Mastercard Secure Remote Commerce Privacy Notice

Effective Date: August 19, 2019

Mastercard International Incorporated and its subsidiaries and affiliates (“Mastercard”, “we”, “us”, or “our”) respect your privacy. This Privacy Notice applies to the Mastercard Secure Remote Commerce services, including the Secure Remote Commerce website and the payment profile that you may establish (collectively, the “Services”). Mastercard offers these Services only in the United States, and only United States law governs the Services.

Developed by Mastercard and built upon global payment industry standards, Mastercard's new digital checkout option uses advanced payment technology and intelligent security. The convenience of Mastercard’s new digital checkout means the experience is consistent across participating merchants, so users can pay the same way, every time – no passwords, no surprises. And, users can keep their Mastercard payment information stored securely in one place, so it’s there when they need it.

To learn more, click on one of the links below to jump to the listed section:


1. What This Privacy Notice Covers

This Privacy Notice describes the types of Personal Information we collect in connection with the Services, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us about our privacy practices.

Back to top

2. Personal Information We May Collect

“Personal Information” means any information relating to an identified or identifiable individual. We may collect Personal Information in connection with the Services, including when you register for an account, establish your payment profile, use the Services, or participate in our marketing programs. We may collect information about you directly from you or from third parties such as our service providers, marketing and business partners, financial institutions, merchants, and other Secure Remote Commerce participants (such as other payment card brands).

We may collect the following categories of Personal Information:

  • Registration and payment information, such as name, email address, phone number, billing address, and payment card details.
  • Transaction information, such as billing or shipping address, merchant’s name and location, date and time of transaction, description of items purchased, total amount of transaction, and other information provided by financial institutions or merchants.
  • Details you may provide in the context of online marketing programs (e.g., personal characteristics, life habits, consumption habits, interests, location data, and voice and image recordings).
  • Publicly available information, such as information from your social media page, and use the information as described in this Privacy Notice.
  • Information about your usage of the Services, including details about the device used to access the Services, and information collected via automated means, such as cookies, scripts and similar technologies.

You may also choose to provide other information, such as different types of content (e.g., photographs, articles and comments), contact information of friends or other people you would like us to contact, content you make available through social media accounts or memberships with third parties, or any other information you want to share with us.

Personal Information We Collect by Automated Means

We, our service providers, and partners may collect certain information about you via automated means such as cookies, scripts and web beacons when you interact with the Services, visit our websites or ads, pages or other digital assets. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “script” is an automated series of programmatic instructions carried out by your browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited.

The information we collect in this manner may include: IP address, browser type, operating system type and version number, device identifiers, screen resolution and color depth, time zone settings, geographical area, referring URLs, browser extensions and plug-ins installed in the browser and versions thereof, fonts installed on your device, the user agent string, and other similar data; and information on actions taken or interaction with our digital assets, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, such as information about your mouse movements, scrolling, and keystrokes, and, if applicable, information from your device accelerometer, access times, and length of access. Our service providers and partners may collect this type of information over time and across third-party websites and mobile applications. We use this information for a variety of purposes, including to improve our products and services, for fraud prevention and to protect against unauthorized transactions, (To learn more, please click here), and as further explained in the “How We May Use Your Personal Information” section below.

When we send emails in connection with the Services, we may track activity, such as whether the email was opened, the amount of time spent reading the email, and whether any links were clicked. We do that to measure the performance of our emails and to improve our features. To do this, we include single pixel GIFs, also called web beacons, in emails we send. Web beacons allow us to collect information about whether an email has been opened and the number of clicks inside that email. We use the data from those web beacons to create reports about how our email campaign performed and what actions individuals took within the email (e.g. links clicked). If you do not wish for us to track emails we send you, some email services allow you to adjust your display to turn off HTML or disable download of images which should effectively disable our email tracking.

Please see the “Your Rights and Choices” section of this Privacy Notice to learn more about your choices.

Back to top

3. How We May Use Your Personal Information

We may use your Personal Information for the following purposes and as otherwise described in the Privacy Notice.

  • Process your payment transactions
  • Protect against and prevent fraud, and other legal or information security risks
  • Provide and communicate with you about products and services offered by Mastercard, financial institutions, merchants and partners.
  • Provide you with personalized services and recommendations.
  • Operate, evaluate and improve our business, including anonymization and analytics.
  • Serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by law.

