To read agreements for a different country or region, change your location.
Effective Date: The Braintree Privacy Statement is effective on 31 July 2020 for Merchants who signed up before 23 March 2020 or immediately for all new Merchants who signed up on or after 23 March 2020.
This privacy statement explains how and why PayPal Canada Co., as a controller, collects, stores, uses, shares and transfers personal data when you visit our websites offering Braintree services or use the Braintree services. Reading it will help you understand your privacy rights and the choices may you have.
“Personal data” in this statement means information about you, including your identity, financial information, contact information, and online behavior.
When it comes to how your personal data is collected, stored, used, and shared, you have rights and choices.
You have the right to request a copy of or correct inaccuracies with respect to your personal data. You may review some personal data after logging into your Account, if you are a merchant using our services so your customers can pay you. If you are a merchant or use our services to pay for goods and services and have questions about your rights or personal data, just contact us.
Here are some of the ways we communicate with you and the choices you have to limit these communications.
How we communicate with you
Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered.
If you use our services to pay for goods and services, we may contact you via email, telephone, or send you paper mail. We do this when we reply to a message from you or when we have to communicate with you to comply with a law or other obligation. These messages contain important information and you may not opt out of receiving them.
If you are an existing merchant using our services so your customers can pay you, we may contact you using a telephone, email, text, paper mail, and send notifications to your merchant dashboard to help manage your account, deliver important information to you, and market our products and services.
If you are a merchant inquiring about our payment services, we may contact you via email or telephone to market our products and services and answer questions you may have about how our services work.
Depending on how we send the marketing communications, you can either click the unsubscribe link in any marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device to stop receiving these types of messages.
# We may collect your personal data when you visit our websites, create a merchant account, or use our payment services to buy or sell goods and services.
Here are the kinds of personal data that we may collect when you use our services to purchase goods and services or contact us:
Here are the kinds of personal data that we may collect when you inquire about our services, create a merchant account with us, or use our services so your customers can pay you. This may also include the personal data of your employees:
Here are the kinds of personal data that we may collect when you visit our websites:
We may collect personal information about you from various sources, for example from:
We or our authorized service providers may use cookies and similar tracking technologies to collect data whenever you use our services, visit our websites, or visit websites that offer our services. The information collected with these technologies helps us deliver our services, measure the effect of our ads, prevent fraud and enhance the security of our websites and service.
You can disable or decline some cookies for our websites and services. But, since some parts of our service rely on cookies to work, those services could become difficult or impossible to use.
To learn how to opt-out of this kind of tracking technology, visit About Ads.
We collect personal data for many reasons, including to improve your experience, and to run our business. Let’s look at some specific reasons why we collect your personal data.
If you use our services to pay for goods and services or contact us, we may use your information for our legitimate interests to:
If you are a merchant (or the merchant’s employee) who use our services so your customer can pay you, we may use your information to fulfill our contract with you and for our legitimate interests to:
If you visit our websites or inquire about our services, we may use your information in our legitimate interests to:
We do not sell your personal data. However, we may share data across our services and with other members of the PayPal corporate family. Sometimes we also share the personal data we collect with third parties to help us provide services, protect our customers from risk and fraud, market our products to merchants and those who inquire about our services, and comply with legal obligations.
You can review the kinds of personal data that we may share by reviewing The personal data we collect section.
We may share personal data with:
Helping to keep your personal data safe against loss, misuse, unauthorized access, disclosure, and alteration is our top priority.
To protect your personal data, we use technical, physical, and administrative security measures that include:
While we protect our systems and services, you’re responsible for keeping your password(s) and account information private. Also, you’re responsible for making sure your personal information is accurate and up to date.
We retain personal data for the time necessary to fulfil your request and our legal obligations. We may maintain personal data for longer periods if it is our legitimate business interests and not prohibited by law. If you no longer use our services, we may keep your personal data and other information as required by law and according to our data retention policy. If we do, we’ll continue to handle it as we describe in this statement.
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers store and process your personal data outside Canada, in the United States and elsewhere in the world. We will protect your information as described in this Privacy Statement if your personal data is transferred to other countries/regions. By using our websites and services, you consent to your personal data being transferred to other countries, including countries/regions that have different data protection rules than your country. Please contact us for more information about this.
We’ll make changes to this privacy statement from time to time. This helps us stay up to date with changes to our business and the most current laws. After a new version is published, we’ll collect, store, use, and protect your personal data as we outline in that revised statement.
If the new version reduces your rights or increases your responsibilities, we’ll post it on the Policy Updates or Privacy Statement page of our website at least 21 days before it becomes effective.
We may also notify you about these changes through email or other communications.
Our services are for a general audience and are not directed at individuals under the age of majority. We do not knowingly collect information from children and individuals who are not legally able to use our services. If we realize that information has been collected from a child, we will move to promptly delete it, unless we are legally required to keep this information. You can help us by informing us if you believe that we have unintentionally collected information from a child, please contact us.
