Skip to Content

Effective Date: April 2023

  1. What This Privacy Notice Covers
  2. Personal Information We May Collect
  3. How We May Use Your Personal Information
  4. How We Share Your Personal Information
  5. Your Choices
  6. Data Transfers
  7. How We Protect Your Personal Information
  8. Retention
  9. Features and Links to Other Websites
  10. Children’s Privacy
  11. Updates to This Privacy Notice
  12. Data Controller and How to Contact Us

Mastercard International Incorporated and its affiliates (together “Mastercard”, “we”, “us”, or “our”) respect your privacy. This Mastercard Click to Pay Privacy Notice (the “Privacy Notice”) applies to the Mastercard Click to Pay services as defined below. We recommend that you read this notice together with Mastercard's Global Privacy Notice and the Fraud & Security Notice.

Our current Click to Pay services are the Click to Pay website and the Click to Pay payment profile that you may establish (collectively, the “Services”). Developed by Mastercard and built upon global payment industry standards, Click to Pay is designed to create an online checkout experience that offers security, convenience and control. Click to Pay is Mastercard’s faster and smarter way to pay online – no more passwords to remember or accounts to create.

For country specific data privacy requirements please see the appendix (Appendix – Country Specifics) at the end of this Privacy Notice.

To learn more, click on one of the links below to jump to the listed section:


1. What This Privacy Notice Covers

This Privacy Notice describes the types of Personal Information we collect in connection with the Services, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us about our privacy practices.

Back to top

2. Personal Information We May Collect

“Personal Information” means any information relating to an identified or identifiable individual. We may collect Personal Information in connection with the Services, including when you register for an account, establish your payment profile, use the Services, or participate in our marketing programs. We may collect information about you directly from you or, insofar as permitted by applicable law, from third parties such as our service providers, marketing and business partners, financial institutions, merchants, and other Click to Pay participants (such as other payment card brands).

We may collect the following categories of Personal Information, in each case always insofar as such collection is permitted for the respective purpose in accordance with applicable data protection laws, including obtaining your consent where required under law:

  • Registration and payment information, such as your name, email address, phone number, billing address, and payment card details.
  • Transaction information, such as billing or shipping address, merchant’s name and location, date and time of transaction, description of items purchased, total amount of transaction, and other information provided by financial institutions or merchants.
  • Details you may provide in the context of online marketing programs, such as your personal characteristics, life habits, consumption habits, interests, location data, and voice and image recordings
  • Information about your usage of the Services, including details about the device used to access the Services, and information collected via automated means, such as cookies, scripts and similar technologies.

You may also choose to provide other information, such as different types of content (e.g., photographs, articles and comments), contact information of friends or other people you would like us to contact, content you make available through social media accounts or memberships with third parties, or any other information you want to share with us. You must tell those people that you have provided their information to Mastercard and that Mastercard stores and uses their information for the purposes for which you provided it in the manner set out in this Privacy Notice. You may wish to share this Privacy Notice with them.

Personal Information We Collect by Automated Means

We may collect, directly or through our service providers and partners, certain information about you via automated means such as cookies, scripts and web beacons when you interact with the Services, visit our websites or ads, pages or other digital assets. If you are based in the European Economic Area (EEA) or another country which requires express consent for the use of certain kinds of cookies and of similar technologies and/or of information obtained by the use of cookies or similar technologies, we will comply with such consent requirements.

Here are some examples of information that is collected via our websites and a description of how this information is used.

  • A “cookie” is a text file placed on a computer’s hard drive by a web server. A “script” is an automated series of programmatic instructions carried out by your browser. A “web beacon”, also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited.

The information we may collect in this manner insofar as permitted by applicable law may include: IP address, browser type, operating system type and version number, device identifiers, screen resolution and color depth, time zone settings, geographical area, referring URLs, browser extensions and plug-ins installed in the browser and versions thereof, fonts installed on your device and other similar data. It may also include information on actions taken or interaction with our digital assets, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, such as information about your mouse movements, scrolling, and keystrokes, and, if applicable, information from your device accelerometer, access times, and length of access. Insofar as permitted by the applicable law, we may collect this type of information over time and across third-party websites and mobile applications that are involved in your use of the Services. We use this information for a variety of purposes, including to improve our products and services, for fraud prevention and to protect against unauthorized transactions, as further explained in the Fraud & Security Notice and in the “How We May Use Your Personal Information” section below.

  • When we send emails in connection with the Services, we may track activity, such as whether the email was opened, the amount of time spent reading the email, and whether any links were clicked. We do that to measure the performance of our emails and to improve our features. To do this, we include single pixel GIFs, also called web beacons, in emails we send. Web beacons allow us to collect information about whether an email has been opened and the number of clicks inside that email. We use the data from those web beacons to create reports about how our email campaign performed and what actions individuals took within the email (e.g. links clicked). We will not undertake such activities without your consent where such consent is required under applicable law. If you do not wish for us to track emails we send you, some email services allow you to adjust your display to turn off HTML or disable download of images which should effectively disable our email tracking.

We may use third-party web analytics services, on our websites. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites.

  • You may see certain ads on other websites because we (and our partners) use data collected via the Services to customize advertisements to you on third-party websites. This collection and use allow us to target our messaging to users through demographic, interest-based and contextual means. In connection with providing you customized advertisements, third parties on our websites may track your online activities over time and across third-party websites by collecting information through automated means, including through the use of cookies, web server logs and web beacons. We will not undertake such activities without your consent where such consent is required under applicable law.

Please see the “Your Choices” section of this Privacy Notice to learn more about your choices.

Back to top

3. How We May Use Your Personal Information

We may use your Personal Information for the following purposes and as otherwise described in the Privacy Notice.

  • Process your payment transactions.
  • Protect against and prevent fraud, and other legal or information security risks.
  • Provide and communicate with you about products and services offered by Mastercard, financial institutions, merchants and partners in each case in compliance with applicable law (including obtaining your consent where required under law)
  • Provide you with personalized services and recommendations (in each case, as far as the use of Personal Information is permitted for this purpose under applicable data protection law, including obtaining your consent where required under law).
  • Operate, evaluate and improve our business, including anonymization and analytics in compliance with applicable law (including obtaining your consent where required under law)
  • Learn more about you, including your preferences or other characteristics pursuant to your consent or otherwise in accordance with applicable law. We treat these inferences as Personal Information where required under applicable law
  • Serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by law.

We may use Personal Information we obtain about you for the purposes set below. Depending on the country in which you are located, we will only process your Personal Information in accordance with applicable law and with transparency and fairness when we have a legal basis for processing as listed below:

Processing activity

Legal Basis for Processing (where required under applicable law)

  • Create, manage and personalize your Click to Pay profile (including providing you with a transaction history) as part of the Services
  • Route you to the appropriate Click to Pay participant based on your choice of payment card brand or existing Click to Pay profile
  • Provide a customized check out experience; creating a view that shows you all your Click to Pay payment information in one place, including those from your other participating payment profiles; and responding to your enquiries.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of creating and managing accounts and identify your identity, and respond to your inquiries.
  • Validate your payment card information, authenticate your identity with your bank, and tokenize your payment credentials to make your payments more secure.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud and managing risk exposure, as well as tokenizing your payment credentials to make your payments more secure.
  • Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality with respect to the integrity and security of our payments network, as further described in the “Personal Information We Collect by Automated Means” section of this Privacy Notice.

When we process Personal Information for fraud prevention, we may act as a controller or as a processor. When we act as a controller, we rely on one of the following legal grounds:

  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud and managing the risk exposure.

For more information on our fraud prevention and monitoring activities, please see our Fraud & Security Notice.

  • Communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
  • Provide support and maintenance and to respond to your requests, question, and feedback.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud and managing risk exposure, as well as communicating with you about the Services and responding to your requests, questions, and feedback.
  • Provide, administer and communicate with you about other products, services, offers, programs and promotions of Mastercard, financial institutions, merchants and partners (including contests, sweepstakes and any other marketing activities) including by the display of customized content and advertising via the Services and elsewhere online.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of providing you with products and services.
  • Manage our customer, supplier and vendor relationships, including to create and publish business directories (which may include business contact information).
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of managing our customer, supplier and vendor relationships.
  • Performing due diligence reviews, accounting, auditing, billing, reconciliation and collection activities.
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of performing due diligence, billing, reconciliation and collection activities.
  • Provide you with personalized services and recommendations. For example, we may use your Personal Information such as your email address and your interaction with our website to analyze your preferences, interests and behavior in order to decide to provide you with tailored content and the most relevant offers, recommendations and email communications about a specific product from Mastercard, financial institutions, merchants and partners.
  • You consented to the use of your Personal Information; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of providing you personalized services and recommendations.
  • Anonymize Personal Information and prepare and furnish aggregated data reports showing anonymized information (including compilations, analyses, analytical and predictive models and rules, and other aggregated reports) for the purpose of advising our financial institutions, merchants and other customers and partners regarding past and potential future patterns of spending, fraud, and other insights that may be extracted from this data.
  • You consented to the use of your Personal Information; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of anonymizing Personal Information and preparing and furnishing aggregated data reports.
  • Improve our online products and services by assessing how many users access or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud and managing risk exposure, as well as operating, evaluating, and improving our products or services.
  • Perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance.
  • Operate, audit, evaluate, monitor and improve our business and interactive assets (including by developing new products and services; managing our communications; analyzing our products, services and websites; facilitating the functionality of our websites).
  • Provide reporting back to the issuer of your enrolled payment cards and the merchants you transact with via the Services.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against fraud and managing risk exposure, as well as preparing and furnishing aggregated data reports.
  • Comply with industry standards and our policies.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of complying with industry standards and our policies.
  • For other purposes for which we provide specific notice at the time of collection.
  • Please consult the Specific Privacy Notice at the time of the collection.

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below.

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.

If you provide us with any information or material relating to another individual, you must make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his Personal Information and obtain her/his consent, as may be necessary under applicable laws.

Back to top

4. How We Share Your Personal Information

We do not sell your Personal Information as defined by the California Consumer Protection Act of 2018 or disclose Personal Information we collect about you, except as described in this Privacy Notice or as disclosed to you at the time of data collection. We may share Personal Information with the following parties, in each case always only in accordance with applicable data protection laws, including obtaining your consent where required under law:

  • Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
  • Service providers acting on our behalf.
  • Other participants in the payment ecosystem, including financial institutions, and merchants.
  • Third parties for fraud monitoring and prevention purposes, or other purposes required by law.
  • Government authorities or law enforcement officials as required by law or for administrative purposes and to the extent that applicable law allows and/or requires this.
  • Third parties whose feature you use in connection with our products and services or with your consent.
  • Other entities as required under applicable law or our advisers, any prospective purchaser’s advisers, and the new owner of the business as part of any corporate reorganization process including, but not limited to, in the event of a sale or transfer of our business or assets.

We may also share Personal Information with the following parties, in each case always only in accordance with applicable data protection laws, including obtaining your consent where required under law:

  • Our headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies as well as our service providers, who perform services on our behalf for the purposes described in this Privacy Notice. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information by implementing appropriate technical and organizational security measures.
  • Merchants and their service providers, including to perform and/or facilitate payment card transactions, to ensure the safety and security of those transactions (including card fraud detection and prevention), to resolve disputes, to provide customer service, usage analysis and reporting, to facilitate the personalization of your shopping experience and to enable faster check-outs, and otherwise to provide the Services that you request.
  • Merchant or other third-party site(s) that may allow that party to retrieve and store information from your Click to Pay Profile, or to connect with Mastercard to receive certain Payment Information (e.g., Card number or a token, and the expiration date), or to validate or receive other Payment Information stored in your Click to Pay Profile. This may take place either in connection with or independent of any Click to Pay payment transaction.
    • In these instances, the third parties’ access to and usage of such information is subject to your agreement and use of their site and the third party’s privacy notice will govern its usage of your information. We recommend that you review their privacy notice to understand how they use your data and your rights with respect to data they collect and process.
  • Other Click to Pay participants, including third-party payment services companies, in connection with your checkout, experience and payment processing. For example, with entities that provide:
    • integration services which deliver the Click to Pay checkout experience on a merchant’s site.
    • seamless orchestration of the technical activities between participants in order to offer payment options and to facilitate a feature or complete a transaction you requested
    • storage and retrieval functionality for your payment credentials.
  • Third parties for purposes of identity or account verification, fraud detection or as may otherwise be required by applicable law such as identity verification services and other related service providers, data aggregators, government entities, utilities, public records, credit bureaus, telecom providers, property files and watch lists.
  • Third parties, for compliance, fraud prevention, and safety purposes, including when required under applicable law or legal process, as evidence in litigation in which we are involved or when we believe disclosure is necessary to protect individuals’ personal safety and vital interests, to enforce our terms and conditions, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • Government authorities or law enforcement officials as required by law or for administrative purposes and to the extent that applicable law allows and/or requires this: (i) to comply with the law, legal actions or lawful request of the authorities or (ii) in the good faith belief that such action is necessary in order to conform to the requirements of law or comply with legal process served on us, protect and defend our legitimate interests in compliance with applicable laws.
  • Other third parties with your consent, such as when you use third parties’ features (such as third-party cookies, widgets, plug-ins) which are integrated into our products and services, such as digital wallets and mobile banking apps. For further details, please consult Section 9 (Features and Links to Other Websites) of this Privacy Notice.
  • Social media networks when you directly engage with those platforms. For further details, please consult Section 9 (Features and Links to Other Websites) of this Privacy Notice.
  • Our advisers, any prospective purchaser’s advisers, and the new owner of the business in the event we sell or transfer all or a portion of our business or assets in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Back to top

5. Your Rights and Choices

Depending on your country, you may have the right or choice to:

  • Opt out of some collection or uses of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and the anonymization of your Personal Information for data analyses.
  • Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion or anonymization.
  • Receive the Personal Information you provided to us to transmit it to another company.
  • Withdraw your consent at any time and free of charge if we have asked for your consent to process your Personal Information. Your withdrawal does not affect the legality of the processing carried out based on your consent until the withdrawal.
  • Where applicable, lodge a complaint with your supervisory authority.

These rights might be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where Mastercard requires Personal Information to comply with legal or contractual obligations, the provision of such information is mandatory. If such data is not provided, Mastercard will not be able to manage the engagement relationship, or to meet obligations placed on it. In all other cases, provision of requested Personal Information is optional.

You can exercise your rights on Mastercard’s “My Data Center” portal or You may also submit a request as described in the “How to Contact Us” section below.

You have certain rights and we offer you certain choices about what Personal Information we collect from you, how we use that information, and how we communicate with you. We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of good or service is reasonably related to the value of the data that we receive from you; however, we do not control merchants’ practices in this regard. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.

You can choose:

  • To configure your web browser to remove or reject cookies, which will limit our ability to collect certain information via automated means. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. You may also visit http://www.allaboutcookies.org/manage-cookies/index.html for more information. Please note that if you set your browser to disable cookies, or if you reject certain cookies, the Services may not work properly. For example, we may not be able to recognize your computer, and you may need to log in every time you visit. For the avoidance of doubt, the option to decline the acceptance of cookies in your browser setting does not mean that we use cookies without your consent where such consent is required under applicable law.
  • To opt out of the use of certain information, which we collect about you by automated means insofar as permitted by applicable law (including obtaining your consent where required under law), for purposes of online behavioral advertising when you visit our websites. You can exercise your choice via the “Manage Cookies” button displayed in the bottom right corner of the Mastercard websites related to the Services.
  • To opt out of certain uses of information, which we collect about you insofar as permitted by applicable law (including obtaining your consent where required under law) by automated means when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customized and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customize and serve these ads insofar as permitted by applicable law. Mastercard ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Please click, where applicable, on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes.
  • To opt-out of some of Mastercard’s use of web analytics, please click here.
  • To view or change your Personal Information by using the Mastercard Click to Pay Profile tool please click on this link.
  • To opt-out of marketing emails, you may click on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below in the "How to Contact Us" section below. You also may opt-out of receiving marketing emails from Mastercard by clicking here.
  • To opt out of the anonymization of your Personal Information to perform data analyses, by clicking here.

