Privacy Policy

All WePay users must read and agree to the Terms of Service and Privacy Policy for the country in which they are located. Use the buttons below to access the documents that apply to you, then download or print them.

 

WePay Privacy Policy - United Kingdom 

Last update: November 9, 2016. This update replaces references to the US-EU Safe Harbor in Section 6 with a reference to the model clauses. It also updates the list of cookies in Appendix 1.

  1. Overview
  2. Information Collected
  3. Use and Sharing of Information Obtained by WePay
  4. Terms that Apply to Information if You Are a Merchant or Platform
  5. Information Security
  6. International Transfers
  7. Your Privacy Choices

This Privacy Policy describes how WePay, Inc., a Delaware corporation, its subsidiary WePay Payments Ltd., a company incorporated in England and Wales (together "WePay" "us" "we" or "our"), handle user information when we provide our payment services (the "Services") through third party websites ("Platforms"), such as marketplaces, business tools providers, and crowdfunding sites.

1. Overview 

Platforms provide the WePay Services to their end users ("Users" or "you") by integrating with the WePay application programming interface ("API"), which also enables the Platform and WePay to share User information.

This Privacy Policy addresses how WePay handles all User information, including User information provided by you, User information provided by the Platform, and User information obtained by WePay from third parties.

By using the website located at www.wepay.com ("Website"), using the Services, or otherwise interacting with WePay, you are accepting the practices and policies described in this Privacy Policy.

The term "personal data", as used in this Privacy Policy, is any information or data that identifies a living individual by itself or with other information in the possession of, or likely to come into the possession of, the data controller.  For these purposes, if you live in the European Economic Area, WePay Payments Ltd., a limited liability company registered in England and Wales with the company number 019135633 whose registered office is at 6th Floor, One London Wall, UK, EC2Y 5EB, shall provide the Services in its capacity as data controller.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time by posting a revised version at this link. The revised version will be effective at the time we post it. In addition, we will provide you with additional prior notice or an opportunity to "opt-in" if the proposed changes are material or retroactive.

Platform Privacy Policies

By using a Platform that has integrated with the WePay API, you are accepting the practices described in the Platform's privacy policy, which you should review carefully. Any information you enter on the Platform's website or application, or on WePay pages, fields, or resources that are integrated with the Platform's website or application, may be shared with the owner of the Platform website or application, subject to the requirements of the Payment Card Industry Data Security Standard (PCI-DSS) and applicable law. WePay is not responsible for the content or information practices of Platforms.

Children

The Services are not intended for children. We ask that minors (persons under the age of 18) do not submit any personal data to us or use the Services.

Back to top

Basically,

This Privacy Policy provides important information about how WePay treats your information.  Please read it carefully!

2. Information Collected 

WePay collects three types of information: information that Users intentionally provide to WePay or the Platform, information about Users that third parties provide to WePay or the Platform to augment or verify that information, and information automatically provided by Users as they interact with the WePay Website or Platform website. In general, you can browse the Website without telling us who you are or revealing any personal data about yourself. Automatically provided information that uniquely identifies a device or browser is not personal data unless it can be reasonably associated with or linked to a particular User.  Once you give your personal data, you are not anonymous to us. If you use our Services, we will require you to provide certain personal data to enable us to provide the Services to you.

User Provided Information

Users either accept payments as "Merchants" or make payments as "Payers." A Merchant must provide the Merchant's name, email address, a self-selected password, street address, merchant category code, date of birth (if a natural person), and bank account information to register for a WePay account and access the Services. A Merchant may provide additional information, such as telephone number, tax identification number, or a link to its website or social media account, in order to accelerate account activation and qualify for faster disbursement of funds.

WePay may also require other commercial and/or identification information if Users send or receive certain high-value transactions or high overall payment volumes through the Services or as is otherwise required in order for WePay to comply with its anti-money laundering obligations under European law.

A Payer who is paying with a credit or debit card must provide the Payer's name, card number, expiration date, CVV code, street address, country, and postcode. A Payer who is paying by BACS or EFT must provide the Payer's name and bank account information. If a Payer registers for a WePay account, they will need to provide additional information, including email address and a self-selected password.

Merchants or Payers may voluntarily provide additional information to WePay or the Platform, for example, when seeking customer support or in response to surveys or other inquiries.

