardholder, transaction, and technical information, as further outlined in the What personal data do we collect section of this notice.

-Identity verification: Where you are a Merchant Representative or Merchant Customer and we ask you to provide identity information to sign up to one of our services, or you use our identity verification product, the information you provide may be subject to partially or wholly automated decisions as to whether we are able to verify your identity. In the event we are unable to effectively verify your identity, this could have the impact of delaying or denying you access to a product or service operated by Checkout or one of our Merchants. We perform this activity to ensure we comply with our own legal obligations, or on our Merchants’ behalf where they use our identity verification product. We use verification information to perform these checks, as well as any audio, visual and biometric information you submit to our Identity verification product, as further outlined in the What personal data do we collect section of this notice.

You have a right to object to any automated decisions we have made and request that any such decisions are reviewed by a human. For information on how to exercise this right please see Your Choices and Rights.

‍

Your choices and rights

You have rights and choices over the way your information is used by us:

Right to opt-out of direct marketing communications: This enables you to opt-out of receiving marketing communications from us. You can do this at any time by clicking on the ‘unsubscribe’ link included in any email marketing material we send to you, or by informing us by emailing [email protected]

Right to request access to your personal data: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. In some cases, you have a right to receive a copy of this information in a reusable format and have it transmitted to another organisation

Right to request correction of the personal data we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected

Right to request erasure of your personal data: This enables you to ask us to delete or remove your personal data. Please note that in some cases, for example if we need to retain your data to comply with legal obligations, we may be unable to comply with such requests

Right to object to processing of your personal data: In addition to your right to object to direct marketing communications, in certain circumstances you can object to our processing of your personal data for example when we rely on legitimate interests to process your personal data

Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios

Withdrawal of consent: You can withdraw consent at any time where we are relying on consent to process your personal data

Right to object to automated individual decision-making and profiling: This includes the right to request human intervention where we have relied on automated decision making or profiling.

If you wish to exercise any of the rights set out above, or any additional rights noted in the Country-specific section of this notice, please contact [email protected]. You can also submit a request via an authorized representative, in which case we will confirm the representative has authority to act on your behalf before we carry out the request.

If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, this could mean that we cannot provide certain products or services to you or we cannot perform the actions necessary to achieve the purposes described (see The purposes for which we process your personal data).

‍

How we share your personal data with third parties

In order to provide our services to you we may share your personal data with the following parties:

Members of the Checkout Group: Your information may be shared with our affiliates within the Checkout.com group, to provide you with our services.

Third party service providers: We may also use third-party service providers acting on our behalf. These service providers help us with data and cloud services, website hosting, data analysis, background and screening, application services, advertising networks, information technology and related infrastructure, customer service, communications, and auditing.

Payment partners: We may share your personal data with third parties across the payments ecosystem as necessary to securely and effectively process payments. This includes banks, card schemes, alternative payment method providers and issuers.

Law enforcement and regulators: We may share information in response to a law enforcement, government agency or regulator request where permitted to or required by law. We may also share information when we or a third party is investigating potential fraud.

We may also share your personal data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition or any other transaction affecting all or any portion of our business, assets or stock.

Checkout.com does not sell personal data to third parties.

‍

International data transfers

Checkout is a global business and in the provision of our services personal data may be transferred to Checkout group companies or third-party service providers located in a different country than your home country. We will implement appropriate measures to ensure that your personal data remains protected and secure when it is transferred, and we will only transfer your personal data in accordance with applicable laws and regulations. Where data is transferred from the UK or EEA to a third country that is not deemed by the EU Commission or UK Secretary of State to have adequate protections in place, we rely on the EU Standard Contractual Clauses (SCCs) or contractual clauses approved by the ICO (such as the UK Addendum to the EU SCCs) respectively, to transfer your data to that third country and ensure it remains secure. We also carry out transfer impact assessments before transferring your personal data, to assess the level of risk to you and your rights and protections in that third country.

You can find the EU SCCs here and the UK Addendum to the EU SCCs here. Please Contact us if you would like to know more about how we transfer your personal data overseas.

‍

How we protect your personal data

Checkout is committed to building a secure and trusted environment for businesses and their communities to thrive in the digital economy. Whilst we cannot guarantee your personal data will be 100% secure, we put in place appropriate measures to secure personal data from being accidentally lost, used, accessed, altered or disclosed in an unauthorized manner. We continually review the security measures we have in place to ensure they are appropriate.

We are PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliant, which is the highest standard set by the payment card industry to ensure that cardholder data is processed, stored, and transmitted in a secure environment. Checkout’s systems are also ISO27001 certified.

When deciding how long to keep your personal data, we think about how much and what kind of personal data we have, how sensitive it is, the risk of unauthorized use or disclosure, why we are using your personal data, and if there is another way to achieve these purposes, as well as what the laws and regulations tell us. We will only retain your personal data for as long as reasonably necessary to fulfil the following purposes:

-to comply with any legal, accounting, tax and reporting requirements

-to deliver and develop our products and services securely and effectively

-to perform analysis and undertake internal research

Once the data is no longer required for these purposes, we securely erase it.

‍

Contact us & updates to this notice

If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer (DPO) using the details set out below.

Email address: [email protected]

Postal Address:

Data Protection Officer, Checkout Ltd

Wenlock Works, Shepherdess Walk,

London,

N1 7BQ

United Kingdom

‍

You can also contact or complain to your local supervisory authority (for example the UK Information Commissioner’s Office (ICO) here), however please consider contacting us first so that we can address your question directly.

‍

Biometric Data

If you consent to our collection of biometric information or if our collection of biometric information is otherwise permitted by law, you agree that we may collect your imagery of the face, and voice recordings, from which an identifier template such as a faceprint, a minutiae template, or a voiceprint, can be extracted in order to verify your identity using Checkout’s verification services. Your biometric information may be shared with our third party cloud providers Outscale SAS and Amazon Web Services. We will delete your biometric information no later than 365 days after the date you provide it.

‍

Country-specific notices

Notice relating to our operations under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA”)

Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of California as defined in the CCPA.

Your right to access the personal information we hold about you. You may request a copy of the personal information that we have collected about you
Your right to request the deletion of your personal information. Subject to certain limitations under applicable law, you may request that we delete the personal confirmation we have collected from you.
Non-discrimination. You have the right not to be discriminated against for exercising any of your rights under CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent, provide written authorization signed by you and your designated agent, and contact us as set forth in “Contact us & updates to this notice” below.
Verification. To protect your privacy, we will take steps to reasonably verify your identity before fulfilling your request. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, or to answer questions regarding your account and use of our Services.

“Do Not Track.” Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Your right to opt-out of cross-context behavioral advertising. You may opt-out of the sharing of your personal information for cross-context behavioral advertising. Please click the link here or contact us at [email protected] to submit a request to opt-out of cross-context behavioral advertising
Sale of personal information: Checkout does not sell personal information, as such we do not knowingly sell personal information relating to minors
Contact. To submit a request to exercise any of your rights, you can contact our Data Protection Officer using the contact details provided above.

‍

Notice relating to our operations under the Colorado Privacy Act (“CPA”)

Checkout.com is providing the following supplemental information for individuals whose personal data is collected or held by Checkout LLC in the State of Colorado as defined in the CPA.

Processing of Sensitive Information. In some situations, we may need your explicit consent to process your sensitive personal information (e.g., government issued identification, biometric information, financial information) for the purpose of providing Services and/or other purposes stated in this Privacy Notice, in each case as required by applicable law.

‍

Notice relating to our operations in France

Checkout.com is providing the following supplemental information for individuals whose personal information is collected or held by Checkout SAS or any of its affiliated companies.

