PRIVACY POLICY
Last updated November 03, 2025
This Privacy Notice for Donstronomy (doing business as Donstronomy ) (
- Visit our website
at http://www.donstronomy.com or any website of ours that links to this Privacy Notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services.don@donstronomy.com .
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? Some of the information may be considered
Do we collect any information from third parties?
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which
How do we keep your information safe? We have adequate
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by don@donstronomy.com
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.We collect personal information that you voluntarily provide to us when you
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
names
phone numbers
email addresses
mailing addresses
billing addresses
contact preferences
Sensitive Information.
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored byPayPal Squarespace Payments Last updated on 30 October 2025 Overview PayPal has developed this Privacy Statement to explain how we may collect, retain, process, share and transfer your Personal Data when you visit our Sites or use our Services. This Privacy Statement applies to your Personal Data when you visit Sites or use Services, and does not apply to online websites or services that we do not own or control, including websites or services of other PayPal Users. This Privacy Statement is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Sites and Services. Please note that our Service offerings may vary by region. We have defined some terms that we use throughout the Privacy Statement. You can find the meaning of a capitalized term in the Definitions section. Please contact us if you have questions about our privacy practices that are not addressed in this Privacy Statement. What Personal Data Do We Collect? The primary purpose for collecting your Personal Data is to provide you with a secure, smooth, efficient, and customised experience. We may collect information about you when you visit our Sites or use our Services, including the following: Registration and use information – When you register to use our Services by establishing an Account, we will collect Personal Data as necessary to offer and fulfill the Services you request. Depending on the Services you choose, we may require you to provide us with your name, postal address, telephone number, email address and identification information to establish an Account. We may require you to provide us with additional Personal Data as you use our Services, including where this relates to additional services or features such as Fastlane. Transaction and experience information – When you use our Services or access our Sites, for example, to make purchases from merchants, to receive money, to process payments, to send payouts or to send money to friends and family, we collect information about the transaction, as well as other information associated with the transaction such as amount sent or requested, amount paid for products or services, package delivery and tracking information, shipping address for PayPal purchases, package tracking information, merchant information, including information about any funding instruments used to complete the transaction, Device Information, Technical Usage Data, and Geolocation Information. Participant information – When you use our Services or access our Sites, we collect Personal Data you provide us about the other participants associated with the transaction. Send or request money: When you send or request money through the Services, we collect Personal Data such as name, postal address, telephone number, and financial account information about the participant who is receiving money from you or sending money to you. The extent of Personal Data required about a participant may vary depending on the Services you are using to send or request money. Pay or request someone else to pay a bill: If you use our Services to pay a bill for the benefit of someone else, or if you request a User to pay a bill for you, we collect Personal Data from you about the account holder such as name, postal address, telephone number, email address, and account number of the bill that you intend to pay or request to be paid. Add value to your accounts: If you use our Services to add value to your Account or any other account you may have, or if you ask a User to add value to any of these accounts, we may collect Personal Data from you about the other party, or from the other party about you to facilitate the request. For example, if you use our Services to reload a mobile phone, or to request value be added to your mobile account, we may collect Personal Data and other information including mobile account number from the other participant. Biometric: When you consent in the user experience, we collect, use and store biometric data, being voice identification, photo identification, or face scans to verify your identity and for account authentication checks including, for example, verify your identity and authenticate you to meet regulatory requirements or before you access accounts and Services, recover passwords, update profile info, manage payments and payment methods, or lift account limitations. Information about your public profile and your friends and contacts – It may be easier for us to help you transact with your friends and contacts if you choose to connect your contact list information with your Account or if your Account profile is publicly available. If you establish an account connection between your device or a social media platform and your Account, we will use your contact list information (such as name, address, email address) to improve your experience when you use the Services. When your Account profile is public, other PayPal users can find your profile to send you money by searching for you by name, username, email, or mobile number on PayPal and confirm it’s you by viewing your photo. You can make your Account profile private anytime in your PayPal.me settings. Information that you choose to provide us to obtain additional Services or specific online Services – If you request or participate in an optional Site feature, or request enhanced Services or other elective functionality, such as linking your email account for all package tracking, we may collect additional information from you. We will provide you with a separate notice at the time of collection, if the use of that information differs from the uses disclosed in this Privacy Statement. Personal Data about you if you use unbranded Services – certain Services are available without being required to log in to or establish an Account. We will collect Personal Data when you are interacting with and making payments to merchants using our card payment services that do not carry the PayPal brand and when you checkout with PayPal without logging into an account. For our unbranded payment services, your interaction is with the merchant, on their platform. If you are an Account holder, or create an Account at a later date, we may collect information about unbranded transactions and associate them with your Account to improve your customer experience as an Account holder and for compliance and analytics purposes. If you are not an Account holder, we will collect and store all information you provide and use such information in accordance with this Privacy Statement. Personal Data about you if you use Fastlane services – We will collect the Personal Data from you in order to provide you with Fastlane services, including for example your name, email, phone number, address information, billing information, payment method details, and other data that may be relevant to a specific partner or merchant. We will also collect data related to your transactions and interactions with merchants and other partners. We will not be able to provide you with the Fastlane services if you do not agree to provide this Personal Data. Personal Data about recipients collected from Xoom customer – Where you provide us with another individual’s Personal Data (for example, when using Xoom to send money to a recipient), you must ensure you have their consent to do so. We may notify the individual whose Personal Data has been provided to us. We collect Personal Data about the recipient in order to disburse the funds to the recipient, and may be unable to do so if you do not provide us their Personal Data. If you believe your Personal Data has been provided to us without your consent, or you wish to learn more about how we handle your Personal Data, please refer to the Contact us section below. Information about you from third-party sources – We obtain information from third-party sources such as merchants, data providers, and credit bureaus, where permitted by law. Other information we collect related to your use of our Sites or Services – We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey. Notice to Non-PayPal Account holders If you use our Services without creating or logging into a PayPal account, or use unbranded payment Services (e.g. Braintree), we will still collect personal data, which may include your payment information, device information, and location. When you use our Services without creating or logging into an account, we will use this information to process transactions, prevent fraud and comply with the law. We may connect this information with your PayPal account, if you have one or if you create an account at a later date. Why Do We Retain Personal Data? We retain Personal Data to fulfill our legal or regulatory obligations and for our business purposes. We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law. If your Account is closed, we may take steps to mask Personal Data and other information, but we reserve our ability to retain and access the data for so long as required to comply with applicable laws. We will continue to use and disclose such Personal Data in accordance with this Privacy Statement. We retain biometric data for as long as needed or permitted given the purpose for which it was collected and no more than 3 years after your account closes, unless otherwise required by applicable law. How Do We Process Personal Data? We may Process your information for the following reasons: To operate the Sites and provide the Services, including to: execute a payment, send or request money, send payouts, add value to an account, or pay a bill; confirm your identity; provide package tracking information; authenticate your access to an Account; communicate with you about your Account, the Sites, the Services, or PayPal; create an account connection between your Account and a third-party account or platform; perform creditworthiness and other financial standing checks, evaluate applications, and compare information for accuracy and verification purposes; keep your Account and financial information up to date; and if you have a Fastlane profile, we may recognize you as a Fastlane user when you shop on participating partner and merchant sites, and we may prompt you to engage in participating partner or merchant interactions, such as registering for a store or loyalty account using your Fastlane profile. We will also use your Personal Data and payment method details to determine whether the payment you are making with a participating partner and merchant is authorized by you and likely to be successfully authorized by the payment method you choose to use when you make a purchase using details from your Fastlane profile. To manage our business needs, such as monitoring, analyzing, and improving the Services and the Sites’ performance and functionality. For example, we analyze User behavior and perform research about the way you use our Services. To manage risk and protect the Sites, the Services and you from fraud by verifying your identity. PayPal’s risk and fraud tools use Personal Data, Device Information, Technical Usage Data and Geolocation Information from our sites and websites that offer PayPal Services to help detect and prevent fraud and abuse of the Services. To market to you about PayPal products and Services and the products and services of unaffiliated businesses. We may also Process your Personal Data to tailor the marketing content and certain Services or Site experiences to better match your interests on PayPal and other third-party websites. To provide personalized Services offered by PayPal on third-party websites and online services. We may use your Personal Data and other information collected in accordance with this Privacy Statement to provide a targeted display, feature, Services or offer to you on third-party websites. We may use cookies and other tracking technologies to provide these online services and/or work with other third-parties such as merchants, advertising or analytics companies to provide these online services. To provide you with location-specific options, functionality or offers if you elect to share your Geolocation Information through the Services. We will use this information to enhance the security of the Sites and Services and provide you with location-based Services, such as advertising, search results, and other personalized content. To comply with our obligations and to enforce the terms of our Sites and Services, including to comply with all applicable laws and regulations. To make it easier for you to find and connect with others. For instance, if you let us access your contacts or when your Account profile is public, we can suggest connections with people you may know and help others connect with you to send you money by letting them find your profile when they search for you by name, username, email, or mobile number on PayPal. We may also associate information that we learn about you through your and your contacts’ use of the Services, and information you and others provide, to suggest people you may know or