Third-Party Provided Information

WePay or the Platform may obtain information about Users from third parties, such as identity verification services, credit reference and fraud reference agencies and credit reporting services, in order to:

  • Verify the validity of information provided by Users;
  • Assess the financial stability, creditworthiness and underlying riskiness of a Merchant’s business; and
  • Undertake checks for the prevention and detection of fraud and/or money laundering.

For example, if you use a credit or debit card with the Services, we may use authorization and fraud screening services to verify the credit or debit card information and address match the information you provide to WePay and that the credit or debit card has not been reported as lost or stolen.  

WePay or the Platform also reserve the right to conduct background checks about Users (and their businesses where appropriate) from a credit reference agency or fraud agency. WePay or the Platform, at its sole discretion, reserves the right to periodically review and retrieve a business and/or consumer credit report supplied by such credit reference or fraud agency for any WePay User. WePay or the Platform reserves the right to deny a User use of the Services or close a WePay account based on information obtained during this credit review process.

If you are a Merchant, WePay or the Platform may also collect additional publicly available information about your business and your behavior from social media networks like Twitter, Facebook, Google Plus or LinkedIn (such as the number of "likes", "connections" and "followers"), to the extent relevant to verify the information you provide and the other purposes identified in this section.

The Platform may also provide WePay with additional information, such as the User's transactional history on the Platform.

Additional Verification

If WePay cannot verify the information you provide, WePay may ask you to upload or send additional information (such as a credit card statement, tax document, and/or a recent utility bill or other information linking you to the applicable address), or to answer additional questions online to verify your information.

Data Sharing and Our Services

In order to facilitate transactions between WePay Users, the WePay Services allow limited sharing of personal data between WePay, Users and the Platform.

Automatically Provided Information

WePay or the Platform may automatically record certain information about or related to your use of the Services and the Platform that is made available through your computer. Three such technologies are described below.


Cookies and Other Tracking Technologies – WePay or the Platform may collect certain information from a User's browser using small data files called "cookies" and other software tracking technologies like clear gifs or web beacons to help provide Users with a better, faster and safer experience.  Our policy with respect to cookies and such tracking technologies is summarized below.

What is a cookie?

"Cookies" are small data files stored on your hard drive by a website that may collect personal data about you. Cookies send data back to the originating website on each subsequent visit, or shares data with another website that recognizes that cookie.

Cookies are useful because they allow a website to recognize a user's device. They do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience.

Cookies do not typically identify you as an individual, just the device you are using.  For further information on cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit http://www.allaboutcookies.org 

How do we use cookies?

We use cookies, web beacons, and other technologies for a variety of purposes -- to remember your preferences, provide services (including product and site functionality), analyze our performance, enhance and personalize your experience, and provide marketing communications.

For more information about removing or rejecting cookies, please see "Your Privacy Choices" below.

What cookies do we use?

Below we have provided a list of the categories of cookies found on our Services, and a description of what those cookies do. Please check back here periodically as we may update this information from time to time:

Essential Cookies: We use a number of cookies which are essential to the operation of our Website and the Services. For example, these types of cookies enable you to log into secure areas of the Services and provide the necessary security when you access our Website or Service. Without these cookies, the Services that you have asked for cannot be provided. We want you to understand these essential cookies, and why we use them, but we don't need to get your consent to use them on our Services as we use these cookies only to provide you with services that you have requested.

Functionality Cookies: These cookies allow our Services to remember choices you make, such as: remembering your username, preferences and settings; remembering if you've used any of our Services before; remembering your location; and enabling social media components like Facebook or Twitter. The aim of these cookies is to provide you with a more personal experience so that you don't have to reset your preferences each time you use our Services. As described below, you may disable any of these functional cookies; but if you do so, then various functions of our Services may be unavailable to you or may not work the way you want them to.

Analytical Cookies:  These cookies collect information about how you and other visitors use and interact with our Services, for instance which pages are visited most often. These cookies helps us improve the way Website and Services work and provide a better, personalized user experience.

Advertising Cookies: These cookies record your visit to our Website, the pages you have visited, and the links you have clicked. They gather information about your browsing habits and remember that you have visited a website. We (and third-party advertising platforms or networks) may use this information to make our websites, content, and advertisements displayed on them more relevant to your interests (this is sometimes called "behavioral" or "targeted" advertising). These types of cookies are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns. 

