PayPal updated its Privacy Statement on May 23, 2026 to reflect changes in its corporate structure. The previous version listed PayPal (Europe) S.a.r.l. et Cie, S.C.A. as the responsible entity for Switzerland with a Luxembourg address. The updated version removes this Swiss entity reference and instead lists PayPal Pte. Ltd. with a Singapore address as the point of contact for both Switzerland and Taiwan privacy queries. This change affects which legal entity processes privacy requests and determines data controller responsibility in those regions.
The updated Privacy Statement changes which PayPal legal entity processes privacy requests for users in Switzerland and Taiwan. Previously, Switzerland-based privacy inquiries were directed to PayPal (Europe) S.a.r.l. et Cie, S.C.A. in Luxembourg; this entity is now removed from the statement. Both regions now route inquiries to PayPal Pte. Ltd. in Singapore. The substantive privacy rights and protections available to users in these regions remain governed by applicable local law, but the administrative contact point and responsible entity have changed.
The updated Privacy Statement reflects a corporate restructuring that consolidates data controller responsibility under a single entity. For users in Switzerland and Taiwan, this changes which PayPal legal entity processes privacy requests and determines data controller obligations under local privacy law. Organizations with Data Processing Agreements or Standard Contractual Clauses with PayPal should verify whether this entity change requires agreement updates.
PayPal Pte. Ltd. (Singapore) now listed as responsible entity for privacy inquiries in Switzerland and Taiwan, replacing PayPal (Europe) S.a.r.l. et Cie, S.C.A. (Luxembourg)
This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology
This change reflects a corporate restructuring that consolidates data controller responsibility for Switzerland and Taiwan under a single Singapore-based entity, replacing a separate Luxembourg-registered entity for Switzerland. Organizations subject to GDPR (for Switzerland users) should verify whether this entity change affects data processing agreements, standard contractual clauses, or data transfer mechanisms. The change is administrative but may trigger DPA or SCC review if the new entity's location or data processing location has changed materially.
GDPR (if Switzerland users are in EEA scope); Taiwan Personal Data Protection Act; local privacy laws in each jurisdiction.
Full compliance analysis
Obligation analysis, escalation trigger, board language, and recommended action.
Monitor: regulatory citations + obligations. Compliance: full compliance memo.
ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002288.
See the full side-by-side comparison of every sentence added, removed, and modified.
🔒 Full diff — MonitorPayPal updated its Purchase Protection Program policy on May 25, 2026 by adding a detailed table of contents to the …
PayPal reorganized its Privacy Statement by adding a detailed table of contents on May 25, 2026. The document previously began …
PayPal updated its User Agreement on May 25, 2026 by adding a detailed table of contents to the document. The …
We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…
Get alerted when this policy changes again — including what changed and why it matters.
Prefer a weekly summary instead?
Get the biggest policy changes across 320+ platforms every Sunday.