‍Instruction on the processing of your Personal Data after your death. For data subjects in France or if your data is processed by Checkout SAS, you have the right to issue general or specific instructions regarding the fate of your Personal Data after your death, in accordance with the terms of Article 85 of French Law No. 78-17.

Consumers terms of serviceRemember Me Terms of Service

These Remember Me Terms of Service (the “Consumer Terms”) form a legal agreement between Checkout Payment Ireland Limited ("Checkout.com") and the user of Remember Me (the "User," “you,” “your”). By using Remember Me, the User agrees to be bound by these Consumer Terms from the date the User first uses Remember Me until the date upon which the User’s account is deleted.

By signing up, you agree to Checkout.com's Consumer Terms and acknowledge that you have read Checkout.com's Privacy Notice.

1. Remember Me

Remember Me enables the User to (1) securely save your payment details when you make a transaction with a Merchant; (2) re-use the saved payment details for transactions with other Merchants; and (3) access the Dashboard.

2. Checkout.com

[Checkout Ltd] is registered in [England] with registration number [08037323] with its registered office at [Wenlock Works, Shepherdess Walk, London, England, N1 7BQ]. [We are regulated by the [UK Financial Conduct Authority] as an electronic money institution under number [900816] and are registered with [the Information Commissioner’s Office] under number [ZA071209]].Checkout Payment Ireland Limited is registered in Ireland with registration number 08037323 with its registered office at Fourth Floor, One Molesworth Street, Dublin 2, Dublin, Ireland.

Checkout.com may transfer Checkout.com’s rights under these Consumer Terms to any party without your consent and will notify you if Checkout.com does this. You may not transfer your rights without Checkout.com’s prior written consent.

3. Access to Remember Me and the Dashboard

The User may access Remember Me by: (1) entering and validating an email address; and (2) requesting a verification code (“OTP”) to the mobile phone number or email address provided to Checkout.com by the User. By requesting an OTP, the User confirms that the mobile phone number or email address provided is accurate, belongs to the User, and is within the User’s possession and control. The User’s email address, mobile phone number and any OTP together form the “Access Information.”

4. User Responsibilities

The User must:

access and use Remember Me only for the User’s own private use and in compliance with all Applicable Laws;
keep the Access Information safe and secure and ensure that the OTP is not shared with anyone;
immediately inform and co-operate with Checkout.com if the User knows or suspects that all or some of the Access Information or any of the saved payment details have been compromised;
take all necessary measures within the User's control to ensure that any device used by the User to access Remember Me is free of any material or code which is malicious or technologically harmful; and
update any the Access Information or saved payment details as necessary to ensure that they remain accurate.

The User must not:

attempt to re-sell or profit from Remember Me or the Dashboard;
attempt to access to Checkout.com’s website or any system connected to it or any element of Remember Me or the Dashboard beyond those to which Checkout.com gives the User access; or
use any payment details in connection with Remember Me which the User is not authorised to use.

5. Checkout.com’sRole and Responsibilities

Checkout.com will offer Remember Me and the Dashboard to the User free of charge. Checkout.com does not warrant that Remember Me or the Dashboard will always be available or that the User’s use of or access to them will be uninterrupted or error-free or that the information contained on the Dashboard will be accurate or up to date.

6. Limitation of liability

Nothing in these Consumer Terms excludes or limits Checkout.com’s liability for death or personal injury arising from Checkout.com’s negligence, or Checkout.com’s fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by Applicable Law.

Checkout.com is not responsible for any losses (including business losses) that are unforeseeable, caused by a delaying event outside of Checkout.com’s control or that could have been avoided by the User having taken any reasonable action.

7. User Information

Checkout.com will collect and store information from the User which may include the User’s name, contact information, transaction information and stored payment details. For more detail on the type of information Checkout.com collects and how Checkout.com processes it, see Checkout.com’s Privacy Notice.

