This Privacy Policy applies to users based in the UK or EEA. For users from rest of the world, please see Privacy Policy – Global, other than UK and Europe. 

Splitit is committed to your right to privacy. Reference to “Splitit” “we,” “us” or the “Company” is a reference to Splitit UK Ltd, in its capacity as the data controller or the data processor (as specified in this Privacy Policy). 

We may also reference “Splitit” when we process your data through relevant affiliates or subsidiaries of the Splitit group of companies (Splitit USA Inc. and Splitit Ltd.) involved in the data processing activity, including the collection, holding, use and disclosure of Personal Data. Our representative in the EU is Splitit UK Ltd., which can be contacted at [email protected]. 

This Privacy Policy (“Privacy Policy”) sets out how Splitit uses and protects your Personal Data. It explains the data collection, processing, use, transfer and disclosure made by us (or by anyone on behalf of us) in connection with processing activities where we act as a controller, and processing activities we conduct on behalf of third party controllers where we act as a data processor. 

Data protection laws distinguish between controllers (organizations that process Personal Data for their own purposes) and processors that process Personal Data on behalf of other organizations. Whether we are acting as a controller or processor depends on the situation:

When we act as a controller, our processing activities are related to: 

(i) visitors to our website: https://www.splitit.com/ (respectively, “Visitor” and “Website”); 

(ii) Splitit customers (e.g., merchants and retailers of e-commerce platforms that host or embed Splitit solution) and particularly, their representatives and employees, (respectively, “Merchant” and “Splitit Solution”); 

(iii) Merchants’ individual customers (“Consumer”) when they take surveys about our services and / or receive our newsletters; and 

(iv) providing payment services to Merchants (collectively, “Services”). 

When we act as a processor, we process Personal Data on behalf of Merchants with respect to transactions made by Consumers via the Splitit Solution. If you are a Consumer, we are a data processor of your Personal Data on behalf of the Merchant, who is the data controller. PLEASE REFER TO MERCHANT’S PRIVACY POLICY FOR MORE INFORMATION ON THE PROCESSING OF YOUR DATA.

THE HIGHLIGHTS: 

• Our Website and Services are intended for Users over the age of 16, or equivalent minimum age for either providing consent to processing of Personal Data or using the Services in the relevant jurisdiction. Users under such age are not permitted to use the Services. In certain jurisdictions using the Services may be restricted for Users under the age of 18 or 21. 
• In certain jurisdictions, such as the European Union and United Kingdom, you will be entitled under applicable law to request: review; access; amendment, correction, erasure; objection to; restriction; or the portability of the Personal Data processed by us. Please note that in case you request to erase, or restrict the processing, or withdraw consent to the processing of your Personal Data, your use of the Services may be restricted or disabled.
• We do not sell, trade, or rent Users’ Personal Data to third parties. We only share Personal Data with third parties in connection with the provision of the Services to our Users, or other limited circumstances as specified herein. 

If you have any questions or requests regarding your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, please send us an email to: [email protected].

“Personal Data” or “Personal Information” (which will be referred to together as “Personal Data”), means any information about an identifiable individual or that identifies or can be used to identify a natural person, directly or indirectly, including, but not limited to, first and last name, phone number, email address, online identifiers, IP address or other online identifiers, billing information, information concerning households, devices, etc.

“Non-Personal Data”, means non-identifiable aggregated or anonymized data that falls outside the definition of Personal Data. This data is not used to identify individuals. 

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us, for example a new address or email address.

In general, we may use certain of the Personal Data mentioned herein for the scenarios described below. We may also process Personal Data in order to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services. We may also use the Personal Data mentioned herein to enforce the agreement applicable to you, as well as to protect the security or integrity of our databases and Services. Such processing is based on our specified legitimate interests or based on legal obligation.

Below, we describe three scenarios where we may use Personal Data. In each scenario we separately describe (i) the type of user and type of data, (ii) the purposes for which we may collect, use or disclose this Personal Data, (iii) the legal basis under the EU or the UK General Data Protection Regulation (together, the “GDPR”) for collecting this information, if applicable, and (iv) the retention periods.

When acting as a controller of Merchants’ related data, Personal Data is only used for the purposes specified below:

If you register as a Merchant to our Services, we will collect, use and disclose your information. Such information includes but is not limited to your full name, position, region, company, email address, contact details of your contact person, and financial information. We collect this information directly from you when you ask for a demo or when you engage with Splitit via a Merchant agreement.

When acting as a controller of Website and Service users’ data, Personal Data is only used for the purposes specified below:

Technical Information, Geolocation and Online Identifiers: we collect technical information transmitted by your device when using the Website and/or Services, this information includes: the type of operating system and device used to access the Website and/or Services, date and time stamp, language preferences, approximate geolocation (i.e., country/state), IP address and your actions such as page views, search queries, etc. This information is collected automatically from you when you are using the Website and/or Services. In case you are using the Services as a Consumer, we may receive this information directly from the Merchant from whom you purchased a product using the Splitit Solution.

