Mastercard: Masterpass™ Mobile Application/ Masterpass™ Wallet/Masterpass Online™ Privacy Notice
Effective Date: February 22, 2018
Mastercard International Incorporated and its affiliates (“Mastercard”) (“We” or “we”) respect your privacy. This Privacy Notice applies to both (i) the Masterpass Mobile Application, the Masterpass Wallet and/or Masterpass Online for consumers who have a Masterpass by Mastercard Wallet account (collectively, “Masterpass by Mastercard Wallet Services”) and (ii) the Masterpass.com website and the Masterpass wallet portal through which individuals access and transact with all Masterpass wallets, whether a Masterpass Wallet, a Masterpass wallet through a financial institution or another party (the “Masterpass Websites”).
To learn more, click on one of the links below to jump to the listed section:
1. What This Privacy Notice Covers and Does Not Cover
This Privacy Notice describes the types of personal data we collect in connection with the Masterpass by Mastercard Wallet Services and the Masterpass Websites, the purposes for which we collect that personal data, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your personal data, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
However, it is important to note that this Privacy Notice does not cover the following:
Masterpass Wallets other than the Masterpass by Mastercard Wallet: If you have a Masterpass wallet account other than a Masterpass by Mastercard wallet account, the collection and processing of your personal data through that wallet will be explained in that wallet’s privacy notice. This Privacy Notice only covers the Masterpass by Mastercard Wallet Services and the Masterpass Websites.
Merchants: This Privacy Notice does not cover the collection and use of your personal data by merchants using the Masterpass by Mastercard Wallet Services and the Masterpass Websites. Please make sure to review your merchant’s privacy disclosures to understand how they are collecting and using your personal data.
Financial Institutions: This Privacy Notice also does not cover the collection and use of your personal data by your financial institution. Please make sure to review your financial institution(s) privacy disclosures to understand how they are collecting and using your personal data.
Other Mastercard Products and Services: This Privacy Notice does not cover the collection and use of your personal data on other Mastercard branded websites or products, or any other information or communications that may reference Mastercard outside the Masterpass by Mastercard Wallet Services or the Masterpass Websites. For more information about Mastercard’s privacy practices, visit Mastercard’s Global Privacy Notice.
2. Responsible Entities
The entities responsible for the collection and use of your personal data in the context of the Masterpass by Mastercard Wallet Services and Masterpass Websites are:
Mastercard Europe SA
Mastercard International Incorporated
Please note that for those consumers who reside in France, Mastercard France (and not Mastercard Europe SA) will be the appropriate entity responsible for the collection and use of your personal data in the context of the Masterpass by Mastercard Wallet Services and Masterpass Websites. Reference may be made to Mastercard International Incorporated as the parent company of Mastercard France.
112, Avenue Kléber
75784 PARIS CEDEX 16
3. Personal Data We Collect and Present
We collect Personal Data about you through the Masterpass Websites and in connection with your use of the Masterpass by Mastercard Wallet Services. By personal data we mean “any information relating to an identified or identifiable natural person.”
The following sections provide a summary of:
- Personal Data collected through the Masterpass Websites
- Personal Data collected through the Masterpass by Mastercard Wallet Services
- Personal Data that is automatically collected through both the Masterpass Websites and the Masterpass by Mastercard Wallet Services
A. Personal Data Collected through the Masterpass Websites
1. Personal Data Provided By Your Financial Institutions
In some instances, we may receive data about you from your financial institution in order to help ensure you create the correct Masterpass wallet. For example, your financial institution may provide us with your email address or phone number. This will be used to help you create the appropriate Masterpass wallet with a participating financial institution.
2. Personal Data Provided By You
When you register to create any Masterpass wallet account (whether a Masterpass by Mastercard wallet with Mastercard, a Masterpass wallet through a financial institution or with another party) or attempt to sign in to any Masterpass wallet account through the Masterpass portal, we may ask you for certain personal data, including email address, phone number and payment card information. The provision of this personal data is voluntary. However, withholding this personal data will mean that you cannot take advantage of the Masterpass Wallet services.
