Privacy Policy

Hyperwallet Privacy Policy

Effective Date: 17 March 2025

1. Overview

This Privacy Policy applies to Hyperwallet, a PayPal service, which is operated by members of the PayPal group of companies around the world, and aims to provide you with sufficient information regarding our use of your Personal Information when you visit our Sites, apply for, or use our products and services (collectively, the “Services”). We encourage you to read this Privacy Policy and to use it to help you make informed decisions. For the purpose of the data protection regulations applicable in the EEA, the data controller is PayPal (Europe) S.à r.l. et Cie, S.C.A, a duly licensed Luxembourg credit institution under Article 2 of the law of 5 April 1993 on the financial sector, as amended, and under the prudential supervision of the Luxembourg supervisory authority, the Commission de Surveillance du Secteur Financier.

For the purpose of the data protection regulations applicable in the UK, the data controller is PayPal UK Ltd. PayPal UK Ltd is authorised and regulated by the Financial Conduct Authority (FCA) as an electronic money institution (firm reference number 994790); in relation to its regulated consumer credit activities (firm reference number 996405); and for the provision of cryptocurrency services (firm reference number 1000741). Some products and services, such as PayPal Pay in 3 and PayPal Working Capital, are not regulated by the FCA and may offer a lower level of protection. Please read product terms for further details. PayPal UK Ltd’s company number is 14741686. Its registered office is 5 Fleet Place, London, United Kingdom, EC4M 7RD.

Some of the third parties that we disclose Personal Information with are independent data controllers. This means that we are not the ones that dictate how the data that we disclose will be processed. Examples are regulatory authorities, credit bureaus, acquirers, and other financial institutions. Please refer to the “Do We Disclose Personal Information, and why?” section for more information about the categories of data controllers we disclose your Personal Information to. When your data is disclosed with independent data controllers, their data policies will apply. We encourage you to read their privacy policies and know your privacy rights before interacting with them. Certain capitalized terms that are not otherwise defined in the Statement are explained in Section 11 (“Definitions”). We revise this Privacy Policy from time to time to reflect changes to our business, Services, or applicable laws. If the revised version requires notice in accordance with applicable law, we will provide you with 30 days prior notice by posting notice of the change on the “Privacy Policy” page of our Sites, otherwise the revised Privacy Policy will be effective as of the published effective date.

2. Non-Account Holders

Our Services may be accessed by individuals without a Hyperwallet account or profile. We will collect Personal Information from you even if you are a non-account holder when you use our Services, such as when you receive a payment through our Services from account holders (“Recipient”). We may connect this information with your account, if you have one at the time you use the Service without logging in, or if you create an account later.

3. Categories of Personal Information We Collect

Categories of Personal Information collected from you, including from your interactions with us and use of the Services:

• Personal Identifiers: Such as name, Business Name, Address, Phone Number, Email, IP address, Device Information, information collected from cookies or other tracking technologies, other information necessary to establish an account
• Records and Financial Information: Such as bank account and routing numbers, credit and debit card information, amount you send or request, or other financial information
• Commercial Information: Such as the payout amount, payor information, and the record of the Services
• Internet or network activity: interactions with our Services, information about response time for web pages, download errors, date and time when you used the service, Location Information, such as your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies (“Technical Usage Data”)
• Biometric: When you consent in the user experience, we collect voice identification or face scans to authenticate your account
• Audio, electronic, visual, or similar information: Call recordings when you talk to customer service
• Professional or employment information: Including business information, contact emails, phone numbers and taxpayer ID numbers
• Account Profile Information: including username, profile picture, gender, or personal description which you add that may include sensitive Personal Information
• Information you provide when you contact us: Your response to surveys, recorded conversations, chat conversations with us, email correspondence with us, account status, repayment history, voice identification, and information about others if you choose to disclose it to us
• Inferred data: We may infer information about you such as your preferences based on your transactions and interactions with our Sites and Services
• Characteristics of Protected Classifications: including age or date of birth, national origin, disability, citizenship, or military status
• Sensitive Personal Information: Social Security number, government-issued identification, bank account and routing numbers, credit and debit card information, voice identification and photo IDs
• Information from your device: including, language settings, browser ID, cookie preferences, time zone, operating system, platform, screen resolution and similar information about your device settings, or data collected from cookies or other tracking technologies