Contact Us Information: if you contact us via the “Contact Us” feature available through the Website or otherwise, we may collect certain information regarding you, such as your full name, your email, your phone number, your position (e.g., Consumer or Merchant), your company (if applicable to you), country, the content of your message, etc. We collect this information directly from you when you contact us.

Newsletter Subscription: if you voluntarily subscribe to our newsletter through the Website, you will be requested to provide us with your email address. You can unsubscribe at any time using the unsubscribe option within the body of the applicable email or by contacting us directly at [email protected]. We collect this information directly from you.

Please also see our Cookie Policy to understand how we use cookies and your Personal Data to improve your experience of our Website and Services.

When acting as a controller of Consumers’ data, Personal Data is only used for the purposes specified below:

Surveys and Service Review: we may collect, use and disclose information when you participate in and respond to surveys, provide your feedback to service review forms, or rate or review the Services (“Survey”). For this purpose we will collect and use your email address. We also collect, use and disclose the information provided during the Surveys, such as your experience while using the Services, including your feedback on the process and customer support, information regarding your age range, payment preferences, income, etc. This information may be requested by us directly or by our service providers who provide us with third party Survey services. 

We may link the information collected in the survey to information we already have about you, such as which type of payment card you used with the Splitit Solution, the Merchant you were purchasing from, Merchant location, your location, etc. We will link the above-mentioned information to the information we have on you (only to the extent we have this) in order to analyze and get insights regarding transactions made with our Services and in order to improve our Services. 

Purposes for which we may collect, use or disclose this Personal Data and legal basis under the GDPR

• Where we gain your consent, we will use your email to send you Surveys, and if applicable to send you any vouchers or coupons. 
• For the legitimate interests of Splitit to manage and improve our Website and Services, we will use this information in order to improve our Website and Services, understand if there are any difficulties or failures in the process, analyzing the Services, enhancing your experience, improving our customer service and your user experience.
• For the legitimate interests of Splitit to manage and improve our Website and improve our user experience, we also collect this information for our statistics and analytics purposes and make the Services customized for our Consumers.

Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as necessary for the purposes collected, including to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable, without prejudice to the subsequent retention of data necessary for addressing any responsibilities that may arise from the data processing activities, in which case the personal data will be kept duly blocked.

If you opt in to marketing communications from us, we will keep your relevant Personal Data for as long as you are receiving such communications. If you later decide to opt out (or object to any other use of your Personal Data), we may keep a record of your opt-out or objection in order to respect your preferences and demonstrate our compliance.

We do not knowingly collect or use or disclose any Personal Data included in Special Categories of Personal Data (as defined in the GDPR). This refers to particularly sensitive categories of personal data that require extra protection. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (when used for identification), data concerning health, and data concerning a person’s sex life or sexual orientation. In the event you become aware that such data has been posted to the Website or collected by us, please inform us immediately so that we can take the appropriate measures.

Lastly, when you provide us with your consent to carry out the corresponding activities above, note that you can withdraw your consent at any time by contacting [email protected].

We may use data files such as cookies, pixel tags, “Flash cookies” or other local storage files provided by your browser or associated applications. Please read our Cookie Policy for more information about the cookies we use. You can allow all cookies or manage them individually by adjusting your preferences. 

WE DO NOT SELL OR RENT ANY OF YOUR PERSONAL DATA TO NON-AFFILIATED THIRD PARTIES FOR THEIR MARKETING PURPOSES. 

4.1. Non-Personal Data, aggregate and statistical or otherwise anonymized data may be shared without limitation with third parties at our discretion. This information does not contain Personal Data and is used to develop content and Services for our Website Users and Merchants. 

4.2. Regarding Personal Data when we act as a controller, we share Personal Data only under the following circumstances:

With our affiliates and connected companies (Splitit USA Inc. and Splitit Ltd.), such as subsidiaries to provide you with our Services and conduct marketing activities as further described above; 

Trusted third party providers that assist us with providing our Services including marketing services, survey services and platforms acting as data processors;

As necessary to help detect and prevent potentially illegal acts and fraud, and to guide decisions about the products, services and communications based on our legitimate interest in avoiding illegal and fraudulent actions; and

Third parties to or with whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this Privacy Policy.

With regulatory authorities, our auditors, legal counsel, and other professional advisers, but only to the extent necessary to comply with our legal obligations or protect our rights.

4.3. Regarding Consumer’s Personal Data, when we act as a processor, please refer to the Merchant’s privacy policy. We may share data, acting under Merchants’ instructions and on their behalf, with credit card processors, acquirers, banking institutions, payment gateway, lenders, trusted third parties who assist us in operating the Services and conducting our business., etc. Please refer to the Merchant’s privacy policy for more information in this regard.

Where your Personal Data is transferred outside the European Economic Area (“EEA”) or UK, we will take steps to ensure that your Personal Data is subject to appropriate safeguards to comply with EU and UK data protection laws respectively, and that it is treated securely and in accordance with this Privacy Policy.

Personal Data may be disclosed to an entity in the Splitit corporate group that is incorporated in Israel (“Splitit Israel”). Personal Data will be held on servers located in the U.S. Therefore, your Personal Data may be stored or processed in countries in which the privacy laws provide for a different level of protection for your Personal Data than that which exists in your country of residence.