may want to transact with through our Services. Social functionality and features designed to simplify your use of the Services with others vary by Service. To respond to your requests, for example to contact you about a question you submitted to our customer service team. Do We Share Personal Data? We may share your Personal Data or other information about you with others in a variety of ways as described in this section of the Privacy Statement. We may share your Personal Data or other information for the following reasons: With other members of the PayPal corporate family: We may share your Personal Data with members of the PayPal family of entities to, among other things, provide the Services you have requested or authorized; to manage risk; to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements; and to help us manage the availability and connectivity of PayPal products, Services, and communications. With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and Services, or provide customer support. For payment transactions using your Fastlane profile, your Personal Data will be shared with the provider of the payment services for the participating partner and merchant to enable the processing of the payment transaction. The payment provider for the partner and merchant may be PayPal or a third-party payment provider. For payment transactions using Xoom, your Personal Data will be shared with third-party service providers in order for the payment to be disbursed to the recipient. With other financial institutions that we have partnered with to jointly create and offer a product or service: We may share Personal Data with other financial institutions that we have partnered with to jointly create and offer a product. These financial institutions may only use this information to market and offer PayPal-related products, if you have given consent for these uses. We may also share Personal Data to process transactions, provide you with benefits associated with your eligible cards, and keep your financial information up to date. With the other parties to transactions when you use the Services, such as other Users, partners and merchants, and their service providers: We may share information about you and your Account or Fastlane profile with the other parties involved in processing your transactions. This includes other Users you are sending or receiving funds from, and merchants and their service providers. If you choose to interact with participating partners and merchants through Fastlane, we will disclose your Fastlane profile information with the participating partners and merchants and their service providers, and facilitate your transaction, shopping experience or other interaction with participating partners and merchants sites. Please note that once Personal Data is shared with partners and merchants (or their service providers) involved in a transaction, the handling of your Personal Data by the partner or merchant (or their service provider) is subject to the partners’ and merchants’ own privacy policies and procedures. The information we may share includes: Personal Data and Account or Fastlane profile information necessary to facilitate the transaction, including when you visit a participating Fastlane merchant site or app, the merchant can check whether you are a user of PayPal services and present a recommended payment method to you to simplify your checkout process; information to help other participant(s) resolve disputes and detect and prevent fraud; and aggregated data and performance analytics to help merchants better understand Users and to help merchants enhance Users’ experiences. With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for PayPal’s business purposes or as permitted or required by law, including: if we need to do so to comply with a law, legal process or regulations; to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to PayPal or PayPal’s corporate family; if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; to protect the vital interests of a person; to investigate violations of or enforce a user agreement or other legal terms applicable to any Service; to protect our property, Services and legal rights; to facilitate a purchase or sale of all or part of PayPal’s business; in connection with shipping and related services for purchases; to help assess and manage risk and prevent fraud against us, our Users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals and merchants; to banking partners as required by card association rules for inclusion on their list of terminated merchants; to credit reporting and collection agencies; to companies that we plan to merge with or be acquired by; and to support our audit, compliance, and corporate governance functions. With your consent: We also will share your Personal Data and other information with your consent or direction, including if you authorize an account connection with a third-party account or platform. In addition, PayPal may provide aggregated statistical data to third-parties, including other businesses and members of the public, about how, when, and why Users visit our Sites and use our Services. This data will not personally identify you or provide information about your use of the Sites or Services. We do not share your Personal Data with third parties for their marketing purposes without your consent. How Do We Work with Other Services and Platforms? A significant benefit and innovation of PayPal’s Services is that you can connect your Account with a third-party account or platform. For the purposes of this Privacy Statement, an “account connection” with such a third-party is a connection you authorize or enable between your Account and a non-PayPal account, payment instrument, or platform that you lawfully control or own. When you authorize such a connection, PayPal and the third-party will exchange your Personal Data and other information directly. Examples of account connections include: linking your Account to a social media account or social messaging service; linking your email account to your Account to receive package tracking information; connecting your Account to a third-party data aggregation or financial services company, if you provide such company with your Account log-in credentials; or using your Account to make payments to a merchant or allowing a merchant to charge your Account. If you choose to create an account connection, we may receive information from the third-party about you and your use of the third-party’s service. For example, if you connect your Account to a social media account, we will receive Personal Data from the social media provider via the account connection. If you connect your Account to other financial accounts, directly or through a third-party service provider, we may have access to your account balance and transactional information, such as purchases and funds transfers. We will use all such information that we receive from a third-party via an account connection in a manner consistent with this Privacy Statement. Information that we share with a third-party based on an account connection will be used and disclosed in accordance with the third-party’s privacy practices. Before authorizing an account connection, you should review the privacy notice of any third-party that will gain access to your Personal Data as part of the account connection. For example, Personal Data that PayPal shares with a third-party account or platform such as a social media account may in turn be shared with certain other parties, including the general public, depending on the account’s or platform’s privacy practices. How Do We Use Cookies and Tracking Technologies? When you visit our Sites, use our Services, or visit a third-party website for which we provide online Services, we and our business partners and vendors may use cookies and other tracking technologies (collectively, “Cookies”) to recognize you as a User and to customize your online experiences, the Services you use, and other online content and advertising; measure the effectiveness of promotions and perform analytics; and to mitigate risk, prevent potential fraud, and promote trust and safety across our Sites and Services. Certain aspects and features of our Services and Sites are only available through the use of Cookies, so if you choose to disable or decline Cookies, your use of the Sites and Services may be limited or not possible. Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not respond to DNT signals. Please review our Statement on Cookies and Tracking Technologies to learn more about how we use Cookies. What Privacy Choices Are Available To You? You have choices when it comes to the privacy practices and communications described in this Privacy Statement. Many of your choices may be explained at the time you sign up for or use a Service or in the context of your use of a Site. You may be provided with instructions and prompts within the experiences as you navigate the Services. Choices Relating to the Personal Data We Collect Personal Data. You may decline to provide Personal Data when it is requested by PayPal, but certain Services or all of the Services may be unavailable to you. Location and other device-level information. The device you use to access the Sites or Services may collect information about you, including Geolocation Information and User usage data that PayPal may then collect and use. For information about your ability to restrict the collection and use of such information, please use the settings available in the device. Choices Relating to Our Use of Your Personal Data Online Tracking and Interest-Based Advertising. We work with partners and third-party service providers to serve you advertising using ad-related cookies and web beacons. You can opt-out of third-party advertising-related cookies and web beacons, in which case our advertising should not be targeted to you. You will continue to see our advertising on third party websites. For more information on third-party advertising-related cookies and interest-based advertising, and to learn how to opt-out of these practices with companies participating in industry self-regulation, please visit Your Ad Choices. Personalized Services offered by PayPal on third-party websites and services. You may manage your preferences for other PayPal Services that are personalized and offered to you on third-party websites from your Account. We may also provide you with instructions and prompts on how to manage your preferences within the Service experience. Finding and connecting with others. If available, you may manage your preferences for finding and connecting with others from your account of the Service you use. Choices Relating to Account Connections If you authorize an account connection to a third-party account or platform, such as a social media account, you may be able to manage your connection preferences from your Account or the third-party account or platform. Please refer to the privacy notice that governs the third-party platform for more information on the choices you may have. Choices Relating to Cookies You may have options available to manage your cookies preferences. For example, your browser or internet device may allow you delete, disable, or block certain cookies and other tracking technologies. You can learn more by visiting AboutCookies.org. You may choose to enable these options, but doing so may prevent you from using many of the core features and functions available on a Service or Site. You may have an option regarding the use of cookies and other tracking technologies when you use a Service or visit parts of a Site. For example, you may be asked if you want the Service or Site to “remember” certain things about you, and we will use cookies and other tracking technologies to the extent that you permit them. You can learn more about our cookies and tracking technologies by visiting the Statement on Cookies and Tracking Technologies page. Choices Relating to Your Registration and Account Information If you have an Account or Fastlane profile, you generally may review and edit Personal Data by logging in and updating the information directly or by contacting us. Contact us if you do not have an Account or Fastlane profile or if you have questions about your Account or Fastlane profile information or other Personal Data. Choices Relating to Communication Notices, Alerts and Updates from Us: Marketing: We may send you marketing content about our Sites, Services, products, products we jointly offer with financial institutions, as well as the products and services of unaffiliated third parties and members of the PayPal corporate family through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications. You may opt out of these marketing communications by following the instructions in the communications you receive. If you have an Account with us, you may also adjust your communication preferences in your Account settings. For messages sent via push notifications, you may manage your preferences in your device. Informational and Other: We will send communications to you that are required or necessary to send to Users of our Services, notifications that contain important information and other communications that you request from us. You may not opt out of receiving these communications. However, you may be able to adjust the media and format through which you receive these notices. What Are Your Rights? Subject to limitations set out in Data Protection Laws, you have certain rights in relation to your Personal Data. You have the right to request access to your data and rectification. Please contact us if you want to exercise these rights. You may also revoke consent. Revocation of your consent may affect our ability to provide the Services to you. If you want to exercise any of your rights, contact us. If you wish to complete a request for access to all Personal Data PayPal holds about