We may also obtain the above categories of Personal Information from the following categories of sources:

• Hyperwallet or PayPal Companies
• Third parties: including Service Providers, Partners and Merchants, Payment Partners, such as card networks and payment processors, Credit Reporting Agencies, Government Entities, Data Brokers, and Financial Institutions
• Connected Accounts: Non-financial or financial accounts you agree to link to Hyperwallet, such as social network accounts, mail accounts or for open banking. You may change your mind about use of this feature and unlink your connected accounts at any time. If you choose to link these accounts or share such information with us, we will periodically collect and process it until you disconnect the account
• Third Party Applications: Applications that you choose to use for example, the Apple App Store, Google Play Store, or social networking sites

4. How is Personal Information used

We may process your Personal Information for a variety of reasons, including to comply with law, to perform a contract with you (including to provide our Services), and for our legitimate interests (for example, security and fraud prevention).

We may also use Personal Information with your consent to participate in certain features that while not necessary for use of the Services may be of interest to you, such as targeted advertising to our Partners and Merchants, or connecting to a third-party platform. You can withdraw your consent at any time free of charge. Note that withdrawing your consent will not affect the lawfulness of any processing we have conducted prior to your withdrawal.

We may collect Personal Information to:

• Provide our Services: such as to help you send or request money, initiate a payment, add monetary value to an account, pay a bill, administer your payment, show you your account information, to assess your creditworthiness in connection with our Services, confirm your identity and your contact information, to authenticate your access to your account and to confirm your Account and financial information is accurate and up to date.
• Manage and improve our Services: for example, to develop new products and features, for customer analysis, to administer our Services, and for internal operations, for example troubleshooting, data analysis, testing, research, and statistical purposes
• Manage fraud and risk: We conduct risk analysis, fraud prevention and risk management to protect our customers and business, including fraud that involves our Partners and Merchants and strategic ventures.
• Market our Services: We may use Personal Information to market our Services including where we partner with others to offer similar services to market about our Partners and Merchants. We use Personal Information to better understand and cater to your interests.
• Communicate with you: We may contact you when you need us, such as answering a question you sent to our customer service team.
• Comply with Laws: to comply with applicable laws and rules and enforce our agreements with you and other people who use our Services.
• Create an account connection between your Account and a third-party account or platform: such as with a social media account or a financial institution in connection with your participation in Open Banking.
• Send you locally relevant options: If you agree to let us track your location, we can enhance your security of our Services and customize our Services by using the right language and personalizing content such as providing location-specific options, functionality or offers, ads and search results.
• Remember your preferences: We may remember your preferences for the next time you use the Services.
• Personalize your experience: When you use Services, as well as other third-party sites and services we might use tracking technologies like cookies. See our Cookie Statement in the How Do We Use Cookies and Tracking Technologies? section for more details.

5. Do We Disclose Personal Information, and why?

We do not sell Personal Information to third parties for money or share your Personal Information for cross context behavioural advertising, including any Sensitive Personal Information.
However, we will disclose your Personal Information with third parties to help us provide Services, protect our customers from risk and fraud, market our products, and comply with legal obligations. In addition, we may disclose Personal Information to:

• Hyperwallet and PayPal Companies , including our brands such as Venmo to provide you with the Services and to manage our business.
• Authorities, when accompanied by a subpoena or other legal documentation that requires Hyperwallet or PayPal Companies to respond. Such authorities include courts, governments, law enforcement, and regulators. We may also be required to provide other third parties information about your use of our Services, for example to comply with card association rules, to investigate or enforce violations of our user agreement or to prevent physical harm or illegal activity.
• Other financial institutions, to jointly offer a product.
• Card networks and payment processors, to facilitate payment processing.
• Fraud prevention and identity verification agencies, for example to assist us in detecting activities suggestive of fraud.
• Credit reporting and debt collection agencies, for example to collect unpaid overdue debts through a third party such as a debt collection agency.
• Service providers that operate at our direction and on our behalf to perform services we outsource to them, such as processing payments, marketing, research, compliance, audits, corporate governance, communications, IT development, maintenance, hosting and support and customer service operations.
• Connected accounts, for example any social media accounts you asked us to connect or when you initiate an Account connection with another bank or financial institutions, card account, or aggregator in connection with your participation in Open Banking, so we can check if you have sufficient funds or confirm your ownership of the account.
• Partners and Merchants, their service providers and others involved in a transaction, for example when you use the Services we may disclose information about you and your Account with the other parties (or their service providers) involved in processing your transactions. Please note that Personal Information disclosed to Partners and Merchants (or their service providers) involved in a transaction is subject to the Partners and Merchants own privacy policy and procedures.
• Other third parties, for example we disclose Personal Information to advertising platforms at your direction, or security service providers to help prevent unauthorized access to our Services. Please be aware that these parties’ privacy policy applies to the Personal Information that you disclose directly to them. For example, we use Google’s reCAPTCHA to prevent misuse of our Services, when you access our mobile application. We may also use Google Address Autofill to ensure accuracy of your address. Google’s Privacy Policy and Terms of Use apply to the Personal Information you disclose to them.
• Buyers or in connection with business transfer, for example if we are involved in a merger, a purchase or sale of all or part of our business or assets, we may disclose your Personal Information to a buyer of those business or assets. If Hyperwallet or a significant portion of Hyperwallet’s assets are acquired by a third party, Personal Information may also be disclosed.

We may disclose your sensitive personal information as appropriate to carry out legitimate business activities allowed by law.

6. How long does Hyperwallet store your Personal Information?

We retain Personal Information for as long as needed or permitted in context of the purpose for which it was collected and consistent with applicable law.
The criteria used to determine our retention period is as follows:

• Personal Information used for the ongoing relationship between you and Hyperwallet is stored for the duration of the relationship plus a period of 10 years, unless we need to keep it longer, such as:
  • a legal obligation or compliance with laws to which we are subject is retained consistent with the applicable law, such as under applicable bankruptcy laws and AML obligations
  • litigation, investigations, audit and compliance practices, or to protect against legal claims.

7. How Do We Use Cookies and Tracking Technologies?

When you interact with our Services, open email we send you, or visit a third-party website for which we provide Services, we and our partners use cookies and other tracking technologies such as pixel tags, web beacons, and widgets (collectively, “Cookies”) to recognize you as a user, customize your online experiences and online content, including to serve you interest-based advertising, perform analytics; mitigate risk and prevent potential fraud, and promote trust and safety across our Services.

We use Cookies to collect your device information, internet activity information, and inferences as described above.

Our Cookies and similar technologies have different functions. We may use cookies or other technologies that are necessary to the operation of our Sites, Services, applications, and tools. Cookies and similar technologies can also be used for our advertising purposes, if you consent. This includes technologies that allow You access to our Sites, Services, applications, and tools; that are required to identify irregular site behaviour, prevent fraudulent activity, facilitate transactions and improve security; or that allow you to make use of our functions.
Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies through your device or browser settings, your use of the Sites and Services may be limited or not possible.

Where appropriate, security measures are set in place to prevent unauthorized access to our Cookies and similar technologies. A unique identifier ensures that only we and/or our authorized service providers have access to Cookie data.

Service providers are companies that help us with various aspects of our business, such as Sites operations, Services, applications, advertisements and tools. We may use some authorized service providers to help us to serve you relevant ads on our Services and other places on the internet. These service providers may also place Cookies on Your device via our Services (third-party Cookies). They may also collect information that helps them identify Your device, such as IP-address or other unique device identifiers.

Some web browsers have an optional setting called “Do Not Track” (DNT) that lets you opt-out of being tracked by advertisers and some third parties. Because many of our services won’t function without tracking data, we do not respond to DNT settings.

To learn how to opt-out of this kind of tracking technology, visit About Ads.

