Checkout.com can share your personal and financial data with fraud prevention agencies and credit bureaus, and if fraud is flagged, this could affect your ability to access credit, services, or employment.
This analysis describes what Checkout.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sharing data with credit reference agencies can have lasting effects on an individual's credit profile and ability to access financial products, and the individual may not be directly aware this sharing has occurred.
This provision means that identity, payment, and transaction data may be shared with external fraud and credit agencies, and a fraud flag in those systems could result in downstream consequences including denial of credit or services beyond Checkout.com's own platform.
How other platforms handle this
We may share your personal information with our affiliates, meaning entities that control, are controlled by, or are under common control with Consensys. We also share information with service providers who assist in operating our services, subject to confidentiality obligations.
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
Monitoring
Checkout.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal data with fraud prevention agencies, credit reference agencies, and other third parties for the purposes of preventing fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.— Excerpt from Checkout.com's Checkout.com Privacy
1. REGULATORY LANDSCAPE: This provision engages GDPR Articles 6 and 9 (legal basis for processing and sharing), UK GDPR equivalents, and the FCA's requirements around financial crime prevention. Sharing with credit reference agencies may also interact with the Consumer Credit Act in the UK and equivalent EU member state legislation. The FTC Act is relevant for US-person data where unfair or deceptive data practices may be implicated. The enforcement authorities include the UK ICO, EU national supervisory authorities, and the FCA for financial crime-related processing. 2. GOVERNANCE EXPOSURE: High. The assertion of legitimate interests as the legal basis for sharing personal data with fraud and credit agencies is a commonly used but scrutinized basis under GDPR, requiring a documented legitimate interests assessment (LIA) that balances organizational interests against individual rights. If such assessments are not maintained and available, this creates regulatory exposure. 3. JURISDICTION FLAGS: UK and EU users face the highest exposure given GDPR and UK GDPR requirements for lawful basis documentation and data subject rights. California residents may have rights to opt out of certain sharing under CPRA. Individuals in jurisdictions with consumer credit reporting laws (UK Consumer Credit Act, US FCRA) may have additional rights regarding credit reference agency data. 4. CONTRACT AND VENDOR IMPLICATIONS: Merchants should confirm that their data processing agreements with Checkout.com address downstream sharing with fraud and credit agencies, particularly where merchant end customers have not been directly notified of this sharing. Procurement teams should assess whether Checkout.com's fraud agency partners are identified and whether data processing agreements with those agencies are in place. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that a documented LIA exists for this processing activity. Privacy notices served to end cardholders by merchants should be reviewed to confirm they disclose this potential sharing. Data mapping exercises should capture credit reference agency data flows and retention periods at those agencies.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sharing data with credit reference agencies can have lasting effects on an individual's credit profile and ability to access financial products, and the individual may not be directly aware this sharing has occurred.
This provision means that identity, payment, and transaction data may be shared with external fraud and credit agencies, and a fraud flag in those systems could result in downstream consequences including denial of credit or services beyond Checkout.com's own platform.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Checkout.com.