you, remember that you may be required to prove your identity. If you have an Account or profile with any of our Services, you will generally be able to review and edit Personal Data in the Account or profile by accessing the account or profile and updating information directly. You can also contact us if you do not have an Account or if you have questions about Account or profile information or other Personal Data. How Do We Protect Your Personal Data? We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls. While we are dedicated to securing our systems and Services, you are responsible for securing and maintaining the privacy of your password(s) and Account/profile registration information and verifying that the Personal Data we maintain about you is accurate and current. We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorized. Can Children Use Our Services? The Sites and Services are not directed to children under the age of 13. We do not knowingly collect information, including Personal Data, from children or other individuals who are not legally able to use our Sites and Services. If we obtain actual knowledge that we have collected Personal Data from a child under the age of 13, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13. What Else Should You Know? Changes to This Privacy Statement. We may revise this Privacy Statement from time to time to reflect changes to our business, the Sites or Services, or applicable laws. The revised Privacy Statement will be effective as of the published effective date. If the revised version includes a substantial change, we will provide you with 30 days prior notice by posting notice of the change on the “Policy Update” page of our website. We also may notify Users of the change using email or other means. Transfers of Your Personal Data to Other Countries Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers store and Process your Personal Data in the United States of America and elsewhere in the world. We will protect your information as described in this Privacy Statement if your Personal Data is transferred to other countries. By using our Sites and Services, you consent to your Personal Data being transferred to other countries, including countries that have different data protection rules than your country. We do not represent that our Sites and Services are appropriate or available in any particular jurisdiction. Our Management of Credit-Related Personal Information When you apply for Services involving consumer credit, PayPal Credit may collect, use and disclose your credit-related personal information. PayPal Credit collects the following kinds of credit information to assess your creditworthiness: Personal Data, PayPal account transaction and experience data, and information about any existing PayPal Credit loans you may have. PayPal Credit may also collect credit information about you from an external credit bureau including identification information (e.g., name, address, date of birth), previous credit checks done by credit providers to whom you have applied, insolvencies, bankruptcies, defaults (at least 60 days overdue on consumer debts over $150) and consumer credit fraud. If PayPal Credit collects information from a credit bureau it may also receive your credit score. PayPal Credit collects, uses, and discloses your credit-related personal information for the purposes of engaging in the Australian credit reporting system including to determine your creditworthiness and report defaults and fraud to an external credit bureau. It does not hold, use, or disclose this information for any other purpose and if the information is no longer needed for this purpose and is not otherwise required by law to be retained, then it will be destroyed or de-identified. PayPal Credit is not likely to disclose your credit information to entities that do not have an Australian link. If you have questions about your Account or profile information or Personal Data that was used for an application for credit Services made by you, the correction of that information, or to make a complaint about our management of credit-related personal information, please refer to the Contact us section below. Contact Us You may contact us if you have general questions about our Privacy Statement and practices or questions about your Account information or Personal Data. We want to make sure your questions go to the right place: Click here to contact us about your PayPal account or transaction, or a card payment made to a merchant. To contact us about your Fastlane profile, please visit your Fastlane profile management portal. Alternatively, you can contact us at: Email: auexecutiveescalations@paypal.com Mail: Privacy Officer PayPal Australia GPO Box 351 Sydney NSW 2001 Click here to contact us about your Xoom non-cash payment facility. Handling your complaints We aim to: Acknowledge receipt of all complaints within 24 hours (or 1 business day) of receiving it, or as soon as practicable. Resolve all complaints within 30 days after receiving the complaint. This may not be possible in all circumstances. Where we cannot resolve a complaint within 30 days, we will notify you of the reason for the delay as well as an indication of when we expect to resolve the complaint. We are a member of the Australian Financial Complaints Authority (“AFCA”), an independent external dispute resolution scheme covering applicable Australian customers. For more information on AFCA, please visit http://www.afca.org.au. If you are not satisfied with the outcome of your complaint, you may wish to contact the AFCA on: Phone: 1800 931 678 Mail: Australian Financial Complaints Authority GPO Box 3 Melbourne VIC 3001 You may also contact the Office of the Australian Information Commissioner (“OAIC”) in relation to the handling of your personal information. You may contact OAIC on: Phone: 1300 363 992 Mail: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 Definitions Account means a PayPal account or Xoom non-cash payment facility. Device Information means data that can be automatically collected from any device used to access the Sites or Services. Such information may include, but is not limited to, your device type; your device’s network connections; your device’s name; your device’s IP address; information about your device’s web browser and the internet connection being used to access the Site or Services; Geolocation Information; information about apps downloaded to your device; and biometric data (e.g., Touch ID/Fingerprint to verify your identity). Fastlane means the online tool whereby individuals can store their payment methods and other Personal Data with PayPal so that they can complete the checkout process faster, create a store or loyalty account, or facilitate other transactions at participating partners and merchants with payment card, contact information, shipping data or other data they save in their Fastlane profile as relevant to the specific interaction, participating partner or merchant, all without having to manually input payment method details and other Personal Data each time they check out. Geolocation Information means information that identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation. Some of our Services may ask you for permission to share your current location. Some of the Sites and Services require this information to provide a specific product or online Service. If you do not agree to our collection of the geolocation information, our Sites or Services may not function properly when you try to use them. PayPal means PayPal Australia Pty Ltd ABN 93 111 195 389, AFSL 304962 and subsidiaries or affiliates. In this Privacy Statement, PayPal is sometimes referred to as “we,” “us,” or “our,” depending on the context. PayPal Credit means PayPal Credit Pty Limited (ABN 66 600 629 258). Personal Data means information that can be associated with an identified or identifiable person. “Personal Data” can include name, postal address (including billing and shipping addresses), telephone number, email address, payment card number, other financial account information, account number, date of birth, and government-issued credentials (e.g., driver’s licence number, national ID, or passport). Privacy Statement means this privacy statement, as amended from time to time. Process means any method or way that we handle Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, and consultation, disclosure by transmission, disseminating or otherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data. Services means any products, services, content, features, technologies, or functions, and all related websites, applications and services offered to you by PayPal and PayPal Credit, including Fastlane. Sites means the websites, mobile apps, official social media platforms, or other online properties through which PayPal offers the Services and which has posted or linked to this Privacy Statement. Technical Usage Data means information we collect from your phone, computer or other device that you use to access the Sites or Services. Technical Usage Data tells us how you use the Sites and Services, such as what you have searched for and viewed on the Sites and the way you use our Services, including your IP address, statistics regarding how pages are loaded or viewed, the websites you visited before coming to the Sites and other usage and browsing information collected through Cookies. User means an individual who uses the Services or accesses the Sites. Additional Information The information provided in this section may be specific to customers depending on your region or how you use the Services. This information is provided to PayPal from third parties you may interact with when using the Services. Google ReCaptcha PayPal uses ReCaptcha on the Sites and Services. Your use of ReCaptcha is subject to the Google Privacy Policy and Terms of Use. ReCaptcha is only used to fight spam and abuse. PayPal Logo Help Contact Fees Security Apps Shop Enterprise AboutNewsroomJobsDevelopers © 1999–2025AccessibilityPrivacyCookiesLegalComplaintsTarget Market DeterminationsAccount Limitations The PayPal service is provided by PayPal Australia Pty Limited (ABN 93 111 195 389) which holds Australian Financial Services Licence number 304962. Any information provided is general only and does not take into account your objectives, financial situation or needs. Please read and consider the Combined Financial Services Guide and Product Disclosure Statement before acquiring or using the service. PayPal credit services are provided by PayPal Credit Pty Limited (ABN 66 600 629 258) which holds Australian Credit Licence Number 568848. Terms and eligibility rules apply. To view the Target Market Determinations for all products, see here. When you visit or interact with our sites, services, applications, tools or messaging, we or our authorised service providers may use cookies, web beacons, and other similar technologies for storing information to help provide you with a better, faster and safer experience and for advertising purposes. Learn more here. Privacy Policy Effective Date: January 31, 2025 Squarespace (“Squarespace,” “we,” “us” or “our”) respects your privacy. When it comes to your personal information, we believe in transparency. That’s why we’ve set out here what personal information we collect, what we do with it and your choices and rights. By using or accessing any of our sites, templates, products, applications, tools, services and features (collectively, the "Services"), you confirm you have agreed to the Terms of Service and have read and understood this Privacy Policy and our Cookie Policy. The Squarespace entity that controls your information depends on where you are located. See Section 12 below. You can find out about your rights and choices in Section 6 below. We’ve also included at the end of this Privacy Policy some region-specific supplemental information if you are located in: (i) California; or (ii) a U.S. state (other than California) with an applicable data privacy law. For clarity, we use different defined terms in this Privacy Policy to refer to the different parties who interact with our Services: A “User” is someone who visits or uses one of our sites, such as http://www.squarespace.com, http://www.acuityscheduling.com, http://www.unfold.com or http://www.biosites.com or mobile applications. A “Customer” is one of our Users who has an account with us. Customers may use our Services to register domain names, create websites (including scheduling pages) and other content, and otherwise manage and market their online businesses. An “End User” is someone who visits, purchases from, makes a booking with or otherwise uses one of our Customer’s sites that was created using, and is hosted on, our Services. We also use different terms in this Privacy Policy to differentiate between our roles under global data privacy laws with respect to the personal information we process: “Squarespace Controlled Information” is personal information for which Squarespace acts as the “data controller” (or similar term under applicable law) and determines the purposes and means of processing. This includes information about our Users and Customers. We also act as an independent data controller for personal information relating to End Users which we automatically receive (including via cookies or similar tracking technology) when an End User visits a site hosted on our Services (such as the End User’s IP address) when we process it for our own purposes, including to foster the security and integrity of our Services. “Customer Controlled Information” is personal information for which a Customer acts as the “data controller” (or similar term under applicable law) and determines the purposes and means of processing. This includes any personal information included in the content uploaded by a Customer to our Services for display on their site, a Customer’s domain registration contact