Braintree

Braintree, a division of PayPal, is a company based in Chicago that specializes in mobile and web payment systems for e-commerce companies.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

There is no mention of a disclosure of breaches being made.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? Yes

5/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

We may change this Privacy Policy from time to time to reflect changes to our privacy practices for our Braintree Services. The revised Privacy Policy will be effective as of the published Effective Date.

If we make a material change to the Privacy Policy, we will notify you in advance by posting notice of the change on the Braintree Services before the change becomes effective. We also may notify you of the change using email or other means.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Effective Date: December 27, 2019

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

We may use information: - For our legitimate interests, namely:To operate the Braintree Services; To contact and communicate with you when you reach out to us to ask us about our Braintree Services; To manage everyday business needs; To analyze or improve the Braintree Services or additional products or services; and To protect the Braintree Services and the rights of Users and others to enforce the terms of the Braintree Services; - To comply with our obligations, including to comply with all applicable laws and regulations; and - To send you promotional materials from us or on behalf of our affiliates and business partners.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

The Braintree Sites are where you can learn more about Braintree Services and how to become a User, sign up for more information about our Braintree Services, or access your Account if you are a User. We may collect Personal Data about you when you visit or access the Braintree Sites, including the following:

Personal Data You Provide to Us Voluntarily – We collect information about you that you voluntarily provide to us when you: (i) contact us to learn more about Braintree, the Braintree Services, or other opportunities you indicate are of interest at the time; (ii) access or use the Braintree Service; or (iii) contact customer service. This information may include, for example, your name, mailing address, business name, and any other information that you choose to provide to us when you comment on materials on our Braintree Services, in order to contact you as a potential customer, or respond to a support request. This also includes technical data, such as IP addresses and device identifiers that are commonly generated in establishing a connection with the Braintree Services.

Retention – We collect and retain Personal Data submitted to the Braintree Services in an identifiable format for the amount of time necessary to meet your request or fulfill our legal or regulatory obligations, unless it is in our legitimate business interests and not prohibited by law to maintain the Personal Data for longer periods.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Note

There is no mention of collecting data from third-parties.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? No

0/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Note

There is no mention of opt-out for data sharing that isn't required.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We share information with: [...] Businesses and members of the public, when data is aggregated and does not personally identify you; and

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

We share information with: Other members of the PayPal corporate family such as our affiliated entities; Other companies that we have hired to provide services on our behalf; Other third parties where necessary for our business purposes or as required by law; Businesses and members of the public, when data is aggregated and does not personally identify you; and Otherwise with your consent.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? No

0/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

Your Rights You may review limited Personal Data after logging in to your Account. If you need to edit or update your information, please contact us. If you do not have an Account or if you have questions about your Account information or other Personal Data, please contact us.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

To comply with our obligations, including to comply with all applicable laws and regulations; and [...] Other third parties where necessary for our business purposes or as required by law;

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Braintree has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Braintree, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

5.8/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions