Afterpay Privacy Policy
This Privacy Policy describes how your Afterpay entity as indicated below and affiliates (“Afterpay,” “we,” “us”, and "our") collects, uses, discloses, transfers, stores, retains and otherwise processes your personal information ("you", “your”, and "customer") when you visit our website, download our app, apply for and use your Afterpay account, or otherwise interact and engage with us in relation to our customer products, features, and services, including as outlined in our Terms of Service ("agreement") (collectively, "Services"). The Afterpay entity you are interacting with will be based on your country of residence. A list of Afterpay entities can be found in 11. How to Contact Us below.
Partners, retailers, online marketplaces, and suppliers that Afterpay interacts with are independent of Afterpay and responsible for their own privacy policies and practices. This includes, content on their websites or app, and products or services provided. Please refer to their privacy policy or reach out directly to these third parties for further information.
1. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND WHY
Personal information reasonably identifies you and is about you, directly or indirectly, as described in applicable privacy laws in countries we operate in.
We collect and process personal information about you in three ways:
(i) when you provide it to us directly;
(ii) when we gather personal information while you are using our Services, including through cookies and similar technologies (see 4. How We Use Cookies and Similar Technologies below); and
(iii) when we collect personal information from other third party sources.
We explain in the table below what types of personal information we collect and process, how and why we do so, and the lawful bases that apply in particular as prescribed under the General Data Protection Regulation and UK General Data Protection Regulation. We will collect and process your personal information with your knowledge and consent, including as set out in this Policy, except where otherwise required or permitted by law. We may collect or process personal information in other ways than as described below. We will let you know at that time, unless otherwise inappropriate or unlawful to do so.
If you fail or refuse to provide us with personal information we request from you directly, or we do not obtain your consent where we rely upon it, including to gather personal information while you are using our Services or from third party sources, we may not be able to proceed with entering into or fulfilling some of our Services. Consequently, we will not be able to provide or continue to provide those Services to you. This includes, but without limitation, setting up your Afterpay account, or responding to a support request or complaint.
Purpose of processing | Categories of personal information we collect and how | Why we collect and process personal information, and lawful bases where applicable |
---|---|---|
To create (and assess whether to create) an Afterpay account, including to carry out our identity and account verification process and to enable you to authenticate into your account once created. |
From you -
From other sources -
|
|
To provide (and assess whether to provide) our Afterpay account Services, including to develop our credit risk profile about you that determines your creditworthiness, to process transactions, and for the delivery of third party retailers’ goods or services. We will also provide transaction support and communications as necessary about our Services, such as payment reminders, authentication requests, and Service updates. |
From you -
From your use of our Services -
From other sources -
|
|
To provide (and assess whether to provide) our Pulse Rewards program, including offering discounts and third party supplier gift cards according to your Pulse Reward tier. |
From you -
From your use of our Services-
|
|
To find stores that accept Afterpay in your vicinity, and to send marketing in-app about stores nearby |
From your use of our Services -
|
|
To provide you support, resolve disputes, recover debt and fees owed to us, and troubleshoot problems |
From you -
From your use of our Services -
From other sources -
|
|
To detect, investigate and prevent suspected or actual money laundering, fraud, or other crimes or illegal activities on an ongoing basis, including in relation to credit card rules, and to protect Afterpay’s legal rights and claims. |
From your use of our Services -
From other sources -
|
|
To learn more about your level of satisfaction, your expectations of us and our Partners, and how we can meet them. For example, in relation to our Services, and the goods and services offered by retailers, and to customize, measure, and improve our Services, including the content, layout and operations. We may send you survey requests to do so. We may use this information to produce statistics and reports about our Services and operations. We may use this information to produce statistics and reports about our Services and operations. We will typically use this information to create aggregated or anonymised information and only use personal information where necessary. |
From you -
From your use of our Services -
|
|
To send you direct marketing or other promotional communications you might like from us and our retailers, partners or affiliates. Refer also to 6. Your Rights and Choices below for more information. When you receive direct marketing, we may also process your personal information to determine, measure, and provide personalized marketing messages that may be of interest or relevance to you |
From you -
From your use of our Services -
|
|
To make our site work as you’d expect it to, such as to prevent and respond to suspected or actual malicious software or activity, for secure identity verification and login, fraud prevention, and remembering your cookies choices. This includes personal information collected and processed by the use of cookies and similar technologies. Refer to 4. How We Use Cookies and Similar Technologies below |
From your use of our Services -
|
|
To provide by the use of cookies and similar technologies on our website better functionality, to assess our performance, for advertising by us and our partners, and to provide a personalized experience. Refer also to 4. How We Use Cookies and Similar Technologies below |
From your use of our Services -
|
|
For other purposes you have specifically consented to |
From you, from the use of our Services, or other sources -
|
|
As required or permitted by applicable laws and regulations, including to satisfy our bookkeeping, taxation, auditing, and accounting requirements, and to carry out business, operational, and legal functions. |
Unspecified information from you, from the use of our Services, or other sources. |
|
2. WHEN AND WITH WHOM WE SHARE YOUR PERSONAL INFORMATION
We share personal information described in 1. Personal Information We Collect and Why above with the following categories of service providers and other third parties.
Categories of third parties | When and why we may share your personal information |
---|---|
Affiliates within our group of companies Such as, Cash App, Square, or other subsidiaries of Block Inc. |
We may share your personal information for the following purposes for our legitimate interests or as otherwise required or consistent with applicable law.
|
Service providers and subcontractors |
We share your personal information with the following service providers for our legitimate interests to provide, maintain and improve our Services.
|
Retailers and third party suppliers |
We share your personal information for the following purposes to fulfill our agreement with you and for our legitimate interests.
|
Financial institutions that we may partner with to jointly create and offer a product, including banking partners as may be required by credit card association rules for inclusion on their list of terminated merchants |
We share your personal information for the following purposes with your consent, to fulfill our agreement with you, or for our legitimate interests.
|
Online trackers, advertising partners, and external affiliate networks |
We share your personal information for the following purposes with your consent or for our legitimate interests.
|
Companies that we plan to merge with or be acquired by or who may invest in us |
We share your personal information for the following purposes for our legitimate interests.
|
Law enforcement agencies, government agencies, officials, or other authorities or third parties pursuant to a subpoena, court order, or other legal process, requirement, or legitimate interest |
We share personal information for the following purposes for our legitimate interests, to protect our business and enforce our agreement with you, or where required or authorized by law.
|
With your consent |
|
Other third parties where required by law, or our legitimate interests as permitted by law |
|
3. HOW WE SECURE YOUR PERSONAL INFORMATION
We take appropriate measures, including administrative, technical, and physical safeguards, to protect your personal information from loss, theft, and misuse, and unauthorized access, disclosure, alteration, and destruction. The internet is not a 100% secure environment, so we cannot guarantee absolute security of the transmission or storage of your information. We are an ISO 27001 compliant company, and require our third parties to meet appropriate privacy and security standards when handling data on our behalf. Your personal information will be accessible by our employees, contractors and service providers who require access for the purposes described in this Privacy Policy.
For more information about our security practices, please visit https://www.afterpay.com/en-AU/security or refer to 11. How to Contact Us below.
4. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES
Cookies are small data files stored on your browser or device. They may be sent by the operator of the site or app you are visiting, in this case Afterpay (“first-party cookies”), or by third parties, such as our service providers and digital partners (“third-party cookies”). Other similar technologies may be used, such as tracking pixels or browser local storage (together “cookies”). For example, we partner with third-party analytics providers, like Google, to help us understand how you use our services so that we can improve your experience with us. The analytics providers that administer these services use cookies to help us analyze how you use our online services. We may disclose your site-use information (including IP address) to these analytics providers, and other service providers who use the information to help us figure out how you and others use our online services. To learn more about Google Analytics and how to opt out, please visit https://marketingplatform.google.com/about/ or https://support.google.com/analytics/answer/181881?hl=e.
When you visit our website or app, we use cookies as necessary to make our Services work, to improve our performance and functionality, or to personalize your online experience.
You may see certain “interest-based advertising” or “targeted advertising” on other websites or online services based on information relating to your access to and use of our Services and other websites. This is because we may work with interest-based advertisers to promote our Services to the extent permitted by applicable law. We may provide third party services with personal information to deliver Afterpay advertisements on third party websites that may be tailored to your individual interests. These interest-based advertisers may also use personal information about you that they have independently collected and in accordance with their privacy policy and practices, including through the use of cookies.
Your browser or device may offer settings to control cookies. Selecting “Limit Ad Tracking” (for iOS devices), or “Opt out of Interest-Based Ads” (for Android devices), will allow you to limit our use of information collected from or about your mobile device (such as precise location data) for the purposes of serving interest-based advertising to you. You may also opt-out of receiving ads from us or our partners by using our partners’ settings or by heading to Your Online Choices (EU/UK) or Your Ad Choices (other countries) for more information. As a heads up, blocking or opting-out of some types of cookies may impact your experience and the Services we are able to offer.
Certain web browsers allow you to instruct your browser to respond to Do Not Track ("DNT") signals to websites you visit, informing those sites that you do not want your online activities to be tracked. At this time, our websites are not designed to respond to DNT signals or similar mechanisms from browsers.
If you are based in the EU or UK, head to "Cookies" on our website for further information and to manage cookies on our website or app.
5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
The retention periods for personal information we collect and process about you are determined on a case-by-case basis that depends on the following factors below.
● The nature of the personal information, and why it is collected and processed, as described in this Privacy Policy. This includes to provide our Services, to comply with legal obligations, to enforce and prevent violations of our agreement with you, and to protect us against fraudulent activity.
● To manage and enforce our agreement with you. Your use of our Services is subject to the agreement between us. So if, for example, you close your Afterpay account, we retain personal information about you for a period of time so as to collect any debt or fees owed, resolve disputes, troubleshoot problems, assist with any investigations or complaints, and to prevent fraud or risk.
● To establish, exercise, or defend our legal claims or rights. For example, we preserve your personal information related to a legal claim or complaint, such as where we are subject to a regulatory investigation, or we need to defend ourselves in legal proceedings involving your personal information, or respond to a government authority or body in relation to a legal or regulatory complaint made by you or someone else.
● As required or otherwise permitted by applicable law. For example, retention periods may be imposed under law or regulation for a prescribed period of time (for example, in certain jurisdictions, up to 10 years under applicable anti-money laundering laws), and for instance, to protect our or other’s legitimate interests, such as to prevent fraud.
6. YOUR RIGHTS AND CHOICES
You can see or change personal information you gave us, ask us to close your account, control your device location tracking settings, or tell us to stop direct marketing to you at any time. Head to our Help Centre at any time by clicking "Help" on our website or app for detailed instructions. We also respect other privacy rights and choices you make consistent with applicable law. These rights and choices available to you are based on your country of residence and which Afterpay entity you are dealing with, and are subject to limitations as required or permitted by applicable law.
We may ask you to verify your identity in accordance with our standard procedures, including any authorized agent who would like to act on your behalf, or clarify your request, before taking further action on your privacy right or choice request. We endeavor to respond and address all privacy rights and choices requests within the applicable statutory time frame. We will let you know if we need more time, and why. We may not always be able to fulfill your request if we have a legitimate basis to refuse it. We will tell you why. For example, if you seek to erase your personal data in a way that would mean we are not able to comply with our obligations under law.
We will not discriminate against you, deny, charge different prices or rates for, or provide a different level or quality of goods or services if you choose to request these rights and choices.
If you would like to make a privacy right or choice request, please refer to 11. How To Contact Us below.
See or change personal information you gave us
You can see your profile and payment details any time by logging into your Afterpay account on our website or app. You can change your address, delivery address, email address, phone number, and payment method at any time. You can see other relevant information about you in your Afterpay account, including orders made and upcoming payments.
Ask us to close your account
You can ask us to close your account at any time by clicking "Close my account" under the "Profile details" tab on the app.
Control your device location tracking settings
In order to provide certain Services, we may request or require access to your location information, including precise geolocation information collected from your device. You can stop our collection of geolocation information at any time by changing the preferences on your mobile device. If you do, some of our Services may no longer function. You also may stop our collection of geolocation information via our app by following the standard uninstall process to remove the Afterpay app from your device. For more information, refer to 4. How We Use Cookies and Similar Technologies above.
Tell us to stop direct marketing to you
You can control your direct marketing preferences through the "Communication Settings" tab on our website or app. If you receive direct marketing emails from us, you can also opt out any time by clicking the unsubscribe link at the bottom of the message. If you decide to opt out of direct marketing, we'll still send you non-marketing communications such as notifications about your account, orders, and important updates to our Services.
For detailed instructions on direct marketing and the choices you can make, head to our Help Centre at any time by clicking "Help" on our website or app and search for "Marketing - Your Choices".
Marketing profiling
We create a profile about you and make predictions and inferences on what direct marketing communications we think you’d like to see from us when you are opted-in to receive such communications.
The personal information we use in such circumstances include:
● your demographics, such as, your age, inferred gender, and location (and geolocation), and aggregated performance criteria;
● purchase and spending habits, such as, your preferred Retailers and products, and the recency and frequency of engagement with us;
● how you interact with us, such as by clicking one of our marketing messages and then purchasing something from a retailer;
● and your classification, such as being a Pulse Rewards loyalty member. For further information about our Pulse Rewards program, refer to its Terms and Conditions.
We use this personal information to send you personalized news, promotions, and offers from us and our retailers. If you would prefer not to receive personalized marketing, you have the right to object and opt out at any time.
