Compliance With Privacy Laws
As a merchant who uses Square to collect your customers’ personal data to process payments in the UK, you are subject to the General Data Protection Regulation and other relevant laws and regulations that regulate the use of personal data.
As a merchant, a best practice would be to maintain a Privacy Policy that clearly articulates the type of information you collect and the purpose of that collection, and anything else required under applicable privacy laws. If you take payments online, you can make your Privacy Policy available to your customers on your website. If you own a physical shop, you can print out a notice stating your data collection practices that you keep near the register, which will be visible to customers.
Square sellers are responsible for determining their obligations and implementing industry best practices for the use, collection and disclosure of their customers’ personal information in connection their use of the Square services. Learn more on your local regulator’s website.