Hva er personvernforordningen (GDPR)?

The General Data Protection Regulation (GDPR) is a regulation in EU law regarding the privacy and protection of personal data for people within the European Economic Area. Implemented on May 25th, 2018, the goal of this regulation is to grant EU citizens and residents greater control over their personal data and to set up a regulatory framework, or more simply, a single set of rules for data protection for all businesses operating within the EU.

This is great news for every EU citizen! The 99 articles in the GDPR serve to hold organisations responsible for obtaining the individuals’ consent from whom they gather information. Additionally, these individuals should now be able to easily access the information organisations collect about them.

Hvordan påvirker dette SumUps bruk av min informasjon?

SumUp har alltid tatt personvern og datasikkerhet på alvor. Personvernfororningen sørger nå for at du som SumUp-bedrift får bedre innsyn i informasjonen vi har om deg, og krever samtidig at vi får ditt samtykke for å overføre eller behandle din data.

SumUp guarantees to collect, store and process your information in compliance with SumUp’s Privacy Policy and all relevant data protection legislation. This means that we will only use your data when needed to provide you with our service.

While SumUp may share your data with trusted third parties (acting on our behalf to provide you with our services), SumUp will ensure that these third parties maintain the highest possible standard for data protection and are in line with any applicable data protection legislation via contractual agreements and specific guidelines provided to them. All SumUp merchant data is held securely within the European Union.

I tillegg til å følge personvernforordningen, så er SumUp sertifisert som kompatibel under Payment Card Industry Data Security Standard (PCI-DSS). Dette betyr at SumUp tar ekstra forsiktighet ved behandling av kortholderinformasjon i tillegg til å sikre at vår maskinvare og programvare gir optimal sikkerhet. Denne sertifiseringen etablerer vårt selskaps evne til å opprettholde de høyeste sikkerhetsstandardene tilgjengelig, slik at SumUp-bedrifter kan føle seg trygge i samarbeid med SumUp.

SumUp allows a merchant to request the details regarding the personal information SumUp retains about them by emailing a request to DPO@sumup.com.

Hva om jeg vil at SumUp skal slette litt av eller all min personlige data?

You can request the deletion of some or most of your personal data by emailing us at DPO@sumup.com. We say “most” because SumUp is required by virtue of other legal requirements to maintain some information for periods of time. For example, all transactional data has to be maintained per Anti-Money Laundering rules 5 years after the relationship between SumUp and the merchant has ended.

Should you desire to withdraw your consent to the processing or the sharing of your personal data, please know that we will not be able to provide you with our services. Per the GDPR, we cannot legally provide you with our services without your consent. Additionally, on an operational level, SumUp requires your consent as we rely on numerous third parties to provide you with our services. For example, your consent allows banking partners to provide the payment services between you and your customers as well as your own payment settlements.

Additionally, you can withdraw your consent to receive supplementary marketing communications at any time, and this will not affect the service we provide to you.

We can assure you that we will continue to only send relevant and (we believe) interesting merchant-related updates, tips and offers that will enhance your business.

Do I need a Data Processing Agreement (DPA) between SumUp and my business?

No, there is no need for merchants to sign a DPA with SumUp. This data processing agreement is only required between data controllers and data processors, and in this case, to allow the protected sharing of your data to provide the service to you. As you, the merchant, are the data subject and SumUp is the data controller, there is no need for a DPA between either party. The Privacy Policy you agree to as a merchant is our (SumUp’s and the merchant’s) legally-binding contract which satisfies all data protection laws.

Note that SumUp has put into place DPA’s with all of the third-party data processors with whom we may share your data in order to provide you with our services.


Ønsker du mer info?
Send en melding til SumUps kundeservice eller kontakt SumUps databeskyttelsesansvarlige, når som helst.

E-post: DPO@sumup.com

Post: Data Protection Officer, SumUp Payments Limited, 32 - 34 Great Marlborough St, W1F 7JB, London, United Kingdom

Var denne artikkelen nyttig?

Fant du ikke det du lette etter?

Kontakt oss

Artikler i denne seksjonen