Effective Date: 25 May 2018
Mastercard Europe SA and its affiliates (collectively, “Mastercard”, “we”, “us”, or “our”) respect your privacy.
This Privacy Notice applies to the processing of Personal Information that we collect in the context of Masterpass. “Masterpass” refers to the Masterpass Mobile Application, Masterpass Wallet, and Masterpass Online (collectively, “Masterpass Wallet Services”), as well as to the Masterpass.com website and the Masterpass wallet portal (collectively, the “Masterpass Websites”). This Privacy Notice does not cover the collection and use of your Personal Information by Mastercard in the context of other programs or other Mastercard wallets different from the Masterpass Wallet, or by third parties on other Mastercard branded websites, by your Mastercard card issuers (for example, your bank), by merchants, or any other information or communications that may reference Mastercard outside of Masterpass.
[This Privacy Notice covers Masterpass by Mastercard wallets. If you have a Masterpass wallet account other than a Masterpass by Mastercard wallet account, the collection and processing of your Personal Information through that wallet will be explained in that wallet’s privacy notice.] Please make sure to review your merchant’s and financial institutions’ privacy disclosures to understand how they are collecting and using your Personal Information.
This Privacy Notice describes the types of Personal Information we collect in connection with Masterpass, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
By signing up for the Masterpass Wallet Services, you are creating a relationship with Mastercard. Mastercard may be making the Masterpass Wallet Services available to you through its relationship with your financial institution. However, the Masterpass Wallet Services are being offered to you solely by Mastercard.
1. Personal Information We May Collect
We May Collect the following Personal Information:
- Registration information, contact details, and payment card information.
- Information provided by merchants including stock-keeping unit data, description of items, quantity, price, subtotal and payment cards registered with the Masterpass, merchant’s name, currency, amount, date and time of order, and information about whether or not the order was completed.
- Information provided by you or your financial institution, including your email address, phone number, and data about any transaction token and any transaction.
- Personal Information from any other Masterpass wallets on your device.
- Information collected via cookies and other similar technologies.
- Information obtained from your interaction with social media tools or obtained from publicly accessible sources.
For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with Masterpass, we obtain Personal Information relating to you from various sources described below.
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. However, if you do not provide Personal Information when requested, you may not be able to benefit from Masterpass if that information is necessary to provide you with the service or if we are legally required to collect it.
a. Personal Information Provided by You
In connection with Masterpass, we ask you to provide certain Personal Information, such as your name, gender, home address, billing address, shipping address, telephone number, email address, username, password, and payment card information. We may collect such Personal Information upon registration, when you click on the “Masterpass” button at a merchant or otherwise sign up for or sign in to a Masterpass Wallet, on application forms or via other forms, including native mobile Masterpass wallet application. In some instances, we may also obtain your national identity card number, your answers to our security questions, and loyalty card information.
b. Personal Information Provided by Participating Merchants in Connection with Your Use of the Masterpass Wallet Services
We receive certain Personal Information about you from merchants in relation to your transactions using the Masterpass Wallet Services, such as stock-keeping unit data, description of items, quantity, price, subtotal and payment cards registered with the Masterpass, merchant’s name, currency, amount, date and time of order and information about whether or not the order was completed. If you have an account on file with the merchant, they may also provide us with your shipping address.
c. Personal Information Provided by the Issuer of Your Registered Payment Card or Other Financial Institution
When you register a payment card with Masterpass, we may send information to the issuer of that card to validate the card, authenticate your identity, and tokenize your payment credentials to make your payments more secure. This information may include your name, payment card information, billing address, information about your mobile device, and information about how you registered your payment cards in your Masterpass Wallet. To facilitate the validation/authentication/tokenization process, we may receive Personal Information about you back from the issuer of your payment card. In addition, when you make payments using tokenized credentials via the Masterpass Wallet, we receive data about the token and the transaction back from the issuer of your payment card.
In addition, in some instances, we may receive data about you from your financial institution in order to make sure that you create the correct Masterpass Wallet. For example, your financial institution may provide us with your email address or phone number in an encrypted, protected form. When you click on the “Masterpass” button at a merchant or otherwise sign up or sign in for a Masterpass Wallet, you will be asked for your email or phone number. If the information you provide matches the information provided by your financial institution, you may be directed to a specific Masterpass Wallet relating to that financial institution. This information may also be used to create your Masterpass Wallet.
d. Personal Information Obtained from Your Interaction with Masterpass
When you interact with the Masterpass Wallet Services, or visit Masterpass Websites, pages or other digital assets, we may collect certain information by automated means such as cookies, web beacons, and similar technologies, including IP address, mobile device IP address, mobile device unique identifier, MAC address, device ID, location data, browser type and setting data (such as screen resolution, color depth, time zone settings, browser extension and plugins, fonts, etc.), operating system, referring URLs, information on actions taken or interaction with our digital assets, dates and times of actions, and other mobile trackers. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server. For more information, please read our Cookie Notice.
