If you are a EU resident, and are a customer of a business that uses Square, under the GDPR (the new General Data Protection Regulation standardising EU data privacy and protection laws that comes into effect on May 25th, 2018), you are entitled to make a data request from that business.
Please take a look at Square’s GDPR FAQ’s for information on the GDPR and how it may apply to you.
Businesses that use Square are classified as data controllers of their customers’ data under the GDPR. If you have queries about the personal data that a Square seller holds about you, ask that Square seller to supply you with the information you need by visiting the seller’s website or store, or calling the seller at their listed phone number.
Under the GDPR, EU-resident individuals are entitled (subject to certain limits) to request the following from businesses who manage their personal data:
- If they hold any personal data about you and if yes, what information about you is being held;
- to have any inaccuracies in the data corrected;
- to have information erased;
- to object to direct marketing;
- to restrict the processing of their information, including automated decision-making (i.e., a decision made solely by automated means without any human intervention) or profiling (i.e., automated processing of personal data to evaluate certain things about an individual); and
- data portability (to have data provided in a machine readable and interoperable form to the individual requesting it or to have data sent to a third party at an individual’s request).
The Information Commissioner’s Office is the UK’s independent authority which oversees the data privacy rights of individuals. You can visit the Information Commissioner’s Office website to find helpful information about your data protection rights.
This article is intended to offer helpful guidance, and should not be interpreted as legal advice. You should consult a legal expert regarding your rights under the GDPR.