8. Your Data Protection Rights

Your rights to access, correction, deletion, and restriction to use or disclose your information.

Under applicable data protection law, depending upon the jurisdiction in which you reside and subject to applicable exceptions and definitional differences among various U.S. state and other data protection laws, you may have certain rights about your Personal Information is collected, stored, used and disclosed. We recognize the importance of your ability to control the use of your Personal Information and provide several ways for you to exercise your rights to access (right to know your information), right to know third parties to which we have disclosed personal information), correction, deletion (erasure), and to restrict certain information (right to opt out of sharing and right to limit use and disclosure of sensitive personal information). Certain state laws in the U.S. also provide residents of those states with the right to opt out of the “sale” (disclosing personal information in exchange for money or other consideration) or “sharing” (disclosing personal information for cross-context behavioral advertising) of your personal information or use of your personal information for certain types of targeted advertising. Global Privacy Control is a browser setting that notifies website owners of users’ privacy preferences regarding selling or sharing their personal information for cross-context behavioral advertising. PayPal does not respond to the Global Privacy Control signal because we do not sell or share your data. We will not deny you services, charge you different prices, or provide you with a different level of service solely for exercising your privacy rights. If you are a California resident, learn more about how we handle your Privacy Rights.

How do you exercise your rights?

If you, or an authorized agent, where permitted, want to exercise any of your rights relating to your Personal Information, contact us at the number and email provided in the Our Contact Information section. Some of the Personal Information in your profile may only be updated in your Partners and Merchant’s system.

Even if you do not have an account (for example, where you use our Services without a Hyperwallet account), you can submit a request for access, correction, restriction or deletion of your information for your Payment without a Hyperwallet account by contacting us at the number and email provided in the Our Contact Information section. We’ll first need to verify who you are before we can respond to your request. We may ask you to provide us with information necessary to reasonably verify your identity before responding to your request. We will compare the information you submit against our internal business records to verify your identity. If we can’t verify your identity, we will not be able to fulfil your request. If we deny your request in whole or in part, you may have the right to appeal the decision. In such circumstances, we will provide you with information regarding the appeals process.

Your right to request a copy of the Personal Information. If you want to make a request to know about the data we’ve collected about you, you have choices:

• Log in to your account and submit a request
• Call or contact us and request that we provide you with the data we’ve collected.

Your right to correct your Personal Information:

• Log in to your account and correct information you previously added. For example, you can edit your addresses in your settings
• Call or contact us and request that we correct specific information

Your right to delete your Personal Information:

• Log in to your account and delete information you previously added.
• Call us or contact us and request that we delete specific information
• Close your account

If you close your account or request that we delete Personal Information, we still need to keep some Personal Information as explained in How long does Hyperwallet store your Personal Information so we can:

• Complete a transaction, provide goods or services you requested, or comply with our promises to you in the user agreement or other contract you have with us
• Detect and prevent malicious, fraudulent, or illegal activity
• Protect your (or another person’s) legal rights, including the right to free speech
• Manage our internal business processes that are reasonably related to your expectations when using our Services
• Comply with laws and other legal or governmental processes

California also offers a right to opt out of “Selling” and “Sharing” Personal Information. Global Privacy Control setting is a browser setting that notifies website owners of users’ privacy preferences regarding selling or sharing their personal information. Hyperwallet does not respond to these settings because we do not sell or share data.

Understanding your choices

You can control how Personal Information is collected or disclosed, as well as how we communicate with you. Here are some of the ways you can customize your choices.

Choose how we collect Personal Information

You may choose to limit the Personal Information you provide when our apps or Services request it. To help make choices that are right for you, it’s important to understand that Personal Information helps us provide a richer, more personalized experience for you. Also, some Personal Information is required for our Services to function at all.

Choose how connected accounts collect and use Personal Information.

If you connect your account to a third-party service, you may be able to manage how your Personal Information is collected, used, and disclosed by them. Read the third parties’ privacy policies to see the choices they offer you.

You can control which third-party services you connect to your account and what Personal Information they can collect about you.