We use this data for the following purposes:
- When you click on the “Buy With Masterpass” button at a merchant or otherwise sign-up for or sign-in to a Masterpass wallet, you will be asked for certain personal data, such as your email or phone number. If the information you provide matches the information provided by your financial institution (see above), you may be directed to a specific Masterpass wallet relating to that financial institution. We also use this information to help enhance the security of the Masterpass platform and reduce fraud.
- If you do not have an existing Masterpass wallet, we will ask you to provide the payment card you would like to use to complete a transaction. We may use this information to determine if the applicable financial institution that issued your payment card has a Masterpass wallet program. If so, we will route to that wallet. That information may also be used to create your Masterpass wallet.
B. Personal Data Collected and Presented through the Masterpass by Mastercard Wallet Services
We collect data in a number of ways when you use the Masterpass by Mastercard Wallet Services: personal data provided by you; personal data provided by participating merchants; personal data provided by the issuer of your payment cards or other financial institutions; and personal data provided by you in connection with other Masterpass wallets on your device. That data collection is described below.
If you have more than one Masterpass wallet mobile application with an active account on your mobile device, we may also present data from each Masterpass account to you when making a purchase at a participating merchant to help you choose how you would like to pay. To learn more, see Section 3(B)(iv), below.
In addition, we automatically collect personal data through your use of the Masterpass by Mastercard Wallet Services. That is described in more detail in Section 3(C), below.
1. Personal Data Provided by You
In connection with your use of Masterpass by Mastercard Wallet Services, we may ask you for certain personal data upon registration, or on applications forms or other forms, such as your name, home address, billing address, shipping address, telephone number, email address, national identity card number in some instances, user name, password, answers to our security questions, loyalty card information and payment card information. The provision of your personal data for the purposes listed below is voluntary. However, in some circumstances, withholding your personal data will mean that you cannot take advantage of certain products or services.
2. Personal Data Provided by Participating Merchants in Connection with Your Use of the Masterpass Wallet
We receive certain data from merchants about your transactions using the Masterpass by Mastercard Wallet Services, including but not limited to, stock-keeping unit data, description of items, quantity, price and subtotal and payment cards registered with the Masterpass by Mastercard Wallet Services, merchant name, currency, amount, date and time of order and information about whether or not the order was completed. If you have an account on file with the merchant, they may also provide us with your shipping address.
3. Personal Data Provided by the Issuer of Your Registered Payment Card or Other Financial Institution
When you register a payment card with the Masterpass by Mastercard Wallet Services, we may send information to the issuer of that card to validate the card, authenticate your identity and tokenize your payment credentials to make your payments more secure. This information may include your name, payment card information, billing address, information about your mobile device and information about how you registered your payment cards in your Masterpass by Mastercard Wallet. To facilitate the validation/authentication/tokenization process, we may receive personal data about you back from the issuer of your payment card. In addition, when you make payments using tokenized credentials via the Masterpass by Mastercard Wallet Services, we receive data about the token and the transaction back from the issuer of your payment card.
4. Personal Data Presented from Your Other Masterpass Wallets on the Device
If you are using the Masterpass by Mastercard Wallet Services on an eligible device, when you click on the “Buy With Masterpass” button to make a payment using a participating merchants mobile application, we may scan your mobile device to see if any certified Masterpass wallet mobile applications are loaded on the device. If so, during the checkout flow at the participating merchant, you will be presented with a list of each such Masterpass wallet and the registered payment cards for such wallets so you can choose which Masterpass wallet and payment card you would like to use for that transaction.
C. Personal Data We Collect Automatically
We, and our service providers, may collect certain information by using automated means, such as cookies and web beacons, when you interact with the Masterpass by Mastercard Wallet Services, or visit the Masterpass Websites, pages or other digital assets. The information we collect in this manner may include: IP address, mobile device IP address, mobile device unique identifier, browser type and setting data (such as screen resolution, color depth, time zone settings, browser extension and plugins, fonts, etc), operating system, referring URLs and information on actions taken or interaction with our digital assets. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is used to transmit information back to a web server.
This information is collected and used for the purposes described in this Section 3(C) and in Section 4, below. In addition, this information will be used to enhance the security of the Masterpass Websites, the Masterpass by Mastercard Wallet Services, the Mastercard network and to protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality.