The User can remove stored cards from Remember Me at any time by following the instructions within the Dashboard or contacting Checkout.com at [email protected].

8. Support

If the User needs further information or needs to contact Checkout.com in relation to Remember Me or the Dashboard they can do so through the Dashboard. If the User has any questions or issues relating to a transaction made using their payment details, they should contact the relevant Merchant.

9. Termination

Because Remember Me is used on a purchase-by-purchase basis the User can choose not to use its saved details at any time. The User can also terminate Remember Me by deleting their account through the Dashboard. Ending the User’s use of Remember Me or access to the Dashboard will not automatically withdraw the User’s consent granted separately to Merchant to use the User’s saved details for future payments to that Merchant (e.g. subscription or recurring payments) in accordance with their terms. Please contact the relevant Merchant directly to withdraw consent in relation to the aforesaid use of the User’s saved details. When access to the Dashboard is terminated by the User, Checkout.com may retain the User’s information for such period as is required to enable Checkout.com to comply with Applicable Laws and in accordance with fraud prevention measures.

10. Variation

Checkout.com may make changes to these Consumer Terms at any time and will provide reasonable advance notice of the changes. The current version of the Consumer Terms will be accessible at any time on the Dashboard.

Checkout.com may make changes to the functionality and features of Remember Me or the Dashboard at any time. Checkout.com may suspend or cease to make available any part of Remember Me or the Dashboard at any time and will notify the User 30 days in advance if this is the case and applies to purchases made after the effective date of the change.

11. Entire Agreement

The Consumer Terms constitute the entire agreement between Checkout.com and the User with respect to Remember Me or the Dashboard and supersede all prior representations, communications and agreements, whether written or verbal, regarding the subject matter of these Consumer Terms.

12. Governing Law and disputes

Any dispute or claim arising out of or in connection with these Consumer Terms will be governed by and construed in accordance with the laws of England and Wales and the courts of England and Wales will have exclusive jurisdiction over any dispute arising out of, or in connection with, these Consumer Terms.

13. Survival

Any provision of these Consumer Terms which is expressly or impliedly intended to survive beyond the point the User’s use of Remember Me or the Dashboard permanently ends will continue in full force and effect beyond that point.

14. Interpretation

Any provision of these Consumer Terms which is found by any court of competent jurisdiction to be unenforceable or invalid will, subject to applicable law, be amended or eliminated to the minimum extent necessary so that the Consumer Terms otherwise apply in full force and effect between Checkout.com and the User.

15. Language

These Consumer Terms are available in both French and English language versions. The French version can be accessed by clicking here. You hereby confirm that you have requested that these Consumer Terms and all related documents be drafted in English, that you have been provided with a French language version of these Consumer Terms and that you have agreed to be bound by the English language version of these Consumer Terms.Les présentes modalités de consommation sont disponibles en français et en anglais. La version française est accessible en cliquant ici. Vous confirmez par les présentes que vous avez demandé que les présentes modalités de consommation et tous les documents y étant afférents soient rédigés en anglais, que vous avez reçu une version française des présentes modalités de consommation et que vous avez accepté d'être lié par la version anglaise des présentes modalités de consommation.

16. Definitions

16.1 Capitalised terms used in these Consumer Terms will have the following meanings.

Applicable Law	all laws, orders, decrees, rules, regulations, circulars, notices and guidelines (including any anti-money laundering laws sanctions and requirements of any regulatory authority) having legal effect and as applicable to a party in force in any jurisdiction.
Dashboard	is a web-based application that enables the User to review transactions made with Merchants using your saved payment details, manage your saved payment details, and access your information in relation to Remember Me.
Merchant	is a merchant that Checkout.com provides payment services to and which has Remember Me enabled.
Remember Me	Is Checkout.com’s service which enables the User to securely save its payment details when it makes a transaction with a Merchant and to re-use the saved payment details for transactions with other Merchants. Remember Me also allows the User to access the Dashboard.