Choose how we communicate with you.

Your choices about how we communicate with you differ depending on the purpose of the message and how it is delivered. Some messages are considered optional, and some are necessary for you to manage your accounts with us. We use email, text messages, push notifications on your mobile device, and even phone or paper mail depending on the situation and your preferences.

You can click the unsubscribe link in a Hyperwallet marketing email, opt out of a text message by replying “STOP,” or turn off notifications on your device. You can also change your account’s notification settings or the notification preferences on your device.

You won’t be able to opt out of messages that are considered necessary for the Services, such as digital receipts and emails that alert you to changes in your account’s status. You may be able to decide how we send those messages, such as by email, phone, text message, or a notification on your mobile device.

Choices relating to Cookies

You may have options available to manage your cookie setting preferences. For example, Your browser or internet device may allow you to delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options but doing so may prevent You from using many of the core features and functions available on a Service or Site.

9. How Do We Protect Your Personal Information?

At Hyperwallet, every employee is responsible for respecting and protecting the personal information to which the employee has access. Our privacy office oversees our privacy practices and our efforts to follow all privacy laws that apply, and to manage and reduce privacy risk. To ensure the protection of your personal information, we maintain policies and practices that govern our privacy and personal information handling practices, including defining roles and responsibilities for handling your information from the moment we gather it until it is destroyed, regular employee privacy and security training, responding to privacy complaints or inquiries, and investigation potential incidents.

We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Information against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centres, and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Information we maintain about you is accurate and current. We are not responsible for protecting any Personal Information that we disclose to a third-party based on an account connection that you have authorized.

10. Can Children Use Our Services?

We do not knowingly collect information, including Personal Information, from children under the age of 16 or other individuals who are not legally able to use our Services. If we obtain actual knowledge that we have collected Personal Information from someone not allowed to use our Services, we will promptly delete it, unless we are legally obligated to retain such data.

Please contact us at the number and email provide in the Our Contact Information section if you believe that we have mistakenly or unintentionally collected information from someone not allowed to use our Services.

We do not sell to third parties for money or share Personal Information of anyone under 16 years of age for cross context behavioural advertising.

11. Definitions

• Device Information means data that can be automatically collected from any device used to access the Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device IP address; and information about your device’s web browser and internet connection you use to access the Services.
• Location Information means information that identifies, with reasonable specificity, your approximate location by using, for instance, longitude and latitude coordinates obtained through GPS or Wi-Fi or cell site triangulation.
• Hyperwallet means the Hyperwallet group of companies, including PayPal, Inc., PayPal (Europe) S.à r.l. et Cie, S.C.A., PayPal UK Ltd, PayPal Canada Co., PayPal Pte. Ltd, and Hyperwallet Australia Pty Ltd.
• Partners and Merchants means our payor business customers that our Payees transact with for the purpose of obtaining payments or services.
• Pay without a Hyperwallet account means our Services may be accessed by individuals without a Hyperwallet account or profile.
• Payee means our Partners’ and Merchants’ designated payees.
• PayPal Companies means companies or separate brands, affiliates or subsidiaries of Hyperwallet, and who process Personal Information in accordance with their terms of service and privacy policies. PayPal Companies include Hyperwallet, Honey Science LLC, Chargehound LLC, Simility, Swift Financial LLC, Bill Me Later, Inc., and Venmo.
• Personal Information in this Privacy Policy means information about you, including your identity, finances and online behaviour.
• Sell under California law is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration.
• Services means the online payment platform (“Pay Portal”), payment services and related functionality and technology and all related websites, applications and services offered to you by Hyperwallet. Your use of the Services includes use of our Sites.
• Sharing under California law is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites.
• Sites means the websites, mobile apps, official social media platforms, or other online properties through which Hyperwallet offers the Services and which has posted or linked to this Privacy Policy.

12. Our Contact Information

If you have questions about this Privacy Policy or your Personal Information, contact us so we can help.

