Privacy Notice for Square Sellers and Website Visitors

Effective Date: December 21, 2023

This Privacy Notice describes how your Square entity as indicated below (“Square,” “we” and “us”) collects, uses, discloses, transfers, stores, retains or otherwise processes your information when you (whether you are a person acting as a sole proprietor or on behalf of another business entity) visit our website (www.squareup.com) or apply or sign up for a Square account (collectively, “Services”).

If you are a consumer shopping at a business that uses Square, please refer instead to the Privacy Notice available here. If you are a consumer shopping at a business that uses Square and you provide information to Square in order to receive a digital receipt and email marketing messages, and/or you have signed up to use Square Pay, please refer to the Privacy Notice available here.

  • If your Country of Residence is the United States, your Square entity is Block, Inc., 1455 Market Street, Suite 600, San Francisco, CA 94103, United States.

  • If your Country of Residence is Canada, your Square entity is Square Canada, Inc. or Square Technologies, Inc.

  • If your Country of Residence is Japan, your Square entity is Square KK.

  • If your Country of Residence is Australia, your Square entity is Square AU PTY, Ltd.

  • If your Country of Residence is within the European Union, your Square entity is Squareup International Ltd.

  • If your Country of Residence is the United Kingdom, your Square entity is Squareup Europe Ltd.

The full contact details for each of these entities are available at the end of this Privacy Notice.

Our Privacy Notice explains:

INFORMATION WE COLLECT ABOUT YOU

We collect information about you in three ways: (i) when you provide it to us directly; (ii) when we gather information while you are using the Services; and (iii) when we collect information from other sources. We explain below what types of data are involved in each case, how and why we process (use) it and the lawful basis that applies to our use of the relevant information.

Information You Provide (“Square Account Data”)

Below is a description of the types of information that we may receive directly from you which we refer to as “Square Account Data”:

Types of Information
("Square Account Data")
Examples
Financial Information Bank account information and payment card numbers
Tax Information Withholding allowances and tax filing status
Identity Information Name, email address, postal address, signature, and phone number;
Passport number, driver's license number, Social Security number, Taxpayer Identification number, or other government-issued identification number;

Where additional verification is required and where you choose to share such information, photo identification, such as your passport or driver’s license in combination with a photograph facial scan and biometrics extracted from such image or other documents proving your identity or place of residence, including financial account statements, phone or utility bills.
Contacts Information When you use any of our Services, such as Square Invoices, to send or receive payments, we may ask you to provide the contact details, such as the address, email address, or phone number of the intended recipient. You can do this by manually entering this information into the Services.

When you interact with the Services through your mobile phone, you can choose to let us access and upload your phone contacts information. You can update your settings to stop sharing your phone contacts with us at any time, although we may still need a recipient’s phone or email address to submit or receive payments as requested by you.
Any other data you give us Information that you voluntarily provide to us, including your survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; information disclosed to the chatbots that operate on our Services; referrals; or any other actions you perform on the Services.

Here is an explanation of what we do with the Square Account Data described above, i.e. how we use it and for what purposes, along with an explanation of the lawful basis that supports this use.

How we use Square Account Data Why we process Square Account Data Legal Justification
When you make a request to receive information about Square or our products we collect Identity Information that you provide to us. To respond to your request, including determining whether the Services are available in your country. Pre-contract performance
We use your Identification Information and your Financial Information to go through our identity or account verification process and to enable you to authenticate into your account once it is created.

We share your Identification Information with identity verification vendors, including credit reporting agencies, wireless carriers, and others, to verify information that we collect. Our vendors cross-check the identity and financial data you give us. Your information is also screened against relevant sanctions watchlists.
To determine whether the Services are available in your country and to create your account with us and to meet our AML, "know your customer", background checking (see further below) and other compliance requirements. Legal obligation. For example, "Know your Customer" and AML compliance requirements are governed by, among other laws, the Bank Secrecy Act (1970) (USA), the USA Patriot Act (2001) (USA), the Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated regulations (S.C. 2000, Canada), EU Directive 2015/849 (AMLD IV) on anti-money laundering and terrorist financing, EU Directive 2018/843 (AMLD V) on anti-money laundering and terrorist financing and EU Member State implementing legislation such as the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended) (Ireland).
We use your Identification Information to deliver the information and support you request, including to deliver technical notices, security alerts, and support and administrative messages to you. We also use it to resolve disputes, collect payments or fees, and provide assistance for problems with our Services or your Square account. To communicate with you to fulfill our obligations under the Terms of Service. Contractual performance
When you apply or sign up for a Square account or other Services, we collect all of the Square Account Data necessary to create your account and enable you to start fulfilling transactions. To create and support your account with us, including displaying your transaction history including monthly account statements. Contractual performance
When you use the Services to send or receive payments, we may require Contacts Information, such as the sender or recipient’s email address or phone number to fulfill the transaction. To process the payments that you send or receive and to prevent the risk that payments may be misdirected. Contractual performance
If you choose to let us access and upload Contacts Information directly from your mobile phone, we may use this information to make it easier for you to find the people you want to send payments to, for account and identity verification and fraud prevention purposes, to reduce the risk you will send payments to the wrong person, or to provide other personalized services. To improve your customer experience, to protect the integrity of our Services, to prevent misdirected payments, and to help personalize the Services to you. Consent
We use your Identification Information to send you surveys and get your feedback about our Services. To understand if the Services are helpful to you and to evaluate the effectiveness of any updates we provide. Legitimate interest
We use your Identification Information to promote our products and Services to you. To promote our products and services. Legitimate interest or consent (where legally required for direct marketing contact).
When you provide feedback to us or answer our surveys. To improve our services and to develop new products and services. Legitimate interest
We use your Identification Information to personalise your use of our Services, for example, when you sign up for a Square account, we can associate certain information with your new account, such as information about other Square accounts you have had or currently have, and prior transactions you have made using our Services. To improve your customer experience. Legitimate interest and/or contractual performance.
Information We Collect From Your Use of the Services

We also get data from the devices you use when you interact with our systems, like your location or information about the device you’re using. We refer to this as Usage Data.

Types of Informaton
("Usage Data")
Examples
Commercial Information
  • Information about the products and services you sell e.g., inventory, pricing and other data.
  • Information about your payment transactions e.g., when and where the transactions occur, a description of the transactions, the payment or transfer amounts, billing and shipping information, and payment methods used to complete the transactions.
Location data, which includes the location of your device, and may in some circumstances include precise geolocation data For more information and to learn how to disable collection of location information from your mobile device, please see below.
Internet or other electronic network activity information
  • Web browser and device characteristics.
  • Information about how you use and interact with our Services.
  • This includes your access time, "log-in" and "log-out" information, browser type and language, the domain name of your internet service provider, other attributes about your browser, any specific page you visit on our platform, content you view, features you use, the date and time of your use of the Services, your search terms, and the website you visited before you visited or used the Services.
Online identifiers
  • Information you use to log in to your account.
  • Internet Protocol ("IP") address, and unique personal identifiers (including device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number; unique alias, and other identifiers).
Professional or employment-related information
  • Information you provide about your business (e.g., appointments, staffing availability, and contact data) and your employees (e.g., job titles, payroll information, and hours worked and other timecard data).
Profile information - Inferences drawn from any of the information above to create a profile about you
  • These may reflect your preferences, characteristics, and behavior. For example, if you use a product or service after receiving a marketing communication about it.

We need this Usage Data to do things like provide services to you that you have requested, fulfill our legal obligations (such as checking if payments are being made or received by you and that they are legally compliant), and help protect your account from hackers and prevent fraud. We also need this Usage Data to make our products and services better for you and others, as well as to develop new products and services. For example, if more transactions are occurring on a specific hardware device we will build out more product and service availability on that device.

How we use Usage Data Why we process Usage Data Legal Justification
We collect your Commercial Information from the devices you use when you interact with our systems and from the information that is associated with the transaction as captured on our databases. This enables us to provide services to you that you have requested including inventory, eCommerce and payments processing.