Other rights and choices that may be available to you, based on your country of residence
Right to | Description |
---|---|
Withdraw your consent |
You have the right to withdraw your consent where we have relied on it to process your personal information. If you withdraw your consent, we may not be able to provide you with certain Services. It will not affect our lawful basis for processing based on consent before your withdrawal. |
Access |
You have the right to request a copy of your personal information held by us. |
Further information |
You have the right to enquire further about the personal information we hold about you and our privacy practices, including how we transfer personal information internationally and onward disclosures of personal information |
Correction |
You have the right to ask us to correct your personal information held by us, including where you believe it is not accurate, complete, up to date, or relevant. |
Erasure |
You have the right to ask us to erase your personal information, and where personal information is made public, to inform other controllers of your personal information to erase your personal information where you have a lawful erasure right. |
Restrict Processing |
You have the right to ask us to restrict processing of your personal information. |
Object to processing |
You have the right to object to us processing your personal information where we process it based on our legitimate interests, including for direct marketing purposes and other profiling activities. You can also opt out of direct marketing at any time as described above. |
Data Portability |
You have the right to ask us to access or transfer on your behalf personal information we hold about you to a third party in a structured, commonly used and machine-readable format. |
Make an enquiry or complaint |
You have the right to make an enquiry or complaint, including to lodge a complaint with your local privacy authority. |
Object to automated decision making |
You have the right to object to solely automated decisions that we may have made about you that produce a legal or similarly significant effect, and ask for more information about the decision and have a person review it, unless we are prohibited or exempt from doing so under law. More information We use systems to make decisions about you through automated means, including behavioral profiling, without our staff being involved. We complete the following decision making by automated means, with legal or similarly significant effects on you, to enter into and perform our Services you request from us, or to comply with laws that apply to us:
These decisions rely on personal information we collect or hold about you from your applications and your interactions and experiences with us, such as transactions you have attempted to make or made with us. We may also use information about you we collect from third party credit reference and fraud prevention agencies for bullet points 1 and 2 above. Automated decisions can affect the products, services or features we may offer you. As a result of the above decisions, you may be declined access or have limited access to our Services. We perform regular checks of our automated decision models to ensure they are operating correctly. |
7. RIGHTS OF CALIFORNIA RESIDENTS
If you live in California, the following additional rights apply to you.
Right to | Description |
---|---|
Know |
You may have the right to request, up to twice in a 12-month period, to see the following information about the personal information we have collected about you:
California law also gives you the right to ask if we share your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for unaffiliated third parties’ direct marketing purposes). |
Erasure |
You have the right to ask us to delete the personal information we have collected from you (subject to exceptions the law provides). Please note that you may no longer be able to use our Services if you delete your personal information. |
Correction |
You have the right to correct the personal information we have collected about you (subject to exceptions the law provides). |
Non-Discrimination |
You have the right to not be discriminated against if you exercise these privacy rights. We will not discriminate against you, deny, charge different prices for, or provide a different quality of goods or services if you choose to exercise these rights. |
Opt-Out |
You have the right to opt-out of the sharing of your personal information for purposes of certain targeted advertising known as cross-context behavioral advertising. If we share your personal information to third parties for such purposes, we will provide you the right to opt out of such sharing (subject to exceptions the law provides).
Although some of the information we collect and process about you may be considered sensitive personal information, we only process such information for purposes authorized by law, such as to provide services you request from us or to verify your information.
|
8. INTERNATIONAL DATA TRANSFERS
Personal information we collect and handle about you may be transferred to or stored in a jurisdiction outside your country of residence and where the Afterpay entity you are dealing with operates. We may do so, for example without limitation, when sharing personal information with our affiliates and service providers to help us provide (or assess to provide) our Services or other third parties that we partner with. Your personal information may be transferred to or stored in Australia, New Zealand, the United States, Canada, United Kingdom, the European Union, China, and Singapore. We may transfer your personal information to other countries, but we will always take steps to ensure your personal information is afforded equivalent levels of protection and rights as are required under your country of residence and where the Afterpay entity you are dealing with operates. For more information please reach out using the details in 11. How to Contact Us below.
Where we transfer your personal information outside the United Kingdom or European Union to countries that are not covered by an adequacy decision of the UK government or the European Commission (as applicable), we use appropriate safeguards that include Standard Contractual Clauses approved by the UK's Information Commissioner's Office or European Commission as appropriate, or other applicable measures, including transfers to a third party that has implemented Binding Corporate Rules, or specific situations outlined under Article 49 of the UK GDPR / GDPR. You can access a copy of the Standard Contractual Clauses approved by the UK Information Commissioner's Office here, and the Standard Contractual Clauses approved by the European Commission here. Afterpay entities are bound by an Intercompany Personal Data Transfer Agreement that contains Standard Contractual Clauses.
For further information about our policies and practices with respect to international data transfers, please refer to 11. How To Contact Us below.
9. CHILDREN'S PERSONAL INFORMATION
Our Services are not directed at children under the age of 18. We do not knowingly collect, sell or share for cross-context behavioral advertising any information from children under the age of 18. If we learn that any personal information we collect has been provided by a child under the age of 18, we will promptly close the relevant account and delete that personal information as consistent with applicable law.
10. CHANGES TO THIS PRIVACY POLICY
We reserve the right to change this Privacy Policy from time to time, as may be required. We will provide you with reasonable prior notice of any material changes in how we use your personal information, including by email if you have provided one. If you disagree with these changes, you may cancel your Afterpay account at any time. Any amendments will be published by posting a revised version of the Privacy Policy and updating the “Effective Date” above. The revised version will be effective on the “Effective Date” listed.
11. HOW TO CONTACT US
If you have any questions or concerns regarding this Privacy Policy, or would like to exercise your rights and choices, you can get in touch with us by contacting your country specific Afterpay entity below. If you are dissatisfied with our response, you have a right to make a complaint to your local privacy authority, with a link to their contact page below.
Country | Contact Details | Local Authority |
---|---|---|
Canada |
Afterpay Canada Limited If you would like to speak to the Afterpay Privacy Lead, please address your communication accordingly. |
|
United States |
Afterpay US, Inc. |
12. US FEDERAL PRIVACY NOTICE
This Notice applies to non-public information collected under the and in accordance with the Gramm-Leach Bliley Act.
FACTS | What does Afterpay do with your personal information? |
---|---|
Why? |
Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do. |
What? |
The types of personal information we collect and share depend on the product or service you have with us. This information can include:
|
How? |
All financial companies need to share customers’ personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers’ personal information; the reasons Afterpay chooses to share; and whether you can limit this sharing. |
Reasons we can share your personal information | Does Afterpay share? | Can you limit this sharing |
---|---|---|
For our everyday business purposes – such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus |
Yes |
No |
For our marketing purposes - to offer our products and services to you |
Yes |
No |
For joint marketing with other financial companies |
No |
We don't share |
For our affiliate's everyday business purposes - information about your transactions and experiences |
Yes |
No |
For our affilitate's everyday business purposes - information about your creditworthiness |
No |
We don't share |
For our affiliates to market to you - information about your creditworthiness |
No |
We don't share |
For nonaffiliates to market to you |
No |
We don't share |
Questions | Go to https://www.afterpay.com and head to our Help Centre at any time by clicking "Help" on our website or app. You can also email [email protected] |
---|
Who we are | |
---|---|
Who is providing this notice? |
Afterpay US, Inc. and Afterpay US Services, LLC |
What we do | |
---|---|
How does Afterpay US protect my personal information? |
We use security measures that comply with federal law to protect your personal information from unauthorized access. These measures include computer safeguards and secured files and buildings. |
How does Afterpay US collect my personal information? |
We collect personal information, for example, when you:
We also collect information from your use of our Services, and other sources, such as credit bureaus, affiliates, or other companies. |
Why can’t I limit all sharing? |
Federal law gives you the right to limit only:
State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law. |
Definitions | |
---|---|
Affiliates |
Companies related by common ownership or control. They can be financial and nonfinancial companies.
|
Nonaffiliates |
Companies not related by common ownership or control. They can be financial and nonfinancial companies.
|
Joint marketing |
A formal agreement between nonaffiliated financial companies that together market financial products or services to you.
|
Other Important Information |
---|
Conflicts: To the extent there are any conflicts between this notice and Afterpay US’s privacy policy, this notice will control for U.S. customers. Telephone Communications: Afterpay US and its authorized agents, service providers and partners may monitor and/or record all telephone communications in accordance with applicable law. Nevada Residents: The Nevada Revised Statutes Chapter 603A permits consumers who are Nevada residents to ask businesses covered under the act not to sell covered information collected. These provisions do not apply to personal information collected, processed, shared, or disclosed by financial institutions pursuant to the Gramm-Leach-Bliley Act. We will not share personal information that we collect about you with nonaffiliated third parties without your authorization, except as permitted by law. Vermont Residents: We will not share information we collect about you with nonaffiliates, except as permitted by law, including with your consent or to service your account. We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information, financial information, credit report, or health information to nonaffiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures. |