Privacy Policy

Last updated: April 5th 2016

Your privacy is very important to us. SumUp Inc (“SumUp”), 1209 Orange Street, Wilmington, Newcastle 19801, USA, commit to only collecting information about you that is critical for offering and improving our products and services and to comply with all legal obligations.

This Privacy Policy applies to information we collect when you sign up for SumUp, when you access or use any of our websites, mobile applications and products, when you speak to our staff, or when you otherwise interact with us (collectively, the “Services”).

This policy also applies to information we collect if you have not signed up for our Services, but if you are making payment transactions through our Services.

We may change this Privacy Policy from time to time by posting the updated version on our website. We advise you to review this page regularly to stay informed and to make sure that you are happy with any changes. If we make material changes to this Privacy Policy we will notify you by email or through posting a notification when you log into our website or when you open our mobile application.

In order to use our Services you must accept all terms of this Privacy Policy.

1. Collecting Information About You

1.1. When you register for a SumUp Account (“Account”) we collect personal information about you including your full name, address, date of birth, social security number, email address and telephone number. We also collect information about your business including your company name, legal form, business type, nature and purpose of your business, business address, business telephone number, the directors and ultimate beneficial owners.

1.2. In order to perform payouts to you based on the transactions that you perform we collect your bank account details.

1.3. For research surveys or marketing purposes we may from time to time collect other information when you register including your preferences and interests.

1.4. In order to verify your identity as required by applicable anti-money laundering laws and in order to prevent fraud we may collect information about you from third party agencies including, but not limited to your credit rating, financial history, court judgements, share capital, company registration, and board of directors.

1.5. When you use our Services we collect information relating to your transactions including time, location, transaction amount, payment method and cardholder details.

1.6. When you access our website or use any of our mobile applications we may automatically collect information including, but without limitation, your IP address, operating system, browser type, identifiers for your computer or mobile device, your visit date and time and your visit behavior.

2. Using Information About You

2.1. We use information collected about you in order to provide our Services and to deliver all relevant information to you including transaction receipts, payout reports, security alerts and support messages.

2.2. We also use information collected about you in order to improve and personalize our Services. For instance, we may enable features in our mobile applications specific to your business.

2.3. We may use information collected about you to communicate with you about news and updates to our Services and to inform you about any promotions, incentives and rewards offered by us and/or our partners.

2.4. We may also use information collected about you through cookies and web beacons (see section 7 for more details) to track and analyze usage behavior and any actions relevant for promotions, incentives and rewards in connection with our Services.

2.5. We may use information collected about you to protect our rights and to investigate and prevent fraud or other illegal activities and for any other purpose disclosed to you in connection with our Services.

3. Accessing Your Personal Information

3.1. We may share information collected about you with any member of our group of companies, including subsidiaries, our ultimate holding company and its subsidiaries. This data will be transferred in order to allow us to provide a full service to you, where other companies within our group perform components of the full service offering. These other services include customer support, anti money laundering, settlements and internal audit.

3.2. We may disclose information to the extent necessary with third parties who perform functions on our behalf in order to process payment transactions for you including fraud prevention and verification service providers, financial institutions, processors, payment card associations and other entities that are part of the payment and collections process.

3.3. We may also share information collected about you with third parties who we partner with for advertising campaigns, contests, special offers or other events or activities in connection with our Services.

3.4. We may disclose information collected about you with third parties in connection with any merger, sale of company shares or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business.

3.5. We may also disclose information collected about you if (i) disclosure is necessary to comply with any applicable law or regulation; (ii) to enforce applicable terms and conditions or policies; (iii) to protect the security or integrity of our Services; and (iv) to protect our rights.

3.6. In any case, we will always ensure that your information will only be processed in connection with the Services and in accordance with this Privacy Policy and applicable data protection legislation.

4. Transferring Information Internationally

We may transfer information collected about you to members of our group of companies and third parties acting on our behalf that may be located in countries outside of the USA should this be necessary to facilitate our service to you. We will at all times continue to collect, store and use your information in accordance with this Privacy Policy and applicable law.

5. Data Security

5.1. We are committed to ensuring that the information collected about you is secure. We take reasonable measures including administrative, technical and physical procedures to protect your information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. When you are logged into your account, all Internet communication is secured using Secure Socket Layer (“SSL”) technology with high security 128bit encryption.