Some of the cookies we commonly use are listed in our cookies chart in Appendix 1 below. This list is not exhaustive, but it is intended to illustrate primary reasons for certain types of cookies set by WePay and third parties on our Website and through our Services. Third parties may also set certain cookies on your device when you use our Services. In some cases, the third party has been hired to provide certain services on WePay's behalf (e.g., website analytics). When your browser connects to those third parties' web servers to retrieve content, those third parties may set and use their own cookies on your device.

How long do cookies stay on my device?

Some cookies operate from the time you visit the Website or to the end of that particular web-browsing session. These cookies expire and are automatically deleted when you close your internet browser. These cookies are called "session" cookies.

WePay or the Platform may use session cookies to help recognize a User who visits multiple website pages during the same session, so that the User does not have to enter a password to access each page. Session cookies terminate once the User closes the browser.

Some cookies will stay on your device between browsing sessions -- they do not expire when you close your browser. These cookies are called "persistent" cookies. The length of time a persistent cookie stays on your device varies from cookie to cookie.

WePay or the Platform may also use persistent cookies to collect, store, and track information. For example, WePay uses a persistent cookie to store a User’s choice not to be challenged with second factor authentication on the same browser for 30 days. We encode our cookies so that only we can interpret the information stored in them.

Third Party Cookies

Please note that third parties (including for example providers of external services like web traffic analysis services) may also use cookies on our Services.

Web beacons and other tracking technologies - WePay or the Platform may also collect information via clear gifs or web beacons (also known as "tracking pixels") that helps us better manage content on the WePay Website or Platform website, and in WePay or Platform emails, by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a User's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

Back to top

Basically,

We collect and store certain information about you. This information may be provided directly by you, a platform partner, or WePay may collect it based on your use of the Website.

3. Use and Sharing of Information Obtained by WePay 

WePay uses User information (including personal data) primarily in order to develop, operate, support, maintain, enhance and provide the Services. WePay uses User information to process payment transactions; to provide receipts and reports; to resolve disputes, collect fees, and troubleshoot problems; to customize, measure, and improve the Services; and to enforce our Terms of Service with Users and Platforms.

WePay also uses User information to detect and prevent fraud and other potentially illegal activities. WePay may combine User information with information from other sources using proprietary algorithms to calculate a measure of the risk that a particular User or transaction is fraudulent ("Risk Score").

WePay uses User information for our administrative and operational purposes. WePay or the Platform may notify you of changes in the Services, or may solicit your feedback, or may conduct market research, or may, where you have agreed, send you promotional materials. For more information about how to change your preferences and to unsubscribe from receiving promotional materials, please refer to “Your Privacy Choices" below.

Sharing of Information with Third Parties

WePay may share your  User information (including personal data) with certain third-party companies that provide specific services to WePay, including: settlement; security; validation of user credentials; secure data storage; marketing; customer service; and other services. WePay requires that these service providers use User information that is personal data only in connection with the services they perform for WePay and for the purposes described in this Privacy Policy.

WePay also may share non-personally identifiable User information with third parties that help us better understand how Users use our Services or help us detect and prevent fraud and other unauthorized or suspicious activity. These third parties may use cookies and other technologies to collect non-personally identifiable information about Users and combine it with similar information collected from others. They may use this information to help WePay to better understand our Users, and to help their other customers better understand their users. See the paragraph above headed "Cookies and Other Tracking Technologies" for more on this.

A WePay Risk Score is not personal data, and WePay may share it (and other similar information generated by WePay) with Platforms or other third parties. WePay claims ownership of Risk Scores and similar analytical results that we generate using User information, whether alone or in combination with other information. WePay may use, disclose, or sell Risk Scores in WePay's sole discretion.

WePay may share User information (including personal data) in the event of a merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, or in the event of insolvency, bankruptcy or receivership in which User information is transferred to one or more third parties as one of our business assets. Should such an event occur, WePay will endeavor to assure that the acquirer, successor, or assignee (as the case may be) follows this Privacy Policy with respect to User information. If User information could be used contrary to this Privacy Policy, Users will receive prior notice as well as the opportunity to opt out.

WePay may share User information (including personal data) with law enforcement, government officials, or other third parties in the event of a subpoena, court order or similar legal procedure, or when WePay believes in good faith that the disclosure of User information is necessary or advisable to report suspected illegal activity, or to protect WePay's property or legal rights (including, but not limited to, enforcement of WePay's Terms of Service and other agreements) or the property or rights of others, or otherwise to help protect the safety or security of the Services.

Except as expressly disclosed in this Privacy Policy, WePay will not sell or disclose User information to third parties. WePay will not sell, rent, share, or trade personal data to third parties (other than the Platform through which WePay collected such information) for their promotional purposes. For more information about how to change your preferences and to unsubscribe from promotional materials, please see "Your Privacy Choices” below. WePay may disclose aggregated or other types of non-personally identifiable information to third parties for various purposes.

WePay may host, process, and store Users’ personal data in the United States and other countries through WePay and third parties that we use to operate and manage our Services.  Whenever we process personal information outside of the European Economic Area (“EEA”) on behalf of Users located in the EEA or Switzerland, we will continue to afford it adequate protection in accordance with the requirements of the European Data Protection Directive 95/46/EC.

Back to top

Basically,

We will share personal data with third parties only to best provide WePay's services and in special situations, such as legal investigations and merger. We may also share non-personally identifiable information with third parties that help us prevent fraud and analyze website activity.

4. Terms that Apply to Information If You Are a Merchant or Platform 

If you are a Merchant or Platform, you agree that with respect to Users’ personal data that you obtain or receive from WePay through or in connection with the Services or a WePay-facilitated transaction, you will:

  1. only use this information for: (a) WePay related communications that are non-unsolicited commercial messages; (b) ancillary actions in relation to the WePay payments or transactions for which WePay has been used; and (c) any other purpose that the other User consents to after adequate disclosure of the purpose(s);
  2. promptly comply with any request from WePay requiring you to amend, transfer or delete the personal data;
  3. process the personal data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments;
  4. not transfer such personal data outside the EEA without the prior written consent of WePay;
  5. take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against the accidental loss or destruction of, or damage to, such personal data; and
  6. promptly inform WePay if any such personal data is lost or destroyed or becomes damaged, corrupted, or unusable.

If, as a Merchant or Platform, you receive any complaint, notice or communication which relates directly or indirectly to the processing of any such personal data or to either party's compliance with any applicable data protection or data privacy laws or regulations, you shall immediately notify WePay and provide WePay with full co-operation and assistance in relation to any such complaint, notice or communication.

If you are a Merchant or Platform, to the extent you are collecting and transferring any User’s personal data on behalf of or to WePay to enable WePay to provide the Services, you will ensure that:

  1. you obtain all necessary rights, and where applicable, all appropriate and valid consents to share such data with WePay and to permit use of that data by WePay, its third party service providers, group entities and affiliates for the purposes of the provision of the Services in accordance with the terms of this Privacy Policy; and
  2. you have and agree to post, maintain and adhere to an appropriate privacy policy for your site or store (as applicable) that informs your customers about what personal data will be collected about them, how it will be used and any other disclosures required by all applicable law and regulations. This shall include (but without limitation) including a statement within your own privacy policy notifying your customers that their personal data will be transferred to WePay, including its service providers, group entities and affiliates and that the data will be stored outside the EEA to the United States for the purposes outlined in this Privacy Policy.

Back to top 

Basically,

If you are a Merchant or Platform, you will have certain responsibilities in relation to the personally identifiable User information that you receive from WePay when using the Services.

5. Information Security 

WePay has implemented physical, technical, and procedural safeguards to protect User information from unauthorized access, disclosure, alteration, or destruction. WePay uses computer safeguards such as firewalls and data encryption, and authorizes access to personal data only for those employees, contractors, and agents who require it to fulfill their job responsibilities.

WePay takes additional care to protect User information, such as credit card or bank account numbers, if disclosure of the particular type of User information could cause direct financial loss. WePay encrypts such information and transmits it under Secure Socket Layer (SSL).

Back to top

Basically,

WePay has taken a number of steps in order to become an extremely secure service.