information and all information about a Customer’s End Users (including information provided by an End User to a Customer via a webform on the Customer’s site as well as information automatically received (including via cookies or similar tracking technology) when an End User visits the Customer’s site). We explain below how we collect and use Squarespace Controlled Information and your rights. If you are an End User of one of our Customers’ sites: (a) read below to learn about how we collect and use your Site Usage Information (as described in Section 2 below); and (b) you should read that Customer’s site’s privacy policy to find out more about how they use and otherwise process Customer Controlled Information about you. Table of Contents: How does this Privacy Policy apply? Information we collect How we collect your information How we use your information When we disclose your information Your rights and choices How we protect your information How we retain your information Data transfers Data Privacy Frameworks Updates to this Privacy Policy Who is Squarespace? How to contact us Appendix I. California Supplemental Information Appendix II. Other US States Supplemental Information 1. How does this Privacy Policy apply? This Privacy Policy describes what we do with Squarespace Controlled Information, such as Customer account information, information about how Users use and interact with our Services, information Users submit to our customer support, and, when we use it for our own purposes, including to foster the security and integrity of our Services, End User information which is automatically collected when an End User visits a Customer’s site hosted on our Services. We have separate privacy policies that apply in relation to our processing of personal information relating to our staff and applicants for jobs at a Squarespace group company. We use cookies and similar technologies. Our Cookie Policy describes what we do in that regard. This Privacy Policy does not apply to Customer Controlled Information as described above. For Customer Controlled Information, Squarespace acts as a data processor, service provider or similar term under applicable law. This means we process a Customer’s Customer Controlled Information on behalf of, and pursuant to, the instructions of that particular Customer. We also use and disclose Customer Controlled Information: to enforce our Terms of Service and other legal terms and policies; to comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts or law enforcement requests; and in the case of domain registration contact information, to comply with Internet Corporation for Assigned Names and Numbers (“ICANN”), registry, ccTLD or registrar rules, regulations and policies. Our Customers are responsible for ensuring that their collection and processing of Customer Controlled Information complies with applicable law. If you are a Customer looking for contractual provisions about how Squarespace will treat and secure your Customer Controlled Information, please see our Data Processing Addendum. Back to top 2. Information we collect We collect various information regarding you or your device. This includes the following: Account Information: Customer Account Details: Information you provide to create an account, specifically email address, password, first name and last name. Payments Services Account Information: If you use the Payments Services (as defined in the Squarespace Payments Terms), additional information you provide to set up and manage Payments Services and integrate them with the Processing Services (as defined in the Squarespace Payments Terms), including information about you and your business, such as bank account details, name, address, phone number, date of birth, government number (such as a social security number, passport number or driver’s license number), tax identifier (EIN) and nationality. Payments Services Identity Verification Information: If you use the Payments Services, you may be required to provide us with additional information to verify your identity, including a photograph of you captured by you during the verification process and a copy of an official government document which includes a different photograph of you. When you’re required to provide this additional information, our vendors may create a biometric scan of your facial geometry based on these two photographs in order to compare them and verify that you are the same individual whose photograph is on your government document. However, Squarespace does not create, store or otherwise have access to any such biometric data. Payments Services Identity Verification Information also includes details that are listed on such official government documents. Optional 2FA Account Information: You may optionally provide us with additional information, such as your phone number, if you wish to enable two factor authentication (2FA) on your customer account. Account History Information: Information about your account’s use of the Services, including your trials, subscriptions, discount code usage and related details. If you use the Payments Services or other financial products, this would also include information about your account’s use of the Payments Services or other financial products. Payment Information: Information you provide if you sign up for Services you have to pay for (e.g., a product subscription). For most paid Services, this will include your billing address as well as a portion of your payment information which is provided to us from our payment processor (such as the last four digits, the country of issuance and the expiration date of the payment card). Marketing Preferences: Your marketing preferences and details, including if you’ve opted out of all or a portion of our direct marketing messages. Communication Information: The emails and other communications that you send us or otherwise contribute, such as customer support inquiries or posts to our customer message boards or forums. Please be aware that information on public parts of our Services is available to others. Site Usage Information: Technical browsing or other information from your use of the Services or, where you are an End User, from your visits to Customers’ sites. This includes IP addresses, preferences, web pages you visited prior to coming to our or our Customers’ sites, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings) and information about how you interact with the Services and, if you are an End User, with our Customers’ sites (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors). If you’re using one of our mobile applications, Site Usage Information could also include your precise location information if your mobile device settings authorize us to collect this information. Contact Information: In addition to Customer contact information, we may also collect contact information for others, including people who work for our vendors or partners or other individuals that may include Users and Customers. Enterprise Sales Information: We collect information about companies and their personnel who are perceived to be potential customers for our enterprise services. Such information may include names, email addresses, job titles and phone numbers. If we discuss our enterprise services with such potential enterprise customers, this information may also include recordings of those discussions. Survey and Research Information: Information you share with us in connection with surveys or research. Promotion Information: Information you share with us in connection with contests, sweepstakes or other promotions. Back to top 3. How we collect your information We obtain information about you from various sources. We do this in three main ways: You provide some of it directly (such as by registering for an account). We record some of it automatically when you use our Services or, where you are an End User, from your visits to Customers’ sites (including with technologies like cookies). We receive some of it from third parties (like when you register for an account using a third party service like Apple, Facebook or Google, when you purchase our products from an authorized reseller, when you make payments to us using our payment processor or via a mobile app store or when we receive information about potential enterprise sales leads). We’ve described this in more detail below. a. Information you provide When you use our Services, we collect information from you in a number of ways. For instance, we ask you to provide your Customer Account Details to create and manage your account. We also maintain your Marketing Preferences and your Communication Information that you provide to us. You might also provide us with information in other ways, including by responding to surveys, participating in user research or entering a contest, sweepstakes or other promotion. Sometimes we require you to provide us with information for contractual or legal reasons. For example: we may ask you to provide a mailing address and/or select your jurisdiction when you sign up for our paid Services (e.g., purchase a subscription) to determine if, and how much, tax we need to collect from you; or if you use the Payments Services through the Services, in accordance with the Squarespace Payments Terms, in order to provide the Payments Services and to comply with our contractual and legal obligations, we collect additional information related to the Payments Services and Processing Services, including Payments Services Account Information and possibly Payments Services Identity Verification Information. We’ll normally let you know when information is required, and the consequences of failing to provide it. If you do not provide requested information, you may not be able to use our Services if that information is necessary to provide you with the service or if we are legally required to collect it. b. Information obtained from your use of our Services When you use our Services, we collect Site Usage Information and Account History Information about your activity on and interaction with the Services. If permission has been granted through your device settings, Site Usage Information for our mobile apps may include your precise location information. If you are an End User of a Customer’s site, we also get Site Usage Information about your interactions with their sites. Some of this information is collected automatically using cookies and similar technologies when you use our Services or, if you are an End User, when you visit a Customer’s site. We let our Customers control what cookies and similar technologies are used through their sites (except those we need to use to properly provide the Services, such as for functionality, performance or security related reasons). You can read more about our use of cookies in our Cookie Policy. Some of this information is similarly collected automatically through your browser or from your device. c. Information obtained from other sources If you use a third party service (such as Apple, Facebook or Google) to register for an account, the third party service may provide us with your Customer Account Details on your behalf, but we don’t collect or store passwords you use to access third party services. We do not control what information a third party service provides to us. The third party service you use may give you options on what the service discloses to us if you link your third party service account with the Services. Make sure you are comfortable with what these third party services share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the third party service. If you sign up for our paid Services via a third party service acting as an authorized reseller of our products, the reseller business partner may provide us with information on your behalf which is necessary for us to complete your paid Services sign up, such as your Customer Account Details. If you use third party services which are integrated with the Services, including financial products, we may receive information about your use of such third party services via our integration business partners. Currently, our payment processors are Stripe and PayPal. Each payment processor uses and processes your complete payment information in accordance with its applicable privacy policy (Stripe and PayPal). If you sign up for paid Services with us using a payment card, we obtain limited information about your payment card from our payment processor, such as the last four digits, the country of issuance and the expiration date. If you sign up for paid Services with us using PayPal or another non-payment card payment method, we may obtain information about your payment method from our payment processor, such as: (i) for PayPal, the email address associated with your PayPal account; and (ii) for Single Euro Payments Area (SEPA), the last four digits of your bank account number, the country of your bank account and your bank’s bank code and branch code. The preceding payment processors paragraph is not applicable: if you sign up for paid Services as an in-app purchase via a mobile app store, in which case the mobile app store’s privacy policy will apply. Please see Google's privacy policy and Apple's privacy policy for information about how they use and process your payment information. if you sign up for paid Services via a third party service acting as an authorized reseller of our products. Please see the authorized reseller’s privacy policy for information about how they use and process your payment information. Back to top 4. How we use your information When we process your information pursuant to this Privacy Policy, we do so for the following purposes: Provision of the Services to Customers. Create and manage your account, configure and update your sites and site settings, register or transfer your domain names, process your payments to us, and receive support for your inquiries. If you use the Payments Services, in