Visa Global Privacy Notice

Effective date: April 14, 2023

This Global Privacy Notice explains how Visa and its Affiliates¹ collect, use and share Personal Information when you use our, or our clients’, products, services, offers and promotions.

As a global payments technology company, Visa fulfils many roles. When we act on behalf of our Visa clients, we only collect, use and share Personal Information as authorised by our contracts with our clients. If you have questions about how these companies handle your Personal Information, or wish to exercise your rights, please contact them directly. For example, if you have questions about your Visa card transactions, please contact the institution that issued your card for more information.

Where Visa acts as controller under applicable laws and collects information directly from an individual, the controller is the Visa entity listed on the terms and conditions you sign when enrolling in a Visa service, product or offer. Some Visa companies and services have different privacy notices that are provided when you use them. We also have supplemental privacy notices that provide additional information as required by law.

You can learn more and exercise your privacy choices under relevant laws at our Privacy Rights Portal.

¹ Visa’s Affiliates are companies that are directly or indirectly controlled by Visa U.S.A. Inc. or its parent company Visa Inc. through ownership – for example, Visa International Service Association, Visa Worldwide Pte. Limited, Visa Canada Corporation, Visa International Servicios de Pago España, S.R.L., Visa Europe Limited, Visa do Brasil Empreendimentos Ltda, CardinalCommerce Corporation, CyberSource Corporation and Verifi, Inc.

“Personal Information” refers to information that (alone or when used in combination with other information) is capable of being associated with or could reasonably be associated with an individual. Personal Information, sometimes referred to as “personal data”, may also have specific meanings under different privacy laws. The Personal Information we collect varies depending on our relationship and interactions with you.

Depending on our relationship and interactions with you, the categories of Personal Information we collect may include:

  • Contact Information – this includes your name, username, mailing address, email address, telephone number, mobile number and social medial profile names, along with other personal identifiers.
  • Transaction and Financial Information – this includes:
    • Information about your card, including your 16-digit payment card number, which is also known as a personal account number or “PAN”; an associated non-financial identifier known as a payment account reference or “PAR” token; and the expiration date, service code, PIN verification data and CVV; and
    • Information about your transactions, including the date, time, location and amount of the transaction and information about the merchant. This may also include item-level data in some instances, and billing and shipping information.
  • Relationship Information – this includes information about your shopping and payment preferences and other information that can help us offer you personalised content, such as:
    • Demographic information, such as age range and marital or family status;
    • Likelihood that you may be interested in certain purchases or experiencing life events and other propensity scores; and
    • Data from social media profiles and information about your interests.
  • Interaction Information – this includes information about your interactions with Visa, such as:
    • Information collected when you participate in promotions or programmes, such as rewards programme account information;
    • Card benefits programme information, including qualification data and related records;
    • Information collected when you contact us, such as if you contact our customer service;
    • Visitor logs;
    • Information collected when you attend Visa-sponsored events, such as travel-related information for you and any companions gathered at the events; and
    • Other information you provide us, such as data collected for consumer authentication (e.g., passwords or account security questions).
  • Biometric Identifiers – this may include facial recognition data, fingerprints, keystroke timing, scroll position, and behavioural data or other physical patterns, such as when you elect to use biometric authentication with Visa or its clients.
  • Business Customer Data – this includes information about your role within your company, your authorisation to use products or services and your authority to place orders; customer/supplier qualification details; and other data you share with us in connection with the relationship.
  • Inferred and Derived Information – we infer and derive data elements by analysing our relationship and transactional information. For example, we may generate propensities, attributes and/or scores for marketing, security or fraud-prevention purposes.
  • Online and Technical Information – this includes information regarding your interactions with our websites, applications or advertisements, including IP address, device identifiers, settings, characteristics, advertising ID, browsing history, web server logs, server log records, activity log records, keystroke timing and other information collected using cookies and similar technologies.
  • Audio and Visual Information – this includes audio, electronic, visual or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call centre recordings, call monitoring records and voicemails.
  • Government-Issued Identification Numbers – this includes National Insurance number, driver’s licence number, passport number and other government-issued identifiers that may be needed for compliance or given the nature of the relationship.
  • Geolocation Information – this may include precise geolocation information, which we may collect automatically from your mobile device if you opt in to allow us to collect it.
  • Professional and Employment Information – this includes professional or employment-related information for employees and prospective employees, including applicant and CV data, such as education and work history; information about qualifications for the position, such as skills and credentials; professional interests and goals; information collected for employee qualifications, such as right-to-work documentation; and references.
  • Compliance Data – this includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as your opt-ins and opt-outs of marketing programmes; and records related to data subject rights requests.