This also enables us to protect the integrity of our Services and systems, and your, our, our customers', or your customers' rights or property.

This also enables us to do internal research, measure, track, and analyze trends and usage, to improve our products and services, and, in the United States, to provide our products and services when instructed by your customers.
Contract performance




Legitimate Interests






Legitimate Interests
We use your Commercial Information when you interact with our systems and when it is associated with a transaction. We combine this information with Identification Information as well as with risk signals. This enables us to debug, fix service errors, investigate, detect, prevent, report or recover from fraud, misrepresentations, security breaches or incidents, other potentially prohibited, malicious, or illegal activities; or to otherwise help protect your account, including to dispute chargebacks on your behalf. Contract performance (support and maintenance)

Legal obligation (fraud or incident reporting)

Legitimate interest (protect your account)
We may use your Commercial Information in connection with artificial intelligence technologies to generate personalized features for your business. This enables us to provide the Services that you have requested that utilize these technologies. Contract Performance
We collect your Internet or other electronic network activity information while you are using the Services using our website, web apps, and hardware and we combine this with your Profile Information. This enables us to provide Services to you in compliance with regulatory obligations.

This enables us to provide Services to identify any unusual activity on your account so as to detect and prevent fraud, and to debug and fix errors that impair how our Services function.
Legal obligation (fraud or incident reporting)


Contract performance

Legitimate interest
We store your Professional or employment-related information in our databases. This enables us to deliver aspects of the Services (e.g., Team Management, Crew App and Payroll) that require this level of information to function. Contract performance
We generate your Profile Information using our databases. We use your Profile Information to verify your identity, and to enhance our Services. This enables us to engage in profiling and automated processing to verify your identity both directly and through the use of third party identification verification services (so we can confirm you appear to be who you say you are), improve our products and Services and develop new products and Services. Our legitimate interests in verifying your identity and reducing the risk of fraud, as well as, where permissible, offering new and improved services to our customers that are likely to be relevant to their business in light of their Seller activity and the systems and processes they use.
We use your Geolocation data to determine whether we can provide you with Services and to customise our Services to your location. This enables us to determine whether we can provide Services to you, and in what language, enables us to comply with applicable payment processor requirements, and other regulatory requirements, and also to combat fraud. Contract performance (for Services in territories where we are authorised to conduct our business)

Legal obligation (to comply with territorial restrictions)
Information We Collect from Other Sources

We also need to check that you are eligible for the services you want to use, are using our services legally, and to protect your data and our services from potential fraudulent activity which may put you and your money at risk. To do this, we may collect data about you from companies that help us verify your identity, do a credit check, prevent fraud or assess risk.

Types of Information
("External Data)"
Examples
Background Check Information
  • Credit report information.
  • Identity verification information.
  • Information about any person or corporation with whom you have had, currently have, or may have a financial relationship.
Credit, Compliance and Fraud Information
  • Account or credit-related information with any credit reporting agency or credit bureau, where lawful, and any person or corporation with whom you have had, currently have, or may have a financial relationship, including without limitation past, present, and future places of employment, financial institutions, wireless carriers, and personal reporting agencies.
How we use External Data Why we process External Data Legal Justification
We collect Background Check Information about you from background check vendors and we process this information using our anti-fraud and risk management systems. This helps us verify your identity, do a credit check, prevent fraud and assess risk. Legal obligation Legitimate interest
We receive and exchange Credit, Compliance and Fraud Information using our credit management systems and processes. As required under applicable laws, as part of any credit investigation, credit eligibility, identity or account verification process, fraud or risk detection process, or collection procedure. Legal obligation Legitimate interest

INFORMATION WE COLLECT ABOUT YOUR CUSTOMERS

We also obtain information about your customers on your behalf as your service provider when they transact with you or otherwise when you request that we do so. We call this information Your Customers’ Data. We collect Your Customers’ Data when they interact with you through your use of Square’s products, for instance when they make a payment at your establishment, or schedule an appointment, or receive an invoice from you. The particular Customer Data we collect will vary depending on your location, which products and services you use and how you use them. Your Customers’ Data may include:

Types of Information
("Your Customers' Data")
Examples
Customer Device Information
  • Information about your customer's device, including hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device's interaction with our Services.
Customer Financial Information
  • Bank account and payment card numbers.
Customer Identification Information
  • Your customers' name; email address; mailing address; phone number; government-issued identification; or other historical, contact, and demographic information, and signature.
Customer Location Information
  • The location of your customer's device if they pay with Apple or Android Pay, or give their consent.
Customer Transaction Information
  • When your customers use Square to make or record payments to you, we collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions which may include item-level data, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions.
Customer Use Information
  • Information about how your customers interact with you using our Services, including access time, "log-in" and "log-out" information, browser type, history and language, country and language setting on your device, IP address, the domain name of your customer's Internet service provider, other attributes about your customer's browser, mobile device and operating system, features your customer uses, and the date and time of use of the Services.
Other Information You or Your Customers Provide
  • Information that your customers voluntarily provide you, or that you input into Square's systems about your customers
  • For example, survey responses; participation in contests, promotions, or other prospective seller marketing forms or devices; suggestions for improvements; notes you take about your customers, or any other actions performed when they interact with you using Square

We use Your Customers’ Data as part of our contractual obligation to provide the Services you request to you and, in the United States, as disclosed in the Privacy Notice for Users Who Do Not Apply or Sign Up for a Square Account or Other Services, or as instructed by your customers.


It is your responsibility to obtain any necessary permission for us to use Your Customers’ Data in the manner envisaged in this Privacy Notice so that we can provide you with the Services requested by you.

WHEN AND WITH WHOM WE SHARE YOUR INFORMATION

We may share the personal information described in the “Information We Collect About You” section with the following categories of service providers and third parties:

Category of third parties with whom we share your personal information in order for you to receive the Services Description of the services in question
Service support partners We work with the following types of third party service providers who help us provide, maintain and improve the Services:
  • Technology providers or potential partners to store information, provide software, or programs to help us provide the Services;
  • Marketing or event providers that help us run our advertising campaigns, contests, special offers, or other events or activities;
  • Identity verification providers to help us with fraud prevention and to assist us in meeting our AML, "know your customer", background checking and other compliance requirements;
  • Fee collection service providers to help us enforce our legal rights;
  • Financial partners, like financial institutions, payment networks, payment card associations, and credit bureaus that help us provide the Services.
Third Party Analytics Services Our analytics partners help us with our online services, such as Google Analytics, Facebook, BugSnag and Crashlytics. The analytics providers that administer these services use technologies such as cookies, web beacons, and web server logs to help us analyze how you use our online services. We may disclose your site-use information (including IP address) to these analytics providers, and other service providers who use the information to help us figure out how you and others use our online services.
  • To learn more about Google Analytics and how to opt out, please visit https://marketingplatform.google.com/about/ or https://support.google.com/analytics/answer/181881?hl=e
  • To learn more about how Facebook uses your data please visit https://www.facebook.com/help/325807937506242/ or log on to your Facebook account and access your settings. To understand more about Facebook advertising please see here https://www.facebook.com/about/ads.
  • To learn more about BugSnag, please visit https://docs.bugsnag.com/legal/privacy-policy/.
  • To learn more about Crashlytics, please visit https://fabric.io/terms.
Online Tracking and Interest-Based Advertising Consistent with local law, we and our advertising partners may collect information about your activities on our website. We use this information to advertise to you and to tailor our products and services to your interests. You may see certain ads on other websites because we use third-party services to advertise our services to you. We use these services to target our ads to you and others based on your demographics, interests, and context. These third party ad services track your online activities over time and across multiple websites by collecting your information through automated technologies, including third-party cookies, web server logs, and web beacons. The ad services use this information to show you Square ads that may be tailored to your individual interests. The information our ad services may collect on our behalf includes data about your visits to websites that serve Square ads, such as the pages or ads you view and the actions you take on those websites. This data collection takes place both on our online services, and on third-party websites that serve our ads to you. This process also helps us figure out if our ads to you are effective.