accordance with the Squarespace Payments Terms, this also includes the set up, management and provision of the Payments Services to you, the integration of the Payments Services with the Processor Services and the initiation of transactions on your behalf. Communicating with you. Communicate with you, including by sending you emails about your transactions and Service-related announcements. Surveys and research and contests, sweepstakes or other promotions. Conduct and administer surveys and research, as well as contests, sweepstakes or other promotions. Processing your payments. Receive payment from you for paid Services. Promotion and sales. Promote and sell our Services and send you tailored marketing communications about products, services, offers, programs and promotions of Squarespace and our partners and measure the success of those campaigns. For example, we may send different marketing communications to you based on your current subscription plan or what we think may interest you based on your Account History Information. Advertising. Learn about and analyze your interactions with our Services and third parties’ online services so we can tailor our advertising to what we think will interest you. For example, we may decide not to advertise our Services to you on a social media site if you already signed up for paid Services or we may choose to serve you a particular advertisement based on your current subscription plan or what we think may interest you based on your Account History Information. In certain US states, you have the right to opt out of our sharing of your information with such third party online services. See Appendix I below and Appendix II below. Customizing the Services. Provide you with a customized Services experience. For example, we may use your location information to determine your language preferences or display accurate date and time information. We may also use cookies and similar technologies to help us achieve this purpose, such as remembering which of your sites you most recently edited. Improving our Services. Learn about and analyze how the Services are accessed and used and evaluate and improve our Services (including by developing new products and services and managing our communications). For example, if we learn that most Customers of paid Services use a particular integration or feature, we might wish to expand on that integration or feature. Security. Foster the safety, security and integrity of our Services. If you use the Payments Services, in accordance with the Squarespace Payments Terms, this also includes fraud and risk monitoring, such as verifying your identity, determining your eligibility for certain Payments Services, detecting and investigating fraud and mitigating financial loss or other harm to you, Squarespace, your End Users or others. Third party relationships. Manage our vendor, partner and other third party relationships. Enforcement. Enforce our Terms of Service and other legal terms and policies. Protection. Protect our and others’ interests, rights and property. Complying with law. Comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts or law enforcement requests (including ICANN, registry, ccTLD or registrar rules, regulations and policies). If you use the Payments Services, in accordance with the Squarespace Payments Terms, these legal requirements include know your customer, anti-money laundering or anti-terrorism laws. We may de-identify information we collect so the information cannot reasonably identify you or your device, or we may collect information that is already in de-identified form and use such information for purposes such as to conduct research, to improve our Services, for troubleshooting purposes or to help detect and protect against error, fraud or other criminal activity. We commit to not de-aggregating or re-identifying the aggregated and/or anonymized data that we process. Our use and disclosure of de-identified information is not subject to any restrictions under this Privacy Policy, and we may use and disclose it to others for any purpose, without limitation. For our Users in the European Economic Area (“EEA”) and the United Kingdom (“UK”) we rely on the legal bases set out in the table below to process your information. The legal bases on which we rely for Users from other jurisdictions may differ from those listed below. a. Performance of a contract. We process your information as necessary for us to provide you with the Services and/or perform our Terms of Service or other relevant contract(s) with you. You cannot use our Services if we cannot process your information for the below purposes. Purpose Categories of Personal Information i. To create and manage your account with Squarespace and provide our Services. For our Customers, we collect certain information so you can login to our Services and manage and use your paid Services, including updating your site, scheduling page or domain name settings and registering or transferring your domain name registrations. Customer Account Details Optional 2FA Account Information Account History Information ii. To receive payment for paid Services. We use certain information to receive payment from our Customers who purchase paid Services from us. This involves us sharing information with our payment processors. Such payment processors will process your information in accordance with their own privacy policies. Customer Account Details Payment Information iii. To set up and manage your Payments Services account and integrate your Payments Services with the Processing Services. As a Customer, depending on your location, you may use our payments service, Squarespace Payments, to accept various forms of payments on your site. You need to provide certain information and may also be required to verify your identity in order to set up your Payments Services account. Payments Services Account Information Payments Services Identity Verification Information Account History Information iv. To send communications about your transactions with us and other Service-related announcements. As a Customer, if you make purchases from the Services or we need to otherwise notify you about our Services or your use of them, we need to communicate with you, including via email and/or by sending you an alert via the Services. You may also send us messages, such as requests for support. Customer Account Details Payments Services Account Information Account History Information Communication Information v. To provide support for our Services and resolve issues or disputes. We use certain information to receive, review and respond to User, Customer and other individuals’ requests for support or other inquiries. We may also use your information to resolve any issues or disputes between you and a Customer. Customer Account Details Payments Services Account Information Optional 2FA Account Information Account History Information Communication Information Site Usage Information Other Individuals’ Contact Information vi. To foster the safety, security and integrity of our Services. We use certain information to foster the security and integrity of our Services, including: (A) to detect, investigate and/or prevent violations or potential violations of our Terms of Service and applicable policies; and (B) to detect, investigate and/or prevent suspicious, harmful, unsafe or unlawful activity or behavior, including fraud, spam or other safety or security issues. If you are a Customer who uses the Payments Services, we use certain information to: (C) conduct fraud and risk monitoring; (D) verify your identity; (E) determine if you are eligible for certain Payments Services or financial products; (F) investigate fraud; and (G) mitigate financial loss or other harm to you, Squarespace, your End Users or others. Customer Account Details Payments Services Account Information Optional 2FA Account Information Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information vii. To administer contests, sweepstakes and other promotions. We use certain information about individuals who enter our contests, sweepstakes or other promotions to, as applicable, assess eligibility, manage and operate the promotion, select winners and provide prizes. Customer Account Details Promotion Information Site Usage Information b. Where necessary to comply with our legal obligations. We have a legal obligation to process your information for the below purposes. Purpose Categories of Personal Information i. To comply with applicable tax laws. We use certain information about paying Customers, such as their billing address, to comply with our obligations under applicable tax laws, including the Taxes Consolidation Act, 1997 and the Value-Added Tax Consolidation Act 2010 (each, as amended). Customer Account Details Payments Services Account Information Account History Information Payment Information ii. To comply with know your customer and anti-money laundering laws. We are required to obtain certain information about Customers who use the Payments Services to verify their identities and take preventative measures as a result of know your customer, money laundering and/or terrorist financing laws. These laws include EU Directive 2015/849 (AMLD IV) on anti-money laundering and terrorist financing, the EU Digital Services Act, the Irish Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, EU Directive 2018/843 (AMLD V) on anti-money laundering and terrorist financing and EU Member State implementing legislation such as the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010. Customer Account Details Payments Services Account Information Account History Information Payments Services Identity Verification Information iii. To respond to a legal request or comply with applicable law where we have a legal or regulatory obligation. We use, retain and disclose information where we have a legal or regulatory obligation to do so. For example: (A) if we receive a valid legal request, such as a court order, preservation order or search warrant, related to your account, we may use, retain and disclose your information to comply with such request (even if you subsequently exercise your rights under Section 6 below); (B) we may have obligations under ICANN, registry, ccTLD or registrar rules, regulations and policies to use, retain or disclose your information; and (C) in connection with litigation, potential disputes or regulatory matters, we may use, retain and disclose your information related to a legal claim or complaint, such as where we are subject to a regulatory investigation or need to defend ourselves in legal proceedings or respond to a regulatory complaint made by you or others. Such laws may include the European General Data Protection Regulation (including as amended and/or incorporated into UK law, the “GDPR”),the Data Protection Act 1988-2018, Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters, Council Regulation (EC) No 1206/2001 of 28 May 2001 on cooperation between the courts of the Member States in the taking of evidence in civil or commercial matters, Section 10 of the Criminal Justice (Miscellaneous Provisions) Act 1997 (as amended) and the Criminal Justice Act 2011. Squarespace implements a robust law enforcement request policy which is designed to ensure that all law enforcement, governmental and regulatory requests are valid and made in accordance with applicable legal process. Squarespace does not disclose data to law enforcement, regulatory or governmental bodies unless required by applicable law and objects to unlawful requests. Customer Account Details Payments Services Account Information Optional 2FA Account Information Marketing Preferences Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information Other Individuals’ Contact Information Survey and Research Information Promotion Information c. Where necessary for our legitimate interests or the legitimate interests of a third party such as our Customers. For example, we have a legitimate interest in operating our business and our Customers have a legitimate interest in having their sites function properly, safely and securely. We won’t process your information if your interests or your fundamental rights and freedoms override ours or others’ legitimate interests. You have the right to object to this processing at any time. Purpose Categories of Personal Information i. To understand and analyze how you use our Services and improve your experience on the Services. We use certain information to learn about and analyze our Users’ and Customers’ experience with our Services, including for bug detection and user research. We use these insights and this information to improve our Services. For example, if we learn that most Customers of our paid Services use a particular integration or feature, we might wish to expand on that integration or feature. Account History Information Communication Information Site Usage Information Survey and Research Information ii. To customize our Services for our Users and Customers. We use certain information to customize our Services for you and tailor our communications for you. For example: (A) we use your location information to determine your language preferences or display accurate date and time information; and (B) we use information about how you use our Services to communicate relevant information to you. We also use cookies and similar technologies for this purpose, such as remembering, if you’re a Customer, which of your sites you most recently edited. Customer Account Details Account History Information Communication Information Site Usage Information iii. To tailor our advertising outside of the Services. We use and share certain information with online advertising business partners. Account History Information Site Usage Information iv. To identify, respond to and propose solutions for potential enterprise Customers. We use certain information to identify, respond to and propose