Privacy Policy

Last Updated: December 1st 2025

This Privacy Policy applies to information we collect when you sign up for products and services provided by SumUp Canada Inc (“we”, “us”, or “our”), when you access or use any of our websites, mobile applications and products, when you speak to our staff, or when you otherwise interact with us (collectively, the “Services”). This Policy also applies to information we collect if you have not signed up for our Services but are making payment transactions through our Services.

1. The Personal Information We Collect and Hold

We collect and hold personal information about you in various ways, including when you register for an account, use our Services, contact us, or when we otherwise interact.

This includes:

  • When you register for an account with us, we collect information about you such as your full name, address, date of birth, email address, telephone number. We also collect information about your business, which may include your company name, legal form, business type, business address, business telephone number, directors and ultimate beneficial owners.

  • If you receive payouts from us based on transactions you perform, we collect your bank account details.

  • For research, marketing or service-improvement purposes we may collect other information you voluntarily provide such as preferences and interests.

  • To verify your identity (for example pursuant to anti-money-laundering or fraud-prevention obligations) we may collect identity verification information from third-party agencies.

  • When you use our Services we collect transactional information including time, location, transaction amount, payment method, cardholder details (as permitted under applicable law).

  • When you access our website or mobile application we may automatically collect technical and device data such as your IP address, operating system, browser type, device identifiers, visit dates and times, browsing behaviour and other usage analytics.

  • If you are an employee, contractor or service provider we may collect employment/engagement-related information including employment history, education and training, qualifications, salary and reference information.

When you use one of our products we may process data relating to your end-customer such as:

  • Contact information (name, phone number, address, email) if you receive receipts from our Merchants or earn loyalty points.

  • Transactional information (card number, expiry date, CVV, cardholder name, history of purchases, loyalty points).

  • Behavioural and tracking details (location data, browsing behaviour, device identifiers, IP number, cookie identifiers).

  • Communication data and any other data you provide voluntarily (support enquiries, chat logs, survey responses).

All such information is collected either directly from you, generated by you, or inferred/derived from your use of our Services.

2. Collecting, Holding and Using Your Personal Information

We collect, use and hold your personal information to:

  • Provide our Services, and deliver relevant information to you including transaction receipts, payout reports, security alerts, support messages.

  • Improve and personalise our Services (for instance enabling mobile-app features specific to your business).

  • Communicate with you about news and updates to our Services, or about promotions, incentives and offers unless you choose to opt-out.

  • Collect usage and behavioural data (including via cookies and web beacons) to track and analyse usage behaviour and drive features, promotions or rewards.

  • Protect our rights, investigate and prevent fraud or illegal activities, and comply with applicable laws (including anti-money-laundering, sanctions, regulatory obligations).

  • Manage our relationship with you as employee/contractor/service-provider where applicable.

We will limit collection and use of your personal information to purposes that a reasonable person would consider appropriate in the circumstances, and only with your consent, except as otherwise permitted or required by law

3. Disclosure of Your Personal Information

We may disclose your personal information:

  • To any affiliate or subsidiary within our group of companies to enable provision of our Services (customer support, settlements, audit, etc.).

  • To third-party service providers acting on our behalf (e.g., payment processors, identity verification services, fraud prevention providers, financial institutions, card associations).

  • To advertising/marketing partners, contest or promotion partners (unless you opt-out).

  • As part of a corporate transaction (merger, sale of company shares or assets, financing, acquisition, divestiture, or dissolution).

  • If required or permitted by applicable law (e.g., to comply with a legal obligation, to enforce our terms, protect security or the rights and property of our company or others).

In each case, we will only disclose personal information that is necessary for the identified purpose and where appropriate safeguards or contracts are in place to ensure the confidentiality and security of the personal information.

4. Cross‑Border / International Transfers

We may transfer your personal information to affiliates or third-party service providers outside Canada. Where we do, we will ensure adequate safeguards consistent with Canadian privacy laws.

5. Linking to other websites

When you click a link on our website to a third-party website which is not operated by us, you should be aware that these websites have their own privacy policies. We have no control over, and accept no responsibility for, their privacy practices. We encourage you to review those policies before you submit personal information on any such site.

6. Retention of Your Personal Information

We retain your information only as long as necessary to fulfill the purposes identified, or as required by law. When no longer needed, it will be securely destroyed or anonymized.

7. Cookies, Web Beacons & Tracking Technologies

We use cookies and tracking technologies to personalize content, analyse traffic, and improve functionality. For more information, please see our cookie policy.

8. Electronic Communications (CASL Compliance)

We comply with Canada’s Anti-Spam Legislation (CASL) and will not send commercial messages without consent. All messages include sender identification and an unsubscribe mechanism.

9. Your Rights: Access & Correction

Under Canadian law, you have the right to:

  • Be informed of the existence, use and disclosure of your personal information held by us.

  • Request access to your personal information.

  • Request correction of your personal information if it is inaccurate, incomplete or out-of-date.

  • Challenge our compliance with PIPEDA’s principles (such as accountability, limiting collection/use/disclosure, safeguards, openness) and have your challenge addressed.

If you wish to access or correct your personal information, please contact us at the details below.

10. Breaches, Complaints & Supervisory Authority

If you believe we have violated our responsibilities under PIPEDA, you may submit a complaint to our Privacy Officer (see Contact below). We will investigate your complaint and respond within a reasonable time.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC).

In the event of a breach of security safeguards involving personal information under our control that poses a real risk of significant harm, we will notify you and the OPC, as required by regulations under PIPEDA.

11. Canadian Territories

If you are a resident of British Columbia, BC’s Personal Information Protection Act (PIPA) applies. You may request access and correction of your personal data, and information about storage outside Canada. Complaints may be directed to the Office of the Information and Privacy Commissioner (OIPC) for BC.

If you are a resident of Alberta, Alberta’s PIPA applies. We will notify the Alberta OIPC and affected individuals of any breach posing a real risk of significant harm.

If you are a resident of Quebec, we will comply with the Quebec Private Sector Act as amended by Law 25. Including obtaining express consent, performing privacy impact assessments for data transfers outside Quebec, and providing notice of automated decision-making.

12. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of Canada and the province or territory in which you reside.

13. Contact

SumUp Canada Inc 181 Bay Street, 4400, Toronto, Ontario, M5J 2T3 Canada Privacy Officer email: [email protected]

14. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time by posting the updated version on our website and indicating the “Last Updated” date. If we make material changes, we will notify you by email (if you have provided one) or through a notice when you log into your account.