2. Browser Data
In addition to the above, we, and our service providers, may automatically collect browser data from your device. Browser data consists of information about settings on the configuration of the browser you use to access the Masterpass by Mastercard Wallet Services and the Masterpass Websites. This may include screen resolution and color depth, time zone settings, browser extensions and plugs installed in the browser and versions thereof, fonts installed on the browser, the user agent string and other similar data. This data is used to create a unique fingerprint of the browser used to access the Masterpass Websites to remember the choices made by that browser and to assist in preventing fraud and enhancing the security of the Masterpass by Mastercard Wallet Services, the Masterpass Websites and the Mastercard network. We may offer users of our Masterpass by Mastercard Wallet Services choices to opt-out of the collection and fingerprinting of browser data via our Cookie Consent Tool.
3. De-Identified Data About Your Masterpass Transaction
We, and our service providers, may automatically collect de-identified data about transactions you make using your Masterpass wallet, whether a Masterpass by Mastercard wallet or a Masterpass wallet offered through a financial institution or other party. The information collected includes the name of the merchant and the transaction data and time. This information is used to enhance the security of the Masterpass by Mastercard Wallet Services, the Masterpass Websites and the Mastercard Network.
4. Third Party Analytics
We may use third-party web analytics services, such as those of Adobe Omniture. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use the Masterpass by Mastercard Wallet Services and the Masterpass Websites. In the Masterpass Mobile Application, you can turn off Adobe Omniture web analytics. You can also opt-out of analytics via the Cookie Consent Tool displayed in the bottom right corner of the Masterpass Websites. Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your ability to opt out or limit the use of your browsing behavior for online behavioral advertising purposes.
5. Tailored Advertising
6. Web Beacons and Email Tracking
When we send emails to people with a Masterpass by Mastercard Wallet account, we may track behavior such as who opened the emails and who clicked the links. We do that to measure the performance of our emails and to improve our features. To do this, we include single pixel gifs, also called web beacons, in emails we send. Web beacons allow us to collect information about whether an email has been opened and the number of clicks inside that email. We use the data from those web beacons to create reports about how our email campaign performed and what actions individuals took within the email (e.g. links clicked). If you do not wish for us to track emails we send you, some email services allow you to adjust your display to turn off HTML or disable download of images which should effectively disable our email tracking.
7. Customized Checkout
We may use information about your use of the Masterpass by Mastercard Wallet Services, or which Masterpass Wallet you use, in order to deliver you a customized merchant checkout experience. After making a Masterpass transaction, we may drop a cookie on your device that will provide a customized Masterpass checkout button on merchant websites based on which Masterpass Wallet you use, or, in some instances, which payment card you used for that transaction. This will deliver a more seamless consumer Masterpass experience. Merchants are not able to access this information. Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your ability to opt out the customized checkout experience.
If you are accessing the Masterpass by Mastercard Wallet Services or Masterpass Websites from Europe, please refer to our Cookie Notice for further information.
4. How We Use the Personal Data We Collect
We may use the personal data we obtain about you to:
- Create, manage and personalize your online account (including providing you with a transaction history), provide our products and services, and respond to your inquiries;
- Route you to the appropriate Masterpass wallet based on whether you have an existing Masterpass wallet relationship or an existing banking relationship with a participating issuer;
- Validate your payment card information, authenticate your identity with your bank and tokenize your payment credentials to make your payments more secure;
- Provide a customized checkout experience;
- Create a view that shows you all of your eligible Masterpass wallet accounts, including a Masterpass by Mastercard Wallet (if you have one), and each account’s registered payment cards, when you click on the “Buy with Masterpass” button via a participating merchant’s mobile application;
- Provide reporting back to the issuer of your enrolled payment cards and the merchants you transact with via the Masterpass by Mastercard Wallet Services;
- Anonymize personal information and prepare and furnish aggregated data reports showing anonymized information (including, but not limited to, the following: compilations, analyses, analytical and predictive models and rules, and other aggregated reports);
- Perform data analyses (including anonymization of personal information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance;
- Provide, administer and communicate with you about products, services and promotions (including contests, sweepstakes, programs and other offers), including the display of customized content and advertising via the Masterpass by Mastercard Wallet Services and elsewhere online;
- Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, enhance the security of the Masterpass by Mastercard Wallet Services, the Masterpass Wallet Websites, the Mastercard network and manage risk exposure and franchise quality;
- Operate, audit, evaluate, monitor and improve our business and interactive assets (including by developing new products and services; managing our communications; determining the effectiveness of and optimizing our advertising; analyzing our products, services and websites; facilitating the functionality of our websites; and performing accounting, auditing, billing, reconciliation and collection activities);
- Assist third parties in the provision of products or services that you request;
- As may be required by applicable laws and regulations or requested by any judicial process or governmental agency having or claiming jurisdiction over Mastercard or Mastercard’s affiliates;
- Comply with industry standards and our policies.
