This privacy notice for SAIRYŌ "we." "us." or "our"), describes how and why we might collect, store, use, and/or share ("Process") your information when you use our services ("Services"), such as when you:
• Visit our website at https://www.sairyoevents.com, or any website of ours that links to this privacy notice.
• Download and use our mobile application (SAIRYŌ), or any other application of ours that links to this privacy notice.
• Engage with us in other related ways, including any sales, marketing. Or events.
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at firstname.lastname@example.org
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with Us and the Services, the choices you make, and the products and features you use Learn more about personal information you disclose to us.
Do we process any sensitive personal information? We do not process sensitive personal information.
Do we receive any information from third parties? We do not receive any information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Lear more about how we process your information.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Lear more about when and with whom we share your personal information.
How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Lear more about how we keep your information safe. What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Lear more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by visiting email@example.com, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the privacy notice in full.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
• phone numbers
• email addresses
• mailing addresses
• billing addresses
• debit/credit card numbers
Sensitive Information. We do not process sensitive information.
Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is stored by STRIPE. Apple Pay and Google Pay. You may find their privacy notice link(s) here: https://stripe.com/en-ca/privacy, https://www.apple.com/legal/privacy/data/en/apple-pay/ and https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=en.
Social Media Login Data. We may provide you with the option to register with us. using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS?" below.
Our collection and use of Personal Data changes depending on whether you are acting as End User, End Customer, Representative or Visitor and our different Services. For example, if you are the sole owner of a business (i.e., sole proprietorship), we may collect Personal Data to onboard your business, but you may also be an End Customer that purchased goods from another Business User that uses Stripe’s Services for payment processing and you may also be an End User who uses Link to make those purchases.
We provide End User Services where we do not act as a service provider or processor to Businesses but instead provide the Services directly to you for your personal use (e.g. Link). We provide more information about our collection, use and sharing of Personal Data in our Privacy Center, including the legal bases which we rely on for using (processing) your Personal Data.
• Using Link or Connecting your Bank Account. Stripe offers you the opportunity to store your payment methods with Stripe so that you can conveniently use it across merchants who are our Business Users (“Link” was formerly known as “Remember Me”). When you opt in to Link, you agree to let us store your Personal Data such as your payment method so that you can more readily make purchases through Link with Business Users of our payment processing Business Services (e.g. name, contact information, payment method details (e.g. card number, cvc, and expiration date)). When you choose to pay with Link, we will also collect Transaction Data related to your transactions.
• If you choose to share bank account information (including for use in Link) with us, Stripe will periodically collect and process your account information (e.g. bank account owner information, account balances, account number and details, account transactions and, in some cases, credentials). With your separate permission, we will share this Personal Data with Business Users that you choose. You can ask us to stop collecting and sharing this information.
• With your separate permission, we will share contact information (e.g. shipping address, billing address and phone number) with Business Users that you do business with.
• Paying Stripe. If you are buying goods or services directly from Stripe, we receive Transaction Data. For example, when you make a payment to Stripe Climate, we will collect contact information, payment method information, and information about that transaction.
• Identity/Verification Services. We provide an identity verification service that automates comparing an identity document with your image (e.g., selfie). You may choose to opt-in to allow us to store that verification for future use across other merchants and/or separately consent to letting us use your biometric data to improve our verification technology. You can also ask us to stop providing you these services.
• More. Please see below for information about additional types of Personal Data that we may collect about End Users, including about your online activity and how you engage with our End User Services.
• Services. We use your Personal Data to provide the End User Service to you, including security, sanctions screening, delivery, support, personalization (e.g. language preferences and settings choices) and messages related to the End User Service (e.g. communicating Policy updates and information about our Services). For example, we will use Personal Data to assess whether your use of Link to make a payment with a merchant is authorized by you (and not a bad actor) and likely to be successfully authorized by the payment method you choose to use when you choose to make purchases with Link.