Some of the Personal Information in these categories may be considered sensitive Personal Information in some jurisdictions.

We may collect Personal Information about you from various sources, depending on our relationship and interaction with you. These sources may include:

  • Your financial institutions, payment card issuer, merchants, acquirers and other partners when you use a Visa-branded payment product or when we’re acting on their behalf, such as when you tap your Visa card;
  • You, such as when you enrol in card link offer programmes from Visa or a co-promotion partner, enrol in a Visa click-to-pay solution or provide survey responses to us;
  • Your computer or devices when you interact with our platforms, websites and applications or through other automatic technologies, such as when we record calls to our call centre and use CCTV cameras in our facilities; and
  • Other third parties, including data aggregators, social media companies and other publicly available sources. In addition, Professional and Employment Information may be collected from your references and third parties that help us conduct internal investigations and background screenings, and Business Customer Data may be collected from your employer, trade show and conference organisers and professional services companies.

Purpose for Collecting and Sharing
Categories of Personal Information
Legal Basis for Processing
(Where required under applicable law)
Operate Visa’s electronic payments networks (including authorisation, clearing, and settlement of transactions and tokenisation), enable your payment transactions, and for related purposes, such as authentication, dispute resolution, fraud prevention and security
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, such as a contract with you, or as needed to fulfil a contract between you and a merchant or between you and the financial institution or other entity that issued your card, where Visa is providing payment services or acting as a data processor
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, such as to protect you, us or others from threats (such as security threats or fraud); to enable or administer our business, such as for quality control, compliance, consolidated reporting and customer service; to manage corporate transactions, such as mergers or acquisitions; and to understand and improve our business or customer relationships generally
Provide you with the products, services, programmes, offers, or information you request from Visa, and for related purposes such as determining eligibility and customer service
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Provide services to our clients. For example, if you enrol in a card issuer or merchant loyalty programme, we will process Card Transaction Data to calculate your rewards and provide targeted offers to you from the client
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Operate Visa solutions such as click to pay, including to enrol you in the solution, to enable you to stay signed in on your device (if you have chosen this), to enable you to check out using the solution, to integrate with other digital wallets (if you have chosen to do this) and to participate in programmes related to your use of the solution
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Administer surveys, loyalty programmes, sweepstakes, contests, and events
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Based on your choices, deliver marketing communications, personalised offers and interest-based ads to you
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Geolocation Information
  • Compliance Data
  • For the purposes of our own legitimate interests or for the legitimate interests of others, such as to send you news and offers that are relevant to you
Fulfil, develop or maintain our business relationship with you and/or your company
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Facilitate your employment or contracting relationship with us or evaluate you for a position, including customary human resources purposes, risk management and compliance
  • Contact Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Professional and Employment Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Understand how you and others use our products, for analytics and modelling, and to create business intelligence and insights and to understand economic trends
  • While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, Online and Technical Information, and Geolocation Information may be used for these activities, the end result does not constitute Personal Information.
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Generate de-personalised, de-identified, anonymised or aggregated datasets, which are used for product development and delivery of consulting services to clients
  • While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, and Online and Technical Information may be used to generate these datasets, the end result does not constitute Personal Information.
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Support our Everyday Business Purposes, such as for account management, quality control, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance, analytics and research, enforcement of contracts and other contract management and the provision of requested products and services*
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Professional and Employment Information
  • Compliance Information
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Where applicable, we may also process Personal Information with your consent. For example, we may rely on your consent, where required by law, to provide you with marketing communications.

