|
|
|
|
|
|
by creature
3009 days ago
|
|
|
Neither, in this case. Under the GDPR, you'd be expected to reply something like "As described in our privacy policy we use Stripe for processing payments. The data you enter on our checkout is transferred directly to Stripe, and is not stored by us." You're expected to make sure that third parties your company works with are GDPR compliant, but that's just a case of "ensure Stripe's privacy policy reads as GDPR compliant". |
|
|
(Payment processors are probably a bad example, as they already have boatloads of legal and contractual requirements to deal with. IF they're at all reputable, the GDPR will impact them minimally. The flip side of this is ad tech, who's scummy business model is almost painfully incompatible with GDPR - at the moment.)