Braintree
Braintree is B2B mobile and web payment systems owned by PayPal.
Score
Citation
When you visit the Braintree Services, we and certain business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognize you and to otherwise customize your online experiences and other content and advertising; measure the effectiveness of promotions; and mitigate risk, prevent potential fraud, and promote trust and safety across the Braintree Services. Certain aspects and features of the Braintree Services are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Braintree Services may be limited or not possible.
Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.
Score
Citation
Your Rights
You may review limited Personal Data after logging in to your Account. If you need to edit or update your information, please contact us. If you do not have an Account or if you have questions about your Account information or other Personal Data, please contact us.
This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).
Note that whether the policy allows sharing aggregated user data does not affect this question.
If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).
If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).
Score
Citation
We share information with: Other members of the PayPal corporate family such as our affiliated entities; Other companies that we have hired to provide services on our behalf; Other third parties where necessary for our business purposes or as required by law; Businesses and members of the public, when data is aggregated and does not personally identify you; and Otherwise with your consent.
Score
Citation
To comply with our obligations, including to comply with all applicable laws and regulations; and
[...]
Other third parties where necessary for our business purposes or as required by law;
Score
Citation
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
Score
Citation
Effective Date: December 27, 2019
Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.
Score
Notes
There is no mention of a disclosure of breaches being made.
Score
Citation
We may change this Privacy Policy from time to time to reflect changes to our privacy practices for our Braintree Services. The revised Privacy Policy will be effective as of the published Effective Date.
If we make a material change to the Privacy Policy, we will notify you in advance by posting notice of the change on the Braintree Services before the change becomes effective. We also may notify you of the change using email or other means.
This includes the use of data brokers and independent verification authorities (such as background check providers).
Score
Notes
There is no mention of collecting data from third-parties.
Score
Citation
We may use information:
- For our legitimate interests, namely:To operate the Braintree Services; To contact and communicate with you when you reach out to us to ask us about our Braintree Services; To manage everyday business needs; To analyze or improve the Braintree Services or additional products or services; and
To protect the Braintree Services and the rights of Users and others to enforce the terms of the Braintree Services; - To comply with our obligations, including to comply with all applicable laws and regulations; and
- To send you promotional materials from us or on behalf of our affiliates and business partners.
Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.
Score
Notes
There is no mention of opt-out for data sharing that isn't required.
Score
Citation
The Braintree Sites are where you can learn more about Braintree Services and how to become a User, sign up for more information about our Braintree Services, or access your Account if you are a User. We may collect Personal Data about you when you visit or access the Braintree Sites, including the following:
Personal Data You Provide to Us Voluntarily – We collect information about you that you voluntarily provide to us when you: (i) contact us to learn more about Braintree, the Braintree Services, or other opportunities you indicate are of interest at the time; (ii) access or use the Braintree Service; or (iii) contact customer service. This information may include, for example, your name, mailing address, business name, and any other information that you choose to provide to us when you comment on materials on our Braintree Services, in order to contact you as a potential customer, or respond to a support request. This also includes technical data, such as IP addresses and device identifiers that are commonly generated in establishing a connection with the Braintree Services.
Retention – We collect and retain Personal Data submitted to the Braintree Services in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the Personal Data for longer periods.
Last Updated
May 26, 2021
Sources
Contributors
