Visa Global Privacy Notice

Effective date: March 22, 2023

At Visa, our mission is to provide you with the best way to pay and be paid. We operate one of the world’s largest payment networks, and we know we must provide the most secure and seamless payment experience possible. Respecting your privacy is central to our mission. Visa has a Global Privacy Programme to help ensure your information is handled properly, and your personal information is protected. Our Privacy Programme reflects the sensitivity of the personal, financial and other information we handle. It also reflects the requirements of the privacy laws in all the countries and states where Visa operates.

As a global payments technology company, Visa fulfils many roles. When we act as a service provider for Visa card issuers and merchants, we only collect and use personal information as authorised by our contracts with our clients. If you have questions about how these companies handle your personal information, or wish to exercise your rights, please contact them directly. For example, if you have signed up for cash-back or loyalty offers with your financial institution or a merchant, please contact that company for more information.

This Privacy Notice explains how Visa Inc. and its Affiliates1 collect, use and disclose personal information. Some Visa companies and services have different privacy notices that are provided when you use them. We also have some supplemental privacy notices that provide additional information as required by law. You can learn more and exercise your privacy choices at our Privacy Centre.

¹ Visa’s Affiliates are companies that are directly or indirectly controlled by Visa U.S.A. Inc. or its parent company Visa Inc. through ownership – for example, Visa International Service Association, Visa Worldwide Pte. Limited, Visa Canada Corporation, Visa International Servicios de Pago España, S.R.L., Visa Europe Limited, Visa do Brasil Empreendimentos Ltda, CardinalCommerce Corporation, CyberSource Corporation and Verifi, Inc.

“Personal Information” refers to information that (alone or when used in combination with other information) is capable of being associated with or could reasonably be associated with an individual. Personal Information, sometimes referred to as “personal data”, may also have specific meanings under different privacy laws. The Personal Information we collect varies depending on our relationship and interactions with you.

Depending on our relationship and interactions with you, the categories of Personal Information we collect may include:

  • Contact Information – this includes your name, username, mailing address, email address, telephone number, mobile number and social medial profile names, along with other personal identifiers.
  • Transaction and Financial Information – this includes:
    • Information about your card, including your 16-digit payment card number, which is also known as a personal account number or “PAN”; an associated non-financial identifier known as payment account reference or “PAR” token; and expiration date, service code, PIN verification data, and CVV; and
    • Information about your transactions, including the date, time, location and amount of the transaction and information about the merchant. This may also include item-level data in some instances, and billing and shipping information.
  • Relationship Information – this includes information about your shopping and payment preferences and other information that can help us offer you personalised content, such as:
    • Demographic information, such as age range and marital or family status;
    • Likelihood that you may be interested in certain purchases or experiencing life events and other propensity scores; and
    • Data from social media profiles and information about your interests.
  • Interaction Information – this includes information about your interactions with Visa, such as:
    • Information collected when you participate in promotions or programmes, such as rewards programme account information;
    • Card benefits programme information, including qualification data and related records;
    • Information collected when you contact us, such as if you contact our customer service;
    • Visitor logs;
    • Information collected when you attend Visa-sponsored events, such as travel-related information for you and any companions gathered at the events; and
    • Other information you provide us with, such as data collected for consumer authentication (e.g., passwords or account security questions).
  • Biometric Identifiers – this may include facial recognition data, fingerprints, keystroke timing, scroll position and behavioural data or other physical patterns, such as when you elect to use biometric authentication with Visa or its clients.
  • Business Customer Data – this includes information about your role within your company, your authorisation to use products or services and your authority to place orders; customer/supplier qualification details; and other data you share with us in connection with the relationship.
  • Inferred and Derived Information – we infer and derive data elements by analysing our relationship and transactional information. For example, we may generate propensities, attributes and/or scores for marketing, security or fraud purposes.
  • Online and Technical Information – this includes information regarding your interactions with our websites, applications or advertisements, including IP address, device identifiers, settings, characteristics, advertising ID, browsing history, web server logs, server log records, activity log records, keystroke timing and other information collected using cookies and similar technologies.
  • Audio and Visual Information – this includes audio, electronic, visual or similar information relating to your interactions with us, including photographs, video images, CCTV recordings, call centre recordings, call monitoring records and voicemails.
  • Government-Issued Identification Numbers – this includes national insurance number, driver’s licence number, passport number and other government-issued identifiers that may be needed for compliance or given the nature of the relationship.
  • Geolocation Information – this may include precise geolocation information, which we may collect automatically from your mobile device if you opt in to allow us to collect it.
  • Professional and Employment Information – this includes professional or employment-related information for employees and prospective employees, including applicant and CV data, such as education and work history; information about qualifications for the position, such as skills and credentials; professional interests and goals; information collected for employee qualifications, such as right-to-work documentation; and references.
  • Compliance Data – this includes records maintained to demonstrate compliance with applicable laws; records related to consumer preferences, such as your opt-ins and opt-outs of marketing programmes; and records related to data subject rights requests.

