Stripe, Inc.

Active Participant

Other Covered Entities

Stripe, Inc.

Industries

  • Financial Services
  • Financial Technology

Participation

UK Extension to the EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 10/6/2023
Next Certification Due Date: 10/5/2024
Data Collected: HR, NON-HR

EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 11/7/2017
Next Certification Due Date: 10/5/2024
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 11/7/2017
Next Certification Due Date: 10/5/2024
Data Collected: HR, NON-HR

Purpose of Data Collection

Stripe’s data collection and data processing purposes vary based on the products and services Stripe offers to its Business Users, End Users and End Customers. In general, the purposes include, e.g., providing Stripe products and services, including facilitating financial transactions, fraud monitoring, prevention and detection, anti-monetary laundering screening, compliance with legal obligations, and conducting data analysis to improve Stripe products and services. HR data is processed for various employment, legal and business purposes as detailed in our relevant information notices and other policies.

Privacy Policy

HR Data

Stripe HR Data Privacy Framework Policy
Description:

Describes our compliance approach with regard to the Data Privacy Framework Principles in relation to employees, applicants and others.

Effective Date: 10/31/2023

Non-HR Data

Document: Stripe Data Privacy Framework Policy
Description:

Describes our compliance approach with regard to the Data Privacy Framework Principles. The Data Privacy Framework Policy applies to Stripe, Inc. For further information, please see our Data Privacy Framework Policy at https://stripe.com/legal/data-privacy-framework. This Stripe Data Privacy Framework Policy (“DPF Policy”) and the Stripe Privacy Policy (“Privacy Policy”) describes the privacy practices that we implement for Personal Data received from the EEA, UK and Switzerland in reliance on the DPF. Stripe has certified to the Department of Commerce that it adheres to the DPR Principles with respect to such data. This DPF Policy uses terms that are defined in the Privacy Policy. If there is any conflict between the terms in this DPF Policy and the DPF Principles as concerns the Personal Data received under the DPF, the DPF Principles will prevail.

Effective Date: 9/29/2023

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Stripe, Inc. at:

Legal Office of the DPO
Office of the DPO
Stripe, Inc.
354 Oyster Point Blvd
South San Francisco, California 94080
dpo@stripe.com
Phone: (415) 223-0377

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Stripe, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


HR RECOURSE MECHANISM

UK Information Commissioner's Office (ICO)
EU Data Protection Authorities (DPAs)
Swiss Federal Data Protection and Information Commissioner (FDPIC)

NON-HR RECOURSE MECHANISM

JAMS


Appropriate statutory body with jurisdiction to investigate any claims against Stripe, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission