Checkout.com uses 'legitimate interests' as a legal reason to process personal data for fraud prevention, security, service improvement, and business marketing without requiring your explicit consent in each case.
This analysis describes what Checkout.com's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Legitimate interests is a flexible but contested legal basis under GDPR; individuals have the right to object to processing on this basis, and Checkout.com must stop unless it can demonstrate compelling grounds that override the individual's interests.
Interpretive note: The sufficiency of legitimate interests as a legal basis for specific processing activities depends on documented LIA outcomes and regulatory interpretation, which vary by jurisdiction and processing context.
Processing on legitimate interests grounds means Checkout.com may use personal data for fraud prevention, analytics, and marketing to business contacts without asking for consent each time, but EU and UK individuals retain the right to object to this processing by contacting dpo@checkout.com.
Cross-platform context
See how other platforms handle Legitimate Interests as Legal Basis and similar clauses.
Compare across platforms →Monitoring
Checkout.com has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may process your personal data where it is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your interests or fundamental rights and freedoms. Legitimate interests include fraud prevention, network and information security, improving our services, and direct marketing to business contacts.— Excerpt from Checkout.com's Checkout.com Privacy
1. REGULATORY LANDSCAPE: Legitimate interests as a legal basis engages GDPR Article 6(1)(f) and requires a three-part test: identification of the legitimate interest, necessity of the processing, and a balancing test against the individual's rights. UK GDPR contains equivalent provisions. The ICO has published detailed guidance on the legitimate interests assessment (LIA) requirement. Use of legitimate interests for direct marketing to individuals (as opposed to business contacts) has been scrutinized by EU supervisory authorities and may not satisfy the balancing test in all contexts. 2. GOVERNANCE EXPOSURE: Medium. The breadth of purposes cited under legitimate interests, including service improvement and direct marketing, creates exposure if documented LIAs are not maintained for each processing activity. Supervisory authorities have taken enforcement action where legitimate interests was asserted without adequate documentation or balancing assessment. 3. JURISDICTION FLAGS: EU and UK users have the strongest objection rights under GDPR Article 21. For direct marketing specifically, GDPR Article 21(2) provides an absolute right to object. California users have related rights under CPRA regarding use of personal information for targeted advertising. The balancing test outcome may differ depending on the sensitivity of data involved and the jurisdiction. 4. CONTRACT AND VENDOR IMPLICATIONS: Merchants should assess whether their DPAs with Checkout.com address the legitimate interests basis for any processing that Checkout.com conducts as controller using data originally provided in a merchant context. Representations about data use should be reviewed against the LIA documentation. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should request or audit LIA documentation for each processing purpose relying on legitimate interests, ensure objection procedures are operational and communicated to data subjects, and monitor ICO and EDPB guidance on legitimate interests in payment and fraud contexts.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Legitimate interests is a flexible but contested legal basis under GDPR; individuals have the right to object to processing on this basis, and Checkout.com must stop unless it can demonstrate compelling grounds that override the individual's interests.
Processing on legitimate interests grounds means Checkout.com may use personal data for fraud prevention, analytics, and marketing to business contacts without asking for consent each time, but EU and UK individuals retain the right to object to this processing by contacting dpo@checkout.com.
ConductAtlas has identified this type of provision across 1 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Checkout.com.