• Our Business Users. When you choose to connect your financial account with Stripe you may also choose to share account information with Business Users that you do business with. These Business Users will have their own privacy policies which describe how they use that information.
• Transactions. For payment transactions with Link, End User Personal Data is shared with others to enable or “process” the transaction. For example, when you choose to use a payment method for the transaction with Stripe or with Link (e.g. credit card, debit card, buy now pay later, or direct debit), the third party provider of your payment method will receive Transaction Data that includes your Personal Data. When you use Link, the merchant you choose to do business with will also receive Transaction Data that includes your Personal Data and, with your separate consent, your bank account information. Please review the privacy policies of your payment method and the merchants who you choose to learn more about their processing of your Personal Data.
• Fraud Detection and Loss Prevention. We use your Personal Data collected across our Services (e.g. Stripe Radar) to detect fraud and prevent financial losses for you, us, and our Business Users and financial partners, including to detect unauthorized purchases. We may provide Business Users and financial partners (including card issuers, payment methods and others involved in payment processing activities) that use our fraud Business Services with Personal Data about you (including your attempted transactions) so that they can assess the associated fraud or loss risk with a transaction. You can learn more about how we may use technology to assess the fraud risk associated with an attempted transaction and what information we share with Business Users here.
• We do not sell or share End User Personal Data with third parties for marketing or advertising their products without your separate consent.
• More. Please see below for information about additional ways in which we may use and share your Personal Data.
Stripe offers Business Services to our Business Users (e.g. payment processing through in-person or online checkout, or processing pay-outs for those Business Users). When we are acting as a Business User’s service provider (also known as a data processor), we will process Personal Data in accordance with the terms of our agreement with the Business User and the Business User’s lawful instructions (e.g. when we process a payment for a Business User because you bought a product from them) or they instruct us to send funds to you.
• Transaction Data. If you are an End Customer, when you make payments to, get refunds from, begin a purchase, make a donation or otherwise transact with a Business User that uses us to provide payment processing Business Services, we will receive Transaction Data. We may also receive your transaction history with the Business User. Moreover, we may obtain information typed into a checkout form, even if you choose not to complete the form or purchase with the Business User.
• Identity/Verification Information. Stripe provides a verification and fraud prevention Service that allows a Business User to verify Personal Data about you, such as your age (when purchasing age restricted goods) or your authorization to use a payment method. As part of these Services, you will be asked to share Personal Data with us for this purpose (e.g., your government ID, your image (selfie), and Personal Data you input or that is apparent from the physical payment method (e.g. credit card image)). To protect against fraud, we may compare this information with information about you we collect from Business Users, financial partners, business partners, identity verification services, publicly available sources, and other third party service providers and sources so that we can assess whether the person is likely to be you or a person purporting to be you.
• More. Please see below for information about additional types of Personal Data that we may collect, including your online activity.
To provide our Business Services to our Business Users, we use Personal Data, and share Personal Data of a Business User’s End Customers with the Business User. Where allowed, we also use End Customers’ Personal Data for Stripe’s own purposes to secure, improve and provide our Business Services and prevent fraud, loss and other harms as described below.
• Payments and Accounting. We use your Transaction Data to provide our Payments related Business Services to Business Users, including to process online payment transactions, to calculate applicable sales tax, to invoice and bill, and to help them calculate their revenue, pay their bills and perform accounting tasks. We may also use Personal Data to provide and improve our Business Services.
• Financial Services. Some of our Business Users use our Services in order to offer financial services to you, through Stripe or its financial partners. For example, they may provide a card product that enables you to purchase goods and services. These cards may carry the Stripe brand, bank partner brand and/or the brands of Business Users. In addition to any Transaction Data we may produce or receive when these cards are used for purchases, we will also receive and use your Personal Data in order to provide and manage these products. Please also see the privacy policies of the Business User and our bank partners, if applicable, associated with the financial service (whose brands may be shown on the card).
