Mastercard - Global Privacy Notice
Effective Date: February 17, 2017
Mastercard International Incorporated and its affiliates (collectively, "Mastercard") respect your privacy. This Global Privacy Notice describes the types of personal information we collect, how we use the information, with whom we share it, and the choices you can make about our use of the information. We also describe the measures we take to protect the security of the information and how you can contact us about our privacy practices.
Mastercard entities responsible for the collection and use of your personal information for the purposes described in this Global Privacy Notice are indicated in the How to Contact Us section of this document.
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements.
Personal Information We Collect
Mastercard may obtain information about you from various sources.
As a processor of payment transactions and provider of related services, we obtain a limited amount of personal information about you from financial institutions, merchants and other entities in connection with your payment transactions.
In this context, we receive the card account number, the merchant name and location, the date and the total amount of transaction. Importantly, we do not need the cardholder’s name or other contact information to process payment transactions.
We also may obtain information about you from companies that use or facilitate the use of other Mastercard products or services and from publicly available information systems.
In addition, you may choose to submit information directly to us via several methods, including: (i) on our websites, (ii) in response to marketing or other communications, (iii) through social media, (iv) by signing up for a Mastercard product or service, (v) through participation in an offer, program or promotion, or (vi) in connection with an actual or potential business or employment relationship with us. You may also choose to consent to third parties disclosing information about you to us that those third parties have collected.
The types of personal information we may obtain or you may choose to provide include:
- Contact information (such as name, postal or e-mail address, and phone number)
- Business contact information (such as job title, department and name of organisation)
- Username and password
- Payment account information
- Contact information for friends or other people you would like us to contact
- Content you provide (such as photographs, articles and comments)
- Content you make available through social media accounts or memberships with third parties
- Mobile device unique identifier
- Geo-location data
- Other information (such as shopping behavior and preferences, language preference, age, date of birth, gender and family status)
We, our service providers and partners collect certain information by using automated means, such as cookies and web beacons, when you interact with our advertisements, mobile applications, or visit our websites, pages or other digital assets. The information we collect in this manner may include: IP address, browser type, operating system, referring URLs and information on actions taken or interaction with our digital assets. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server.
We may use third-party web analytics services on our websites and mobile apps, such as those of Adobe Omniture. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyse how visitors use our websites and apps.
We, our service providers and our partners may also collect information about your activities on our websites and apps for use in providing you with content and advertising tailored to your individual interests. The information collected for these purposes may include details about things like the particular pages or advertisements you view on our websites and the actions you take on our websites and apps. Please see the “Your Rights and Choices” section of this Global Privacy Notice to learn about your ability, at any time, to opt out or limit the use of your browsing behavior for online behavioral advertising purposes.
How We Use Personal Information We Collect
We may use the personal information we obtain about you to:
- Process your payment transactions (including authorisation, clearing, chargebacks and other related dispute resolution activities)
- Protect against and prevent fraud, unauthorised transactions, claims and other liabilities, and manage risk exposure and franchise quality with respect to the integrity and security of our payments network
- Create and manage any accounts you may have with us and respond to your inquiries
- Provide, administer and communicate with you about products, services, offers, programs and promotions of Mastercard, its issuers, acquirers, merchants and partners (including contests, sweepstakes and any other marketing activities)
- Publish business directories (which may include business contact information)
- Operate, evaluate and improve our business (including developing new products and services; managing our communications; determining the effectiveness of and optimising our advertising; analysing our products, services, websites, mobile applications and any other digital assets; facilitating the functionality of our websites, mobile applications and any other digital assets; and performing accounting, auditing, billing, reconciliation and collection activities)
- Anonymising personal information and preparing and furnishing aggregated data reports showing anonymised information, (including, but not limited to, the following: compilations, analyses, analytical and predictive models and rules, and other aggregated reports) for the purpose of advising our issuing and acquiring institutions, merchants and other customers and partners regarding past and potential future patterns of spending, fraud, and other insights that may be extracted from this data
- Evaluate your interest in employment and contact you regarding possible employment with Mastercard
- As may be required by applicable laws and regulations or requested by any judicial process or governmental agency having or claiming jurisdiction over Mastercard or Mastercard’s affiliate
- Comply with industry standards and our policies
We also may use the information in other ways for which we provide specific notice at the time of collection.
Personal Information We Share
We do not sell or otherwise disclose personal information we collect about you, except as described in this Global Privacy Notice or as we disclose to you at the time the data is collected.
We may share personal information we collect with our affiliates, financial institutions and other entities that issue payment cards or process payment transactions and merchants. We share personal information to process payment transactions and perform other activities that you request. We also may share personal information with entities that assist with payment card fraud prevention, to protect payment transactions against fraud, and to ensure the security of the transaction and our payment processing system. For example, in this context we provide card issuers with information about their cardholders’ transactions that Mastercard processes.
In addition, we may share personal information with other third parties with your consent. When Mastercard acts as a service provider for third parties we may provide them with personal information we collected on their behalf.
We also may share the information with our service providers who perform services on our behalf. We authorise these service providers to use or disclose the information only as necessary to perform services on our behalf or comply with legal requirements. We require these service providers by contract to safeguard the privacy and security of personal information they process on our behalf.
Mastercard transfers personal information within the Mastercard group of affiliated companies subject to the terms of this Global Privacy Notice or otherwise as we disclose to you at the time the data is collected (e.g. via program specific privacy notice).
On our websites, you may choose to use certain features that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard. These features, which include social networking and geo-location tools, are operated by third parties, including social networks, and are clearly identified as such. These third parties may use or share personal information in accordance with their own privacy policies. We strongly suggest you review the third parties’ privacy policies if you use the relevant features.
We may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity.
We reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use personal information you have provided to us in a manner that is consistent with our Global Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your personal information with any inquiries concerning the processing of that information.
Your Rights And Choices
You have certain rights regarding the personal information we maintain about you. We also offer you certain choices about what personal information we collect from you, how we use that information, and how we communicate with you.
You can choose not to provide personal information to Mastercard by refraining from conducting payment transactions. You also may refrain from submitting information directly to us. However, if you do not provide personal information when requested, you may not be able to benefit from the full range of Mastercard products and services, and we may not be able to provide you with information about products, services and promotions.
You can opt out of certain uses of information, which we collect about you by automated means, when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customised and served based on the use of data we (and our partners) have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customise and serve these ads. Mastercard advertisements are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Please click here or, where applicable, on the icon in our targeted advertisements to learn about your ability to opt out or limit the use of your browsing behavior for online behavioral advertising purposes.
You can at any time tell us not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us or by contacting us as indicated below. You also may opt out of receiving marketing e-mails from Mastercard by clicking here.
As indicated above, we may anonymise personal information to perform data analyses. To opt-out of such anonymisation, click here.
If your employer provides your personal information to Mastercard, you may have certain choices with respect to Mastercard’s use or disclosure of the information. Please contact your employer to learn about and to exercise your choices.
To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply your preferences going forward. In some circumstances, withdrawing your consent to Mastercard’s use or disclosure of your personal information will mean that you cannot take advantage of certain Mastercard products or services.
Subject to applicable law, you may have the right to: obtain confirmation that we hold personal information about you, request access to and receive information about the personal information we maintain about you, receive copies of the personal information we maintain about you, update and correct inaccuracies in your personal information, object to the processing of your personal information, and have the information blocked, anonymised or deleted, as appropriate. The right to access personal information may be limited in some circumstances by local law requirements. To exercise these rights, please contact us as set forth below.
To update your preferences, ask us to remove your information from our mailing lists or submit a request to access, update, correct or delete your personal information, please contact us as specified below.
If we fall short of your expectations in processing your personal information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. You may contact us by using the contact details provided in the “How To Contact Us” section below. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time.
If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual on the processing of her/his personal data and obtain her/his consent, as may be necessary under applicable laws.
International Data Transfers
We may transfer the personal information we collect about you to recipients in countries other than the country in which the information was originally collected, including the United States of America. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Global Privacy Notice or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice).
Mastercard is a global business. To offer our services, we may need to transfer your personal information among several countries, including the United States, where we are headquartered. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of the European Economic Area ("EEA") or Switzerland.
In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognised by EEA data protection authorities as providing an adequate level of protection to the personal information we process globally. A copy of our BCRs is available here.
How We Hold And Protect Personal Information
The security of your personal information is important to Mastercard. We are committed to protecting the information we collect. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide or we collect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain personal information.
Mastercard stores personal information only for as long as it is necessary for the fulfillment of the purpose for which the personal information was collected, unless otherwise required or authorised by applicable law. We take measures to destroy or permanently de-identify personal information if required by law or if the personal information is no longer required for the purpose for which we collected it.
Links To Other Websites
Our websites may provide links to other websites for your convenience and information. These websites may operate independently from Mastercard. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or controlled by Mastercard, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
Updates To Our Global Privacy Notice
This Global Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our personal information practices. We will post a prominent notice on relevant websites to notify you of any significant changes to our Global Privacy Notice and indicate at the top of the Notice when it was most recently updated. If we update our Global Privacy Notice, in certain circumstances, we may seek your consent.
How To Contact Us
If you have any questions or comments about this Global Privacy Notice, Mastercard's privacy practices or if you would like us to update information or preferences you provided to us, please click here. You also may e-mail us at: email@example.com; or write to us at:
Global Privacy Officer
Mastercard International Incorporated
2000 Purchase Street
Purchase, New York 10577
If you are located in the EEA or Switzerland, Mastercard Europe sprl may be the entity responsible for the processing of your personal information. If you are located in the EEA or Switzerland, you may e-mail us at: firstname.lastname@example.org; or write to us at:
Global Privacy Officer
Mastercard Europe sprl
Chaussée de Tervuren 198A