GDPR FAQ
The team at Square has been working hard to implement the GDPR (the new General Data Protection Regulation standardizing EU data privacy and protection laws). At Square, we are committed to the protection of our sellers’ data and privacy rights, and strive to help our sellers remain compliant with their own GDPR obligations.
GDPR is the acronym given to the General Data Protection Regulation, a EU law updating and standardising data privacy laws across the EU.
The GDPR applies to the processing of personal data of EU residents. It does not apply to the data of businesses or other legal entities, but will apply to the data that businesses or legal entities hold that relates to individuals i.e., when business hold information about their employees or their customers.
Any EU business that handles EU residents’ personal data must comply with the GDPR and any other businesses located outside the EU that offer goods or services to EU residents.
Personal data is any information that identifies a EU-resident individual or pieces of information that, when taken together, can identify that person. This could mean someone’s name, their phone number or email address. It could be information about a physical trait or about where the person works. It can mean almost any pieces of information connected to an individual. You should familiarise yourself with what personal data you may have related to your customers and employees.
The GDPR also designates certain types of personal data as special categories which require greater protection due to their sensitive nature. The following are personal data revealing: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data concerning an individual’s sex life or sexual orientation.
You can find Square’s Privacy Policy that applies to Sellers on our website.
These FAQ’s are intended to offer helpful guidance, and should not be interpreted as legal advice. You should consult a legal expert regarding your obligations under the GDPR to provide guidance tailored to your specific circumstances.