• Identity/Verification Services. We use Personal Data about your identity, including information provided by you and our service providers, to perform verification Services for Stripe or for the Business Users that you are doing business with, to reduce fraud and enhance security. If you provide a “selfie” along with an image of your identity document, we will use technology to compare and calculate whether they match and you can be verified.
• Fraud Detection and Loss Prevention. We use your Personal Data collected across our Services (e.g. Stripe Radar) to detect and prevent losses for you, us, our Business Users and financial partners. We may provide Business Users (including card issuers, payment methods and others involved in payment processing activities) that use our fraud Business Services with Personal Data about you (including your attempted transactions) so that they can assess the fraud or loss risk associated with a transaction. You can learn more about how we may use technology to assess the fraud and loss risk associated with an attempted transaction and what information we may share with Business Users about such risks here and here.
• We do not use, sell or share End Customer Personal Data for our marketing or advertising, or for marketing and advertising by third parties who are not the Business User with which you have transacted or attempted to transact.
• More. Please see below for information about additional ways in which we may use and share your Personal Data.
To provide Business Services, we collect, use and share Personal Information from Representatives of Business Users (e.g. a business owner). We provide more information about our collection, use and sharing of Personal Data in our Privacy Center, including the legal bases which we rely on for using (processing) your Personal Data.
• Registration and Contact Information. If you register for a Stripe account for a Business User (including incorporation of a Business), we collect your name and account log-in credentials. If you register for an event that Stripe organizes or attends or if you sign up for Stripe communications, we collect your registration and profile information. If you are a Representative or Representative of a potential Business User, we receive your Personal Data from third parties (including data providers) in order to advertise to, market and communicate with you as described further below and in Section 2. We may also associate a location with you in order to assess which Services or information may be useful to you.
• Identification Information. If you are an owner of a Business User or you are expected to be a shareholder, officer or director of a Business User, we require that you provide your contact details, such as name, postal address, telephone number, and email address to fulfill our financial partner and regulatory requirements. We will directly (and through others) collect Personal Data about you, such as your ownership interest in the Business User, your date of birth and government identifiers associated with you and your Business User (such as your social security number, tax number, or Employer Identification Number). You may also choose to provide bank account information.
• More. Please see below for information about additional types of Personal Data that we may collect, including about online activity.
We generally use Personal Data of Representatives to provide the Business Services to the associated Business Users, as well as for the purposes described below.
• Business Services. We use and share Personal Data of Representatives with Business Users to provide the Services you (or the Business User you are associated with) have requested.
• In some cases our Business Service will require us to submit your Personal Data to a government entity (e.g. incorporating a business, or paying applicable sales tax). For our tax Business Services, we may use your Personal Data to file taxes on behalf of your associated Business User. For our Atlas business incorporation services, we may use your Personal Data to submit forms to the IRS on your behalf and to file documents with other governmental authorities (e.g. articles of incorporation in your state of incorporation).
• We share data with parties directly authorized by a Business User to receive Personal Data (e.g. financial partners servicing the financial product, or third party apps or services the Business User uses in conjunction with our Business Services). For example, providers of payment methods (e.g., Visa, WeChat Pay) will require merchant onboarding information for the Business Users that accept their payment methods, and Stripe will provide required onboarding information (including Personal Data of Representatives) to those financial partners. In some cases, these payment method providers will be located outside your home country for example WCP, AliPay, Block, Klarna Bank AB.
• If you are a Business User and have chosen a name that includes Personal Data (e.g. a sole proprietorship or family name in a company name), we will share and use that information as any company name in connection with the provision of our Services (e.g. including it on receipts and other descriptions identifying financial transactions).
• More. Please see below for information about additional ways in which we may collect, use and share your Personal Data.
We collect, use and share Personal Data of Visitors (who are not End Users, End Customers or Representatives). We provide more information about our collection, use and sharing of Personal Data in our Privacy Center, including the legal bases which we rely on for using (processing) your Personal Data.
• Forms. When you choose to fill in a form on the Site or on third party websites featuring our advertising (e.g. LinkedIn or Facebook), we will collect the information included in the form (e.g. your contact information and other information about your question related to our Services). We may also associate a location with your visit.
