MasterCard - Safe Harbor Privacy Policy

Effective Date: May 26, 2015

MasterCard International, Inc. and its affiliates respect your privacy. The following MasterCard entities (collectively, "MasterCard") have certified that they abide by the Safe Harbour privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Consumer Personal Data transferred from the European Economic Area ("EEA") or Switzerland to the United States:

  • Maestro International, Inc.
  • MasterCard Advisors, LLC
  • MasterCard Advisors, LLC Europe
  • MasterCard International Incorporated
  • MasterCard Technologies, LLC, formerly known as, MasterCard International, LLC
  • Orbiscom Inc.

For purposes of this policy, "Consumer" means any natural or legal person (to the extent a legal person is subject to national data protection law), but excludes any individual acting in his or her capacity as a former, current or prospective MasterCard employee, agent, consultant or contractor.

"Personal Data" means any information that (i) is transferred from the EEA or Switzerland to MasterCard in the U.S. and (ii) relates to an identified or identifiable natural or legal person (to the extent a legal person is subject to national data protection law).

MasterCard's Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles, please visit www.export.gov/safeharbor. For more information about MasterCard's processing of Consumer Personal Data, please visit MasterCard's Global Privacy Notice.

How MasterCard Obtains Personal Data

As a processor of payment card transactions and a provider of related services, MasterCard obtains Consumer Personal Data from financial institutions and other entities in connection with payment card transactions. For purposes of this policy, these financial institutions and other entities are defines as "Customers." The MasterCard Rules require MasterCard's Customers to comply with applicable national law governing the collection, use and other processing of Consumer Personal Data. Together with its Customers, MasterCard seeks to ensure that Consumer Personal Data are protected in accordance with the Safe Harbour privacy principles, as described in this policy.

MasterCard also may collect Personal Data directly from Consumers. This collection may occur, for example, when a Consumer visits a MasterCard website and provides Personal Data to MasterCard.

In all cases, as described below, MasterCard's practices regarding the collection, storage, use, transfer, and other processing of Consumer Personal Data comply with the Safe Harbour principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.

Notice

MasterCard provides information in its Global Privacy Notice regarding its Consumer Personal Data practices. MasterCard also has informed its Customers that they may be responsible for providing appropriate notice to Consumers whose Personal Data are transferred to the U.S.

Choice

In circumstances in which MasterCard collects Personal Data directly from Consumers, it offers Consumers the opportunity to choose whether MasterCard may (i) disclose their Personal Data to certain third parties or (ii) use their Personal Data for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual. Consumers may contact MasterCard as indicated below regarding the company's use or disclosure of their Personal Data.

Where MasterCard receives Personal Data about Consumers with whom MasterCard does not have a direct relationship, MasterCard has informed its Customers that they are responsible for providing the relevant individuals with a choice as to whether their Personal Data may be disclosed by MasterCard to certain third parties or used for a purpose that is incompatible with the purpose for which the information was originally collected or subsequently authorized by the individual.

Onward Transfer of Personal Data

MasterCard may share Consumer Personal Data with the following types of third parties:

  • Customers, merchants and other entities for purposes such as authorizing, recording, settling and clearing payment card transactions, and conducting related activities such as billing, collection and fraud prevention;
  • MasterCard affiliates for purposes such as processing payment card transactions and conducting data analytics; and
  • Service providers MasterCard has retained to perform services on its behalf.

MasterCard requires service providers to whom it discloses Consumer Personal Data and who are not subject to laws based on the European Union Data Protection Directive 95/46 to either (i) subscribe to the Safe Harbour principles or (ii) contractually agree to provide at least the same level of protection for Personal Data as is required by the relevant Safe Harbour principles.

MasterCard also may disclose Consumer Personal Data without offering individuals an opportunity to opt-out (i) if required to do so by law or legal process, (ii) when MasterCard believes disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual fraudulent or illegal activity.

MasterCard also reserves the right to transfer Consumer Personal Data in the event the company sells or transfers all or a portion of its business or assets. Should such a sale or transfer occur, MasterCard will use reasonable efforts to direct the transferee to use Consumer Personal Data in a manner that is consistent with MasterCard's Global Privacy Notice. Following such a sale or transfer, Consumers may contact the entity to which MasterCard transferred their Personal Data with any inquiries concerning the processing of that information.

For additional details about the purposes for which MasterCard may disclose Consumer Personal Data, visit the company's Global Privacy Notice.

Access

Where appropriate, MasterCard provides Consumers with reasonable access to the Personal Data MasterCard maintains about them. MasterCard also provides a reasonable opportunity for Consumers to correct, amend or delete that information where it is inaccurate. MasterCard may limit or deny access to Consumer Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbour principles. Consumers may request access to their Personal Data by contacting MasterCard as indicated below.

In circumstances in which MasterCard receives Personal Data about Consumers with whom MasterCard does not have a direct relationship, MasterCard has informed its Customers that they are responsible for providing Consumers with access to the Personal Data and the right to correct, amend or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate Customer. MasterCard requires its Customers to establish appropriate procedures for handling requests by Consumers for access to and correction and deletion of Personal Data. When a Consumer is unable to contact the appropriate Customer, or does not obtain a response from the Customer, MasterCard will provide the necessary assistance in forwarding the individual's request to the appropriate Customer.

Security

MasterCard takes reasonable precautions to protect Consumer Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

MasterCard takes reasonable steps to ensure that the Consumer Personal Data the company processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. MasterCard depends on the relevant Consumers and MasterCard's business Customers to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Consumers may contact MasterCard as indicated below to request that MasterCard update or correct their Personal Data.

In addition, MasterCard has informed its relevant Customers that they are responsible for taking reasonable steps to ensure that the Consumer Personal Data they process are reliable for their intended use and are accurate, complete and current.

Enforcement and Oversight

MasterCard has established procedures for periodically verifying implementation of and compliance with the Safe Harbour principles. MasterCard conducts an annual self-assessment of its Consumer Personal Data practices to verify that the attestations and assertions the company makes about its privacy practices are true and that the company's privacy practices have been implemented as represented.

Consumers may file a complaint concerning MasterCard's processing of their Personal Data with MasterCard's Global Privacy and Data Usage Office, whose contact information is below. If the complaint cannot be resolved through MasterCard's internal processes, MasterCard will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at www.jamsadr.com/rules-international-rules. MasterCard will take steps to remedy any issues arising out of a failure to comply with the Safe Harbour principles. Please contact MasterCard as specified below to address any complaints regarding the company's Consumer Personal Data practices.

In circumstances in which MasterCard receives Personal Data about Consumers with whom MasterCard does not have a direct relationship, Consumers may submit complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer's dispute resolution process. MasterCard will participate in this process at the request of the Customer or the Consumer. If the issue cannot be resolved through the Customer's internal dispute resolution mechanism, the Consumer may submit the complaint to JAMS for mediation pursuant to the JAMS International Mediation Rules.

JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules. The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Data of the Consumer who has brought the complaint. MasterCard will assume the costs of the administrative fees if the mediator makes a written recommendation that finds MasterCard in breach of its duties pursuant to the Safe Harbour. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Safe Harbour enforcement jurisdiction over MasterCard.

How to Contact MasterCard

To contact MasterCard about questions or concerns about this Safe Harbour Privacy Policy or MasterCard's practices concerning Consumer Personal Data, either click here or you may write to us at:

Global Privacy Officer
MasterCard
2000 Purchase Street
Purchase, New York 10577
USA