• Call Hyperwallet Customer Service at 1-877-546-8220
• or email our data protection officer at privacyofficer@hyperwallet.com
• For Payees, make a request while logged into the Pay Portal (Go to “Support,” select “Email” and complete the form for “Privacy Concerns”)

13. Supervisory Authority

If you are unhappy with our processing of your personal data you may lodge a complaint your local data protection authority.

• If you are in the EEA, you can find your local data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en
• In the UK, your local data protection authority is the Information Commissioner’s Office: website: https://ico.org.uk/, address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
• In Brazil, your local data protection authority is the Autoridade Nacional de Proteção de Dados: website: https://www.gov.br/anpd/pt-br, address: Scn Q 6 Bl C – Brasília, Df, 70297-400

14. Specific provisions relating to EEA Personal Information

Banking Regulations Notice for Partners and Merchants and Payees in the EEA

This section applies to Partners and Merchants and Payees who have relationships with PayPal (Europe) S.à r.l. et Cie, S.C.A. In general, the Luxembourg laws to which Hyperwallet’s handling of personal information is subject (data protection and bank secrecy) require a higher degree of transparency than most other EU laws. This is why, unlike the vast majority of providers of internet-based services or financial services in the EU, Hyperwallet has listed in this Privacy Policy the third-party service providers and business partners to whom we may disclose your Personal Information, together with the purpose of disclosure and type of information disclosed. You will find a link to those third parties here. By acknowledging this Privacy Policy and maintaining an account with Hyperwallet, you expressly consent to the transfer of your data to those third parties for the purposes listed.

Hyperwallet may update the list of third parties referred to above every quarter (January 1st, April 1st, July 1st and October 1st).

Hyperwallet will only start transferring any data to any of the new entities or for the new purposes or data types indicated in each update after 30 days from the date when that list is made public through this Privacy Policy. You should review the list each quarter on the Hyperwallet Sites on the dates stated above. If you do not object to the new data disclosure, within 30 days after the publication of the updated list of third parties, you are deemed to have accepted the changes to the list and to this Privacy Policy. If you do not agree with the changes, you may close your account and stop using our Services.

In order to provide the Services, certain of the information we collect (as set out in this Privacy Policy) may be required to be transferred to other Hyperwallet related companies or other entities, including those referred to in this section in their capacity as payment providers, payment processors or account holders (or similar capacities). You acknowledge that according to their local legislation, such entities may be subject to laws, regulations, inquiries, investigations, or orders which may require the disclosure of information to the relevant authorities of the relevant country. Your use of the Services constitutes your consent to our transfer of such information to provide you the Services.

Specifically, you consent to and direct Hyperwallet to do any and all of the following with your information:

• Disclose necessary information to: the police and other law enforcement agencies; security forces; competent governmental, intergovernmental or supranational bodies; competent agencies, departments, regulatory authorities, self- regulatory authorities or organizations (including, without limitation, the Agencies referenced in the “Agencies” section of the Third Party Provider List here) and other third parties, including PayPal Companies, that (i) we are legally compelled and permitted to comply with, including but without limitation the Luxembourg laws of 24 July 2015 on the US Foreign Account Tax Compliance Act (“FATCA Law”) and 18 December 2015 on the OECD common reporting standard (“CRS Law”); (ii) we have reason to believe it is appropriate for us to cooperate with in investigations of fraud or other illegal activity or potential illegal activity, or (iii) to conduct investigations of violations of our user agreements (including without limitation, your funding source or credit or debit card provider).

  If you are covered by the FATCA or CRS Law, we are required to give you notice of the information about you that we may transfer to various authorities. Please read more about Hyperwallet’s obligations under the FATCA and CRS Law and how they could affect you as well as take note of the information we may disclose as result.

  We and other organizations may also disclose, access and use (including from other countries) necessary information (including, without limitation the information recorded by fraud prevention agencies) to help us and them assess and to manage risk (including, without limitation, to prevent fraud, money laundering and terrorist financing). Please contact us by using the information in the Our Contact Information section if you want to receive further details of the relevant fraud prevention agencies. For more information on these Agencies, fraud prevention agencies and other third parties, click here.