Some of the Personal Information in these categories may be considered sensitive Personal Information in some jurisdictions.

We may collect Personal Information about you from various sources, depending on our relationship and interaction with you. These sources may include:

  • Your financial institutions, payment card issuer, merchants, acquirers, and other partners when you use a Visa-branded payment product or when we’re acting on their behalf, such as when you tap your Visa card;
  • You, such as when you enrol in card link offer programmes from Visa or a co-promotion partner, enrol in a Visa click-to-pay solution, or provide survey responses to us;
  • Your computer or devices when you interact with our platforms, websites and applications or through other automatic technologies, such as when we record calls to our call centre and use CCTV cameras in our facilities; and
  • Other third parties, including data aggregators, social media companies and other publicly available sources. In addition, Professional and Employment Information may be collected from your references and third parties that help us conduct internal investigations and background screenings, and Business Customer Data may be collected from your employer, trade show and conference organisers, and professional services companies.

Purpose for Collecting and Sharing
Categories of Personal Information
Legal Basis for Processing
(Where required under applicable law)
Operate Visa’s electronic payments networks (including authorisation, clearing, and settlement of transactions and tokenisation), enable your payment transactions, and for related purposes, such as authentication, dispute resolution, fraud prevention and security
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, such as a contract with you, or as needed to fulfil a contract between you and a merchant or between you and the financial institution or other entity that issued your card, where Visa is providing payment services or acting as a data processor
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, such as to protect you, us or others from threats (such as security threats or fraud); to enable or administer our business, such as for quality control, compliance, consolidated reporting and customer service; to manage corporate transactions, such as mergers or acquisitions; and to understand and improve our business or customer relationships generally
Provide you with the products, services, programmes, offers, or information you request from Visa, and for related purposes such as determining eligibility and customer service
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Provide services to our clients. For example, if you enrol in a card issuer or merchant loyalty programme, we will process Card Transaction Data to calculate your rewards and provide targeted offers to you from the client
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Operate Visa solutions such as click to pay, including to enrol you in the solution, to enable you to stay signed in on your device (if you have chosen this), to enable you to check out using the solution, to integrate with other digital wallets (if you have chosen to do this), and to participate in programmes related to your use of the solution
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Administer surveys, loyalty programmes, sweepstakes, contests, and events
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Based on your choices, deliver marketing communications, personalised offers and interest-based ads to you
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Geolocation Information
  • Compliance Data
  • For the purposes of our own legitimate interests or for the legitimate interests of others, such as to send you news and offers that are relevant to you
Fulfil, develop, or maintain our business relationship with you and/or your company
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Facilitate your employment or contracting relationship with us or evaluate you for a position, including customary human resources purposes, risk management and compliance
  • Contact Information
  • Relationship Information
  • Interaction Information
  • Biometric Identifiers
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Professional and Employment Information
  • Compliance Data
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Understand how you and others use our products, for analytics and modelling and to create business intelligence and insights and to understand economic trends
  • While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, Online and Technical Information, and Geolocation Information may be used for these activities, the end result does not constitute Personal Information.
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Generate de-personalised, de-identified, anonymised, or aggregated datasets, which are used for product development and delivery of consulting services to clients
  • While certain information such as Transaction and Financial Information, Relationship Information, Interaction Information, and Online and Technical Information may be used to generate these datasets, the end result does not constitute Personal Information.
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Support our Everyday Business Purposes, such as for account management, quality control, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance, analytics and research, enforcement of contracts and other contract management, and the provision of requested products and services*
  • Contact Information
  • Transaction and Financial Information
  • Relationship Information
  • Interaction Information
  • Business Customer Data
  • Inferred and Derived Information
  • Online and Technical Information
  • Audio and Visual Information
  • Government-Issued Identification Numbers
  • Geolocation Information
  • Professional and Employment Information
  • Compliance Information
  • To fulfil a contract to which you are a party, as described above
  • To comply with the laws and regulations that are applicable to us around the world
  • For the purposes of our own legitimate interests or for the legitimate interests of others, as described above
Where applicable, we also may process Personal Information with your consent. For example, we may rely on your consent, where required by law, to provide you with marketing communications.

