Effective date: 17/05/2023
Visa Global Privacy Notice
This Global Privacy Notice explains how Visa and its Affiliates¹ collect, use, and share Personal Information when you use our, or our clients’, products, services, offers, and promotions.
As a global payments technology company, Visa fulfills many roles. When we act on behalf of our Visa clients, we only collect, use, and share Personal Information as authorized by our contracts with our clients. If you have questions about how these companies handle your Personal Information, or wish to exercise your rights, please contact them directly. For example, if you have questions about your Visa card transactions, please contact the institution that issued your card for more information.
Where Visa acts a controller under applicable laws and collects information directly from an individual, the controller is the Visa entity listed on the terms and conditions you sign when enrolling in a Visa service, product, or offer. Some Visa companies and services have different privacy notices that are provided when you use them. We also have supplemental privacy notices that provide additional information as required by law.
You can learn more and exercise your privacy choices under relevant laws at our Privacy Rights Portal.
-
-
“Personal Information” refers to information that (alone or when used in combination with other information) is capable of being associated with or could reasonably be associated with an individual. Personal Information, sometimes referred to as “personal data”, may also have specific meanings under different privacy laws. The Personal Information we collect varies depending on our relationship and interactions with you.
-
-
Depending on our relationship and interactions with you, the categories of Personal Information we collect may include:
- Contact Information – This includes your name, username, mailing address, email address, telephone number, mobile number, and social medial profile names, along with other personal identifiers.
- Transaction and Financial Information – This includes:
- Information about your card, including your 16-digit payment card number, which is also known as a personal account number or “PAN”; an associated non-financial identifier known as payment account reference or “PAR” token; and expiration date, service code, PIN verification data, and CVV; and
- Information about your transactions, including the date, time, location, and amount of the transaction and information about the merchant. This also may include item-level data in some instances, and billing and shipping information.
- Relationship Information – This includes information about your shopping and payment preferences and other information that can help us offer you personalized content, such as:
- Demographic information, such as age range and marital or family status;
- Likelihood that you may be interested in certain purchases or experiencing life events and other propensity scores; and
- Data from social media profiles and information about your interests.
- Interaction Information – This includes information about your interactions with Visa, such as:
- Information collected when you participate in promotions or programs, such as rewards program account information;
- Card benefits program information, including qualification data and related records;
- Information collected when you contact us, such as if you contact our customer service;
- Visitor logs;
- Information collected when you attend Visa sponsored events, such as travel-related information for you and any companions gathered at the events; and
- Other information you provide us, such as data collected for consumer authentication (e.g., passwords or account security questions).
- Biometric Identifiers – This may include facial recognition data, fingerprints, keystroke timing, scroll position, and behavioral data or other physical patterns, such as when you elect to use biometric authentication with Visa or its clients.
- Business Customer Data – This includes information about your role within your company, your authorization to use products or services, and your authority to place orders; customer/supplier qualification details; and other data you share with us in connection with the relationship.
- Inferred and Derived Information – We infer and derive data elements by analyzing our relationship and transactional information. For example, we may generate propensities, attributes, and/or scores for marketing, security, or fraud purposes.
- Online and Technical Information – This includes information regarding your interactions with our websites, applications, or advertisements, including IP address, device identifiers, settings, characteristics, advertising ID, browsing history, web server logs, server log records, activity log records, keystroke timing, and other information collected using cookies and similar technologies.
- Audio and Visual Information – This includes audio, electronic, visual, or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call center recordings, call monitoring records, and voicemails.
- Government Issued Identification Numbers – This includes social security number, driver’s license number, passport number, and other government issued identifiers as may be needed for compliance or given the nature of the relationship.
- Geolocation Information – This may include precise geolocation information, which we may collect automatically from your mobile device if you opt-in to allow us to collect it.
- Professional and Employment Information – This includes professional or employment-related information for employees and prospective employees, including applicant and resume data, such as education and work history; information about qualifications for the position, such as skills and credentials; professional interests and goals; information collected for employee qualifications, such as right to work documentation; and references.
- Compliance Data – This includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as your opt-ins and opt-outs of marketing programs; and records related to data subject rights requests.
