Track 1 platform and get the weekly governance digest. No credit card required.
This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology
This is Checkout.com's privacy policy explaining how it handles personal data collected from merchants, cardholders whose payments Checkout.com processes, and visitors to its website. The most important thing for individuals to understand is that Checkout.com may share financial and identity data including payment card details, transaction history, and identity verification data with fraud prevention agencies and credit reference agencies, which could affect credit assessments and fraud screening outcomes. If you believe Checkout.com holds your personal data and you are in the EU or UK, you have the right to request access, correction, or deletion by contacting their Data Protection Officer at dpo@checkout.com.
This document is Checkout.com's Privacy Policy governing the collection, use, storage, and sharing of personal data by Checkout.com Ltd and its group entities, with legal bases including contract performance, legitimate interests, legal obligations, and consent under GDPR and equivalent frameworks. The policy states that Checkout.com collects identity data, contact data, financial data, transaction data, technical data, usage data, and communications data from merchants, their end customers (cardholders), job applicants, and website visitors, and the terms authorize sharing this data with payment networks, issuing banks, fraud prevention agencies, credit reference agencies, regulators, and third-party service providers. A notable operational distinction is that Checkout.com processes data both as a data controller (for its own merchant and website visitor relationships) and as a data processor (on behalf of merchants for cardholder data), which creates layered accountability structures where merchants bear primary responsibility for their end customers' data rights. The policy engages GDPR and UK GDPR as primary frameworks, with additional references to CCPA-adjacent rights for California residents and sector-specific financial regulation; international data transfers are addressed via Standard Contractual Clauses and adequacy decisions, creating compliance dependencies that vary by jurisdiction and transfer destination. Material considerations include the breadth of data sharing with fraud and credit reference agencies, which may interact with consumer credit reporting obligations, and the policy's acknowledgment of automated decision-making in fraud screening contexts, which may require evaluation under GDPR Article 22.
Institutional analysis available with Professional
Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.
Start Professional free trialMonitoring
Checkout.com has updated this document before.
Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
Professional Governance Intelligence
Need provision-level monitoring and regulatory mapping?
Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.
Start Professional free trialCross-platform context
See how other platforms handle Controller vs Processor Dual Role and similar clauses.
Compare across platforms →Governance Monitoring
Structured alerts for policy changes, governance events, and provision updates across 318+ platforms.