If you wish to learn more about our privacy practices, exercise your rights, or have questions about this Privacy Statement, please contact us following the instructions below. You can exercise your rights whether you use PayPal services or Braintree services (card payments made on a merchant’s website) by visiting PayPal’s website, and submitting your inquiry using the contact information provided in our privacy statement.
Our Privacy Officer can be reached at:
PayPal Canada Co.
Attn: Privacy Officer
661 University Avenue, Suite 506
Toronto, ON M5G 1M1.
Effective Date: The Braintree Privacy Policy shall be effective for Merchants who signed up before 23 March 2020 until the Braintree Privacy Statement becomes effective on 31 July 2020. The Braintree Privacy Policy shall not be in effect for new Merchants who signed up on or after 23 March 2020.
Effective Date: May 25, 2018
PayPal Canada Co. (“PayPal,” “we,” “us,” or “our”) developed this Privacy Policy to explain how we may collect, Process, share, store, and transfer your Personal Data that you provide when you visit the Sites, access the Services and any other Site as a visitor or User (collectively “Braintree Services”). All collection, use, and disclosure of your business and Personal Data will be governed under this Privacy Policy. If you create an Account to use the Braintree Services or otherwise establish a Braintree Account, our collection, use, and disclosure of your customers’ Personal Data will be governed in all respects by the terms of the Payment Services Agreement you enter into with us. This Privacy Policy does not apply to PayPal products or services except as expressly described in this document.
If you have questions about our privacy practices that are not addressed in this Privacy Policy, please contact us.
You can learn more about Braintree Services and how to become a User, sign up for more information about our Braintree Services, or access your Account if you are a User at our Sites. We may collect Personal Data about you when you visit or access the Sites, including the following:
Personal Data You Provide to Us Voluntarily – We collect information about you that you voluntarily provide to us when you: (i) contact us to learn more about Braintree, the Braintree Services, or other opportunities you indicate are of interest at the time; (ii) access or use the Braintree Service; or (iii) contact customer service. This information may include, for example, your name, mailing address, business name, and any other information that you choose to provide to us when you comment on materials on our Braintree Services, in order to contact you as a potential customer, or respond to a support request. This also includes technical data, such as IP addresses and device identifiers that are commonly generated in establishing a connection with the Braintree Services.
Retention – We collect and retain Personal Data submitted to the Braintree Services in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the Personal Data for longer periods.
We may use Personal Data:
We share Personal Data with:
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third party service providers store and Process your Personal Data outside Canada, in the United States and elsewhere in the world. We will protect your information as described in this Privacy Policy if your Personal Data is transferred to other countries/regions. By using our Sites and Services, you consent to your Personal Data being transferred to other countries, including countries/regions that have different data protection rules than your country. Please contact us for more information about this.
You may review limited Personal Data after logging in to your Account. If you need to edit or update your information, please contact us. If you do not have an Account or if you have questions about your Account information or other Personal Data, please contact us.
You have certain rights in respect of your Personal Data. In particular, you have a right of access and correction. If you wish to exercise these rights, please contact us.
When you visit the Braintree Services, we and certain business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognize you and to otherwise customize your online experiences and other content and advertising; measure the effectiveness of promotions; and mitigate risk, prevent potential fraud, and promote trust and safety across the Braintree Services. Certain aspects and features of the Braintree Services are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Braintree Services may be limited or not possible.
Personal Data is maintained on our servers or those of our third party service providers and is accessible to authorized employees and representatives. We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
The Braintree Services are intended for a general audience and are not directed at individuals under the age of majority. We do not knowingly collect information from minors or other individuals who are not legally able to use the Braintree Services. If we obtain actual knowledge that we have collected information from a minor, we will promptly delete it, unless we are legally obligated to retain such data. If you believe that we have mistakenly or unintentionally collected information from a minor, please contact us.
We may change this Privacy Policy from time to time to reflect changes to our privacy practices for our Braintree Services. The revised Privacy Policy will be effective as of the published Effective Date.
If we make a material change to the Privacy Policy, we will notify you in advance by posting notice of the change on the Braintree Services before the change becomes effective. We also may notify you of the change using email or other means.
If you have general questions about our Privacy Policy and practices or questions about your Personal Data, you may contact us.
Our Privacy Officer can be reached at:
PayPal Canada Co.
Attn: Privacy Officer
661 University Avenue, Suite 506
Toronto, ON M5G 1M1.
Account means a Braintree account.
Personal Data means information that can be associated with an identified or identifiable person. “Personal Data” can include name, postal address (including billing and shipping addresses), telephone number, email address, financial account information, account number, and date of birth.
Process describes any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
Services means all Braintree products, services, content, features, technologies, or functions (including integrations with third party services) offered by PayPal and all related sites, applications and services.
Site means the Braintree websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services.
User means you or anyone else who has established a relationship with PayPal (for example, by opening an Account) for the purpose of using the Site or the Services.