Last Updated: April 7, 2022
1. COLLECTION OF PERSONAL INFORMATION
1.1. Personal Information. The following are categories (with non-exhaustive examples) of personal information we may collect about you:
A. Individual Identifiers and Demographic Information
Contact data (such as first and last name, alias, postal address, telephone number, and email address)
Business data (such as your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, company registration, the directors and ultimate beneficial owners)
Online identifiers (such as IP address and other unique identifiers)
Device data (such as device ID, computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution, and general location information such as city, state or geographic area)
Account data (such as username and profile information)
Identity data (such as Social Security number, date of birth, driver’s license number, passport number, and previous residences)
B. Sensitive Personal Information
Financial data (such as your bank account numbers, credit rating and report, financial history, share capital and account balances)
Credit/debit card information
Criminal history data (such as court judgements against you)
C. Geolocation Data
Geolocation data (such as precise physical location or movements in connection with the App or Terminal)
D. Sensory Data
Audio data (such as customer service call recordings)
E. Commercial Information
Transaction data (such as order history and other records of products or services you have purchased from us, including your consuming histories or tendencies and records of gift cards you have purchased)
Marketing data (such as your preferences for receiving marketing communications)
Survey data (such as the responses you provide in connection with surveys and other promotions)
POS data (such as time, location, transaction amount, payment method and cardholder details)
Online activity data (such as browsing history, search history, IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time, the website you visited before browsing to our website, your visit behavior and other information about your interaction with the Services)
F. Internet or Network Activity
Online activity data
G. Professional or Employment-Related Information
H. Inferences Drawn from Personal Information
May be derived from your financial data, transaction data, identity data, business data, criminal history data, and other information we collect as part of the merchant registration process
1.2. Sources of Personal Information. We obtain the categories of personal information listed above via the following categories of sources:
Personal Information You Provide. SumUp collects personal information when you voluntarily submit it to us. For example, we may collect or receive personal information when you create an account on the Services, register with us as a merchant, sign up to receive our promotional communications, white papers, or other materials, use or access the Services through the Site or the App, participate in one of our surveys or other promotions, submit a request to our customer service team, interact with our social media pages or otherwise interact with us or other Users through the Platform.
Third Parties. SumUp may receive personal information about you from other third party sources. For example, we receive personal information from our affiliates, business partners (such as merchants), social media sites, third party services that you connect to your account on the Services, public sources, and/or companies that provide personal information to supplement what we already know about you (including identity verification companies and data providers). We may merge or combine such personal information with the other personal information we collect about you. SumUp may also receive information about gift card recipients from the purchaser of a gift card, including the recipient’s name and email address. Some merchants and other users may also refer colleagues or other contacts to us and share their contact information with us. Please do not refer someone to us or share their contact information with us unless you have their permission to do so.
2. USE OF PERSONAL INFORMATION
2.1. To Provide Our Products and Services. We use personal information collected about you in order to provide our products and services, including to process your orders and transactions and facilitate delivery, process gift cards, respond to your inquiries and requests, and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.
2.2. To Improve Our Products and Services. We use personal information collected about you in order to improve and personalize our Services, conduct research surveys, understand and analyze usage trends and user preferences, diagnose technical issues, prevent fraud, and develop new features and functionality. For instance, we may enable features in our mobile applications specific to your business.
2.4. To Set Up Your Account. We use your personal information to establish your account. For example, this may include verifying your age, date of birth, and place of residence. If you set up an account to use our Services, we will use the registration information you provide in relation to that account creation to create, maintain, customize, and secure your account.
2.5. Identity Verification and Merchant Registration. If you apply to be a merchant, we use your personal information to verify your identity and determine eligibility for some of our products, services, and promotions. For example, this may include verifying your business data, financial information, criminal history, credit history, and other information we may be required to process for compliance with anti-money laundering and other laws and fraud prevention.
2.6. Compliance and Safety. We may use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services. We also use personal information to maintain the security, and integrity of our Services, the products and services we offer, our databases and other technology assets, our business, and other users.
2.8. As Required by Law. We use personal information to respond to requests from law enforcement and as required by applicable law, court order, or government investigation.
3. SHARING OF PERSONAL INFORMATION
3.1. Related Companies. We may share information collected about you with any member of our group of companies, including subsidiaries, affiliates, our ultimate holding company and its subsidiaries. For example, we will share your personal information with our related companies to provide our products and services to you, where other companies within our group perform components of the full service offering. These other services include customer support, legal compliance and fraud monitoring, settlements and internal audit.
3.2. Service Providers. We share personal information with third parties and individuals who perform functions on our behalf and help us run our business. For example, service providers that help us process payment transactions for you include fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process. Service providers also help us perform website hosting, app design, maintenance services, database management, web analytics, app analytics, billing, payment processing, credit risk reduction, marketing, and other purposes.
3.3. Advertising Partners. We may also share personal information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services, including affiliate marketing partners. Some of our advertising partners may collect information about your activity on the Site and the App and across other websites and online services to help us advertise our products and services, and/or use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.
3.4. Affiliate Marketing Services. We use affiliates to generate traffic and leads. These may collect collect personal information when you interact with our digital property, including IP addresses, digital identifiers, information about your web browsing and app usage and how you interact with our properties and ads for a variety of purposes, such as personalization of offers or advertisements, analytics about how you engage with websites or ads and other commercial purposes.
Our current affiliates:
Rakuten - https://rakutenadvertising.com/legal-notices/services-privacy-policy/
CJ - https://www.cj.com/legal/privacy-policy-services
Awin - https://www.awin.com/ie/privacy
Tune - https://www.tune.com/resources/data-and-privacy/privacy-policies/
3.5. Business Transferees. We may disclose personal information collected about you with third parties in connection with any business transaction (or potential transaction) involving a merger, sale of company shares or assets, financing, acquisition, consolidation, reorganization, divestiture, or dissolution of all or a portion of our business (including in connection with a bankruptcy or similar proceedings).