We use this information to improve Masterpass by assessing how many users access or use our service, which content, products, and features of our service most interest our visitors, what types of offers our customers like to see, how our service performs from a technical point of view, as well to enhance the security of Masterpass and to protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality.
We and our service providers may automatically collect browser data from your device. Browser data consists of information about settings on the configuration of the browser you use to access Masterpass Wallet Services and the Masterpass Websites. This may include screen resolution and color depth, time zone settings, browser extensions and plugs installed in the browser and versions thereof, fonts installed on the browser, the user agent string, and other similar data. This data is used to create a unique fingerprint of the browser used to access the Masterpass Websites to remember the choices made by that browser and to assist in preventing fraud and enhancing the security of Masterpass Wallet Services, the Masterpass Websites and the Mastercard network. We may offer users of our Masterpass Wallet Services choices to opt-out of the collection and fingerprinting of browser data via our Cookie Consent Tool.
De-Identified Data About Your Masterpass Transaction
We and our service providers may automatically collect de-identified data about transactions you make using your Masterpass Wallet. The information collected includes the name of the merchant and the transaction data and time. This information is used to enhance the security of the Masterpass Wallet Services, the Masterpass Websites, and the Mastercard Network.
Third Party Analytics
Other analytics providers that administer these services may also use technologies such as cookies and web beacons to help us analyze how visitors use Masterpass.
In the Masterpass Mobile Application, you can turn off Adobe Omniture web analytics. You may also have the possibility to opt out of analytics via the AdChoices icon on the Masterpass Websites. Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your ability to opt out or limit the use of your browsing behavior for online behavioral advertising purposes.
Web Beacons and Email Tracking
When we send emails to people with a Masterpass Wallet account, we may track behavior such as who opened the emails and who clicked the links. We do that to measure the performance of our emails and to improve our features. To do this, we include single pixel gifs (that is to say, web beacons) in emails we send. Web beacons allow us to collect information about whether an email has been opened and the number of clicks inside that email. We use the data collected via those web beacons to create the reports about how our email campaign performed and what actions individuals took within the email (for example, links clicked). If you do not wish for us to track emails we send you, some email services allow you to adjust your display, to turn off HTML, or disable download of images which should effectively disable our email tracking.
e. Tailored Content and Services
We may use your Personal Information, including information about your interactions with Masterpass, information about you provided by our partners, and publicly available information to analyze your preferences, interests and behavior in order to provide you with personalized content and the most relevant offers, content, or messages. You may see certain ads on other websites because we (and our partners) use data collected via the Masterpass Wallet Services to customize advertisements to you on third-party websites. This collection and use allows us to target our messaging to users through demographic, interest-based, and contextual means.
We may use information about your use of the Masterpass Wallet, or which Masterpass Wallet you use, in order to deliver you a customized merchant checkout experience. After making a Masterpass transaction, we may drop a cookie on your device that will remember which Masterpass Wallet or which payment card you used for that transaction. That cookie will provide a customized checkout button at merchants who accept Masterpass based on that information. This will deliver a more seamless commerce experience. Merchants are not able to access this information.
We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consent to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.
f. Personal Information Presented from Your Other Masterpass Wallets on the Device
If you are using the Masterpass Wallet Services on an eligible device, when you click on the “Masterpass” button to make a payment using a participating merchants mobile application, we will scan your mobile device to see if any certified Masterpass mobile applications are loaded on the device. If so, during the checkout flow at the participating merchant, you will be presented with a list of each such Masterpass Wallets and the registered payment cards for such Wallets so you can choose which Masterpass Wallet and payment card you would like to use for that transaction.
g. Personal Information Obtained from Your Interaction with Social Media Tools
Masterpass offers you the possibility to share, link to, or mention on social media outlets anything you may find of interest. For example, you may “like” an offer via your Facebook account or “tweet” an offer using Twitter. Social media providers such as Facebook or Twitter are independent from Mastercard and do not necessarily share the same policy as Mastercard with regard to the protection of privacy. Please review their privacy policies if you decide to use their services. Mastercard cannot be held liable for any of these social websites’ or apps’ content, use, or general privacy practices.
