Effective Date: 25 May 2018
Mastercard Europe SA, its affiliates and other entities within the Mastercard’s group of companies (“Mastercard”, “we”, “us”, or “our”) respect your privacy.
This Privacy Notice applies to the processing of Personal Information collected in the context of Mastercard’s Donation Platform (“the Platform”) which provides the channel to donate to our charity partners, depending on your country. This Privacy Notice applies to this website (“the Site”) in connection with your participation in the Platform and it does not cover the collection and use of your Personal Information on other Mastercard branded websites or by your Mastercard issuers (e.g. your bank) or any other information or communications that may refer to Mastercard outside this program (e.g. communications from banks).
This Privacy Notice describes the types of Personal Information we collect in connection with the Platform, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
Your visit to the Site is subject to this Privacy Notice, to the Cookie Notice and to our Terms and Conditions. For more information about Mastercard’s privacy practices, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html.
1. Personal Information We May Collect
We may collect the following Personal Information:
- Registration information, such as your name and email.
- Transaction information, such as your full card number.
- Information collected via cookies and similar technologies.
For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Platform, we obtain Personal Information relating to you from various sources described below.
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to use the Platform if that information is necessary to provide you with the Platform or if we are legally required to collect it.
a. Personal Information Provided by You or Your Bank
When you register for the Platform, we may collect your first and last name, your email, your postal address, your government ID number, the password you choose and the answers to the security questions you select. At this stage, we may also collect your consent to our Terms and Conditions and to receive marketing communications from Mastercard or its charity partners. If you register via your bank, we will obtain your registration information from the bank.
When you participate in the Platform, we may collect Personal Information about your transactions, such as your Personal Account Number (PAN), your country, postal code, card expiration month and year and CVC2. The Platform then generates information such as donation currency, amount and fund.
b. Personal Information Obtained from Your Interaction with the Site
When you use the Site, we may collect certain information by automated means via cookies and similar technologies, such as IP address, MAC address, device ID, location data, information on actions taken on our website, dates and times of actions, and other mobile trackers. We use this information to improve the Platform by assessing how many users access or use our service, which content, products, and features of our service most interest our visitors, what types of offers our customers like to see, and how our service performs from a technical point of view. For more information, please read our Cookie Notice.
c. Tailored Content and Services
We may use your Personal Information, including information about your interactions with the Platform, and publicly available information to analyze your preferences, interests and behavior in order to provide you with tailored content and the most relevant offers, content, or messages. We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
2. How We May Use Your Personal Information
We may use your Personal Information to:
- Communicate with you.
- Provide, improve, and develop the Platform.
- Protect against fraud and ensure safety and security.
- Send you marketing materials.
- Perform data analysis.
- Enforce our Terms and Conditions and comply with our legal obligations.
We may use the Personal Information we obtain about you to:
- Create and manage your online account, identify your eligible transactions, calculate the donation amount and respond to your inquiries.
- Validate your payment card information.
- Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality.
- Send you marketing communications about products, services, offers, programs and promotions of Mastercard, its issuers, acquirers, retailers and partners (including contests, sweepstakes and any other marketing activities).
- Operate, evaluate and improve our business (including developing new products and services; analyzing our products, services and websites; performing and producing data reports, including data anonymization; facilitating the functionality of our websites; and performing accounting, auditing, billing, reconciliation and collection activities).
- Enforce our Terms and Conditions.
- Comply with applicable legal requirements and industry standards and our policies.
- Perform auditing, research and analysis in order to maintain, protect and improve our services.
We will only process your Personal Information for the above purposes when we have a valid legal ground for the processing, including if:
- You consented to the use of your Personal Information. For example, we may seek to obtain your consent for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings, or to process Personal Information deemed sensitive pursuant to applicable law.
- We need your Personal Information to provide you with products and services, or to respond to your inquiries.
- The processing is necessary for compliance with a legal obligation such as to prevent and monitor fraud in payment transactions.
- We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent fraud, to anonymize Personal Information and carry out data analyses.
3. How We Share Your Personal Information
We may share Personal Information with:
- Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
- Our service providers acting on our behalf.
- Charity partners for strictly limited purposes, such as to send you updates about the use of the funds.
- Other participants in the payment ecosystem, including financial institutions and merchants.
- Third parties for payment card fraud monitoring and prevention purposes, or other lawful purposes.
- Third parties in the event of a sale or transfer of our business or assets.
4. Your Rights and Choices
Subject to applicable law, you have the right to:
- Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion.
- Receive the Personal Information you provided to us to transmit it to another company.
- Withdraw any consent provided.
- Where applicable, lodge a complaint with your Supervisory Authority.
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
- You may opt out from receiving marketing communications by clicking on the unsubscribe link contained in such communications.
Those rights may be limited in some circumstances by local law requirements.
If you would like to update the information we have about you or your preferences, you may do so by accessing the data you have already entered in the Platform and modifying it directly. If you are located in the EEA or Switzerland, you can easily exercise your rights via Mastercard’s “My Data Center” Portal. You may also submit a request to exercise your rights, update your preferences, ask us to remove your information from our mailing lists or delete your account by contacting us as specified in the “How to Contact Us” section below. Subject to applicable law, you may also have the option to withdraw your consent by using the unsubscribe link inserted in our communications, or to opt out from certain processing of your Personal Information on our opt-out webpage.
5. How We Protect Your Personal Information
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.
We maintain appropriate administrative, technical, and physical safeguards to protect nonpublic Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. The types of measures we take vary with the type of information, and how it is collected and stored. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of the Platform or when you request their deletion, unless we are required by law to keep the information for a longer period. We complete periodic reviews of our databases, and have established specific time limits for data deletion, taking into account the type of data collected, the type of services provided in the context of the Platform, the length of the customer relationship, possible re-enrolment with the Platform, mandatory retention periods, and the statute of limitations.
6. Data Transfers
We may transfer your Personal Information outside of the EEA, including to the United States, in compliance with our Binding Corporate Rules and other data transfer mechanisms.
Mastercard is a global business. We may transfer or disclose Personal Information we collect about you to recipients in countries other than your country, including to the United States where our global headquarters are located. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Privacy Notice.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here. We may also transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.
7. Features and Links to Other Websites
You may choose to use certain features for which we partner with other entities that operate independently from Mastercard.
Our Site may provide links to other features for your convenience and information. These features, which may include social networking and geographic location tools, and other apps or websites, may operate independently from Mastercard. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites you visit are not owned or operated by Mastercard, we are not responsible for the sites' content, use, or privacy practices.
8. Updates to This Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.
9. How to Contact Us
You can e-mail us at firstname.lastname@example.org. If you are located in the EEA or Switzerland, you may submit your request to exercise your rights in relation to your Personal Information on Mastercard’s “My Data Center” Portal.
Mastercard Europe SA is the entity responsible for the processing of your Personal Information.
If you are located in the EEA or Switzerland, you can easily exercise your rights via Mastercard’s “My Data Center” Portal. You may also submit a request to exercise your rights or share any questions, comments, or complaints about this Privacy Notice or our privacy practices by e-mailing us at email@example.com, or writing to us at:
Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
For more information on Mastercard’s privacy practices in other contexts, please refer to our Global Privacy Notice available at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html.
For all other enquiries about your Mastercard card and your purchase, you must contact your issuing bank or the participating merchant. More information about how to contact them can be found on their respective websites.