We also may use the information in other ways for which we provide specific notice at the time of collection.
5. Personal Data We Share
We do not sell or otherwise disclose personal data we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time the data is collected. In particular, your personal data may be shared:
- Between Mastercard and our affiliates in order to provide the Masterpass by Mastercard Wallet Services, the Masterpass Websites and for the purposes described above.
- With merchants and their service providers to perform and/or facilitate payment card transactions (including via Near Field Communication (NFC) and other contactless payment technology), to ensure the safety and security of those transactions (including card fraud detection and prevention), to resolve disputes, provide customer service, usage analysis and reporting and to provide the Masterpass by Mastercard Wallet Services that you request. Please note that merchants and their service providers may have their own privacy policies governing how they use and disclose personal data. We recommend that you review privacy policies of the companies you interact with to learn about their practices.
In addition, If you elect to connect your wallet to a merchant, we will provide personal data to that merchant in order to personalize your shopping experience and/or facilitate faster check-outs. In such instances, merchants are not permitted to use your data for any other purpose.
- With financial institutions and their service providers to perform and/or facilitate payment card transactions (including via Near Field Communication (NFC) and other contactless payment technology), to ensure the safety and security of those transactions (including card fraud detection and prevention), to authenticate and identity you and the payment cards you register with the Masterpass Wallet, to tokenize your payment credentials, to resolve disputes, provide customer service, usage analysis and reporting and to provide the Masterpass by Mastercard Wallet Services that you request. Please note that financial institutions and their service providers may have their own privacy policies governing how they use and disclose personal data. We recommend that you review privacy policies of the companies you interact with to learn about their practices.
- With our respective service providers who perform services on our behalf. We do not authorize these service providers to use or disclose the data except as necessary to perform certain services on our behalf or comply with legal requirements. We require these service providers by contract to appropriately safeguard the privacy and security of personal data they process on our behalf.
- If we are required to do so by law or legal process; to law enforcement authorities or other government officials; or when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
- Otherwise with your consent.
In addition, we also may share aggregated or anonymized data with third parties for any lawful purpose.
6. Your Rights and Choices
You also have rights to obtain details of the personal information that we hold about you, ask us to stop processing information and to have your personal information corrected or deleted. We offer you certain choices about what personal data we collect from you, how we use that information, and how we communicate with you.
- Account Information and Email Marketing Preferences: If you have a Masterpass by Mastercard Wallet Account, you can access your account at any time by logging into your account. You can view or change your personal details and manage your marketing preferences here. You can at any time tell us not to send you marketing communications by e-mail by clicking on the unsubscribe link within the marketing e-mails you receive from us or by changing your settings on your preferences page on your account. You also may opt-out of receiving marketing e-mails via your account management by clicking here. We will apply your preferences going forward. In some circumstances, withdrawing your consent to our use or disclosure of your personal data will mean that you cannot take advantage of certain products or services.
- Third Party Analytics: As indicated above, we may use third-party web analytics services, such as those of Adobe Omniture, to analyze how you use the Masterpass by Mastercard Wallet Services (if you have a Masterpass by Mastercard Wallet Services account), your usage of the Masterpass Websites and other Mastercard websites. If you have a Masterpass Mobile application, you can turn off the use of the analytics service inside the Masterpass Mobile Application by visiting “Settings” and turning off “Send Data.” In the United States, you can also opt-out of analytics on the Masterpass Websites via the AdChoices icon.
- Customized Checkout: If you have a customized checkout experience, you can opt-out of seeing a customized checkout button on merchant websites through the AdChoices icon on the Masterpass Websites.