To provide the Services, including to:

  • Create, manage and personalize your Mastercard Secure Remote Commerce payment profile and Mastercard Secure Remote Commerce experience (including providing you with a transaction history), provide our products and services, and respond to your inquiries.
  • Route you to the appropriate Secure Remote Commerce participant based on your choice of payment card or existing Secure Remote Commerce payment profile relationship.
  • Validate your payment card information, authenticate your identity with your bank and tokenize your payment credentials to make your payments more secure.
  • Assist third parties in the provision of products or services that you request.
  • Provide a customized checkout experience.
  • Create a view that shows you all your available Secure Remote Commerce payment credentials in one place, including those from your other participating payment profiles.
  • Communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
  • Provide support and maintenance and to respond to your requests, question, and feedback.

To improve the Services and conduct other analytics for Mastercard and our partners, including to:

  • Improve our online products and services by assessing how many users access or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on our websites. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites.
  • Anonymize Personal Information and prepare and furnish aggregated data reports showing anonymized information (including, but not limited to compilations, analyses, analytical and predictive models and rules, and other aggregated reports).
  • Perform data analyses (including anonymization of Personal Information) to determine, among other measurements, business performance, number of registrants, channels, transaction spend and site performance.
  • Operate, audit, evaluate, monitor and improve our business and interactive assets (including by developing new products and services; managing our communications; analyzing our products, services and websites; facilitating the functionality of our websites; and performing accounting, auditing, billing, reconciliation and collection activities).
  • Provide reporting back to the issuer of your enrolled payment cards and the merchants you transact with via the Services.

For marketing and advertising purposes, including to:

  • Provide, administer and communicate with you about products, services and promotions (including contests, sweepstakes, programs and other offers), including the display of customized content and advertising via the Services and elsewhere online.
  • Determine the effectiveness of and optimize our advertising.
  • Provide you with content, advertising and offers tailored to your individual interests. You may see certain ads on other websites because we (and our partners) use data collected via the Services to customize advertisements to you on third-party websites. This collection and use allow us to target our messaging to users through demographic, interest-based and contextual means. In connection with providing you customized advertisements, third parties on our websites may track your online activities over time and across third-party websites by collecting information through automated means, including through the use of cookies, web server logs and web beacons. Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your ability to opt out or limit the use of your browsing behavior for online behavioral advertising purposes.

For compliance, fraud prevention and safety, including to:

  • Comply with applicable laws and regulations or requests by any judicial process or governmental agency having or claiming jurisdiction over Mastercard or Mastercard’s affiliates.
  • Comply with industry standards and our policies.
  • Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, enhance the security of the Services, the Mastercard Network and related systems and manage risk exposure and franchise quality as well as other related purposes, as further described in the “Personal Information We Collect by Automated Means” section above.
  • Enforce our Mastercard Secure Remote Commerce Consumer Terms of Use.

For other purposes for which we provide specific notice at the time of collection. In some cases, we may also specifically ask for your consent to collect, use or share your Personal Information, such as when required by law.

Back to top

4. How We Share Your Personal Information

We May Share Personal Information with:

  • Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
  • Service providers acting on our behalf.
  • Other participants in the payment ecosystem, including financial institutions, and merchants.
  • Third parties for fraud monitoring and prevention purposes, or other purposes required by law.
  • Third parties whose feature you use in connection with our products and services or with your consent.
  • Other entities as required under applicable law or in the event of a sale or transfer of our business or assets.
  • We may also share Personal Information with:

    • Our service providers, who perform services on our behalf for the purposes described in this Privacy Notice. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information by implementing appropriate technical and organizational security measures.
    • Merchants and their service providers, including to perform and/or facilitate payment card transactions, to ensure the safety and security of those transactions (including card fraud detection and prevention), to resolve disputes, to provide customer service, usage analysis and reporting, to facilitate the personalization of your shopping experience and to enable faster check-outs, and otherwise to provide the Services that you request.
    • Financial institutions and their service providers, to perform and/or facilitate payment card transactions, to ensure the safety and security of those transactions (including card fraud detection and prevention), to authenticate and identity you and the payment cards you register with the Mastercard Secure Remote Commerce System, to tokenize your payment credentials, to resolve disputes, provide customer service, to provide enrollment and usage analysis and reporting and to provide the Services that you request.
    • Other Secure Remote Commerce participants, including third-party payment services companies, in connection with your checkout, experience and payment processing.
      • o For example, with entities that provide:
        • integration services which deliver the Secure Remote Commerce payment option and checkout experience on a merchant’s site.
        • seamless orchestration of the technical activities between participants in order to offer payment options and to facilitate a feature or complete a transaction you requested
        • storage and retrieval functionality for your payment credentials
    • Third parties such as identity verification services and other related service providers, government entities, utilities, public records, credit bureaus, telecom providers, property files and watch lists, for purposes of identity or account verification, fraud detection or as may otherwise be required by applicable law.
    • Third parties, for compliance, fraud prevention, and safety purposes, including when required under applicable law or legal process, or when we believe disclosure is necessary to protect individuals’ vital interests, to enforce our terms and conditions, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
    • With other third parties with your consent, such as when you use third parties’ features in connection with our products and services, such as social networks, digital wallets and mobile banking apps.
    • In the event we sell or transfer all or a portion of our business or assets in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

    Back to top

    5. Your Choices

    You may have the right or choice to:

    • Opt out of some collection or uses of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and the anonymization of your Personal Information for data analyses.