2. How We May Use Your Personal Information
We may use your Personal Information to:
- Communicate with you.
- Provide, improve, and develop Masterpass.
- Ensure safety and security.
- Send you marketing materials.
- Provide you with personalized content and checkout experience.
- Perform data analysis.
We may use the Personal Information we obtain about you to:
- Create, manage, and personalize your online account (including providing you with a transaction history), provide our products and services, communicate with you, and respond to your inquiries.
- Route you to the correct Masterpass Wallet based on whether you have an existing Masterpass Wallet relationship or an existing banking relationship with a participating issuer.
- Validate your payment card information, authenticate your identity with your bank and tokenize your payment credentials to make your payments more secure.
- Provide a customized checkout experience.
- Create a view that shows you all of your eligible Masterpass Wallet accounts, including this Masterpass Wallet, and each account’s registered payment cards, when you click on the “Masterpass” button via a participating merchant’s mobile application.
- Provide reporting back to the issuer of your enrolled payment cards and the merchants you transact with via the Masterpass Wallet Services.
- Anonymize Personal Information and prepare and furnish aggregated data reports showing anonymized information, (including, but not limited to, the following: compilations, analyses, analytical and predictive models and rules, and other aggregated reports).
- Perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance.
- Send you marketing communications about products, services, offers, programs and promotions of Mastercard, its issuers, acquirers, retailers and partners (including contests, sweepstakes and any other marketing activities).
- Provide you with personalized services and recommendations. For example, we may suggest products or other special marketing activities that we think would be of particular interest to you based on your interaction with our website, your online behavior and other Personal Information we may obtain about you.
- Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, enhance the security of Masterpass Wallet Services and the Mastercard network, and manage risk exposure and franchise quality.
- Operate, audit, evaluate, monitor, and improve our business and interactive assets (including developing new products and services; managing our communications; determining the effectiveness of and optimizing our advertising; analyzing our products, services, apps, and websites; facilitating the functionality of our apps and websites; and performing accounting, auditing, billing, reconciliation, and collection activities).
- Assist third parties in the of products or services that you request.
- As may be required by applicable laws and regulations or requested by any judicial process or governmental agency having or claiming jurisdiction over Mastercard or its affiliates.
- Comply with applicable legal requirements and industry standards and our policies.
- Use the information in other ways for which we provide specific notice at the time of collection.
We will only process your Personal Information for the above purposes when we have a valid legal ground for the processing, including if:
- You consented to the use of your Personal Information. For example, we may seek to obtain your consent for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings.
- We need your Personal Information to provide you with products and services, or to respond to your inquiries.
- The processing is necessary for compliance with a legal obligation such as to prevent and monitor fraud in payment transactions.
We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent fraud, to anonymize Personal Information and carry out data analyses.
3. How We Share Your Personal Information
We may share Personal Information with:
- Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
- Service providers acting on our behalf.
- Other participants in the payment ecosystem, including payment card issuers and merchants.
- Third parties for fraud monitoring and prevention purposes, or other lawful purposes.
- Third parties in the event of a sale or transfer of our business or assets.
4. Your Rights and Choices
Subject to applicable law, you have the right to:
- Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion.
- Receive the Personal Information you provided to us to transmit it to another company.
- Withdraw any consent provided.
- Where applicable, lodge a complaint with your Supervisory Authority.
If you are located in the European Economic Area or Switzerland, you can exercise your rights via Mastercard’s “My Data Center” Portal. You may also submit a request as described in the “How to Contact Us” section.
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
- You may opt out from receiving marketing communications by clicking on the unsubscribe link contained in such communications.
Those rights may be limited in some circumstances by local law requirements.
If you are located in the European Economic Area or Switzerland, you can easily exercise your rights via Mastercard’s “My Data Center” Portal. You may also submit a request to exercise your rights, update your preferences, ask us to remove your information from our mailing lists or delete your account by contacting us as specified in the “How to Contact Us” section below. Subject to applicable law, you may also have the option to withdraw your consent by using the unsubscribe link inserted in our communications, or to opt out from certain processing of your Personal Information on our opt-out webpage. You may also view or change your personal details and change your settings, including your marketing preferences, in your Masterpass Wallet Services account.
