Facebook Payments International Limited Privacy Policy
Last updated: 21 January 2021
Protecting the privacy of your financial information is important to us. Facebook Payments International Limited ("Facebook Payments International") wants to be open and transparent about how your personal information is collected and used.
Facebook Payments International is a separate company from Facebook, Inc., Facebook Payments, Inc. and Facebook Ireland Limited ("Facebook Ireland"). We work with our affiliates (and third parties) to provide you with payment and related services. This may entail some data sharing as explained in this Policy. This Privacy Policy applies to users outside of the US and Canada.
What kinds of information do we collect?
Facebook Payments International only receives limited personal information from you – specifically, your card numbers and other payment method information, and information such as your transaction history or a copy of your ID, which Facebook Payments International is required to obtain in order to fulfil its legal or regulatory requirements, such as anti-money laundering requirements ("Personal Information").
We may need to contact you to obtain additional identification information for anti-money laundering purposes and for the purposes of preventing fraud and other criminal acts, including where you use Facebook Payments International's services to make and receive payments above certain thresholds in any one calendar year. This may include asking for a copy of your ID. We will only do this when we are obliged to by law or by applicable regulatory guidance or practices.
In order to fulfil its regulatory requirements, Facebook Payments International is legally obliged to collect certain data about you when you use our services. In such cases, Payments International may obtain some of your Personal Information directly from Facebook Ireland. For example, Facebook Ireland may provide us with your name and date of birth for anti-money laundering purposes. This information may be updated when you change your Personal Information through your Facebook account.
How do we use this information?
We use your Personal Information to help you make payments on Facebook Products, for anti-money laundering and other regulatory purposes, and for fraud prevention.
We process your Personal Information in order to fulfil our anti-money laundering and other legal requirements. We also process your Personal Information for the purpose of preventing fraud and other criminal acts and to keep our payments service safe and secure.
How is this information shared?
We may need to share your Personal Information under certain circumstances so that we can offer you the best service possible, run our business or comply with legal and regulatory obligations (this includes statutory reporting obligations to the Central Bank of Ireland, the Irish Revenue Commissioners and other regulators and tax authorities) and legal requests.
We may also share your Personal Information with Facebook, Inc, and with Facebook Ireland and Facebook Payments, Inc. We may also share your Personal Information with third-party agents and service providers of Facebook Payments International or of the Facebook group. This sharing of data will happen for specific reasons:
  • to process your payment
  • for maintenance of your payment account
  • to provide customer support
  • to detect, prevent or otherwise address anti-money laundering, fraud, security or technical issues, or to protect ourselves, you and others
  • if it's a regulatory or legal requirement, such as in response to a subpoena or a regulatory audit
How is this information transferred?
We share information globally, both internally within the Facebook Companies and externally with our partners. Information controlled by Facebook Payments International will be transferred or transmitted to, or stored and processed in, the United States or other countries outside of where you live for the purposes as described in this Policy. We utilise standard contractual clauses approved by the European Commission or another relevant authority (as applicable) or rely on the European Commission's or another relevant authority's adequacy decisions about certain countries, as applicable, or we use equivalent mechanisms provided under applicable data protection law.
What is our legal basis for processing data?
We process your Personal Information that we have in the ways described above:
  • as necessary to fulfil our Facebook Payments International Community Payments Terms and to provide the services described in these Terms;
  • as necessary to comply with our legal obligations;
  • as necessary in the public interest and
  • as necessary for our (or others') legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
How do we respond to legal requests or prevent harm?
We access, preserve and share your information with regulators or law enforcement in response to a legal request, if we have a good-faith belief that the law requires us to do so or if we believe that disclosure would assist in a lawful investigation. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards.
Information we receive about you (including financial transaction data related to purchases made with Facebook Payments International) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible violations of our terms or policies, or otherwise to prevent harm.
How can you manage or delete information and exercise rights provided under the GDPR and other relevant applicable data protection laws?
Managing your information:
You can view and update payment information, including deleting credit cards or other payment methods, by going to the Payments settings page in your Facebook account settings. You can also access your Payment history page to see details of your payment history.
Exercising your rights under the GDPR and other relevant applicable data protection law:
Under applicable data protection laws such as the GDPR, you may have the right to access, rectify, port and erase your data.
You may also have the right to object to and restrict certain processing of your data, where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can contact Facebook to exercise these rights.
Deleting Information:
If you delete your Facebook account or your Facebook payments account, your Personal Information is deleted unless we have an obligation as described above to retain your Personal Information. You can contact us using the contact details below if you wish to access this Personal Information once your Facebook account or Facebook payments account has been deleted.
How do we keep your personal information secure?
We take appropriate security measures to protect against unauthorised access and unauthorised changes, sharing or destruction of your Personal Information. These security measures include internal reviews of our data collection, storage and processing practices, and security measures, as well as physical and technical security measures to guard against unauthorised access to systems where we store personal data. Facebook Payments International uses encryption to protect your Personal Information. For example, your credit card number will be stored in an encrypted form.
The security of your account also depends on keeping your account password confidential. You should not share your account name or password with anyone. If you give your password to someone else (e.g. a significant other, your boss or a website), they will have access to your account and your Personal Information.
How long do we keep your information?
We store your Personal Information until it is no longer necessary to provide our payment services or for as long as is required to comply with our legal and regulatory obligations. Typically, this means that we will keep your Personal Information for a minimum period of five years, but we may keep it for longer in order to comply with our legal obligations, such as under applicable anti-money laundering rules.
Information that we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of litigation, a regulatory or legal request or obligation, governmental investigation or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
If you delete your Facebook account, we keep some of your Personal Information for regulatory and legal reporting and auditing obligations. We won't keep it for any reason besides meeting these obligations. We may delete records associated with deleted accounts over time as permitted or required by law.
How will we notify you of changes to this Policy?
This Privacy Policy may change from time to time. We'll post any policy changes on the Payments Privacy Policy Page, and if the changes are material, we will notify you.
How to contact Facebook Payments International with questions
The data controller responsible for your information is Facebook Payments International, which you can contact here.
Facebook Payments International, Attn: Legal Department,
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
Postcode: D02 X525
You may have the right to lodge a complaint with Facebook Payments International's lead supervisory authority, the Irish Data Protection Commission or, if you live in a country outside of the European Union, you may have the right to complain to the competent data protection supervisory authority of that country.