Depending on where you live, you may have the right to see, correct, delete, or export your personal data held by Checkout.com, and you can exercise these rights by emailing their Data Protection Officer.
This analysis describes what Checkout.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
These rights are the primary mechanism by which individuals can control their personal data held by Checkout.com, and knowing the contact point and applicable rights is essential to exercising them effectively.
EU and UK users have the broadest data rights under GDPR, including erasure and portability, while California residents have CCPA rights; the single contact point dpo@checkout.com is provided for all rights requests, and the response must be provided within statutory timeframes under applicable law.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Checkout.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"Depending on your location and subject to applicable law, you may have the right to: access your personal data; rectify inaccurate personal data; request erasure of your personal data; restrict or object to processing; data portability; and not be subject to automated decision-making. To exercise any of these rights, please contact our Data Protection Officer at dpo@checkout.com.— Excerpt from Checkout.com's Checkout.com Privacy
1. REGULATORY LANDSCAPE: Data subject rights engage GDPR Articles 15-22 and UK GDPR equivalents for EU/UK users, CCPA/CPRA for California residents, and applicable national or state privacy laws for other jurisdictions. GDPR requires responses to access requests within one month, with a two-month extension available. The ICO and EU national supervisory authorities enforce GDPR rights obligations. The California Privacy Protection Agency (CPPA) enforces CCPA/CPRA. 2. GOVERNANCE EXPOSURE: Medium. The single DPO contact point simplifies consumer-facing rights management but requires robust backend procedures to route, triage, and respond to requests within statutory deadlines across multiple jurisdictions with differing timeframes and scope. Failure to respond within GDPR timeframes can result in supervisory authority complaints and enforcement. 3. JURISDICTION FLAGS: EU and UK users have the most comprehensive rights including erasure, portability, and objection to legitimate interests processing. California residents have CCPA rights to know, delete, correct, and opt out of sale/sharing. Users in other jurisdictions may have more limited rights depending on local law. The policy's qualification 'depending on your location and subject to applicable law' appropriately reflects this variance but may create consumer confusion. 4. CONTRACT AND VENDOR IMPLICATIONS: Merchants acting as data controllers for cardholder data must have procedures to route data subject requests to Checkout.com as processor, and their DPAs should specify Checkout.com's obligations to assist with rights requests under GDPR Article 28(3)(e). Response timelines and cooperation obligations should be contractually specified. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that the DPO function is properly resourced and that intake, triage, and response workflows meet statutory deadlines. Identity verification procedures for rights requests should be proportionate and not create unnecessary barriers. The automated decision-making right (Article 22) should have a specific human review workflow documented separately.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
These rights are the primary mechanism by which individuals can control their personal data held by Checkout.com, and knowing the contact point and applicable rights is essential to exercising them effectively.
EU and UK users have the broadest data rights under GDPR, including erasure and portability, while California residents have CCPA rights; the single contact point dpo@checkout.com is provided for all rights requests, and the response must be provided within statutory timeframes under applicable law.
ConductAtlas has identified this type of provision across 3 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Checkout.com.