“Everyday Business Purposes” encompasses the following business purposes and related purposes for which Personal Information may be used:

  • To provide the information, product or service requested by the individual or as reasonably expected given the context in which with the Personal Information was collected (such as customer credentialing, providing customer service, personalisation and preference management, providing product updates, bug fixes or recalls and dispute resolution);
  • For identity and credential management, including identity verification and authentication, and system and technology administration;
  • To protect the security and integrity of systems, networks, applications and data, including detecting, analysing and resolving security threats, and collaborating with cybersecurity centres, consortia and law enforcement about imminent threats;
  • For fraud detection and prevention;
  • For legal and regulatory compliance, including all uses and disclosures of Personal Information that are required by law or reasonably needed for compliance with company policies and procedures, such as anti-money laundering programmes, security and incident response programmes, intellectual property protection programmes, and corporate ethics and compliance hotlines;
  • For corporate audit, analysis and reporting;
  • To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, and to protect people or property, including physical security programmes;
  • To de-identify, depersonalise or anonymise the data or create aggregated datasets, such as for consolidating reporting, research or analytics;
  • To make back-up copies for business continuity and disaster recovery purposes; and
  • For corporate governance, including mergers, acquisitions and divestitures.

We may disclose your Personal Information to:

  • Our Affiliates;
  • Our service providers, for the purposes of providing services to us;
  • Financial institutions, merchants, payment processors and other third parties that are subject to appropriate confidentiality and use restrictions, for the purposes of enabling your payments, managing fraud and risk, providing and developing products and services and supporting our Everyday Business Purposes;  
  • Third parties, such as third-party advertising partners, who may use data collected by cookies and similar means to help us with our online advertising programmes;
  • Government agencies;
  • Recruiting agencies and your references (for Professional and Employment Information); and
  • Your company and its affiliates (for Business Customer Data).

We may also disclose personal information when required to do so by law, such as to law enforcement agencies, regulators or courts, or as permitted by law, such as when we sell or transfer business assets, enforce our contracts, protect our property or the rights, property or safety of others, or as needed for audits, compliance and corporate governance.

 

When you visit our website, use our mobile applications, or engage with our emails and online ads, we may collect information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs, and web beacons.

In some cases, the information we collect is only used in a non-identifiable way. For example, we use information we collect about all website users to optimise our websites and to understand website traffic patterns. We do not use this information to profile you or target our ads.

In other cases, we may use the information in an identifiable way. For example, we may authenticate you or your device, deliver personalised content or use the information for analytics, fraud detection, and security. We may also use the information for online ad targeting. Our Cookie Notice provides more information about our online data collection technologies and your choices. 

As described in our Cookie Notice, we have relationships with third-party advertising companies. These third parties may track you, your browser or your device across different websites and applications.

Subject to your settings, we may place cookies or tags on your computer when you visit our website so that they can display targeted advertisements to you on other websites. The use of your data by these companies is subject to their own privacy policies.

Many Visa websites only place marketing, personalisation, and advertising cookies if you explicitly accept these cookies by clicking “Accept All Cookies” when you first visit the website. Our Cookie Notice explains how to manage your preferences and how to disable previously accepted cookies.

Our websites may enable you to interact with us and others via social media platforms. We collect information from these platforms as permitted by the sites’ legal terms. We may also display interest-based ads to you when you are using these platforms. The platforms allow us to personalise the ads that we display to you, and they may gain insights about individuals who respond to the ads we serve.

When you download our mobile applications, you may allow us to obtain your precise location from your mobile device. We use this information to deliver personalised content and for analytics. We may also offer automatic ("push") notifications. We will provide push notifications only if you opt-in to receive them. You do not have to provide location information or enable push notifications to use our mobile apps.