solutions for potential business Customers in respect of our enterprise services. Enterprise Sales Information v. To maintain the safety, security and integrity of our Services. We use certain information to foster the security and integrity of our Services, including: (A) to detect, investigate and/or prevent violations or potential violations of our Terms of Service and applicable policies; (B) to detect, investigate and/or prevent suspicious, harmful, unsafe or unlawful activity or behavior, including fraud, spam or other safety or security issues; and (C) to maintain the integrity of our Services. If you are a Customer who uses the Payments Services, we use certain information to: (F) conduct fraud and risk monitoring; (G) verify your identity; (H) determine if you are eligible to use certain Payments Services; and (I) investigate fraud; (J) mitigate financial loss or other harm to you, other Customers or your or their End Users. Customer Account Details Payments Services Account Information Optional 2FA Account Information Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information vi. To protect our legal rights. We may use, retain or share information to protect or exercise our legal rights or defend against actual or potential legal claims, including to address a violation or potential violation of our Terms of Service or policies (including our Acceptable Use Policy). Customer Account Details Payments Services Account Information Optional 2FA Account Information Marketing Preferences Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information Other Individuals’ Contact Information Survey and Research Information Promotion Information vii. To manage our vendor, partner and other third party relationships. We use certain information to manage our relationships with vendors, partners and other third parties. Other Individuals’ Contact Information viii. In the event of a business transfer. If Squarespace is involved in a reorganization, merger, acquisition, sale of some or all of our assets or other business transaction, depending on the circumstances, we may use or share information as part of the negotiation, consideration or effectuation of such transaction. Customer Account Details Payments Services Account Information Optional 2FA Account Information Marketing Preferences Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information Other Individuals’ Contact Information Survey and Research Information Promotion Information d. Where you provide your consent. In these scenarios, you have the right to withdraw your consent at any time. Purpose Categories of Personal Information i. To send you email marketing. We need your consent to send you email marketing messages if you are in the EEA, UK or Switzerland (collectively, the “European Region”). You will be given the opportunity to opt out of each marketing communication that we send. Customer Account Details Marketing Preferences Account History Information ii. To tailor our advertising outside of the Services. Where we use cookies and similar technologies for this purpose, we need your consent to use or share your information with our online advertising business partners. You have the right to withdraw your consent at any time. Account History Information Site Usage Information iii. To verify your identity biometrically. We need your explicit consent to have our vendor verify your identity through biometric means. You may request to have your identity verified in another manner. Payments Services Account Information Payments Services Identity Verification Information (including a biometric scan of your facial geometry from a photo and official government document you provide) e. To protect your or others’ vital interests. In rare circumstances, we process your information to protect your or others’ vital interests. Purpose Categories of Personal Information i. To retain, review and share information with law enforcement and others. We may use, retain or share information with law enforcement or others in circumstances where a person’s vital interests require protection, such as in the case of emergencies. For example, we may share information to prevent loss of life or personal injury to a Customer, End User or third party, or to prevent crime or fraud. Customer Account Details Payments Services Account Information Optional 2FA Account Information Marketing Preferences Account History Information Payment Information Communication Information Payments Services Identity Verification Information Site Usage Information Other Individuals’ Contact Information Survey and Research Information Promotion Information Back to top 5. How we disclose your information We may disclose information about you in the following circumstances: Vendors: We disclose information about you to our vendors (including our affiliates) that perform services on our behalf. These include providers of the following types of services: Customer support vendors. These vendors assist us in hosting our support offerings (including our support guides and message boards or forums) and helping us track, manage and respond to customer support inquiries. We disclose data such as Customer Account Details and Communication Information to them to enable them to provide these services to us. Sales and marketing vendors. These vendors assist us in sending marketing and other communications. We disclose data such as Customer Account Details and Account History Information to them to enable them to provide these services to us. Information technology vendors. These vendors enable us to operate our Services in a fast, reliable manner by providing us with technology services like data hosting and cloud computing resources. We disclose data such as Customer Account Details, Account History Information, Payment Information and Site Usage Information to them to enable them to provide these services to us. Safety and security vendors. These vendors enable us to keep our Services safe and secure, such as by scanning, detecting and investigating possible violations of our policies or suspicious behavior, including fraud or other security or safety violations. We share Customer Account Details and Site Usage Information with them to enable them to provide these services to us. Payments Services vendors. These vendors (including Stripe, Sift and Plaid) enable us to operate and provide the Payments Services, provide the Processing Services, perform administrative payment functions, perform individual identity or bank verification and prevent or investigate suspected risk, fraud, security threats, illegal and malicious activity or violations of the Squarespace Payments Terms. In accordance with the Squarespace Payments Terms, we may disclose Customer Account Details, Payments Services Account Information, Account History Information, Payments Services Identity Verification Information and Site Usage Information to them to enable them to provide these services to us. Professional advisors. In limited cases, we may need to disclose your information with our professional advisors like our external lawyers or financial advisors who help us comply with our legal and financial obligations. Depending on the circumstances, we may share any of the information described in Section 2 above to them. Business partners. We may disclose information about you to our business partners. These include the following types of partners: Reseller business partners. We partner with companies who are authorized to resell our products on our behalf to Customers. We may disclose information to these authorized resellers to provide you with support. For example, if you need support related to a resold Service, we may disclose information such as Account History Information to these resellers to assist them and us in resolving your issue. Online advertising business partners. We partner with advertising platforms so they and we can provide you with tailored advertising and measure and monitor its effectiveness. For example, we may: (a) disclose your Account History Information and, if you’re a Customer, your Site Usage Information, to a third party social media platform on which we advertise to avoid serving our ads to people who are already paying Customers; or (b) disclose information about you to a third party ad serving platform to target our ads to Customers who created accounts but have not yet signed up for paid Services. Payments Services and financial product business partners. We partner with Payments Services and financial product business partners such as Stripe to: (a) provide Customers who use the Payments Services or other financial products with the Processing Services and other Services; and (b) allow Customers to receive, become eligible for and learn about Third Party Services offered by such business partners. Third party plugins and social networks. We may disclose information about you to other parties that operate website plugins, social media platforms or similar third party services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a third party service to create or log in to your account, we disclose the fact that you did so with that third party service. Process payments. We transmit your Payment Information via an encrypted connection to our payment processors. Following the law or protecting rights and interests. We disclose your information if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property or interests (such as enforcing our Terms of Service), prevent fraud or abuse of Squarespace or our Customers or their End Users or prevent other criminal or illegal activity. For example, we may disclose your information in response to valid legal requests sent by public or governmental authorities (such as to meet national security or law enforcement requirements) or sent by third party nongovernmental individuals or organizations pursuant to a validly issued subpoena, other valid legal process under applicable law or bona fide request to investigate or prevent criminal or other illegal activity. Depending on the circumstances, we may disclose any of the information described in Section 2 above to them. Business transfers. If we're involved in a reorganization, merger, acquisition, sale of some or all of our assets or other business transaction, depending on the circumstances, we may disclose any of the information described in Section 2 above as part of the negotiation, consideration or effectuation of such transaction. Back to top 6. Your rights and choices Where applicable law requires (and subject to any relevant exceptions or obligations under law), you may have the right to access, port, update, change or delete personal information. You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law. You can access, update, change or delete personal information (or that of your End Users) in your account. You can also delete your account by following the instructions in this support guide. Please note that we may need to verify your identity in connection with your requests, and such verification process may, if you do not have access to your account, require you to provide us with additional information we maintain about you to verify your identity. Even if you have access to your account, we may request additional information if we believe it’s necessary to verify your identity. If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request. You may also contact us by email at privacy@squarespace.com to submit a request. Please note that, for technical reasons, there will likely be a delay in deleting your personal information from our systems when you ask us to delete it. To the extent permitted under applicable law, we may also retain personal information in order to comply with the law, protect our or others’ rights, resolve disputes or enforce our legal terms or policies. Additionally, if we rely on consent for the processing of your personal information, you have the right to withdraw it at any time and free of charge. When you do so, this will not affect the lawfulness of the processing before your consent withdrawal. You can also elect not to receive marketing communications by changing your preferences in your Account or by following the unsubscribe instructions in such communications. Our Cookie Policy explains how you can manage cookies and similar technologies. You have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. See Section 12 below. If you are an End User, you should contact the applicable Customer to exercise your rights with respect to any information they hold about you which they control. Back to top 7. How we protect your information While no service is completely secure, we have a dedicated security team. We maintain administrative, technical and physical safeguards that are intended to appropriately protect against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse and any other unlawful form of processing, of the personal information in our possession. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities. Back to top 8. How we retain your information We retain your information for as long as your account is active or for as long as needed to provide you with the Services. We also retain your information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, protect us in the event of disputes, enforce our agreements or to protect our or others’ interests. The precise periods for which we keep your information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the information has been aggregated or pseudonymized, and other relevant criteria. For example, the period we keep your email address is connected to how long your account is active, while the period for which we keep a support message is based on how long has passed since the last submission in the thread. As Customers may have a seasonal site or come back to us after an account becomes inactive, if you’re a Customer, we may not immediately delete your information when your trial expires or you cancel all your paid Services. Instead, we keep your information for a reasonable period of time, so it will be there for you if you come back. You may delete your account by following the instructions in this support guide and/or contacting us at privacy@squarespace.com. Please note that in the course of providing the Services, we may create, collect and/or maintain de-personalized information, which we may retain indefinitely. Back to top 9. Data transfers Your personal information may be transferred to countries other than where you live, such as, for example, to our servers in the US. We also store your information locally on the devices you use to access the Services. Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. For example, data we store may be accessible to law enforcement and national security authorities under certain circumstances. We rely upon a number of means to transfer personal information which is subject to European Region data protection laws. These include: Adequacy decision. We may, in accordance with Article 45 of the GDPR, transfer personal information to recipients that are in a country that European Commission, UK or Swiss data protection supervisory authority(ies) have confirmed, by decision, offers an adequate level of data protection (“adequacy decision”). We rely on these adequacy decisions to transfer personal information to recipients located in countries such as the UK. The adequacy decisions are available at the following links: European Commission adequacy decisions; UK adequacy decisions; and Swiss adequacy decisions. Data Privacy Frameworks. We transfer personal data to Squarespace, Inc. in the US from, as applicable, the EEA, Switzerland and the UK pursuant to the Data Privacy Frameworks. An adequacy decision was adopted for the EU-U.S. Data Privacy Framework, Swiss-US Data Privacy Framework and the UK Extension to the EU-US Data Privacy Framework (each individually and jointly, the “Data Privacy Frameworks). Standard data protection clauses (“SCCs”) and other transfer methods. For countries without an adequacy decision, we transfer, in accordance with Article 46 of the GDPR, personal information to recipients that have entered into the approved form of transfer contract (SCCs) for the transfer of personal data outside the European Region. We rely on SCCs to transfer personal information to recipients located in countries such as Australia. We may, where there is no adequacy decision, alternatively make a transfer based upon Article 46 of the GDPR using an approved certification mechanism or code of conduct or binding corporate rules. You can find out more information about these transfer mechanisms here or you can request a copy from us. Back to top 10. Data Privacy Frameworks Squarespace, Inc. complies with the Data Privacy Frameworks to provide a legal basis for transfers of personal data to Squarespace, Inc. in the US from, as applicable, the EEA, Switzerland and the UK. Squarespace, Inc. has certified its compliance to the Data Privacy Frameworks. Squarespace, Inc.’s certification extends to its processing of personal information (received from the European Region under the Data Privacy Frameworks) of the type and for the purposes described in this Privacy Policy. This Privacy Policy also describes the types of third parties to which personal information is disclosed (and the purposes for such), individual’s right of access, the choice and means offered to limit the use and disclosure of personal information and that personal information is disclosed in response to legal requests by public authorities where necessary, including to meet national security or law enforcement requirements. Squarespace, Inc. is committed to treating personal information received from the European Region pursuant to the applicable Data Privacy Framework in accordance with the principles thereof (the “DPF Principles”). You can find our certification here and you can learn more about the Data Privacy Frameworks (as determined based upon the country from which the personal information was received) and DPF Principles by visiting https://www.dataprivacyframework.gov/. For purposes of enforcing compliance with the Data Privacy Frameworks, Squarespace, Inc. is subject to the investigatory and enforcement authority of the US Federal Trade Commission. Our accountability for personal information we receive and subsequently transfer to a third party is described in the DPF Principles. In particular, we may use third parties to process data on our behalf as described in this Privacy Policy, and we remain liable if they do so in a manner inconsistent with the DPF Principles, unless we prove that we are not responsible for the event giving rise to the damage. If you have a question or complaint you believe to be within the scope of our Data Privacy Frameworks certification, please contact us first at privacy@squarespace.com, or using the contact details in the “How to contact us” section below. Any complaint must include a description of your claim and proof of your relationship with Squarespace. We'll respond within 45 days. Any complaint that we can’t resolve directly after 45 days may be resolved by JAMS, which is the independent organization responsible for reviewing and resolving complaints about our Data Privacy Frameworks compliance. You can contact JAMS free of charge at https://www.jamsadr.com/DPF-Dispute-Resolution. JAMS is an alternative dispute resolution provider based in the US. If your concern still isn't addressed by JAMS, you may be entitled to a binding arbitration under the DPF Principles through the International Centre for Dispute Resolution, which is the international division of the American Arbitration Association (“ICDR-AAA”) and which is the administrator for the Data Privacy Frameworks binding arbitration program. The administration of all such arbitrations will be in accordance with ICDR-AAA’s applicable dispute resolution rules and procedures in effect at the time any demand for arbitration is filed (the “ICDR-AAA Rules”). If you are in the EEA or the UK, please see the applicable ICDR-AAA Rules here. If you are in Switzerland, please see the applicable ICDR-AAA Rules here. Notwithstanding anything to the contrary, both you and Squarespace agree to the applicable ICDR-AAA Rules relating to mass arbitration filings, including without limitation the ICDR-AAA Mass Arbitration Supplementary Rules and Fee Schedules, but excluding any rules or procedures governing or permitting class or representative actions. Any dispute resolution demand or counterclaim, including arbitration demand or counterclaim, asserted by either party must contain sufficient information to provide fair notice to the other party of the asserting party’s identity, the claims being asserted and the factual allegations on which those claims are based, and must include proof that the claimant’s data is subject to this Privacy Policy. ICDR-AAA may require amendment of any demand or counterclaim that does not satisfy these requirements. ICDR-AAA has the right to impose sanctions for any claims it determines to be frivolous or improper (under the standard set forth in Federal Rule of Civil Procedure 11 and any similar standards in other jurisdictions), including for any claim filed on behalf of a claimant whose data is not subject to this Privacy Policy. Nothing in the Data Privacy Frameworks affects your rights as a data subject to the extent we use any European Commission approved standard data protection clauses for transfers to the US. If there is any conflict between the terms in this Privacy Policy and applicable DPF Principles, the applicable DPF Principles shall govern. Back to top 11. Updates to this Privacy Policy We’ll update this Privacy Policy from time to time to reflect changes in technology, law, our business operations or any other reason we determine is necessary or appropriate. When we make changes, we’ll update the “Effective Date” at the top of the Privacy Policy and post it on our sites. If we make material changes to it or the ways we process your information, we’ll notify you (by, for example, prominently posting a notice of the changes on our sites before they take effect or directly sending you a notification). We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit. This will help ensure you better understand your relationship with us, including the ways we process your information. Back to top 12. Who is Squarespace? When we say “Squarespace” (or “we,” “us” or “our”), we mean: (a) Squarespace, Inc. if you are a resident of or have your principal place of business in the United States of America or any of its territories or possessions (the “US”); or (b) Squarespace Ireland Limited if you are a resident of or have your principal place of business outside the US. If your place of residence or principal place of business changes, the Squarespace entity that controls your personal information will be determined by your new residence or principal place of business from the date it changes. You have the right to lodge a complaint with a competent supervisory authority, subject to applicable law. If you are subject to EU data protection laws, we suggest you lodge any such complaints with our lead supervisory authority: Irish Data Protection Commissioner Data Protection Commission 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Ireland Phone 01 7650100 & 1800437 737 Email: info@dataprotection.ie If you are a resident of the UK or otherwise subject to UK data protection laws, you may lodge such complaints with the UK supervisory authority: Information Commissioner's Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF United Kingdom Phone 0303 123 1113 Live Chat Back to top 13. How to contact us If you have questions, comments or complaints about this Privacy Policy or our privacy practices or if you would like to exercise your rights and choices, please email us at privacy@squarespace.com, or write to us at the addresses below. If you are a resident of or have your principal place of business in the US: Squarespace, Inc. Attention: Legal - Privacy 225 Varick Street, 12th Floor New York, NY 10014 United States If you are a resident of or have your principal place of business anywhere other than the US: Squarespace Ireland Limited Attention: Legal - Privacy Squarespace House Ship Street Great Dublin 8, D08N12C Ireland Back to top Appendix I. Specific Information for California Residents This Appendix I is only applicable to you if you are a resident of the state of California in the US (“California Residents”) and only applies to Squarespace Controlled Information for which Squarespace is a “Business” (as defined in the CCPA). “CCPA” means the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100 - 1798.199), as may be modified from time to time, including by the California Privacy Rights Act. This Appendix I covers Squarespace Controlled Information we collect about California Residents on or through our Services and through other means (such as information collected offline or in person). It does not apply to personal information we collect from individuals in their capacity as job applicants, employees, or independent contractors of Squarespace. As used in this Appendix I, “personal information” shall have the meaning set forth in the CCPA. If you are a California Resident who is a User and uses the Services to store Customer Controlled Information for which you are a “Business” and Squarespace is a “Service Provider” (as defined in the CCPA), please see our Data Processing Addendum for information about how we process Customer Controlled Information. a. Categories, business and commercial purposes, sources and third parties California law requires us to disclose certain information regarding the personal information we collect. Below is a table showing: (i) all categories of personal information (as described in the CCPA) which Squarespace collects, or has collected, about California Residents, in the twelve (12) months prior to the effective date of this Privacy Policy; (ii) the purposes for which we use that information; and (iii) the categories of other parties to whom we disclose that information for a business purpose. Category of personal information Purposes of use Categories of other parties to whom Squarespace has disclosed or may disclose this category Personal identifiers, including Customer Account Details, Payments Services Account Information, Optional 2FA Account Information, Contact Information and Enterprise Sales Information Provision of the Services to Customers Communicating with you Surveys and research and contests, sweepstakes or other promotions Processing your payments Promotion and sales Advertising Security Enforcement Protection Complying with Law Vendors; Business partners; Entities for legal purposes; Entities for transfers of business or assets Customer profile and financial information, including Payments Services Account Information Provision of the Services to Customers Communicating with you Surveys and research and contests, sweepstakes or other promotions Promotion and sales Security Enforcement Protection Complying with law Vendors; Business partners; Entities for legal purposes; Entities for transfers of business or assets Commercial information, including Account History Information Provision of the Services to Customers Communicating with you Surveys and research and contests, sweepstakes or other promotions Promotion and sales Advertising Customizing the Services Improving our Services Security Enforcement Protection Complying with law Vendors; Business partners; Entities for legal purposes; Entities for transfers of business or assets Geolocation data Provision of the Services to Customers Customizing the Services Security Enforcement Protection Complying with law Vendors; Entities for legal purposes; Entities for transfers of business or assets Professional or job-related