To learn about how to opt out of interest-based advertising in the U.S., see "Cookies And Other Similar Technologies" and the "United States" sections below.

To adjust your preferences on interest based advertising in the EU, click on the link on our website to the Cookies Policy which will allow you to adjust your settings preferences.

Certain web browsers allow you to instruct your browser to respond to Do Not Track ("DNT") signals to website you visit, informing those sites that you do not want your online activities to be tracked. At this time, our websites are not designed to respond to DNT signals or similar mechanisms from browsers.
Partners We may share minimal personal information (such as your business name) with potential partners who may be able to provide a complementary or related service for your business. We may also share personal information with partners if we believe the disclosure is reasonably necessary to protect us, users of our Services or the public from harm, fraud, or potentially prohibited or illegal activities.
Our Affiliates and Group Companies With other business units (Cash App, Afterpay/Clearpay, and TIDAL) and between wholly-owned subsidiaries of Block, Inc. For example, we may share your information internally to understand how you engage with our company products to help make our Services better for you and for everyone, to help us build Services tailored to your preferences, and to help protect our services and maintain a trusted environment.
Other third parties who will receive your personal information Why we share data with these parties
Other users of our Services with whom you interact through your own use of our Services. To enable you to make or accept a payment, appointment, or money transfer using our Services.
Law enforcement and other public and private agencies If we believe that disclosure is reasonably necessary (i) to comply with any applicable law, regulation, legal process or governmental request (e.g., from creditors, tax authorities, law enforcement agencies, in response to a garnishment, levy, or lien notice, etc.); (ii) to establish, exercise or defend our legal rights; (iii) to enforce or comply with our [General Terms](https://squareup.com/us/en/legal/general/ua) or other applicable agreements or policies; (iv) to protect our or our customers' rights or property, or the security or integrity of our Services; (v) for an investigation of suspected or actual illegal activity; or (vi) to protect us, users of our Services or the public from harm, fraud, or potentially prohibited or illegal activities.
To a subsequent owner, co-owner, or operator of one or more of the Services To enable them to continue to run the Services after the change of owner or operator.
If we do or try to do a corporate merger, consolidation, or restructuring (including during due diligence and negotiation of these); the sale of substantially all of our stock and/or assets; the financing, acquisition, divestiture, or dissolution of all or a portion of our business; or other corporate change. To enable the completion of the relevant merger, restructuring, financing, acquisition, divestiture, dissolution or other corporate change.
To others, at your direction To carry out certain requests you make for us to share data.

Although we disclose your personal information to third parties as described above, we do not sell your personal information. We do, however, share your information for purposes of interest-based advertising or “targeted advertising” as discussed in the chart above, as well as below in the “Cookies, Other Similar Technologies, and Advertising” section. You can find more information on how to opt-out of targeted advertising in that section as well as the “Your Choices” section below.

SECURITY

We do a lot to keep your data safe. While we think we have strong defenses in place, no one can ever guarantee that hackers won’t be able to break into our sites or steal your data while it is stored or flowing from you to us or vice versa.

We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, the internet is not a 100% secure environment, and we cannot guarantee absolute security of the transmission or storage of your information. We hold information about you both at our own premises and with the assistance of third-party service providers. Your personal information will be accessible by our employees, contractors and service providers who require access for the purposes described in this Privacy Notice.

For more information about our security practices, please visit https://squareup.com/gb/en/security.

COOKIES, OTHER SIMILAR TECHNOLOGIES, AND ADVERTISING

If you are reading this Privacy Notice in a country where we have a separate Cookies Policy, you will see the Cookie Banner that applies to you each time you visit the site.

The following additional information applies across all of our websites and apps.

Digital cookies and similar technologies help us make our services better to use by doing things like recognizing when you’ve signed in, analyzing how you use our services so we can make them more useful to you, giving you a more personalized experience.