3.6. Authorities and Others. We may also disclose information collected about you if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; (iv) to protect our rights; and (v) for the compliance and safety purposes set forth in Section 2.
3.7. Professional Advisors. We may share your personal information with our professional advisors, such as lawyers, auditors and insurers, where necessary in the course of the professional services that they render to us.
3.8. Business Partners. We may share your personal information with our business partners, such as lenders, banks, and other companies who facilitate merchant enrollment. If you connect the Services to a third party service or account, such as your bank or other financial services provider, we will share certain personal information with the third party service.
3.9. Gift Cards. If you send a gift card through the Services and provide your name or other personal information, we will disclose that information to the gift card recipient. We may also share personal information with merchants about gift card purchasers and recipients, including contact information. Please note, we are not responsible for the privacy practices of merchants who use our Services or offer gift cards for sale through our Services.
3.10. Other Users and the Public. If you post or otherwise provide a testimonial, review, or other form of feedback to us through the Services, your information may be displayed to other users or the public and we may use it for our marketing and other business purposes. For example, if you submit a review to any product pages, your username, review, and other information that you provide may be posted publicly for review by others.
4. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION
SumUp is based in the United States of America. For users outside of the United States of America with laws governing data collection, use, and disclosure that may differ from U.S. law and you provide personal information to us, please note that any personal information that you provide to us may be transferred to the United States of America. We may also transfer personal information collected about you to members of our group of companies and third parties acting on our behalf that may be located in countries outside of the USA should this be necessary to facilitate our service to you. By providing your personal information, where applicable law permits, you hereby specifically and expressly consent to such transfer and processing and the collection, use, and disclosure set forth herein or in the terms of service related to the use of and access to the Services.
No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from the risks presented by unauthorized access or acquisition, we cannot guarantee the security of your personal information.
6. OTHER WEBSITES AND SERVICES
If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. These links are not an endorsement of or representation that we are affiliated with any such third party. In addition, our content may be included on websites or other online services that are not associated with us. We do not accept any responsibility or liability for these other websites and services. You should check and review the third parties’ privacy policies before you submit any information about you to these websites and services.
7. YOUR CHOICES
7.1. Access to Your Personal Information. You may request access to your personal information by contacting us as described below.
7.2. Changes to Your Personal Information. You may make changes to your personal information by logging into your account and updating or correcting your profile and registration information. You may also request to change your personal information by contacting us as described below.
7.7. Privacy Settings and Location Data. Users of our App can disable our access to their device’s precise geolocation in their mobile device settings.
7.8. Do Not Track. Some browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
7.9. Declining to Provide Information. We need to collect personal information to provide certain services. If you do not provide the information requested, we may not be able to provide those services.
8. RESIDENTS OF CALIFORNIA
This section applies only to residents of California. It describes how we collect, use and share personal information of California residents when we act as a “business” as defined under California privacy laws, and their rights with respect to their personal information.
8.1. Notice to California Residents. The section above titled “Collection of Personal Information” describes the personal information we have collected in the preceding twelve months and the source of such personal information. the business and commercial purposes for which we collected such personal information is described in the section titled “Use of Personal Information,” above. The section titled “Sharing of Personal Information,” above, describes the categories of third parties to whom the personal information was disclosed.
Contact data (Individual Identifiers and Demographic Information);
Online identifiers (Individual Identifiers and Demographic Information, Internet or Network Activity);
Device data (Individual Identifiers and Demographic Information, Internet or Network Activity);
Transaction data (Commercial Information);
Marketing data (Commercial Information); and
Online activity data (Commercial Information, Internet or Network Activity).
8.2. Your California Privacy Rights. California privacy laws may provide California residents with the rights listed below:
Right to Access. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve months, including:
The categories of personal information we collected about you;
The categories of sources of the personal information we collected about you;
Our business or commercial purpose for collecting or selling that personal information;
The categories of third parties with whom we share that personal information; and
The specific pieces of personal information we collected about you.
Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Opt-Out of Sales. If we “sell” your personal information or pro, you can opt-out. Requests to opt-out will also be treated as a request under
Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form or legally prohibited increases in the price or decreases in the quality of our products and services.
Please note, these rights are not absolute and in some cases we may not be able to respond your request, such as when a legal exemption applies or if we are not able to verify your identity.
8.3. How to Exercise Your California Privacy Rights
Access and Deletion Rights. To exercise the access and deletion rights described above, please submit a request to us and provide the information we request that is required to verify your request by:
Emailing us at [email protected], or
Sending us mail at 2000 Central Ave Suite 100, Boulder, CO 80301, United States.
Right to Opt-Out of the “Sale” of Personal Information. Under California law, some of the data we share with our advertising partners may qualify as a “sale” as defined under the CCPA. To exercise your right to opt-out of such “sale”, please email us at [email protected] or contact us by phone at 888-250-2164, You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee or decline to comply with your request if your request is clearly unfounded, repetitive, or excessive.
When exercising your rights or otherwise assisting you, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure we do not disclose personal information to any person who is not entitled to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 45 days of your request. Occasionally it may take us longer than 45 days to respond, for instance if your request is particularly complex or you have made a number of requests. In this case, we will notify you of the delay, and may continue to update you regarding the progress of our response.
You may also designate an authorized agent to make a request on your behalf. If you do so, we may require the requester’s proof of identification, the authorized agent’s proof of identification, and any other information that we may request in order to verify your request, including evidence of valid permission for the authorized agent to act on your behalf.
10. CONTACTING US