Data Protection Lawsanchor

Data privacy and data security is a priority for Braintree, and we are compliant with data protection legislation in the countries we operate in. Braintree will always treat data as required by law, and in fact exceeds those requirements significantly in most of the countries we operate in. Data Privacy is a key concern at Braintree, and we assure you that your and your customers’ personal data will be treated in line with our strict privacy and security controls, and will not be used in any unauthorized way.

At Braintree, every employee is responsible for respecting and protecting the personal information to which the employee has access. Our privacy officer oversees our privacy practices and our efforts to follow all privacy laws that apply, and to manage and reduce privacy risk. To ensure the protection of your personal information, we maintain policies and practices that govern our privacy and personal information handling practices, including defining roles and responsibilities for handling your information from the moment we gather it until it is destroyed, regular employee privacy and security training, responding to privacy complaints or inquiries, and investigating potential incidents.

Key conceptsanchor

Here are some important concepts related to data protection laws:

  • Personal data: Any information relating to an individual
  • Data processing: Any operation or set of operations that is performed with personal data  
  • Data controller: The party that determines why and how personal data will be processed
  • Data processor: The party that is responsible for handling personal data based on the controller's determination

Braintree as a data controlleranchor

Braintree is a data controller for our merchants’ and their customers' personal data. Being a data controller means that we independently determine the purposes and means of the data processing and that we process data in accordance with our privacy statement. As a data controller for Braintree, PayPal is able to enhance our fraud and risk tools, resulting in more robust fraud detection for merchants and consumers. We also take on full accountability to our regulators and the data subjects for our products and services, including with respect to any security incidents.