• More. Please see below for information about additional types of Personal Data that we may collect, including about online activity.
• Personalization. We use information about you that we gather from cookies and similar technologies to measure engagement with the content on the Sites, to improve relevancy and navigation, to personalize your experience (e.g. language and relevant geography) and to tailor content about Stripe and our Services to you. For example, because not all of our Services are available in all regions, so we may tailor our answers for your region.
• Engagement. When visitors engage with our stripe.com site, we will use information we collect about and through your devices in order to provide the opportunity to engage in conversations or with chatbots to address your questions.
• More. Please see below for information about additional ways in which we may collect, use and share your Personal Data.
In addition to the ways we collect, use and share Personal Data that are described above, we also process your Personal Data as follows:
Online Activity. Depending on the Service you use and the Business Users’ implementation of our Business Services, we will collect information about:
• Devices and browsers across our Sites and third-party websites, apps and other online services (“Third-Party Sites”),
• Communication and Engagement Information. We will collect any information you choose to provide to us, for example, through support tickets, emails or social media. When you respond to Stripe emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call Stripe, as well as other information you may provide during the call. We will also collect your engagement data such as your registration for, attendance of, or viewing of Stripe events and other interaction with Stripe personnel.
• Forums and Discussion Groups. Where our Sites allow you to post content, we will collect Personal Data that you provide in connection with the post.
• Communications. We will use the contact information we have about you to perform the Services, which may include sending codes via SMS to authenticate you. If you are an End User, Representative or Visitor, we may communicate with you using the contact information we have about you (e.g. using email, phone, text message or videoconference) to provide information about our Services and our affiliates’ services, invite you to participate in our events or surveys, or otherwise communicate with you for our marketing purposes, provided that we do so in accordance with applicable law, including any consent or opt-out requirements. For example, when you submit your contact information to us or when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and include you on our marketing information campaigns.
• Social Media and Promotions. If you choose to submit Personal Data to us to participate in an offer, program or promotion, we will use the Personal Data you submit to administer the offer, program or promotion. We will also use that Personal Data and Personal Data you make available on social media to market to you unless we are not permitted to do so.
• Fraud Prevention and Security. We collect and use Personal Data to help us to detect and manage the activity of fraudulent and other bad actors across our Services, to enable our fraud detection Business Services, and to otherwise seek to secure our Services and transactions against unauthorized access, use, modification or misappropriation of Personal Data, information and funds. In connection with fraud and security monitoring, prevention, detection, and compliance activities for Stripe and its Business Users, we receive information from service providers (including credit bureaus), third parties, and the Services we provide. We may collect information from you, and about you, from Business Users, financial parties and in some cases third parties. For example, to protect our Services, we may receive information from third parties about IP addresses that malicious actors have compromised. This Personal Data (e.g. name, address, phone number, country) helps us to confirm identities, run credit checks subject to applicable law and prevent fraud. We may also use technology to assess the fraud risk associated with an attempted transaction by an End Customer or End User with a Business User or financial partner.
• Compliance with Legal Obligations. We use Personal Data to meet our contractual and legal obligations related to anti-money laundering, Know-Your-Customer ("KYC") laws, anti-terrorism, export control and prohibitions on doing business with restricted persons or in certain business areas and other legal obligations. We strive to make our Services safe, secure and compliant, and the collection and use of Personal Data is critical to this effort. For example, we may monitor patterns of payment transactions and other online signals and use those insights to reduce the risk of fraud, money laundering and other activity that is harmful to Stripe, our End Users and their End Customers.
• Minors. The Services are not directed to minors, including children under the age of 13, and we request that they not provide Personal Data through the Services. In some countries, we may impose higher age limits as required by applicable law.
• Stripe Affiliates. We share Personal Data with other Stripe affiliated entities. When we share with these entities, it is for purposes identified in this Policy.