    We offer you certain choices about what Personal Information we collect from you, how we use that information, and how we communicate with you. We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of good or service is reasonably related to the value of the data that we receive from you; however, we do not control merchants’ practices in this regard. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.

    You can choose:

    • To configure your web browser to remove or reject cookies, which will limit our ability to collect certain information via automated means. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, or if you reject certain cookies, the Services may not work properly.
    • To opt out of the use of certain information, which we collect about you by automated means, for purposes of online behavioral advertising when you visit our websites. You can exercise your choice via the “Ad Choices” button displayed in the bottom right corner of the Mastercard websites related to the Services.
    • Where applicable, you may also click on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes.
    • Otherwise, you can opt out of receiving targeted advertising on websites through members of the Digital Advertising Alliance by visiting http://www.aboutads.info/choices/. You may also opt out of Adobe Experience Cloud advertising solutions for web-based ads here: http://www.adobe.com/privacy/opt-out.html. To learn more about Cookies and your choices, please visit http://www.aboutads.info/consumers/.
    • To opt-out of some of Mastercard’s use of web analytics, please click here.
    • To view or change your Personal Information by using the Mastercard Payment Profile Management tool.
    • To opt-out of marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below. You also may opt-out of receiving marketing emails from Mastercard by clicking here.
    • To opt out of the anonymization of your Personal Information to perform data analyses by clicking here.

    Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Mastercard does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com.

    If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

    To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the “How to Contact Us” section below.

    Back to top

    6. How We Protect Your Personal Information

    We maintain appropriate security safeguards to protect your Personal Information.

    The security of your Personal Information is important to Mastercard. We are committed to protecting the information we collect. We maintain administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We will retain your Personal Information for as long as the information is needed for the purposes listed above and for any additional period that may be required or permitted by law.

    We will never ask you for your account details in any unsolicited communication (including unsolicited correspondence, such as letters, phone calls or e-mail messages). If you believe your account has been compromised, please contact us as specified in the “How to Contact Us” section below.

    Back to top

    7. Features and Links to Other Websites

    You may choose to use certain features for which we partner with other entities that operate independently from Mastercard, such as social media and third-party websites. We are not responsible for the content, your use of, nor the privacy practices of those websites.

    Our websites may provide links to other websites for your convenience and information. We may also allow you to choose to use certain features for which we partner with other entities. For example, you may “like” an offer via your Facebook account, or “tweet” an offer using Twitter. You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard. Also, your browser may be configured to automatically collect, store and auto-fill payment information that you provide to websites and in some cases may sync with its related online profile. These websites and features, which may include social networking and geo-location tools, operate independently from Mastercard, and are clearly identified as such. They may have their own privacy notices or policies, which we suggest you review. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.

    Back to top

    8. Children’s Privacy

    Mastercard products and services are not directed to, or intended for, children under the age of 16.

    Mastercard does not knowingly collect, maintain, or use Personal Information from children under 16 years of age, and no part of our products and services are directed to children. If you learn that a child has provided us with Personal Information in violation of this Privacy Notice, then you may alert us at privacyanddataprotection@mastercard.com.

    Back to top

    9. Updates to This Privacy Notice

    This Privacy Notice may be updated periodically to reflect changes in our privacy practices.

    This Privacy Notice may be updated periodically and without prior notice to you to reflect changes in our Personal Information practices. We will post a prominent notice on our websites to notify you of changes to our Privacy Notice by indicating at the top of the notice when it was most recently updated. We may also notify you of updates via email or other appropriate mechanism.

    Back to top

    10. How to Contact Us

    You can e-mail us at privacyanddataprotection@mastercard.com.

    You can e-mail us if you have any questions, comments or complaints about this Privacy Notice and our privacy practices, or would like to update your privacy preferences at:
    privacyanddataprotection@mastercard.com

    or write to us at:

    Global Privacy Office
    Mastercard International Incorporated
    2000 Purchase Street
    Purchase, New York 10577

    For enquiries about your Mastercard card and your purchase, you should contact your financial institution or merchant. More information about how to contact them can be found on their respective websites.

    Back to top