- Online Behavioral Advertising and Other Cookie Preferences: We may offer users of the Masterpass by Mastercard Wallet Services and visitors to the Masterpass Websites choices to manage their cookie preferences through the Cookie Consent tool displayed in the bottom right corner of the Masterpass Websites. Your browser may tell you how to be notified and opt out of receiving certain types of cookies, including analytics and advertising cookies. Otherwise, you can opt out at http://www.aboutads.info/choices/. You can also opt out of some of Mastercard’s use of web analytics at https://www.Mastercard.com/us/personal/en/general/web-analytics-opt-out.html. To learn more about Cookies, please visit http://www.aboutads.info/choices/ or http://www.adobe.com/privacy/opt-out.html or our Cookie Notice available on Masterpass Online in the European Economic Region, Turkey, Switzerland and Canada.
Mastercard will obtain your prior opt-in consent at the time of collection for the processing of (i) personal data for marketing purposes, (ii) personal data deemed sensitive pursuant to applicable law , or (iii) personal data to be used for other data processing activities for which your consent may be required.
Your right to access the information we hold about you
You have the right to request access to and receive information about the personal data we maintain about you, update and correct inaccuracies in your personal data, to object to the processing of your personal data and have the information blocked or deleted, as appropriate. To update your preferences, ask us to remove your information from our mailing lists or submit an access request, please contact us as specified in the “How to Contact Us” section below. Our file of your information will usually be made available to you within 40 days], although occasionally we may not be able to give you access to the personal information we hold about you (for example, we may not be able to give you access if it would unreasonably affect someone else's privacy or if giving you access poses a serious threat to someone's life, health or safety). Please note that we may apply an administrative charge for providing access to your information in certain circumstances. Any such charge will be reasonable and we will advise you of the charge and obtain your consent before providing you with access to your personal information.
7. How We Protect Personal Data
We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the personal data in our possession. The types of measures we take vary with the type of data, and how it is collected and stored.
When you provide personal data online, we use the industry standard for encryption on the Internet – Secure Socket Layer (SSL) technology – to help protect the data that you provide. This Internet encryption standard scrambles data as it travels from your device to our server. You will know that you are in a secure area of the Site when a lock icon appears on your screen that the “http” prefix of our URL address changes to “https. ” The “s” represents “secure”. We also use digital certificates to ensure that you are connected to the authentic Site.
We will never ask you for your password in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls or e-mail messages). If you believe your user name and password have been compromised, please contact us by following the instructions provided in the section "How to Contact Us" below.
We also take measures to destroy or permanently de-identify personal data when there is no longer a business need to keep the information and in any case, for no longer than 13 months from the last time you have accessed your account.
8. Data Transfers
We may transfer personal information to countries other than the country in which the data was originally collected. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your personal information to other countries, we will protect that information as described in this Privacy Notice.
Mastercard is a global business. To offer our services, we may need to transfer your personal information among several countries, including the United States, where we are headquartered. We comply with applicable legal requirements providing adequate safeguards for the transfer of personal information to countries outside of the European Economic Area or Switzerland.
9. Features and Links to Other Websites
On the Masterpass Websites or via the Masterpass by Mastercard Wallet Services, you may choose to use certain features for which we partner with other entities or click on links to other websites for your convenience and information. These features, which may include social networking and geographic location tools, and other websites may operate independently from Mastercard. They may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by Mastercard, we are not responsible for the sites’ content, any use of the sites, or the privacy practices of the sites.
10. Browser Do Not Track Signals
Although the Masterpass by Mastercard Wallet Services and the Masterpass Websites currently do not have a mechanism to recognize the various web browser Do Not Track signals, we may offer users of our Masterpass by Mastercard Wallet Services and visitors to the Masterpass Websites choices to manage their preferences via our Cookie Consent Tool, and we will honor your preferences. To learn more about browser tracking signals and Do Not Track, please visit http://www.allaboutdnt.com.
12. How to Contact Us
Global Privacy & Data Usage Officer
2000 Purchase Street
Purchase, New York 10577
Global Privacy & Data Usage Officer
Mastercard Europe SA
Chaussee de Tervuren 198A
For those consumers who reside in France, please contact:
112, Avenue Kléber
75784 PARIS CEDEX 16