The European Commission and UK authorities have decided that the State of Israel ensures an adequate level of privacy and data protection, therefore, in accordance with the GDPR, the transfer of Personal Data from the EU/UK to Israel is safeguarded due to an adequacy decision of the European Commission. 

Personal Data collected by Splitit is stored on servers located in the U.S. with third party providers which adhere to the EU-US Data Privacy Framework and the UK Extension to this Framework or which have entered into an alternative transfer safeguard. 

Any other transfer of Personal Data originating from the EU/UK to a third country shall be made in accordance with applicable law, including by providing adequate protections, or otherwise implementing appropriate safeguards to ensure the protection of our Users’ rights. For instance, the EU Standard Contractual Clauses of the European Commission and the UK Addendum to EU Standard Contractual Clauses may be executed, including for any transfers to Splitit USA Inc. You can obtain a copy of such contract or evidence that they have been executed or more information about our practices and policies with respect to our use of service providers and the jurisdictions in which they are located via the contact information provided at Section 11 below. 

If you (e.g., Website user) provided us with your consent or we otherwise have a legal basis as set out in Section 2, we may send you information on new products, features, activities, services and periodic announcements or newsletters. You may opt-out any time from such communications by either: (i) using an “unsubscribe” feature available within the message; or (ii) sending us an email to: [email protected] asking to opt-out.

Our Website is a general audience Website, which is not directed to persons under 16 years old. If a parent or guardian becomes aware that his/her child has provided us with Personal Data without their consent, he/she should contact us immediately. We do not knowingly collect or solicit Personal Data from people under 16 years old. If we become aware that a person under 16 years old has provided us with Personal Data, we will delete such data from our databases. Please note, in certain jurisdictions you may be banned from using the Splitit Solution unless you are 18 or 21 years old. 

For those processing activities where we act as a controller and subject to applicable law requirements, we will provide individuals with the opportunity to exercise their rights regarding their Personal Data under data protection and privacy laws, including:

the right to confirm whether or not we hold your Personal Data.

the right to access your Personal Data and being provided with a copy of the Personal Data that we hold. 

the right to rectification of your Personal Data.

the right to request access to the Personal Data that we hold about you and correct it if it is inaccurate, incomplete or out of date. If we do not give you access to your Personal Data or we do not agree to your request for correction, we will provide you with reasons why. If you are not satisfied with our decision or reasons, please see Section 11 below. If we agree to grant you access to or correct your Personal Data, we will do this as soon as reasonably practicable following receipt of your request and in any event within the deadline established in applicable laws.

the right to erasure of your Personal Data.

the right to restrict the processing, use and disclosure of your Personal Data.

the right to object to the collection, processing, use or disclosure of your Personal Data, including for direct marketing purposes (which includes any profiling for the purposes of such direct marketing).

the right to data portability (i.e. to receive the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller). 

the right to complain to SplitIt about how we use your Personal Data.  

the right to complain to a supervisory authority at any time (in the event that you are a EEA  or UK resident), particularly, you can lodge a complaint to the Supervisory Authorities of the country of your habitual residence, or place of work of an alleged infringement of data protection laws. A link to the address of each EAA authority can be found here and for the UK authority here. Before you approach the relevant Supervisory Authorities, we would appreciate the chance to deal with your concerns in the first instance. You can contact us at [email protected]; and

the right to withdraw consent.

In addition, if you are in France, you can give instructions in relation to the storage, erasure and communication of your Personal Data after your death to a certified trusted third party in charge of enforcing your wishes after death.

Please review our User Rights Policy regarding your rights under applicable law. 

You may exercise any or all of your above rights in relation to your Personal Data (including to request access to and/or correct your Personal Data held by us) by contacting our privacy team at: [email protected]. To help us deal with you request as efficiently as possible, we recommend filling out and sending us the Data Subject Request Form (“DSR”) with details of your request. 

We may request additional information from you when you contact us with a DSR in order to: (i) verify your identity; (ii) determine the applicable laws that apply to you; (iii) and locate your data.

It may take time to process requests in a way that is consistent with applicable privacy law.

Splitit implements measures to reduce the risks of loss of information and unauthorized access or use of information. We adopt appropriate and generally accepted data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your Personal Data. In particular, your payment information is secured in accordance with the Payment Card Industry Data Security Standard (“PCI-DSS”) standard. 

However, these measures are unable to provide absolute information security. Therefore, although efforts are made to secure your personal information, it is not guaranteed and you cannot reasonably expect that the Service and its related databases will be immune from any wrongdoings, malfunctions, unauthorized interceptions or access, or other kinds of abuse and misuse. 

If you are concerned about the security of your Personal Data, please contact us immediately at [email protected].

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. We encourage you to read those separate privacy policies when accessing such sites.

Splitit may, at any time and from time to time, modify this Privacy Policy. Modifications to this Privacy Policy will be posted on the Website and you will be informed about them. Unless we state otherwise, the updated version shall be effective as of the date on which it is posted on the Website.