6. International Transfers 

WePay will provide some or all of the Services from systems located outside of the EEA. For example, WePay stores and processes User information on dedicated servers located in secure data centers that may be located within the United States or in other jurisdictions located outside the EEA.  If you use the Services from the EEA or other regions of the world outside of the United States, you understand and consent to the transfer of your User information (including personal data) to the United States or other jurisdictions for the uses and purposes identified in this Privacy Policy. If you are a Merchant, you are required to disclose to Payers that personal data may be transferred, processed and stored outside of EEA.  If you are a payer, you  expressly agree and consent that each time you pay or attempt to pay a Merchant using your WePay account, WePay may transfer the foregoing data to such Merchant, in order to process, execute or otherwise deal with and provide information about the payment and such Merchant may be located outside the EEA. 

You acknowledge and agree that the privacy and data security laws in place in the United States or other jurisdictions outside the EEA may be different from and may not offer the same level of protection as the privacy and data security laws in force in the country in which you reside. By voluntarily providing User information, you hereby agree that you are consenting to our collection, use, storage, and disclosure of such User information in accordance with this Privacy Policy.

In relation to transfers of User information from WePay Payments Ltd. (in the UK) to WePay, Inc. (in the United States), WePay has put in place measures, including standard model clauses, to ensure an adequate level of protection for the rights and freedoms of individuals in relation to the processing of their personal data, as required by European data protection laws. 

Back to top

Basically,

When WePay stores data on servers in the United States or other jurisdictions, that data is subject to the laws of those jurisdictions.

7. Your Privacy Choices 

Promotional Communications 

You have the right to ask us not to process your personal data for marketing or promotional purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You may also opt out of receiving promotional emails or text messages from WePay by clicking the "unsubscribe" link in the email or by emailing legal@wepay.com. If you opt out, we may still send you non-promotional emails, such as emails about your account or our on-going relations.

Cookies

There are a number of ways you can manage what Analytics and Functionality cookies are set on your devices. Essential cookies, however, cannot be disabled. If you do not allow certain cookies to be installed, the website may not be accessible to you and/or the performance, features, or services of the website may be compromised.

The first time you visit our Website you will see an overlay which explains that by clicking "OK" you are deemed to consent to the use of cookies as described in our cookie policy.

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services. For further information about cookies, including how to refuse cookies, please visit www.allaboutcookies.org.

The following links provide information on how to modify the cookies settings on some popular browsers:

Your Privacy Rights

You can update or delete certain User information through WePay or the Platform. WePay reserves the right to keep copies of User information for so long as is reasonably necessary backups, analytics, or to fulfill legal obligations.

You have the right to access information held about you. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.  You also have the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge.

Back to top

Contacting WePay

If you have questions or concerns regarding this policy, you may email us at legal@wepay.com. You can also write to us at:

WePay, Inc.

350 Convention Way, Suite 200

Redwood City, CA, 94063

Basically,

You can reach us through email or postal mail regarding the Privacy policy.

 

Appendix 1 – Cookies and Purpose

Cookies enable us to identify your device, or you when you have logged in.  We use cookies that are essential to enable you to move around the site or to provide certain basic features.  We use cookies to enhance the functionality of the Website by storing your preferences, for example.  We also use cookies to help us to improve the performance of our Website to provide you with a better user experience.

Essential cookies: These cookies are necessary in order for you to move around WePay.com and use the Website:

Cookie Purpose
wepay Logged-out session cookie
session A unique session identifier
wepay-session-uld User logged-in cookie. Removed on logout
SERVERID Marketing website (haproxy/routing)
Incap_ses_####, visid_incap_#### Marketing website (Incapsula)
sso_user For single sign-on


Functionality: Functionality cookies record information about choices you’ve made and allow us to tailor the Website to you.

Cookies Purpose
wepay-device-uld Device token (for MFA)
https://vimeo.com/cookie_list To provide streaming services from Vimeo


Analytical: We use analytical cookies to help us understand how users interact with our Website and to provide a better user experience for you.  

Cookie Purpose
_ga,_gat To obtain information about users' online activities from Google Analytics
https://www.zendesk.com/
company/cookies
To provide support services from Zendesk
bucket, iframe_bucket AB testing new user flows 
_mktotrk To enable marketing services from Marketo
_session_id To understand traffic interaction between G2Crowd review pages and the Website

 

Advertising: We use advertising cookies to collect information to target our advertisements to you.  

Cookie Purpose
_adroll To provide targeted advertisting services from AdRoll

 Back to top