• Service Providers or Processors. In order to provide Services to our Business Users and End Users and to communicate, market and advertise to Visitors, Representatives and End Users regarding our Services, we will rely on others to provide us services. Service providers provide a variety of critical services, such as hosting (storing and delivering), analytics to assess the speed, accuracy and/or security of our Services, identity verification, customer service, email and auditing. We authorize such service providers to use or disclose the Personal Data that we make available to perform services on our behalf and to comply with applicable legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union, the United States of America and India.
• Financial Partners. “Financial Partners” are financial institutions that we partner with to offer the Services (including payment method acquirers, banks and payout providers). We share Personal Data with certain Financial Partners to provide the Services to the associated Business Users and to offer certain Services in partnership with our Financial Partners. For example, we share certain Personal Data of Representatives (e.g. loan repayment data and contact information) with institutional investors who purchase or provide credit secured by the Capital loans that we have made to the associated Business Users.
• Others with Consent. In some cases we may not provide a service, but instead refer you to, or enable you to engage with, others to get services (e.g. professional services firms that we partner with to deliver Atlas). In these cases, we will disclose the identity of the third party and the information that will be shared with them and seek your consent to share the information.
• Corporate Transactions. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Policy.
• Compliance and Harm Prevention. We share Personal Data as we believe necessary: (i) to comply with applicable law, (ii) to comply with rules imposed by a payment method in connection with use of that payment method (e.g. network rules for Visa); (iii) to enforce our contractual rights; (iv) to secure or protect the Services, rights, privacy, safety and property of Stripe, you or others, including against other malicious or fraudulent activity and security incidents; and (v) to respond to valid legal process requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
For the purposes of the General Data Protection Regulation, we rely upon a number of legal bases to enable our processing of your Personal Data.
a. Contractual and Pre-Contractual Business Relationships. We process Personal Data for the purpose of entering into business relationships with prospective Business Users and End Users and to perform the respective contractual obligations with them. Activities include:
• Creation and management of Stripe accounts and Stripe account credentials, including the evaluation of applications to commence or expand the use of our Services;
• Creation and management of Stripe Checkout accounts;
• Accounting, auditing, and billing activities; and
• Processing of payments, including fraud detection, loss prevention, optimizing valid transactions, communications regarding such payments, and related customer service.
b. Legal Compliance. We process Personal Data to verify the identity of individuals and entities in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as "Anti-Money Laundering ("AML") and Know-Your-Customer ("KYC")" obligations, and financial reporting obligations. For example, we may be required to record and verify a User’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law and may require us to report our compliance to third parties, and to submit to third party verification audits.
c. Legitimate Interests. Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data:
• Detect, monitor and prevent fraud and unauthorized payment transactions;
• Mitigate financial loss, claims, liabilities or other harm to End Customers, End Users, Business Users and Stripe;
• Determine eligibility for and offer new Stripe products and services;
• Respond to inquiries, send Service notices and provide customer support;
• Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services;
• Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;
• Analyze and advertise our Services, and related improvements;
• Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
• Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
• Enable network and information security throughout Stripe and our Services; and
• Share Personal Data among our affiliates.
d. Consent. We may rely on consent to collect and process Personal Data as it relates to how we communicate with you and for the provision of our Services such as Link, Financial Connections, Atlas and Identity. When we process data based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn.
You may have choices regarding our collection, use and disclosure of your Personal Data:
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails or as described here. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, (i) we retain the right to communicate to you regarding the services you receive (e.g. support and important legal notices) and (ii) our Business Users may still send you messages and/or direct us to send you messages on their behalf.
Depending on your location and subject to applicable law, you may have the following rights described here with regard to the Personal Data we control about you:
• The right to request confirmation of whether Stripe processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
• The right to request that Stripe rectify or update your Personal Data that is inaccurate, incomplete or outdated;
• The right to request that Stripe erase your Personal Data in certain circumstances provided by law;
• The right to request that Stripe restrict the use of your Personal Data in certain circumstances, such as while
• Stripe considers another request that you have submitted (including a request that Stripe make an update to your Personal Data);
• The right to request that we export your Personal Data that we hold to another company, where technically feasible;
• Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time;
• Where we process your information based on our legitimate interests, you may also have the right to object to the processing of your Personal Data. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your information when you object.