For the avoidance of doubt, the option to opt out of the processing activities set out above does not mean that we undertake the respective activities without your consent where such consent is required under applicable law.

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Mastercard does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com.

Depending on where you are located (such as Canada, California, the European Economic Area (EEA), Switzerland or Brazil) you may have the right to:

  • Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company.
  • In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

Those rights may be limited in some circumstances by local law requirements - – for example, where we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

Where Mastercard requires Personal Information to comply with legal or contractual obligations, the provision of such information is mandatory. If such data is not provided, Mastercard will not be able to manage the engagement relationship, or to meet obligations placed on it. In all other cases, provision of requested Personal Information is optional.

If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How to Contact Us" section below. We have developed Mastercard’s “My Data Center” portal to facilitate the exercise of your rights. You may also opt out from certain processing of your Personal Information, e.g. via our opt-out webpage.

Back to top

6. Data Transfers

Mastercard is a global business. We may transfer your Personal Information to the United States and other countries which may not have the same data protection laws as the country in which you initially provided the information, but we will protect your Personal Information in accordance with this Privacy Notice, as disclosed to you at the time of data collection.

In case of such transfer, if you are located in the EEA, we will process your Personal Information in accordance with our Binding Corporate Rules (“BCRs”) and other appropriate data transfer mechanisms such as the European Commission’s Standard Contractual Clauses to ensure an adequate level of protection of your Personal Information. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.

Mastercard’s privacy practices, described in this Global Privacy Notice, comply with the APEC Cross Border Privacy Rules (“CBPR”) System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here.

Mastercard is a global business. We may transfer the Personal Information we collect about you to recipients in countries other than your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information and may provide more limited recourse mechanisms, including dissimilar or, at times, weaker data protection rights. When we transfer your Personal Information to other countries, we will protect that information as described in this Privacy Notice, as disclosed to you at the time of data collection.

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of BCR that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here. We may also transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.

Mastercard’s privacy practices, described in this Global Privacy Notice, comply with the APEC CBPR system. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found here.

Back to top

7. How We Protect Your Personal Information

We maintain appropriate security safeguards and have implemented robust technical and organizational measures to protect your Personal Information against the loss, misuse, unauthorized access, disclosure, alteration or destruction utilizing current state of the art technologies.

The security of your Personal Information is important to Mastercard. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide, or we collect, against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

We use SSL encryption on a number of our websites from which we transfer certain Personal Information.

Please understand, however, that no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, while we will do our best to protect your Personal Information, we cannot ensure or warrant the security of any Personal Information you transmit to us and you understand that any Personal Information that you transfer to Mastercard is done at your own risk. We use firewalls to protect your information from unauthorized access, disclosure, alteration, or destruction. However, please note that this is not a guarantee that such information may not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software.

We will never ask you for your account details in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls or e-mail messages). If you believe your account has been compromised, please contact us as specified in the "How to Contact Us" section below.

Back to top

8. Retention

We will retain your Personal Information for as long as necessary to provide the products and services you have requested and will take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

Afterwards, we may retain data for an appropriate period to protect ourselves from legal claims, to administer our business, or to the extent permitted by applicable law, which may require us to hold your Personal Information for specific periods. We will delete your Personal Information when you withdraw your consent, if there is no other legal ground for further processing (e.g., a statutory obligation to retain your Personal Information), or when you object to the processing in accordance with “Your Choices” section (see above) or when we are obligated to delete it in accordance with an obligation under applicable law. For further information about our approach to data retention, please ask privacyanddataprotection@mastercard.com.

Back to top

9. Features and Links to Other Websites

Our websites may include links to other third-party websites, social media tools, widgets or plug-ins, permitting sharing web content including IP address, with third parties and social media providers, in each case always only in accordance with applicable data protection laws (including obtaining your consent where required under law). Any access to and use of such linked websites is not governed by this Privacy Notice but instead is governed by the privacy policies of those third parties. We are not responsible for the privacy practices or the content of these other websites.

Insofar as permitted by applicable data protection laws (including obtaining your consent where required under law), the social media providers may learn of your visit even if you are not logged in to your social media account or if you do not have an account with them. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard, we suggest that you review their own privacy notices or policies.

Our websites may provide links to other websites for your convenience and information. Any access to and use of such linked websites is not governed by this Privacy Notice but instead is governed by the privacy policies of those third parties. We are not responsible for the privacy practices or the content of these other websites.

Our websites may also contain certain features for which we partner with other entities, in each case only in accordance with applicable data protection laws (including obtaining your consent where required under law). These entities may learn, subject to local laws, of your visit regardless of whether you use these features: For example, you may “like” an offer via your Facebook account, or “tweet” an offer using Twitter. When you visit a website with a social media button, your browser may establish a direct connection to that social media provider, and data concerning your visit, including IP address, may be transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account. We will not undertake such activities without your consent where such consent is required under applicable law.

You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard. Also, your browser may be configured to automatically collect, store and auto-fill payment information that you provide to websites and in some cases may sync with its related online profile. These websites and features, which may include social networking and geo-location tools, operate independently from Mastercard, and are clearly identified as such. They do not necessarily share the same policy as Mastercard regarding the protection of privacy. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard, we suggest that you review the privacy practices of the websites and consult your social media account settings if you want to deactivate certain features.

Back to top

10. Children’s Privacy

Mastercard products and services are not directed to, nor intended for, children under the age of 16.

Mastercard does not knowingly collect, maintain, or use Personal Information from children under 16 years of age, and no part of our products and services are directed to children.

If you learn that a child has provided us with Personal Information in violation of this Privacy Notice, then you may alert us at privacyanddataprotection@mastercard.com.

Back to top

11. Updates to This Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in our privacy practices.

This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. When we do, we will also revise the "effective data" at the top of this Privacy Notice. When we make any material changes to this Privacy Notice, if required under applicable law, we will post a prominent notice on our websites sufficiently in advance to notify you of changes to our Privacy Notice by indicating at the top of the notice when it was most recently updated. We may also notify you of updates by sending a notice to the primary email address specified in your account or other appropriate mechanism as required by applicable law so that you have the opportunity to exercise your rights.

In certain circumstances, insofar as required by applicable law, we may seek your consent. However, please always remember that we will never ask you for your account details in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls or e-mail messages). If you believe your account has been compromised, please contact us as specified in the "How to Contact Us" section below.

Back to top

12. How to Contact Us

You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data Center” portal, or email us at: privacyanddataprotection@mastercard.com.

You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data Center” portal, or email us at: privacyanddataprotection@mastercard.com.

In addition, if you are located in Canada or the United States, Mastercard International Incorporated is the entity responsible for the processing of your Personal Information. You may write to us at:

Global Privacy Officer
Mastercard International Incorporated
2000 Purchase Street
Purchase, New York 10577

If you are located in the UK, EEA or Switzerland, Mastercard Europe SA is the data controller and the entity responsible for the processing of your Personal Information. You may write to us at:

EEA Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
B-1410 Waterloo
Belgium

If you are located in Brazil, Mastercard Brasil Soluções de Pagamento Ltda. is the entity responsible for the processing of your Personal Information. You may write to us at:

Brazil Data Protection Officer
Mastercard Brasil Soluções de Pagamento Ltda.
Avenida das Nações Unidas, 14.171, 20º andar, Crystal Tower
São Paulo/SP
Brasil
CEP 04794-000

If you are located in Asia Pacific, Middle East and Africa, Mastercard Asia/Pacific Pte Ltd is the entity responsible for the processing of your Personal Information. You may write to us at:

Data Protection Officer
Mastercard Asia/Pacific Pte. Ltd.
3 Fraser Street DUO Tower
Level 17
Singapore 189352

For enquiries about your Mastercard card and your purchase, you should contact your financial institution or merchant. More information about how to contact them can be found on their respective websites.

Back to top