Certain mobile applications controlled by Visa may allow us to share data with advertising platforms for the purposes of showing you interest-based ads. We rely on the mobile network operators’ settings to allow you to opt in to this type of sharing when you download our applications. However, where able, we will also provide you with choices within the account profile section of the application.

We collect device identifiers and other device-related information, including your device’s advertising ID, if available. This information is used to identify your device and authenticate you. We may also use device-related information to associate you with different devices that you may use, including for fraud-protection purposes and to better target advertising. In many cases, you can reset your device’s advertising ID. Both Android and iOS devices enable you to reset your device identifier under the “settings” menu.  

We respect your rights to access, correct and delete your information in accordance with applicable laws. If you have an online account with Visa, you can log in to your account to access, update and delete your information. You can also submit requests under relevant laws to us via the Privacy Rights Portal.

For security reasons and to prevent unauthorised disclosure of Personal Information, cardholders should contact their payment card issuers to access their relevant information. This helps ensure that access to the information is only provided to the authorised individuals, subject to the issuer’s verification processes. Additionally, if you have questions about how your issuer, merchants or rewards networks handle your Personal Information, please check the privacy notices provided by these companies and contact them directly for assistance with any privacy requests. When Visa acts as a service provider (also called a data processor) for our clients, we only process your information as instructed by our client to provide the services and for other appropriate purposes, such as record keeping and compliance. We rely on our clients to provide you with appropriate privacy notices and to manage your privacy rights.

Supplemental Privacy Notices: residents of some states and countries have additional privacy rights. Information on these rights is provided in the supplemental privacy notices posted at the bottom of this Global Privacy Notice.

Visa is based in the United States and has Affiliates and service providers around the world. Visa may transfer your Personal Information between countries, including to countries that may not have similar privacy or data protection laws as your country of origin. We may transfer your Personal Information to our main data centres in the United States, as well as our other data centres, such as our data centre in Europe or a local data centre in your country where applicable. However, we will always protect your information as described in the relevant privacy notice(s), no matter where it is stored, and transfer it in accordance with any applicable legal requirements for cross-border transfer of Personal Information.

We use physical, technical, organisational, and administrative safeguards to help protect your Personal Information from unauthorized access or loss. For example, we use encryption and other tools to protect sensitive information. We retain your Personal Information as needed for the purposes listed above and as permitted by law.

This Privacy Notice explains how Visa Inc. and its Affiliates handle your Personal Information. Please also read the privacy notice provided by your Visa card issuer and other applicable clients to learn how each of those companies handle your information. Additionally, if you are participating in offers or promotions, please read the privacy notices provided by the merchant or the rewards network before you sign up.

Social media platforms and other websites that may be accessed through Visa’s websites also have their own privacy policies. We encourage you to read the privacy notices provided by these sites before you give them your information.

If you have applied for a job at Visa, the Personal Information in your application will be used and retained for recruiting, compliance and other customary human resources purposes. This includes, where permitted, processing information to monitor our pathways for employee recruitment.

Visa’s platforms are not directed to children, and Visa only collects information from children as permitted by law. For example, we may collect data from children over 16 who are allowed by law to interact with Visa or otherwise if we have appropriate parental or caregiver consent, such as if children attend Visa-sponsored events with adult caregivers. If you believe that we are processing a child’s information inappropriately, please Contact Us

We may update this Privacy Notice from time to time. We will post an alert online if the changes are material. If the changes will materially affect the way we use the Personal Information that we have already collected, we will notify you.

If you would like to exercise your privacy rights under relevant laws, please reach out us via the Privacy Rights Portal.

For any other assistance, including any queries for the applicable Data Protection Officers within Visa, you may contact us using the information below:

  • Email us: [email protected]
    Please do not include sensitive information, such as your account number, in emails.
  • Mail us a letter:
    Visa Global Privacy Office
    900 Metro centre Blvd.
    Foster City, CA, 94404 USA

This Global Privacy Notice is supplemented by the following additional notices, depending on how you interact with us and where:

Our Cookie Notice explains our practices regarding cookies, tags and similar types of online data that we collect.