• The right not to be discriminated against for exercising these rights; and/or
• The right to appeal any decision by Stripe relating to these rights.
You may have additional rights regarding your Personal Data under applicable law. For example, see Jurisdiction-specific provisions section under California below.
To exercise your data protection rights please also see the Stripe Privacy Center or contact us as described below.
We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing of your Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Policy against unauthorized access, destruction, loss, alteration or misuse. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.
To help us protect Personal Data, where you have an account with Stripe, we encourage you to use a strong password, protect that password from unauthorized use and not use the same log-in credentials (e.g. password) for your Stripe accounts as you do with other services or accounts. If you have reason to believe that your interaction with us is no longer secure (e.g. you feel that the security of your Stripe account has been compromised), please contact us immediately.
We retain your Personal Data as long as we are providing the Services to you or our Business Users (as applicable) or for a period during which we reasonably anticipate providing the Services. Even after we stop providing Services directly to you or a Business User with which you are doing business, and even if you close your Stripe account or complete a transaction with a Business User, we may retain your Personal Data:
• to comply with our legal and regulatory obligations.
• to enable fraud monitoring, detection and loss prevention activities.
• to comply with our tax, accounting, and financial reporting obligations
• where required by our contractual commitments to our financial partners (and where data retention is mandated by the payment methods you used).
• In cases where we keep Personal Data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
We are a global business. We may transfer your Personal Data to countries other than your own country, including to the United States. These countries may have data protection rules that are different from your country. When transferring data across borders, we take measures to comply with applicable data protection laws related to such transfer. In certain situations, we may be required to disclose Personal Data in response to lawful requests from officials (such as law enforcement or security authorities).
If you are located in the European Economic Area (“EEA”), the United Kingdom ("UK") or Switzerland, please see Stripe Privacy Center for more information. Where applicable law requires a data transfer mechanism, we use one or more of the following:
• Transfers to certain countries or recipients that are recognised as having an adequate level of protection for Personal Data under applicable law.
• EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office. You can obtain a copy of the relevant Standard Contractual Clauses.
• or other legal methods available to us under applicable law.
While Stripe, Inc. remains self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield, it is not currently relying on these frameworks for the transfer of Personal Data to the United States.
We may change this Policy from time to time to reflect new services, changes in our privacy practices or relevant laws. The “Last updated” legend at the top of this Policy indicates when this Policy was last revised. Any changes are effective the latter of when we post the revised Policy on the Services or otherwise provide notice of the update as required by law.
We may provide you with disclosures and alerts regarding the Policy or Personal Data collected by posting them on our website and, if you are an End User or Representative, by contacting you through your Stripe Dashboard, email address and/or the physical address listed in your Stripe account.
• Australia. If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Policy, you may wish to contact the Office of the Australian Information Commissioner.
• Brazil. To exercise your rights, you may contact our DPO. Brazilian residents, to whom the Lei Geral de Proteção de Dados Pessoais (“LGPD”) applies, have rights set forth in Article 18 of the LGPD.
• Canada. As used in this Policy, “applicable law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) and “Personal Data” includes “personal information” as defined under PIPEDA.
• EEA and UK. To exercise your rights, you may contact our DPO. If you are a resident of the EEA or if we have identified Stripe Payments Europe Limited as your data controller, and you believe our processing of your information is not in line with the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Irish Data Protection Commission. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office. Where Personal Data is used for regulated financial activities in Europe, Stripe Payments Europe Limited and Stripe local regulated entities (defined as those who are licensed, authorized or registered by a Local Regulatory Authority) are considered joint controllers.
• India. If you have any questions or complaints regarding the processing of your Personal Data in India, please contact our Nodal and Grievance Officer here.