When you interact with our online services, or open emails we send you, we obtain certain information using automated technologies, such as cookies, web server logs, web beacons and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag, or clear GIF, is a tiny graphic image that may be used in our websites or emails.

We use these automated technologies to collect your device information, internet activity information, and inferences as described above. These technologies help us to:

  • Remember your information so you do not have to re-enter it;
  • Track and understand how you use and interact with our online services and emails;
  • Tailor our online services to your preferences;
  • Measure how useful and effective our services and communications are to you; and
  • Otherwise manage and enhance our products and services.

We set some of these automated technologies ourselves, but others are set by third parties who deliver services on our behalf. For example, we may use other companies’ web analytics services (described in the “Third-Party Analytics Services” section above), which use automated technologies to help us evaluate how customers use our websites. Some of these technologies may also be set by third parties that help us advertise our products and services to you as informed by your interests, based on information collected from your activity on the web, including but not limited to, browsing or purchasing products on or through our websites or on third party websites or your activity on mobile sites and applications. This advertising approach is called interest-based advertising or “targeted advertising.”

Your browser can alert you when cookies are placed on your device, and how you can stop or disable them via your browser settings. More information on how to manage these settings on common browsers and devices are below.

Please note, however, that without cookies all of the features of our online services may not work properly. If you use a mobile device, you can manage how your device and browser share certain device data by changing the privacy and security settings on your mobile device.

Within mobile applications, you may also go to your device settings and select “Limit Ad Tracking” (for iOS devices), or “Opt out of Interest-Based Ads” (for Android devices), which will allow you to limit our use of information collected from or about your mobile device (such as precise location data) for the purposes of serving online behavioral advertising to you.

You can also opt out of receiving interest-based ads from third party advertisers who are members of the Network Advertising Initiative (NAI) or who follow the Digital Advertising Alliance’s (DAA) Self-Regulatory Principles for Online Behavioral Advertising by visiting the opt out pages on the NAI website and DAA website.

Please also see the “Your Choices” section for other ways to opt-out of interest-based or targeted advertising.

HOW LONG WE RETAIN YOUR INFORMATION

We store your information for as long as is necessary for the purposes identified in this Privacy Notice, including to provide our Services, to comply with legal obligations, to enforce and prevent violations of our Terms, to protect against fraudulent activity, and to defend our legal rights, property and users.

The retention periods for your information are determined on a case-by-case basis that depends on the following factors:

  • The nature of the information and why it is collected and processed. The length of time we will keep your information will generally be determined by how long we need that information to provide you with our Services, including any optional features you use and to provide customer support. For example:
    - As set out in this Privacy Notice, we require Square Account Data to deliver our Services. We need to keep it for the duration your Square account exists so that we can maintain your account.
    - Similarly, we will also keep your Usage Data for the lifetime of your account.

  • Legal reasons. In certain cases, we are obliged to keep your information for legal reasons, which may include after your account has been deactivated. We will keep your information where it necessary for us:
    - To respond to a legal request or to comply with applicable law. We must keep your information where we have a legal obligation to do so, for example, if we receive a valid legal request, such as a preservation order or search warrant, related to your account, we preserve your information after you delete your account.
    - To deal with and resolve requests, disputes or complaints.
    - For litigation or regulatory matters. For example, we preserve your information related to a legal claim or complaint, such as where we are subject to a regulatory investigation or we need to defend ourselves in legal proceedings about a claim related to your information or respond to a regulator in relation to a legal or regulatory complaint made by you or someone else.
    - Issues relating to the safety, security and integrity of our Services and to protect rights, property and users. For example, we keep information where it is necessary to investigate misuse of our Services, such as fraud.

YOUR CHOICES

As described further below, you may be entitled to certain rights with respect to your personal information. You can also see, change or fix information you gave us, ask us to deactivate your account, control your location information, or opt out of receiving promotional messages from us.