5.2. This high level of security can only be effective if you follow certain security practices yourself including never sharing your Account or login details with anyone. If you believe that any of your Account login details have been exposed, you can change your password at any time through our website or mobile application, but you should always also immediately contact customer service.

5.3. Transmission of information via the Internet is not completely secure. Therefore, we cannot guarantee the security of the transmission of your information to us. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security structures to prevent unauthorized access.

6. Cardholder Data Security

SumUp is responsible for the security of cardholder data which is processed, transmitted and stored within our systems. To this end, SumUp is certified as compliant under the Payment Card Industry Data Security Standard (PCI-DSS). SumUp applies best industry practice to safeguard this sensitive data and to ensure that it operates in line with these requirements, and to this end SumUp undergoes annual audits to ensure that we continue to meet this high standard.

7. Retention

We are required by law to retain certain records of the information collected about you for a period of at least ten years after termination of your Account. Otherwise, we reserve the right to delete and destroy all of the information collected about you upon termination of your Account unless you request otherwise. If agreed we shall continue to store your information, for example your transaction history, which you may require for accounting purposes.

8. Cookies & Web Beacons

8.1. We use a number of cookies and web beacons within our website and applications. Cookies are small data files which are placed on your computer, mobile device or any other device as you browse our website or use any of our applications or web-based software. Web beacons are small graphic images or other web programming code which may be included in the website and any of our email messages.

8.2. We may use cookies and web beacons for the following purposes: (i) To personalize our Services to you as an individual and to tailor our Services to you based on the preferences you may choose; (ii) to facilitate the effective operation of our websites and applications; (iii) to track website traffic or application usage for statistical purposes and to monitor which pages or features users find useful or not; (iv) to identify you upon Account login and to assist you when resetting your password; (v) to assist in meeting our regulatory obligations, such as anti-money laundering and anti-fraud obligations, and prevent your Account from being hijacked; (vi) to enable us to link to our group companies’ websites; or (v) collect anonymous statistical information about how you use the Services (including the length of your web or application session) and the location from which you access the Services, so that we can improve the Services and learn which elements and functions of the Services are most popular with our users.

8.3. Some cookies may not be related to SumUp. When you visit a page on our website with content embedded from, for example, YouTube or Facebook, cookies may be stored on your computer from these websites. We do not control the dissemination of such third party cookies and you should check these third party websites for more information about these cookies and their privacy policy.

8.4. The cookies or web beacons will never enable us to access any other information about you on your computer, mobile device or any other device other than the information you choose to share with us.

8.5. Most web browsers automatically accept cookies but you may modify your browser settings to decline cookies. Rejecting cookies used by our website, mobile application or web-based software may prevent you from taking full advantage of them and may stop them from operating properly when you use them.

8.6. If you do not consent to our use of the cookies, you must disable the cookies by deleting them or changing your cookie settings on your computer, mobile device or other device or you must stop using the Services. Information on deleting or controlling cookies is available at www.aboutcookies.org.

9. Linking to Other Websites

If you access links on our website to third party websites which are not owned by SumUp please be aware that these websites have their own privacy policies. We do not accept any responsibility or liability for these privacy policies. You should check and review these privacy policies before you submit any information about you to these websites.

10. Your Privacy Choices

10.1. You may always direct us not to perform any of the procedures of collecting, storing or sharing the information about you as described in this Privacy Policy by contacting us at the below email or office address or by following the opt-out instructions in the communication that you receive. Your opt-out request will be processed within 30 days of the date on which we receive it.

10.2. If you wish to amend, delete or update any of the information collected about you, you may contact us at the below e-mail or office address.

11. Governing Law

11.1. This Privacy Policy shall be governed by and construed under and in accordance with the law of Delaware.

11.2. The English language version of this Privacy Policy shall be binding. Any translation or other language version of this Privacy Policy shall be provided for convenience only. In the event of a conflict between the English version and any translation or other language version of this Privacy Policy, the English-language version shall prevail.

11.3. This Privacy Policy (including, if applicable, our Terms and Conditions) specify the entire agreement between you and us and supersede any and all prior agreements, terms, warranties and/or representations to the fullest extent permitted by the Law.

12. Contact

Feedback or questions regarding this Privacy Policy are welcomed and can be addressed to the email [email protected].