• Disclose Account Information to intellectual property right owners if under the applicable national law of an EU member state they have a claim against Hyperwallet for an out-of-court information disclosure due to an infringement of their intellectual property rights for which Services have been used (for example, but without limitation, Sec. 19, para 2, sub-section 3 of the German Trademark Act or Sec. 101, para 2, sub-section 3 of the German Copyright Act).
• Disclose necessary information in response to the requirements of the credit card associations or a civil or criminal legal process.
• If you as a Partner or Merchant use a third party to access or integrate Hyperwallet, we may disclose to any such partner necessary information for the purpose of facilitating and maintaining such an arrangement (including, without limitation, the status of your Hyperwallet integration, whether you have an active Hyperwallet account and whether you may already be working with a different Hyperwallet integration partner).
• Disclose necessary information to the payment processors, auditors, customer services providers, credit reference and fraud agencies, financial products providers, commercial partners, marketing and public relations companies, operational services providers, group companies, agencies, marketplaces and other third parties listed here. The purpose of this disclosure is to allow us to provide Services to you. We also set out in the list of third parties, under each ” Category”, non- exclusive examples of the actual third parties (which may include their assigns and successors) to whom we currently disclose your Account Information or to whom we may consider disclosing your Account Information, together with the purpose of doing so, and the actual information we disclose (except as explicitly stated, these third parties are limited by law or by contract from using the information for secondary purposes beyond the purposes for which the information was disclosed).
• Disclose necessary information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).
• Disclose aggregated statistical data with our business partners or for public relations. For example, we may disclose that a specific percentage of our users live in Manchester. However, this aggregated information is not tied to personal information.
• Disclose necessary Account Information with unaffiliated third parties (listed here) for their use for the following purposes.
  1. Fraud Prevention and Risk Management: to help prevent fraud or assess and manage risk. For example, if you use the Services to buy or sell goods using eBay Inc, or its affiliates (“eBay”), we may disclose Account Information with eBay in order to help protect your accounts from fraudulent activity, alert you if we detect such fraudulent activity on your accounts, or evaluate credit risk.
  2. As part of our fraud prevention and risk management efforts, we also may disclose necessary Account Information with eBay in cases where Hyperwallet has placed a hold or other restriction on your account based on disputes, claims, chargebacks or other scenarios regarding the sale or purchase of goods. Also, as part of our fraud prevention and risk management efforts, we may disclose Account Information with eBay to enable them to operate their programmes for evaluating buyers or sellers.
  3. Customer Service: for customer service purposes, including to help service your accounts or resolve disputes (e.g., billing or transactional).
  4. Legal Compliance: to help them comply with anti-money laundering and counter-terrorist financing verification requirements.
  5. Service Providers: to enable service providers under contract with us to support our business operations, such as fraud prevention, bill collection, marketing, customer service and technology services. Our contracts dictate that these service providers only use your information in connection with the services they perform for us and not for their own benefit.

15. International Transfers

Our operations are supported by a network of computers, cloud- based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.

The third parties mentioned above may be established in jurisdictions other than your own. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with data protection laws, to protect your Personal Information, including implementing adequate measures. In particular, for transfers of your EEA Personal Information within PayPal Companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here). For transfers of Personal Data from the UK, these are based on contractual protections, including the UK Addendum (approved by the Information Commissioner’s Office) to the EU standard contractual clauses, approved by the European Commission. Please contact us for more information about this.

16. California Privacy Notice of Collection

Under the laws of California and certain other US states (i.e., Virginia), we are required to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” we collect; and (2) the categories of third parties to which we (a) disclose such personal information for a business purpose, (b) “share” personal information for “cross-context behavioural advertising,” and/or (c) “sell” such personal information.

Under California law, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We do not sell or share your Personal Information, including any Sensitive Personal Information. We also do not sell or share and have no actual knowledge that we have sold or shared any Personal Information of anyone under 16 years of age.

For more information about each category, purpose of use, and the third parties to which we disclose information, please see the “Categories of Personal Information We Collect,” “How is Personal Information used,” and “Do We Disclose Personal Information” sections.