Skip to main content

Data Privacy

At Mastercard, our dedication to decency extends to how we handle data.

We believe that privacy and data protection are fundamental human rights, and this belief informs all our business decisions, including how we handle the personal information of our employees, customers and cardholders.

 

We have a longstanding commitment to privacy, data responsibility and security.

Our responsible data practices prioritize privacy as a key innovation enabler. At Mastercard, developing competitive products and services go hand-in-hand with earning and cultivating the trust that’s been placed in us.

We believe that when it comes to your data, you own it, you control it, you should benefit from its use, and we protect it. This is our Privacy Promise and it guides all our practices as we continue our journey as a responsible data steward.

You own it

We believe your personal information is just that — personal.

 

Individuals own their personal information, and have a right to understand how, when and where it is used and shared. We explain clearly how we handle personal information in our Global Privacy Notice, which is complemented by specific notices for certain products and activities.

You control it

We believe that individuals have the right to understand and control how their data is handled.

 

Anyone can opt out — at any time and at no cost — of having their personal information used for marketing, data analytics and other programs using our simple online system. We strive to use personal information only in a legitimate, fair and inclusive manner, with full respect for each person’s choices. Furthermore, individuals have the right to access, correct, modify or move their personal information via our online portal, a digital platform which went live in 2018 in order to meet the strong individual protections put in place by the GDPR.

You should benefit from it

We believe that an individual's personal information should be used to make their life easier and richer.

 

We are committed to responsible data-driven innovation both within our organization and as a significant player in the European data ecosystem. For instance, Mastercard has developed a suite of Open Banking Solutions to add value to our business partners and allow people to benefit from innovative payment services, while keeping individuals at the center of all we do. We regularly work with EU policymakers and industry bodies to enact strong privacy protections for individuals, while still enabling businesses to operate globally and use data for responsible innovation.

We protect it

Privacy by Design

We believe that privacy must be embedded into the design of every one of our products and solutions. In Europe, this approach has enabled us to meet the Data Protection by Design and by Default obligations enshrined by the GDPR.

What this means in practice is that we innovate by placing the individual at the center, protecting and respecting their privacy and personal information along the way. This is cutting-edge product innovation that starts in the design process at ideation and moves through development and delivery. We limit the data that we collect to what’s needed to get the job done and we look for ways to encrypt or de-identify personal information while making sure each product is still convenient and easy to use.

Accountability

We believe an individual’s data must be kept secure and used responsibly. We employ rigorous standards to ensure the protection, safety and security of data within Mastercard and with all our partners and vendors. Mastercard complies with all regional and local regulations, including the General Data Protection Regulation (GDPR) in the European Union. In particular, we've embraced the GDPR as an opportunity to enhance our global data practices by extending the GDPR’s high consumer protection standards to all users.

In Europe, our Binding Corporate Rules (“BCRs”) – i.e. a privacy code of conduct – have been approved by EEA Data Protection Authorities and allow us to safely and securely transfer personal information from our cardholders, customers, partners and employees to all Mastercard entities globally.

Partnerships

Mastercard actively participates in privacy and data protection thought-leadership groups and regulatory expert groups in Europe, including the OECD Expert Group on Privacy and Network of Experts on AI, the World Economic Forum Taskforce on Data Intermediaries, the EU Agency for Cybersecurity (ENISA) AI Expert Group and the European Commission B2G data sharing Expert Group.

We also belong to the Centre for Information Policy Leadership (CIPL), the Future of Privacy Forum, VUB’s Brussels Privacy Hub. In September 2021, we also became a member of Gaia-X, a project bringing together representatives from business, politics, and science from Europe and around the globe to create together a federated and secure data infrastructure.