Some of the Personal Information in these categories may be considered sensitive Personal Information in some jurisdictions.
-
-
We may collect Personal Information about you from various sources, depending on our relationship and interaction with you. These sources may include:
- Your financial institutions, payment card issuer, merchants, acquirers, and other partners when you use a Visa-branded payment product or when we’re acting on their behalf, such as when you tap your Visa card;
- You, such as when you enroll in card link offer programs from Visa or a co-promotion partner, enroll in a Visa click-to-pay solution, or provide survey responses to us;
- Your computer or devices when you interact with our platforms, websites, and applications or through other automatic technologies, such as when we record calls to our call center and use CCTV cameras in our facilities; and
- Other third parties, including data aggregators, social media companies, and other publicly available sources. In addition, Professional and Employment Information may be collected from your references and third parties that help us conduct internal investigations and background screenings, and Business Customer Data may be collected from your employer, trade show and conference organizers, and professional services companies.
-
-
Purpose for Collecting and SharingCategories of Personal InformationLegal Basis for Processing
(Where required under applicable law)Operate Visa’s electronic payments networks (including authorization, clearing, and settlement of transactions and tokenization), enable your payment transactions, and for related purposes, such as authentication, dispute resolution, fraud prevention, and security- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, such as a contract with you, or as needed to fulfill a contract between you and a merchant or between you and the financial institution or other entity that issued your card, where Visa is providing payment services or acting as a data processor
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, such as to protect you, us, or others from threats (such as security threats or fraud); to enable or administer our business, such as for quality control, compliance, consolidated reporting, and customer service; to manage corporate transactions, such as mergers or acquisitions; and to understand and improve our business or customer relationships generally
Provide you with the products, services, programs, offers, or information you request from Visa, and for related purposes such as determining eligibility and customer service- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Provide services to our clients. For example, if you enroll in a card issuer or merchant loyalty program, we will process Card Transaction Data to calculate your rewards and provide targeted offers to you from the client- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Operate Visa solutions such as click to pay, including to enroll you in the solution, to enable you to stay signed in on your device (if you have chosen this), to enable you to check out using the solution, to integrate with other digital wallets (if you have chosen to do this), and to participate in programs related to your use of the solution- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Administer surveys, loyalty programs, sweepstakes, contests, and events- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Based on your choices, deliver marketing communications, personalized offers, and interest-based ads to you- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Geolocation Information
- Compliance Data
- For the purposes of our own legitimate interests or for the legitimate interests of others, such as to send you news and offers that are relevant to you
Fulfill, develop, or maintain our business relationship with you and/or your company- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Facilitate your employment or contracting relationship with us or evaluate you for a position, including customary human resources purposes, risk management, and compliance- Contact Information
- Relationship Information
- Interaction Information
- Biometric Identifiers
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Professional and Employment Information
- Compliance Data
- To fulfill a contract to which you are a party, as described above
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Understand how you and others use our products, for analytics and modeling and to create business intelligence and insights and to understand economic trends- While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, Online and Technical Information, and Geolocation Information may be used for these activities, the end result does not constitute Personal Information.
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Generate de-personalized, de-identified, anonymized, or aggregated datasets, which are used for product development and delivery of consulting services to clients- While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, and Online and Technical Information may be used to generate these datasets, the end result does not constitute Personal Information.
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Support our Everyday Business Purposes, such as for account management, quality control, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance, analytics and research, enforcement of contracts and other contract management, and the provision of requested products and services*- Contact Information
- Transaction and Financial Information
- Relationship Information
- Interaction Information
- Business Customer Data
- Inferred and Derived Information
- Online and Technical Information
- Audio and Visual Information
- Government Issued Identification Numbers
- Geolocation Information
- Professional and Employment Information
- Compliance Information
- To fulfill a contract to which you are a party, as described above
- To comply with the laws and regulations that are applicable to us around the world
- For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Where applicable, we also may process Personal Information with your consent. For example, we may rely on your consent, where required by law, to provide you with marketing communications."Everyday Business Purposes” encompasses the following business purposes and related purposes for which Personal Information may be used:
- To provide the information, product, or service requested by the individual or as reasonably expected given the context in which with the Personal Information was collected (such as customer credentialing, providing customer service, personalization and preference management, providing product updates, bug fixes or recalls, and dispute resolution);
- For identity and credential management, including identity verification and authentication, and system and technology administration;
- To protect the security and integrity of systems, networks, applications, and data, including detecting, analyzing, and resolving security threats, and collaborating with cybersecurity centers, consortia, and law enforcement about imminent threats;
- For fraud detection and prevention;
- For legal and regulatory compliance, including all uses and disclosures of Personal Information that are required by law or reasonably needed for compliance with company policies and procedures, such as anti-money laundering programs, security and incident response programs, intellectual property protection programs, and corporate ethics and compliance hotlines;
- For corporate audit, analysis, and reporting;
- To enforce our contracts and to protect against injury, theft, legal liability, fraud, or abuse, and to protect people or property, including physical security programs;
- To de-identify, depersonalize, or anonymize the data or create aggregated datasets, such as for consolidating reporting, research, or analytics;
- To make back-up copies for business continuity and disaster recovery purposes; and
- For corporate governance, including mergers, acquisitions, and divestitures.
-
-
We may disclose your Personal Information to:
- Our Affiliates;
- Our service providers, for the purposes of providing services to us;
- Financial institutions, merchants, payment processors, and other third parties that are subject to appropriate confidentiality and use restrictions, for the purposes of enabling your payments, managing fraud and risk, providing and developing products and services, and supporting our Everyday Business Purposes;
- Third parties, such as third-party advertising partners, who may use data collected by cookies and similar means to help us with our online advertising programs;
- Government agencies;
- Recruiting agencies and your references (for Professional and Employment Information); and
- Your company and its affiliates (for Business Customer Data).
We may also disclose personal information when required to do so by law, such as to law enforcement agencies, regulators, or courts, or as permitted by law, such as when we sell or transfer business assets, enforce our contracts, protect our property or the rights, property or safety of others, or as needed for audits, compliance, and corporate governance.
-
-
When you visit our website, use our mobile applications, or engage with our emails and online ads, we may collect information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs, and web beacons.
In some cases, the information we collect is only used in a non-identifiable way. For example, we use information we collect about all website users to optimize our websites and to understand website traffic patterns. We do not use this information to profile you or target our ads.
In other cases, we may use the information in an identifiable way. For example, we may authenticate you or your device, deliver personalized content or use the information for analytics, fraud detection, and security. We may also use the information for online ad targeting. Our Cookie Notice provides more information about our online data collection technologies and your choices.
As described in our Cookie Notice, we have relationships with third-party advertising companies. These third parties may track you, your browser or your device across different websites and applications.
Subject to your settings, we may place cookies or tags on your computer when you visit our website so that they can display targeted advertisements to you on other websites. The use of your data by these companies is subject to their own privacy policies.
Many Visa websites only place marketing, personalization, and advertising cookies if you explicitly accept these cookies by clicking “Accept All Cookies” when you first visit the website. Our Cookie Notice explains how to manage your preferences and how to disable previously accepted cookies.
Our websites may enable you to interact with us and others via social media platforms. We collect information from these platforms as permitted by the sites’ legal terms. We may also display interest-based ads to you when you are using these platforms. The platforms allow us to personalize the ads that we display to you, and they may gain insights about individuals who respond to the ads we serve.
-
-
When you download our mobile applications, you may allow us to obtain your precise location from your mobile device. We use this information to deliver personalized content and for analytics. We may also offer automatic ("push") notifications. We will provide push notifications only if you opt-in to receive them. You do not have to provide location information or enable push notifications to use our mobile apps.
Certain mobile applications controlled by Visa may allow us to share data with advertising platforms for purposes of showing you interest-based ads. We rely on the mobile network operators’ settings to allow you to opt into this type of sharing when you download our applications. However, where able, we will also provide you choices within the account profile section of the application.
We collect device identifiers and other device-related information, including your device’s advertising ID, if available. This information is used to identify your device and authenticate you. We may also use device-related information to associate you with different devices that you may use, including for fraud-protection purposes and to better target advertising. In many cases, you can reset your device’s advertising ID. Both Android and iOS devices enable you to reset your device identifier under the “settings” menu.
-
-
We respect your rights to access, correct and delete your information in accordance with applicable laws. If you have an online account with Visa, you can log into your account to access, update, and delete your information. You can also submit requests under relevant laws to us via the Privacy Rights Portal.
For security reasons and to prevent unauthorized disclosure of Personal Information, cardholders should contact their payment card issuers to access their relevant information. This helps ensure that access to the information is only provided to the authorized individuals, subject to the issuer’s verification processes.Additionally, if you have questions about how your issuer, merchants, or rewards networks handle your Personal Information, please check the privacy notices provided by these companies and contact them directly for assistance with any privacy requests. When Visa acts as a service provider (also called a data processor) for our clients, we only process your information as instructed by our client to provide the services and for other appropriate purposes, such as recordkeeping and compliance. We rely on our clients to provide you with appropriate privacy notices and to manage your privacy rights.
Supplemental Privacy Notices: Residents of some states and countries have additional privacy rights. Information on these rights is provided in the supplemental privacy notices posted at the bottom of this Global Privacy Notice.
-
-
Visa is based in the United States and has Affiliates and service providers around the world. Visa may transfer your Personal Information between countries, including to countries which may not have similar privacy or data protection laws as your country of origin. We may transfer your Personal Information to our main data centers in the United States, as well as our other data centers, such as our data center in Europe or a local data center in your country where applicable. However, we will always protect your information as described in the relevant privacy notice(s), no matter where it is stored, and transfer it in accordance with any applicable legal requirements for cross-border transfer of Personal Information.
-
-
We use physical, technical, organizational, and administrative safeguards to help protect your Personal Information from unauthorized access or loss. For example, we use encryption and other tools to protect sensitive information. We retain your Personal Information as needed for the purposes listed above and as permitted by law.
-
-
This Privacy Notice explains how Visa Inc. and its Affiliates handle your Personal Information. Please also read the privacy notice provided by your Visa card issuer and other applicable clients to learn how each of those companies handle your information. Additionally, if you are participating in offers or promotions, please read the privacy notices provided by the merchant or the rewards network before you sign up.
Social media platforms and other websites that may be accessed through Visa’s websites also have their own privacy policies. We encourage you to read the privacy notices provided by these sites before you give them your information.
-
-
If you have applied for a job at Visa, the Personal Information in your application will be used and retained for recruiting, compliance, and other customary human resources purposes. This includes, where permitted, processing information to monitor our pathways for employee recruitment.
-
-
Visa’s platforms are not directed to children, and Visa only collects information from children as permitted by law. For example, we may collect data from children over 16 who are allowed by law to interact with Visa or otherwise if we have appropriate parental or caregiver consent, such as if children attend Visa sponsored events with adult caregivers. If you believe that we are processing a child’s information inappropriately, please Contact Us.
-
-
We may update this Privacy Notice from time to time. We will post an alert online if the changes are material. If the changes will materially affect the way we use Personal Information that we have already collected, we will notify you.
-
-
If you would like to exercise your privacy rights under relevant laws, please reach out us via the Privacy Rights Portal.
For any other assistance you may contact us, including any queries to the applicable Data Protection Officers within Visa, at the information below:
- Email us: [email protected]
Please do not include sensitive information, such as your account number, in emails. - Mail us a letter:
Visa Global Privacy Office
900 Metro Center Blvd.
Foster City, CA, 94404 USA
- Email us: [email protected]
-
-
This Global Privacy Notice is supplemented by the following additional notices, depending on how you interact with us and where:
- For Argentina (Spanish)
- For Australia (English)
- For Brazil (Portuguese)
- For Canada (English)
- For China Mainland (Simplified Chinese)
- For Colombia (Spanish)
- For European Economic Area (EEA) (English)
- For Japan (Japanese)
- For Taiwan (Traditional Chinese)
- For Turkey (Turkish)
- U.S. - California Privacy Rights (English)
- U.S. - Social Security Number Policy and Sensitive Personal Information Statement (English)
Our Cookie Notice explains our practices regarding cookies, tags, and similar types of online data that we collect.