How it Works
When your business applies to be a Merchant with us, we appreciate that you (the Merchant’s beneficial owners, directors, other employees or trustees) trust us with your personal data that we collect and handle.
Here we provide an overview of what personal data we collect from you and why, our handling practices, and your rights and choices. This Policy applies to Afterpay Australia Pty Ltd ACN 169 342 947, Afterpay NZ Limited (Company number: 6340314), Afterpay US , Inc., Afterpay US Services, LLC, Afterpay Canada Limited, Clearpay Finance Limited (company number 05198026), and their affiliates and related companies (together, ‘we’, ‘us’ or ‘our’). Clearpay Finance Limited acts as a Data Controller in accordance with the General Data Protection Regulation (GDPR). The entity you are interacting with is collecting the personal data and will process it, but may share it with other entities as set forth in this Policy.
What is personal data?
Personal data or is any information that reasonably identifies you and is about you as described in our applicable privacy laws. Some examples of personal data are your name, home address, and date of birth.
Personal data we collect and why
During your Merchant application process and throughout our business relationship, we may ask for your personal data directly from you or your business representatives on your behalf where it is lawful to do so.
We may collect your personal data for the following purposes outlined in below, for compatible purposes, and where otherwise lawful to do so. We will collect, use or disclose your personal data only with your knowledge and consent, including as set out in this Policy, except where otherwise required or permitted by law.
If you are unable to provide the requested personal data for our purposes, or refuse to do so, we may not be able to approve your application, enter into or continue an agreement to access or provide our Services.
Personal and contact details. For example, your name, date of birth, email address, business and residential address, location
To enter into and for the performance of your Merchant contract, and as required by law
With your consent for marketing and research purposes
Our legitimate interests
Our legitimate interest
Identifiers, including government-issued documents. For example, a driver’s license, passport, social security number, health or social insurance number, birth certificate, trust deed, or other agreed identity documentation
To enter into a Merchant contract, and where required by law
Use of our information, communication, and transaction processing systems
For example, login sessions, information about your interactions with our Services, your bank account details
For performance of your Merchant contract, and our legitimate interests
How your personal data is used and shared
We may use and share your personal data with the following categories of recipients where lawful to do so, including for purposes outlined in “Personal data we collect and why”. We do not sell your personal data.
Cross border transfers
We may collect or transfer personal data across borders in a secure and lawful manner, within and externally to our company group, including for purposes described in this Policy and as otherwise required or permitted by law. Your personal data may be transferred to countries that include the United Kingdom, United States, Australia, New Zealand, and the Philippines. We take necessary steps to require entities that deal with your personal data, by written agreement, to comply with a similar standard of compliance with applicable privacy requirements and to have appropriate safeguards. This includes, where required, cross-border transfer mechanisms under the GDPR for transfers of personal data outside the European Economic Area. For example, transferring to European Commission approved third countries holding an adequacy provision or providing appropriate and enforceable safeguards, including availability of an effective legal remedy to individual rights.
How we keep your personal data safe
As part of our commitment to protecting the security of any data we process, we have put in place physical, technical, and administrative security measures. We are an ISO 27001 compliant company, and require our third parties to meet appropriate privacy and security standards when handling data on our behalf.
How we retain your personal data
We will retain your personal data for as long as necessary to fulfill the purposes we collected it for. This includes where required under law, our legitimate interests, or for the establishment, exercise or defence of legal claims, and for reasons explained in “Personal data we collect and why” and “How your personal data is used and shared”. We will otherwise delete personal data where we no longer have a lawful basis.
When you provide your personal data to us to enter into and for the performance of a contract we will retain it for 7 years after the application is made or the termination of our agreement (where applicable), and where otherwise we have a lawful basis to do so. This includes for as long as is necessary for our for legal and compliance reasons.
Your rights and choices
We respect your rights and choices you make. Your rights and choices are where applicable to you based on your location and which entity you are dealing with, and subject to limitations as required or permitted by law. They are set out below.
We may not always be able to fulfill your request if we have a legitimate basis to refuse it. We will tell you why. For example, if you seek to erase your personal data in a way that would mean we are not able to comply with our obligations under law.
Withdraw your consent
You have the right to withdraw your consent where we have relied on it. If you withdraw your consent, we may not be able to provide you with certain Services. It will not affect our lawful basis for processing by consent before your withdrawal.
You have the right to enquire further about the personal data we hold about you and how we process it, including across borders.
You have the right to ask us to access your personal data.
You have the right to ask us to correct your personal data, including where you believe it is not accurate, complete, up to date, or relevant.
Make an enquiry or complaint
You have a right to make an enquiry or complaint, including to lodge a complaint with your local privacy authority
You have the right to ask us to erase your personal data, and where personal data is made public, to inform other controllers of your personal data where you have a lawful erasure right.
You have the right to ask us to restrict processing of your personal data.
Object to processing
You have the right to object to us processing your personal data.
You have the right to ask us to access or transfer on your behalf personal data we hold about you to a third party.
If you have a query or concern regarding the way we collect and handle your personal data, or would like to exercise your rights and choices, please contact our Customer Support Team at email@example.com. You may alternatively contact our Senior Manager, Privacy at firstname.lastname@example.org.
If you are in the European Economic Area, and you have a query or concern regarding the way we collect and handle your personal data, or would like to exercise your rights and choices, please instead visit the Contact Us section of our website: http://help.clearpay.co.uk or contact our Senior Manager, Privacy at email@example.com.
You can also alternatively reach out to our Data Protection Officer at firstname.lastname@example.org or the address below.
Data Protection Officer
Clearpay Finance Limited
125 Kingsway, London WC2B 6NH
We will respond to you in a timely manner. Afterpay will provide written acknowledgement of your correspondence within 7 days of receipt.
Where you have asked us to exercise a right or choice, we will review and advise you of the steps we have taken to respond within a reasonable and lawful time frame, and explain our process and reasons.
Changes to this Policy
Policy last updated: 24 September 2020
United KingdomItalySpainFranceAustraliaUnited StatesNew ZelandCanada
"Pagantis" is a brand owned by the entity Pagantis, S.A.U. dedicated to the provision of payment services. Pagantis, S.A.U. authorizes the use of its brand to the entity Pagamastarde, S.L.U., who makes use of it in the provision of its consumer finance services.