• Indonesia. As used in this Policy, “applicable law” includes Law No. 11 of 2008 as amended by Law No. 19 of 2016 on Electronic Information and Transactions, Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, and Minister of Communication and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems and “Personal Data” includes “personal data” as defined under such laws.
• Japan. When we transfer Personal Data of data subjects in Japan to jurisdictions that are not recognized as ‘adequate’ by the Personal Information Protection Commission, we enter into written agreements with any third parties located outside of Japan. These written agreements provide rights and obligations equivalent to those provided under the Japanese Act on the Protection of Personal Information. For more information on how we ensure that third parties protect your data and where your data is located, please see above or contact us as described below. For a description of foreign systems and frameworks that may affect the implementation of equivalent measures by the third party, see here.
• Malaysia. If you have any questions or complaints about this Policy, please contact our DPO.
• Switzerland. As used in this Policy, “applicable law” includes the Swiss Federal Act on Data Protection (FADP), as revised. To exercise your rights under the FADP, please contact our DPO.
• Thailand. If we process your Personal Data due to a legal obligation or contractual right and you do not provide us with personal Information, we may not be able to lawfully provide you services.
• Your Rights and Choices. As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information (learn more about data subject rights metrics). In addition to the above rights (see here), please note these other California-specific rights:
• Exercising the right to know: You have a right to request additional information about the categories of personal information collected, sold, disclosed, or shared; purposes for which this personal information was collected, sold, or shared; categories of sources of personal information; and categories of third parties with whom we disclosed or shared this personal information.
• Exercising the right to opt-out from a sale: We do not sell “Personal Information” as defined by the CCPA and have not done so in the past 12 months.
• Exercising the right to limit the use or sharing of Sensitive Personal Information: we do not sell or share Sensitive Personal Information as defined by the CCPA and have not done so in the past 12 months. Learn more about our collection and use of Sensitive Personal Information here.
• Right to opt-out of sharing of cross-context behavioral advertising.
• To submit a request to exercise any of the rights described above, please contact us using the methods described in the Contact Us section below. We will verify your request by asking you to send it from the email address associated with your account or requiring you to provide information necessary to verify your identity, including name, address, transaction history, photo identification, and other information associated with your account.
• You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Your agent may submit a request on your behalf by contacting us using the methods described in the Contact Us section below. We may still require you to directly verify your identity and confirm that you provided the authorized agent permission to submit the request.
• Do Not Track and signals.
Application Data. If you use our application(s). we also may collect the following information If you choose to provide us with access or permission:
• Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are sing our mobile application(s), to provide certain location-based services. If you wish to change our access of permissions, you may do so in your device's settings.
• Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's camera, microphone, storage, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
• Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may tum them off in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
• To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
• To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
• For investigations and fraud detection and prevention.
• For business transactions provided certain conditions are met.
• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim.
• For identifying injured, ll. or deceased persons and communicating with next of kin.
• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse.
• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records.
• If it was produced by an individual in the course of their employment, business or profession and the collection is consistent with the purposes for which the information was produced.
• If the collection is solely for journalistic, artistic, or literary purposes.
• If the information is publicly available and is specified by the regulations.
We may need to share your personal information in the following situations:
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g., Google Maps API, Places AP)
• Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or Twitter logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that You review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal. or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependents use of the Services. If we lean that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at firstname.lastname@example.org.
In some regions (like Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (i) to request rectification or erasure (ii) to restrict the processing of your personal information: (vi) if applicable, to data portability; and (vii) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.
We will consider and act upon any request in accordance with applicable data protection laws.
Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section "HOW CAN YOU CONTACT US ABOUT THIS NOTICE?" below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
If you would at any time like to review or change the information in your account or terminate your account, you can:
• Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. You may also opt out of interest-based advertising by advertisers on our Services.
If you have questions or comments about your privacy rights, you may email us at email@example.com.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.
California Civil Code Section 1798.83, also known as the "Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).
CCPA Privacy Notice
The California Code of Regulations defines a "resident" as:
(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."
If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.
What categories of personal information do we collect?
We have collected the following categories of personal information in the past twelve (12) months:
|A. Identifiers||Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.||YES|
|B. Personal information categories listed in the California Customer Records statue||Name, contact information, education, employment, employment history, and financial information.||YES|
|C. Protected classification characteristics under California or federal law||Gender and date of birth.||YES|
|D. Commercial information||Transaction information, purchase history, financial details, and payment information.||YES|
|E. Biometric information||Fingerprints and voiceprints.||NO|
|F. Internet or other similar network activity||Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements.||NO|
|G. Geolocation data||Device location.||NO|
|H. Audio, electronic, visual, thermal, olfactory, or similar information||Images and audio, video or call recordings created in connection with our business activities.||NO|
|I. Professional or employment-related information||Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us.||NO|
|J. Education Information||Student records and directory information.||NO|
|K. Inferences drawn from other personal information||Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.||NO|
|L. Sensitive Personal Information||NO|
We will use and retain the collected personal information as needed to provide the Services or for:
• Category A - As long as the user has an account with us.
• Category B - As long as the user has an account with us.
• Category C - As long as the user has an account with us.
• Category D - As long as the user has an account with us.
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
• Receiving help through our customer support channels; • Participation in customer surveys or contests; and • Facilitation in the delivery of our Services and to respond to your inquiries.
How do we use and share your personal information?
More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at firstname.lastname@example.org, or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your right to opt out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for- profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.
We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.
Your rights with respect to your personal data
Right to request deletion of the data — Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.
Right to be informed — Request to know
Depending on the circumstances, you have a right to know:
• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• Whether we sell or share personal information to third parties;
• the categories of personal information that we sold, shared, or disclosed for a business purpose;
• the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
• the business or commercial purpose for collecting, selling, or sharing personal information; and
• the specific pieces of personal information we collected about you.
In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re- identify individual data to verity a consumer request.
Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights
We will not discriminate against you if you exercise your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not process consumer's sensitive personal information.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These Verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we. can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However. if we cannot Verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.
Other privacy rights
• You may object to the processing of your personal information.
• You may request correction of your personal data if itis incorrect or no longer relevant or ask to restrict the processing of the information.
• You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
• You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.
To exercise these rights, you can contact us by email at email@example.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.
Virginia CDPA Privacy Notice
Under the Virginia Consumer Data Protection Act (CDPA):
“Consumer” means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.
"Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. "Personal data" does not include de-identified data or publicly available information.
"Sale of personal data" means the exchange of personal data for monetary consideration.
If this definition "consumer" applies to you, we must adhere to certain rights and obligations regarding your personal data.
The information we collect, use, and disclose about you will vary depending on how you interact with us and our Services. To find out more, please Visit the following links:
• Personal data we collect
• How we use your personal data
• When and with whom we share your personal data
Your rights with respect to your personal data
• Right to be informed whether or not we are processing your personal data
• Right to access your personal data
• Right to correct inaccuracies in your personal data
• Right to request deletion of your personal data
• Right to obtain a copy of the personal data you previously shared with us
• Right to opt out of the processing of your personal data itis used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")
We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, Users, and other consumers.
Exercise your rights provided under the Virginia CDPA
More information about our data collection and sharing practices can be found in this privacy notice.
You may contact us by email at firstname.lastname@example.org, by visiting email@example.com, or by referring to the contact details at the bottom of this document.
If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.
We may request that you provide additional information reasonably necessary to Verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.
Upon receiving your request, we will respond without undue delay. but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.
Right to appeal
If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it If you wish to appeal our decision, please email us at firstname.lastname@example.org. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal if denied, you may contact the Attorney General to submit a complaint.
We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
If you have questions or comments about this notice, you may email us at email@example.com or contact us by post at:
135 Laurier Avenue West, Suite 421
Ottawa, Ontario K1P 5J2
You have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information please send a request at: firstname.lastname@example.org.