Open Banking Notice

Effective Date: 23 December 2019

This Open Banking Notice describes how Mastercard Europe SA and other entities within the Mastercard group of companies (collectively, Mastercard) process Personal Information about you in respect of the Open Banking Solutions. We recommend that you read this notice together with Mastercard's Global Privacy Notice and the Fraud & Security Notice.

  1. WHAT ARE MASTERCARD'S OPEN BANKING SOLUTIONS?
  2. At Mastercard, we’re developing market-leading applications and services to underpin, enable and safeguard the new Open Banking ecosystem.

    Our current Open Banking Solutions are:

    • Connect provides third parties with a single, universal connection to financial institutions’ Open Banking functionality regardless of their API standard or implementation.
    • Protect provides verification of third-party registration and certification status, and security and fraud prevention and monitoring tools.
    • Resolve is a centralised enquiry and dispute resolution service with common standards, rules and processes to enable quickly and easily solving customer enquiries and disputes.

  3. WHAT PERSONAL INFORMATION WE PROCESS IN THE OPEN BANKING ECOSYSTEM
  4. For the Open Banking Solutions, in particular Connect and Resolve, Mastercard is primarily a data processor, acting on behalf of its customers. Where we act as a data processor on behalf of financial institutions and merchants, as the data controllers, the financial institutions and merchants are responsible for ensuring a valid legal ground for the data processing. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information.

    For Protect, Mastercard is a data controller for the processing of Personal Information. “Personal Information” means any information relating to an identified or identifiable individual. This may include:

    • Personal and/or Business Contact Information and Credentials: such as, name, user ID, email address and phone number, and log-in credentials.
    • Financial Information: such as, payment card details and billing address.
    • Third Party Provider (TPP) Request Information: such as, payment initiation service requests, account information service requests, request reference number, and response status.
    • Transaction Information: such as, date / time of payment, information about disputed transactions, fraud-related information (e.g. failed logins).
    • Device-related information (e.g. device ID and IP address) which we obtain from your interaction with our platforms and websites and input recording information (e.g. mouse location and keystroke timing).

    We obtain the above categories of Personal Information from various sources: from financial institutions and merchants, directly from you, from third parties as detailed below or from your interaction with our digital assets.

  5. HOW WE MAY USE YOUR PERSONAL INFORMATION
  6. We may use your Personal Information to provide our Open Banking Solutions, including by facilitating direct payments from your bank account, monitoring, preventing and protecting you against fraud, and helping to resolve disputes about Open Banking transactions. We also aggregate some of your Personal Information to analyse the performance of and improve upon our Open Banking Solutions. For more information about our fraud and security activities, please refer to the Fraud and Security Notice.

    Where we act as a data controller, we process your Personal Information as described above on the basis of our legitimate interests. We have carried out balancing tests for the data processing based on this basis to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms.

    Where we process Personal Information that is sensitive, we do so on the basis of your explicit consent.

    We may share your data with Mastercard's headquarters in the United States, our affiliates and other entities within Mastercard's group of companies. We may also share your data with financial institutions for fraud prevention, as well as service providers acting on our behalf, such as hosting and infrastructure providers, and providers of monitoring, security and IT support services.

  7. YOUR RIGHTS, HOW TO CONTACT US, AND ADDITIONAL INFORMATION ABOUT OUR PRACTICES
  8. You have certain rights and choices regarding the Personal Information we maintain about you. This webpage details certain aspects of our Global Privacy Notice for more information about your rights, to contact us, or to learn more about how we share, transfer or protect your Personal Information, please read our Global Privacy Notice.

    Some of the security and fraud prevention and monitoring solutions mentioned above may have their specific privacy notices. Please consult them for more information. For enquiries about your Mastercard card and your purchase, please contact your financial institution or merchant. More information about how to contact them can be found on their websites.