Paddle

Paddle is a payment processing company incorporated in England and Wales.

This page is not published. While you can access it via its direct link, it is not yet displayed on the website.

Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided May 18, 2020 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

There is no proof showing that they would notify users in the case of a data breach.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will affected users be notified when the policy is meaningfully changed? No

0/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

Paddle may change this Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. You agree that your continued use of our Services after such changes have been published to our Services will constitute your acceptance of such revised Policy.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

Last updated 11 April 2018

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided May 18, 2020 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

Paddle takes the protection of customer data extremely seriously. Technical measures are in place to prevent unauthorised or unlawful access to data and against accidental loss or destruction of, or damage to, data. [...] Paddle takes reasonable steps to help protect your personal information in an effort to prevent loss, misuse, and unauthorised access, disclosure, alteration and destruction. It is your responsibility to protect your user names and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not use or reuse the same passwords you use with other accounts as your password for our services.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Is it clear why the service collects the personal data that it does? Yes

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

We use the information we collect primarily to provide, maintain, protect and improve our current products and to develop new ones. We use personal information collected through our Site as described in this Policy or on our Site. For example, we may use your information to: Improve our services, Site and how we operate our business; Understand and enhance your experience using our Site, products and services; Provide and deliver products and services you request; Process, manage, complete, and account for transactions; Provide customer support and respond to your requests, comments and inquiries; Invite you to participate in customer research; Create and manage online accounts you establish; Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages; Communicate with you about promotions, upcoming events and news about products and services offered by Paddle and our selected partners; Link or combine it with other information we get from third parties, to help understand your needs and provide you with better service; and Comply with and enforce applicable legal requirements, industry standards, our policies, and our terms of use; and Protect, investigate and deter against fraudulent, unauthorised or illegal activity.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

We collect information primarily to provide better services to all of our customers. We collect information you provide to us on our Site such as your name, email address, postal address, phone number, company name, payment information and demographics. We may also obtain information from other sources and combine that with information we collect on our Site.

When you visit our Site, some information is automatically collected. This may include information such as the Operating System (OS) running on your device, Internet Protocol (IP) address, access times, browser type, and language, and the website you visited before our Site. We also collect information about how you use Paddle’s product(s).

We automatically collect information using “cookies” and Web beacons. Cookies are small data files stored on your hard drive by a website and web beacons are electronic images that may be used on our Site or in our emails. Among other things, cookies help us improve our Site, our marketing activities, and your experience. We use cookies to see which areas and features are popular and to count visits to our Site.

Most Web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and to reject cookies. If you set your browser to reject cookies, some features will be unavailable. For more information on how to reject cookies, see your browser’s instructions on changing your cookie settings.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service collect personal data from third parties? Yes

0/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

We use the information we collect primarily to provide, maintain, protect and improve our current products and to develop new ones. We use personal information collected through our Site as described in this Policy or on our Site. For example, we may use your information to: [...] Link or combine it with other information we get from third parties, to help understand your needs and provide you with better service;

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, for all non-critical data/uses

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

You may opt out of receiving promotional emails from Paddle by following the instructions in those emails. If you opt out, we may still send you non-promotional emails, such as emails about your Paddle projects or our ongoing business relationship. You may also send requests about your contact preferences, changes and deletions to your information including requests to opt-out of sharing your personal information with third parties by emailing [email protected] Paddle will respond within thirty (30) days to any request to delete your information. Individuals who have provided information to Paddle’s customers must send requests to change or delete such information to the particular Paddle customer.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Handling

Does the policy allow personally-targeted or behavioral marketing? No

10/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

We do not share your personal information with third parties without your consent other than: With third parties who work on our behalf provided such third parties adhere to the data protection principles set out in the European Union Directive and/or Regulation on Data Protection or other applicable legilsation, or enter into a written agreement with Paddle requiring that the third party provide at least the same level of privacy protection as is required by such Principles; To comply with laws or to respond to lawful requests and legal process (provided that Paddle will endeavour to notify you if Paddle has received a lawful request for your information); To protect the rights and property of Paddle, our agents, customers and others including to enforce our agreements, policies and terms of use; In an emergency, including to protect the personal safety of any person; and For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding).

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided May 18, 2020 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

We do not share your personal information with third parties without your consent other than: With third parties who work on our behalf provided such third parties adhere to the data protection principles set out in the European Union Directive and/or Regulation on Data Protection or other applicable legilsation, or enter into a written agreement with Paddle requiring that the third party provide at least the same level of privacy protection as is required by such Principles; To comply with laws or to respond to lawful requests and legal process (provided that Paddle will endeavour to notify you if Paddle has received a lawful request for your information); To protect the rights and property of Paddle, our agents, customers and others including to enforce our agreements, policies and terms of use; In an emergency, including to protect the personal safety of any person; and For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture or bankruptcy transaction or proceeding).

Note

According to NoScript, some notable connections are to Cloudfront, "js.hsforms.net" (CRM), and "identity.netlify.com" (CDN), as well as the notable Google Tag Manager.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? Yes, by contacting someone

3/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

Paddle retains your data while you are a customer and will delete your information within 30 days of either party’s termination of the Terms upon written request.

Note

Inferring upon "written request" as an email or letter to the respective user.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? Only when required by a court order or subpoena

4/5

Decided May 18, 2020 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

To comply with laws or to respond to lawful requests and legal process (provided that Paddle will endeavour to notify you if Paddle has received a lawful request for your information);

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Paddle has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Paddle, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

4.8/10

How we calculate ratings →


Version Added

May 18, 2020

Ratings Updated

May 18, 2020

Warnings

0

Maintained by

doamatto

Original Location
Open in New Tab
Other Versions