information, including as part of Enterprise Sales Information Communicating with you Promotion and sales Security Enforcement Protection Complying with law Vendors; Entities for legal purposes; Entities for transfers of business or assets Internet activity data of Customers, including Site Usage Information of Customers Provision of the Services to Customers Advertising Customizing the Services Improving our Services Security Enforcement Protection Complying with law Vendors; Business partners; Entities for legal purposes; Entities for transfers of business or assets Internet activity data of End Users, including Site Usage Information of End Users Security Enforcement Protection Complying with law Vendors; Entities for legal purposes; Entities for transfers of business or assets Sensory data, including recorded discussions as part of Enterprise Sales Information Communicating with you Promotion and sales Security Enforcement Protection Complying with law Vendors; Entities for legal purposes; Entities for transfers of business or assets Other information, e.g., any other information you provide to us in connection with the Services Provision of the Services to Customers Communicating with you Customizing the Services Improving our Services Security Enforcement Protection Complying with law Vendors; Entities for legal purposes; Entities for transfers of business or assets The only categories of personal information for which we “Share" or “Sell” personal information for cross-context behavioral advertising (as described in subsection c. below) are non-directly identifying identifiers (e.g., “hashed” email address), commercial transactions, and Internet activity data. For more information about each category, purpose of use, and the parties to whom we disclose or share information, please see Section 5 above. For information on how we retain your personal information, please see Section 8 above. b. Your requests Subject to certain exceptions and restrictions, the CCPA provides California Residents the right to submit requests to a business which has collected their personal information: (i) to provide them with access to the specific pieces and categories of personal information collected by the business about such California Resident, the categories of sources for such information, the business or commercial purposes for collecting such information, and the categories of unaffiliated parties to whom such information was disclosed; (ii) to request correction of their inaccurate personal information; and (iii) to delete their personal information (each, a “California Request”). We need certain types of information so that we can provide our Services to you. If you ask us to delete some or all of your information, you may no longer be able to access or use the Services. If you are a California Resident, please follow the instructions in the “Your rights and choices” section above to submit California Requests and please make sure you note that you are a California Resident when you do so. California Residents may designate an authorized agent to make California Requests on their behalf. In order to designate an authorized agent to make a California Request on your behalf, you or your agent must provide proof that the agent has been authorized by you to act on your behalf, such as written authorization signed by you authorizing that agent to act on your behalf. We reserve the right to request additional information from you and/or individuals purporting to be authorized agents, such as when we suspect fraud. c. Do not sell or share my personal information California residents may opt out of the "Sale" or “Sharing” of their personal information. The CCPA’s definition of "Sale" includes “Sharing” for purposes of “cross-context behavioral advertising,” which is defined as targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites. We only mean this CCPA definition when “share” or “sharing” are capitalized in this Appendix I or otherwise in this Privacy Policy. We Share information to provide more relevant and tailored advertising to you regarding our Services. Depending on how you use the Services, we may Share device information and identifiers, such as IP address and unique advertising identifiers and cookies, for such purposes. We do not otherwise “Sell” (as defined in the CCPA) your personal information, and have not engaged in such activity in the twelve (12) months prior to the effective date of this Privacy Policy. If you would like to opt out of Squarespace's Sale or Sharing of your information with third parties for such purposes, you may do so by clicking on the “Your Privacy Choices” link in the footer of this page. Please note that the opt out will only apply to the browser and device you use to opt out. The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” (as defined in the CCPA) if your sensitive personal information is used for certain purposes. We collect the following categories of “sensitive personal information”: (i) account log-in and password or other credentials that allow access to your account; and (ii) geolocation information. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA. We do not currently recognize or respond to browser-initiated Do Not Track signals. Please note that Do Not Track is a different privacy mechanism than the “Global Privacy Control,” which is a browser-based control that indicates whether you would like to opt out of processing of your personal information for online behavioral advertising purposes. We respond to the Global Privacy Control in California. To opt out of Sale or Sharing, turn on the Global Privacy Control signal in your browser. Please note that the opt out will only apply to the browser and device you use to send the Global Privacy Control signal. We do not knowingly Sell or Share the personal information of children under 16. d. We do not discriminate against you You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Squarespace does not discriminate against California Residents for exercising their rights. Back to top Appendix II. Specific Information for Residents of Other US States With An Applicable Data Privacy Law This Appendix II is only applicable to you if you are a resident of a state other than California with an applicable data privacy law such as Colorado, Connecticut, Oregon, and Texas (“Applicable State Residents”) and only applies to Squarespace Controlled Information for which Squarespace is a “Controller” (as defined in an applicable state data privacy law). It does not apply to personal information we collect about you where you are acting as an employee, owner, director, officer or contractor of a company, partnership, sole proprietorship, non-profit or government agency. This Appendix II applies to personal information we collect about Applicable State Residents on or through our Services and through other means (such as information collected offline or in person). In addition to your rights in Section 6 above, you can: ask us to confirm we are processing your personal information; and opt out of processing or sharing of your personal information for online targeted advertising purposes. If you would like to opt out of Squarespace's use of your information for such purposes, you may do so by clicking on the “Your Privacy Choices” link in the footer of this page. Certain information may be exempt from such requests under applicable state data privacy law. Depending on where you live, if we deny your request to exercise your rights in whole or in part, you may have the right to appeal the decision. In such circumstances, you may contact us at privacy@squarespace.com with the subject “Data Privacy Request Appeal” to provide us with details about why you are appealing the decision. Residents of the state of Colorado may review the table in Appendix I(a) above for additional details on how we process Squarespace Controlled Information about you. If you are an Applicable State Resident who is a Customer and uses the Services to store Customer Controlled Information for which you are a “Controller” and Squarespace is your “Processor” (as defined under an applicable state data privacy law), please see our Data Processing Addendum for information about how we process Customer Controlled Information. Back to top
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called
'crash dumps' ), and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
- Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
- To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
- To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
- To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
- To
fulfil and manage your orders. We may process your information to fulfil and manage your orders, payments, returns, and exchanges made through the Services.
- To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
- To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e.If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e.
consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a Contract. We may process your personal information when we believe it is necessary to
fulfil our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
- For investigations and fraud detection and prevention
- For business transactions provided certain conditions are met
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
- For identifying injured, ill, or deceased persons and communicating with next of kin
- If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
- If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
- If the collection is solely for journalistic, artistic, or literary purposes
- If the information is publicly available and is specified by the regulations
- We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents (
The
- Order
Fulfilment Service Providers
Payment Processors
We
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
- When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g.
Google Maps API, Places API). Google Maps uses GPS, Wi-Fi, and cell towers to estimate your location. GPS is accurate to about 20 meters, while Wi-Fi and cell towers help improve accuracy when GPS signals are weak, like indoors. This data helps Google Maps provide directions, but it is not always perfectly precise.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services
We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.
To the extent these online tracking technologies are deemed to be a
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie NoticeRemarketing with Google Analytics Google Display Network Impressions Reporting Google Analytics Demographics and Interests Reporting
Google Analytics
We may share your information with Google Analytics to track and6. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary toWe will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system ofWe have implemented appropriate and reasonable technical and
8. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market toWe do not knowingly collect, solicit data from, or market to children under 18 years of agedon@donstronomy.com
9. WHAT ARE YOUR PRIVACY RIGHTS?
In Short:In some regions (like
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent: If we are relying on your consent to process your personal information,
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor,
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
If you have questions or comments about your privacy rights, you may email us at don@donstronomy.com .
10. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for
11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident ofCategories of Personal Information We Collect
The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section| Category | Examples | Collected |
|---|---|---|
A. Identifiers | Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name |
B. Personal information as defined in the California Customer Records statute | Name, contact information, education, employment, employment history, and financial information |
Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data | ||
Transaction information, purchase history, financial details, and payment information | ||
Fingerprints and voiceprints | ||
Browsing history, search history, online | ||
Device location | ||
Images and audio, video or call recordings created in connection with our business activities | ||
Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us | ||
Student records and directory information | ||
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics | ||
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels;
- Participation in customer surveys or contests; and
- Facilitation in the delivery of our Services and to respond to your inquiries.
- Category A -
As long as the user has an account with us
- Category B -
As long as the user has an account with us
- Category
C - As long as the user has an account with us
- Category
D - As long as the user has an account with us
Sources of Personal Information
Learn more about the sources of personal information we collect inHow We Use and Share Personal Information
We collect and share your personal information through:
- Beacons/Pixels/Tags
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section,
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under Your Rights
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:Depending upon the state where you live, you may also have the following rights:How to Exercise Your Rights
To exercise these rights, you can contact us Under certain US state data protection laws, you can designate an Request Verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.If you submit the request through an Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at California
California Civil Code Section 1798.83, also known as the 12. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may 14. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?