For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Service, we obtain Personal Information relating to you from various sources described below.

Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to use the Service if that information is necessary to provide you with the Service or if we are legally required to collect it.

• Personal Information Provided by You
  • Registration and payment information: When you make a donation, we may collect your contact information (such as first name, last name and email address) and payment card information.
  • Information we process to provide you with the Program: We collect information about your transactions while participating in the Program, such as in the course of processing transactions with respect to the donations you make via the Service.
  • Other information you choose to provide: You may choose to provide other information, such as different types of content, content you make available through social media accounts or memberships with third parties, contact information of friends or other people you would like us to contact, or any other information you want to share with us.
• Personal Information Obtained from Your Interaction with the Service

  When you use the Service, we may collect certain information by automated means via cookies and similar technologies, such as IP address, MAC address, device ID, location data, information on actions taken on the Service, dates and times of actions, and other mobile trackers. We use this information to improve the Service by assessing how many users access or use our service, which content, products, and features of our service most interest our visitors, what types of offers our customers like to see, and how our service performs from a technical point of view.

Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertisings.

Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your choices.

Because there is not yet a consensus on how companies should respond to do-not-track (“DNT”) mechanisms, Mastercard does not respond to DNT signals at this time. To learn more about tracking signals and DNT, visit http://www.allaboutdnt.com.

We may use the Personal Information we obtain about you to:

• Provide and administer the Program, including to create and manage your account, identify your eligible transactions, calculate the donation amount and respond to your inquiries;
• Communicate with you regarding the Program and future donation campaigns by email, push notifications (if you consented to receive such notifications on your device) or other means;
• Validate your payment card information and process your payment transactions;
• Send you marketing communications about products, services, offers, programs and promotions of Mastercard, its issuers, acquirers, retailers and partners (including contests, sweepstakes and any other marketing activities), and provide you with personalized services and recommendations;
• Operate, evaluate and improve our business (including developing new products and services; analyzing our products, services and platforms; performing and producing data reports, including data anonymization; facilitating the functionality of our platforms; and performing accounting, auditing, billing, reconciliation and collection activities);
• Enforce our Terms of Use and our other legal rights;
• Comply with applicable legal requirements and industry standards and our policies;
• Perform auditing, research and analysis in order to maintain, protect and improve our services; and
• Protect against and prevent fraud, unauthorized transactions, claims, manage risk exposure, franchise quality, and other liabilities.

We will process your Personal Information only for the above purposes when we have a valid legal ground for the processing, including if:

• You consented to the use of your Personal Information – for example, we may seek to obtain your consent for our uses of cookies or similar technologies, to send you marketing communications or personalize our offerings, or to process Personal Information deemed sensitive pursuant to applicable law;
• We need your Personal Information to provide you with the Service, including to process your payments, or to respond to your inquiries;
• The processing is necessary for compliance with a legal obligation such as to prevent and monitor fraud in payment transactions; or
• We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent fraud, to anonymize Personal Information and carry out data analyses.

We also may use your Personal Information in other ways for which we provide specific notice at the time of collection. We will seek additional consent for other uses, where required by law.

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below.

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.

If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws. So for example you should duly inform that individual about the processing of their Personal Information and obtain their consent, as may be necessary under applicable laws.

We do not disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time of data collection. We do not sell Personal Information we collect about you, as defined by the California Consumer Privacy Act.

We transfer Personal Information globally within the Mastercard group of affiliated companies consistent with the terms of this Privacy Notice or as we otherwise disclose at the time the data is collected.