Third Party Analytics
As indicated above, we may use third-party web analytics services, such as those of Adobe Omniture, to analyze how you use the Masterpass Wallet Services (if you have a Masterpass Wallet Services account), your usage of the Masterpass Websites, and other Mastercard websites. If you have a Masterpass Mobile Application, you can turn off the use of the analytics service inside the Masterpass Mobile Application by visiting “Settings” and turning off “Send Data”. In the United States, you can also opt out of analytics on the Masterpass Websites via the AdChoices icon.
Online Behavioral Advertising and Other Cookie Preferences
We may offer users of the Masterpass Wallet Services and visitors to the Masterpass Websites choices to manage their cookie preferences through the Cookie Consent tool displayed in the bottom right corner of the Masterpass Websites or accessible via the AdChoices icon on the Masterpass Websites. Your browser may tell you how to be notified and opt out from receiving certain types of cookies, including analytics and advertising cookies. Otherwise, you can opt out at http://www.aboutads.info/choices/. You can also opt out of some of Mastercard’s use of web analytics at https://www.Mastercard.com/us/personal/en/general/web-analytics-opt-out.html. To learn more about cookies, please visit http://www.aboutads.info/choices/ or http://www.adobe.com/privacy/opt-out.html. For more information, please read our Cookie Notice.
If you have a customized checkout experience, you can opt out of seeing a customized checkout button on merchant websites through the AdChoices icon on the Masterpass Websites.
Although the Masterpass Wallet Services currently do not have a mechanism to recognize the various web browser Do Not Track signals, we may offer users of our Masterpass Wallet Services choices to manage their preferences via our Cookie Consent Tool and we will honor your preferences. To learn more about browser tracking signals and Do Not Track, please visit http://www.allaboutdnt.com.
5. How We Protect Your Personal Information
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.
We maintain appropriate administrative, technical and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you. The types of measures we take vary with the type of data, and how it is collected and stored.
When you provide Personal Information online, we use the industry standard for encryption on the Internet – Secure Socket Layer (SSL) technology – to help protect the data that you provide. This Internet encryption standard scrambles data as it travels from your device to our server. You will know that you are in a secure area of the Masterpass Websites when a lock icon appears on your screen that the “http” prefix of our URL address changes to “https”. The “s” represents “secure”. We also use digital certificates to ensure that you are connected to the authentic Masterpass Websites.
We will never ask you for your password in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls, or e-mail messages). If you believe your username and password have been compromised, please contact us by following the instructions provided in the “How to Contact Us” section below.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of Masterpass or when you request their deletion, unless we are required by law to keep the information for a longer period. We complete periodic reviews of our databases, and have established specific time limits for data deletion, taking into account the type of services provided in the context of Masterpass, the length of the customer relationship, possible re-enrolment with Masterpass, mandatory retention periods and the statute of limitations. In particular, we do not keep your Personal Information for longer than 13 months from the last time you have accessed your account unless we are required by law to keep the information for a longer period.
6. Data Transfers
We may transfer your Personal Information outside of the European Economic Area, including to the United States, in compliance with our Binding Corporate Rules and other data transfer mechanisms.
Mastercard is a global business. We may transfer or disclose Personal Information we collect about you to recipients in countries other than your country, including to the United States where our global headquarters are located. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Privacy Notice.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by European Economic Area data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here. We may also transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the European Economic Area.
7. Features and Links to Other Websites
You may choose to use certain features for which we partner with other entities that operate independently from Mastercard.
You may choose to use certain features for which we partner with other entities or click on links to other websites for your convenience and information. These features may operate independently from Mastercard. They may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by Mastercard, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.
8. Updates to This Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
This Privacy Notice may be updated periodically to reflect changes in our privacy practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.
9. How to Contact Us
You can e-mail us at firstname.lastname@example.org. If you are located in the European Economic Area or Switzerland, you may submit your request to exercise your rights in relation to your Personal Information on Mastercard’s “My Data Center” Portal.
Mastercard Europe SA is the entity responsible for the processing of your Personal Information.
If you are located in the European Economic Area or Switzerland, you can easily exercise your rights via Mastercard’s “My Data Center” Portal. You may also submit a request to exercise your rights or share any questions, comments, or complaints about this Privacy Notice or our privacy practices by e-mailing us at email@example.com, or writing to us at:
Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
For more information on Mastercard’s privacy practices in other contexts, please refer to our Global Privacy Notice available at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html.
For all other enquiries about your Mastercard card and your purchase, you must contact your issuing bank or the participating merchant. More information about how to contact them can be found on their respective Masterpass Websites.