Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
WooCommerce PayPal Payments is a WordPress plugin that integrates PayPal payment processing into WooCommerce stores. It enables PayPal Checkout, credit/debit card payments, and Pay Later options. The plugin loads the PayPal JavaScript SDK which sets cookies for fraud prevention, session management, and payment processing. Transaction data is processed on PayPal's US based infrastructure.
WooCommerce PayPal Payments is a WordPress plugin that integrates PayPal payment processing into WooCommerce stores. It supports PayPal Checkout, credit/debit card payments (via PayPal), and Pay Later options. The plugin loads the PayPal JavaScript SDK on checkout pages, which sets cookies for fraud prevention, payment session management, and transaction tracking.
PayPal processes sensitive financial data including card details (never stored on the merchant server), billing addresses, transaction amounts, and buyer identity. PayPal acts as an independent controller or joint controller depending on the payment flow. PayPal provides a DPA, is PCI DSS Level 1 certified, and participates in the EU US Data Privacy Framework. Legal basis: contract performance for payment processing. PayPal fraud prevention cookies may be classified as strictly necessary. Steps: reference PayPal in your privacy policy, document PayPal as a data recipient, implement cookie consent for non essential PayPal cookies, configure WooCommerce data retention, ensure PCI DSS compliance for your store.
Websites using WooCommerce PayPal Payments must obtain user consent under GDPR regulations.
DPIA considerations
DPIA recommended due to financial data processing. Assess: payment data categories (card details handled by PayPal, order details on WooCommerce), PayPal SDK cookies and fraud prevention, buyer personal data (name, address, email), PayPal's US processing, PCI DSS scope.
Sample consent text
This store uses PayPal for payment processing via WooCommerce. PayPal may set cookies for fraud prevention and payment session management. Payment data is processed on PayPal servers. By proceeding with payment, you consent to PayPal's data processing.
Third-party domains contacted
www.paypal.comwww.paypalobjects.comapi.paypal.comt.paypal.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| ts | security | 3 years | PayPal fraud prevention cookie collecting device and browser information. |
| ts_c | security | 3 years | PayPal fraud prevention cookie timestamp for security checks. |
| x-pp-s | functionality | Session | PayPal payment session cookie maintaining checkout state. |
| enforce_policy | functionality | 1 year | PayPal cookie enforcing regional payment policies. |
| nsid | functionality | Session | PayPal session identifier for payment processing. |
WooCommerce PayPal Payments uses cookies for user preferences — inform visitors with a consent banner.
PayPal SDK sets ts, ts_c (fraud prevention), x-pp-s (session), enforce_policy, and login_email cookies from paypal.com and paypalobjects.com domains.
PayPal fraud prevention cookies are arguably strictly necessary for payment security. Analytics cookies from PayPal need consent. The PayPal button itself loads the SDK which sets cookies.
Contract performance (Art. 6(1)(b)) for payment processing. Legitimate interest for fraud prevention. Consent for marketing cookies.
Yes. PayPal is US based. Transaction data processed on PayPal infrastructure globally. PayPal provides DPA with SCCs and is Data Privacy Framework certified.
Recommended due to financial data processing. Assess payment flows, data shared with PayPal, fraud prevention scope.
Reference PayPal in privacy policy. Document as data recipient. Implement cookie consent. Configure WooCommerce retention. Ensure PCI DSS compliance.
Stripe (with EU entity), Mollie (Netherlands), Adyen (Netherlands), GoCardless (UK), or bank transfer/SEPA direct debit for EU only payment flows.
List PayPal cookies (ts, ts_c, x-pp-s, enforce_policy) with purposes and durations. Specify paypal.com and paypalobjects.com domains. Note fraud prevention classification.