Your Personal Information Rights

Depending on the jurisdiction in which you reside, you may be entitled under applicable law to request:

  • Access to your personal information in a portable format, including: (1) the categories of personal information described above that we have collected about you and the categories of sources from which we collected such personal information; (2) the business or commercial purposes for collecting or sharing such personal information; (3) the categories of personal information about you that we have disclosed to third parties for a business purpose; (4) the categories of third parties to whom we have disclosed such personal information; and (5) the specific pieces of personal information we have collected about you.
  • Deletion of the personal information we have collected from you;
  • Correction of the personal information we have collected about you;
  • To opt-out of the sharing of your personal information for purposes of targeted advertising.

You may submit an access, deletion, or correction request by emailing us at privacy@squareup.com or by calling us at 1.844.213.7377. Once we receive your request, we will verify it by requesting that you confirm certain personal information associated with your account. You may also be entitled to submit a request through an authorized agent. You may also email us privacy@squareup.com to appeal our denial of any of your access, deletion, or correction requests.

You can exercise your right to opt-out of targeted advertising by clicking the “Opt Out of Interest-Based Advertising” link in the footer of any page on our browser site.

Although some of the information we collect and process about you may be considered sensitive personal information, we only process such information for purposes authorized by law, such as to provide services you request from us or to verify your information.

Deactivating Your Account

If you wish to deactivate your account, you can do so by logging into your Square account or by emailing us using the contact details provided below.

Location Information

In order to provide certain Services, we may request access to location information, including precise geolocation information collected from your device. If you do not consent to the collection of this information, certain Services will not function properly and you will not be able to use those Services. You can stop our collection of location information at any time by changing the preferences on your mobile device. If you do so, some of our mobile applications will no longer function. You also may stop our collection of location information via mobile application by following the standard uninstall process to remove all Square mobile applications from your device.

Promotional Communications

You can opt out of receiving promotional messages from Square by following the instructions in those messages, by informing the caller that you would not like to receive future promotional calls, or by changing your notification settings by logging into your Square account. You may only opt out of text messages from Square by replying STOP. Opting out of receiving communications may impact your use of the Services. If you decide to opt out, we will still send you non-promotional communications which are required for the running of your account, such as digital receipts and messages about your account or our ongoing business relations.

CHILDREN’S PERSONAL INFORMATION

Our Services are general audience services not directed at children under the age of 18. We do not knowingly collect, share, or sell any information from children under the age of 18. If we learn that any information we collect has been provided by a child under the age of 18, we will promptly delete that information.

ADDITIONAL JURISDICTIONAL DISCLOSURES

EU/UK

Personal Information

If you reside in the EU or the UK, you have the right under certain circumstances:

  • to be provided with access to your personal data held by us;
  • to request the rectification or erasure of your personal data held by us;
  • to request that we cease processing your data;
  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • to object to profiling activities based on our own legitimate interests;
  • to object to solely automated processing producing legal or similar effects;
  • to request that your data be transferred to a third party (data portability);
  • to withdraw your consent to our processing of your data (where such processing is based on consent); and
  • to lodge a complaint with the data protection authority in your jurisdiction.

In order to exercise any of these rights (including the right to withdraw your consent), please email privacy-eu@squareup.com. We may need to verify your identity before granting access or otherwise changing or correcting your information.

International Data Transfers

We operate in many countries, and we (or our service providers) may move your data and process it outside the country where you live. We use third-party service providers to process and store your information in the United States, Japan, the EU, and other countries. When we transfer your personal data to our affiliates outside the EU, we make use of standard contractual clauses (which have been approved by the European Commission) to help ensure your information is afforded a high standard of protection, and that your privacy rights can be vindicated. For a list of the countries in which we operate, please see https://squareup.com/gb/about.

If you wish to obtain further details regarding the contractual arrangements we enter into to protect your personal data when it is transferred outside the EU, you may do so by emailing us via privacy-eu@squareup.com. You can also access the standard contractual clauses approved by the European Commission at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

AUSTRALIA

Square complies with the Privacy Act 1988 (Cth)(Privacy Act) and with the 13 Australian Privacy Principles (APPs) in the Privacy Act, as well as with this Privacy Policy.

We may share your information with Cuscal Limited, an Authorised Deposit-Taking Institution (ADI) supervised by the Australian Prudential Regulation Authority (APRA). Cuscal supports our provision of the Services through its banking and payments services and may not be able to provide its services without information about you. Cuscal’s privacy policy is available via www.cuscal.com.au/privacy-policy and sets out details about Cuscal’s collection, use and disclosure of information about you, as well as information about your rights to access your personal information.

JAPAN

We may share your information with a third party outside of Japan, including, but not limited to, the United States, Canada, the EU, and in other countries. We may use some cloud service providers located in the United States and Japan. We are unable to specify all possible jurisdictions Personal Data of users of Square services in Japan would be transferred or stored, as service providers use multiple servers located in multiple jurisdictions and do not disclose all of these locations for security reasons.

You may contact our privacy team with any requests of disclosure, correction, or deletion of your personal information. You may also request suspension of use or suspension of sharing of your personal information with certain third parties. Please contact our privacy team at the address listed below under “Contact.” We may request to verify your identity before processing your request.

UNITED STATES

California

Privacy laws that apply in certain places, like California, treat “businesses” and “service providers” differently. Under those laws, a business is the company that decides why and how to process personal information. A service provider processes personal information on behalf of a business in order to provide services. When Square processes Your Customers’ Data, we generally act as your service provider. In select cases, however, we may act as a business when we process Your Customers’ Data. For example, we act as a business when we use Your Customers’ Data to send your customers digital receipts directly from Square, or when we allow you to use Customer Directory or Square Marketing to contact your buyer using a masked email address (for example, j*****@gmail.com) that gets routed to them via Square. Your customers can visit the Privacy Notice for Square Buyer Features for more information on how Square processes their data when it is acting as a business.

Even though you use our services while acting as an employee, owner, director, officer, or contractor of a company, partnership, sole proprietor of a business, nonprofit, or government agency, if you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes).

CHANGES TO THIS PRIVACY NOTICE

We reserve the right to change this Privacy Notice from time to time, as may be required. We will provide you with reasonable prior notice of any material changes in how we use your information, including by email if you have provided one. If you disagree with these changes, you may cancel your account at any time. Any amendments will be published by posting a revised version of the Privacy Notice and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed.

CONTACT

If you have any questions or concerns regarding this Privacy Notice, please reach out to us by contacting your country specific privacy contact below:

United States Block, Inc.

1955 Broadway, Suite 600, Oakland, CA 94612, U.S.A

privacy@squareup.com
European Union & the United Kingdom FAO: Data Protection Officer

Squareup International Ltd.

Fumbally Square
Fumbally Lane
Dublin 8, Ireland

privacy-eu@squareup.com
If your request or concern is not satisfactorily resolved by us, you can contact your local data protection authority (see http://ec.europa.eu/justice/dataprotection/bodies/authorities/index_en.html).
Canada Square Canada, Inc.

Square Technologies, Inc.

5000 Yonge Street,
Toronto, ON M2N 7E9, Canada

privacy@squareup.com
If you are dissatisfied with the results of our investigation or any resulting corrective measures, you may be entitled to make a written submission to the Privacy Commissioner in your jurisdiction or to the Office of the Privacy Commissioner of Canada at the address below:

Office of the Privacy Commissioner of Canada

30 Victoria Street Gatineau, Quebec

K1A 1H3

https://www.priv.gc.ca/en
Japan Square, K.K.

Tri-Seven Roppongi 10F,
7-7, Roppongi, Minato-ku,
Tokyo, 106-0032, Japan

Representative Director: Akio Takisaki
privacy@squareup.com
Australia Square AU PTY, Ltd.

Lv. 8, 376-390 Collins Street,
Melbourne, VIC 3000, Australia

privacy@squareup.com
If you are dissatisfied with our response to your complaint, you may be entitled to make a written submission to the Office of the Australian Information Commissioner, whose contact details are as follows:

Office of the Australian Information Commissioner (OAIC)
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Address: GPO Box 5218 Sydney NSW 2001