We may also share your Personal Information:

• With our service providers who perform services on our behalf for the purposes described in this Privacy Notice. We require these service providers by contract to process Personal Information only in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Information. 
• With a charity organization or a donor-advised fund in connection with your donation and the program you select to receive your donations (“Donation Recipients”). The information we share with Donation Recipients includes your name, your registered email address, your country, and details of your donation. Donation Recipients may use this information for limited purposes, such as to allow them to keep records of received donations, welcome you to their community, send thank-you emails acknowledging your donation made via the Service, and share information about the use of the funds, the charity and its work, and to generate tax receipts or certificates which may be required in connection with your donation. Please visit the websites of our other charity partners to learn more about their privacy practices.
• With third parties whose features (e.g., third-party cookies, widgets, plug-ins) are integrated in our products and services. For further details, please consult the “Features and Links to Other Websites” section of this Privacy Notice.
• With other third parties with your consent.
• With financial institutions that issue payment cards or process payment card transactions and entities that assist with payment processing and card fraud prevention. We share this information to perform payment card transactions and services that you request. For example, we provide financial institutions with information about their cardholders’ transactions that Mastercard processes. We also share information with acquirers who process transactions in respect of your donations made via the Program, such as your country, your credit card information and details of your donation.
• As required under applicable law or legal process, or when we believe disclosure is necessary to protect individuals’ vital interests, to enforce our Terms of Use, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
• In the event that we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information.

You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you. We have developed Mastercard’s “My Data Center” portal to facilitate the exercise of your rights to the extent permitted by law. You may also submit a request as described in the “How to Contact Us” section below.

If you are located in California, we will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of good or service is reasonably related to the value of the data that we receive from you. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.

You can also choose:

• Not to provide personal data to Mastercard by refraining from conducting payment transactions or from submitting personal data directly to us. If you do not provide personal data, you may not be able to benefit from the full range of the services, and we may not be able to provide you with our services if that information is necessary to provide you with them, or if we are legally required to collect it in relation to the provision of such product or service.
• To opt out of the collection and use of certain information, which we collect about you by automated means, when you visit this Service. In certain jurisdictions, you can exercise your choice regarding the use of cookies and similar technologies. Your browser may tell you how to be notified of and opt out of having certain types of cookies placed on your device. Note that without certain cookies you may not be able to use all of the features of our websites, apps or online services.
• To opt out of certain uses of information, which we collect about you by automated means, when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customized and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customize and serve these ads. Mastercard ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Where applicable, please click on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes.
• To tell us not to send you marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below.

Depending on the jurisdiction in which you are located, you may have the right to:

• Request access to and receive information about the personal data we maintain about you, to update and correct inaccuracies in your personal data, to restrict or to object to the processing of your personal data, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your personal data to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
• Withdraw any consent you previously provided to us regarding the processing of your personal data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

Those rights may be limited in some circumstances by local law requirements.

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the “How To Contact Us” section below.

We have developed Mastercard’s “My Data Center” portal to facilitate the exercise of your rights.

If we fall short of your expectations in processing your personal data or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

The security of your personal data is important to Mastercard. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. The types of measures we take vary with the type of information, and how it is collected and stored. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you.

We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of the Service or when you request their deletion, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of services requested by or provided to you in the context of the Service, the nature and length of our relationship with you, possible re-enrolment with our services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

Mastercard is a global business. We may transfer or disclose Personal Information we collect about you to recipients in countries other than your country, including to the United States where our global headquarters are located. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Privacy Notice, or as disclosed to you at the time of data collection.

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located.

The Service may provide links to other features for your convenience and information. These features, which may include social networking and geographic location tools, and other apps or websites, may operate independently from Mastercard. Linked websites may have their own privacy notices or policies, which we strongly suggest you review if you visit any linked websites. To the extent any linked websites or features you visit or use are not owned or operated by Mastercard, we are not responsible for the websites’ content, use, or privacy practices.

This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update our Privacy Notice, in certain circumstances, we may seek your consent.

If you would like to update the information we have about you or your preferences, you may do so by accessing the data you have already entered on the Service and modifying it directly. If you have any questions, comments or complaints about this Privacy Notice and our privacy practices, you may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data Center” portal, or email us at: privacyanddataprotection@mastercard.com or write to us at:

• Global Privacy Officer
• Mastercard International Incorporated
• 2000 Purchase Street
• Purchase, New York  10577 USA