“Everyday Business Purposes” encompasses the following business purposes and related purposes for which Personal Information may be used:

  • To provide the information, product, or service requested by the individual or as reasonably expected given the context in which the Personal Information was collected (such as customer credentialing, providing customer service, personalisation and preference management, providing product updates, bug fixes or recalls and dispute resolution);
  • For identity and credential management, including identity verification and authentication, and system and technology administration;
  • To protect the security and integrity of systems, networks, applications, and data, including detecting, analysing and resolving security threats, and collaborating with cybersecurity centres, consortia and law enforcement about imminent threats;
  • For fraud detection and prevention;
  • For legal and regulatory compliance, including all uses and disclosures of Personal Information that are required by law or reasonably needed for compliance with company policies and procedures, such as anti-money laundering programmes, security and incident response programmes, intellectual property protection programmes, and corporate ethics and compliance hotlines;
  • For corporate audit, analysis and reporting;
  • To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, and to protect people or property, including physical security programmes;
  • To de-identify, de-personalise, or anonymise the data or create aggregated datasets, such as for consolidating reporting, research or analytics;
  • To make back-up copies for business continuity and disaster recovery purposes; and
  • For corporate governance, including mergers, acquisitions and divestitures.

We may disclose your Personal Information to:

  • Our Affiliates;
  • Our service providers, for the purposes of providing services to us;
  • Financial institutions, merchants, payment processors and other third parties that are subject to appropriate confidentiality and use restrictions, for the purposes of enabling your payments, managing fraud and risk, providing and developing products and services, and supporting our Everyday Business Purposes;  
  • Third parties, such as third-party advertising partners, who may use data collected by cookies and similar means to help us with our online advertising programmes;
  • Government agencies;
  • Recruiting agencies and your references (for Professional and Employment Information); and
  • Your company and its affiliates (for Business Customer Data).

We may also disclose personal information when required to do so by law, such as to law enforcement agencies, regulators or courts, or as permitted by law, such as when we sell or transfer business assets, enforce our contracts, protect our property or the rights, property or safety of others, or as needed for audits, compliance and corporate governance.

 

When you visit our website, use our mobile applications, or engage with our emails and online ads, we may collect information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs, and web beacons.

In some cases, the information we collect is only used in a non-identifiable way. For example, we use information we collect about all website users to optimise our websites and to understand website traffic patterns. We do not use this information to profile you or target our ads.

In other cases, we may use the information in an identifiable way. For example, we may authenticate you or your device, deliver personalised content or use the information for analytics, fraud detection, and security. We may also use the information for online ad targeting. Our Cookie Notice provides more information about our online data collection technologies and your choices. 

As described in our Cookie Notice, we have relationships with third-party advertising companies. These third parties may track you, your browser or your device across different websites and applications.

Subject to your settings, we may place cookies or tags on your computer when you visit our website so that they can display targeted advertisements to you on other websites. The use of your data by these companies is subject to their own privacy policies.

Many Visa websites only place marketing, personalisation, and advertising cookies if you explicitly accept these cookies by clicking “Accept All Cookies” when you first visit the website. Our Cookie Notice explains how to manage your preferences and how to disable previously accepted cookies.

Our websites may enable you to interact with us and others via social media platforms. We collect information from these platforms as permitted by the sites’ legal terms. We may also display interest-based ads to you when you are using these platforms. The platforms allow us to personalise the ads that we display to you, and they may gain insights about individuals who respond to the ads we serve.

When you download our mobile applications, you may allow us to obtain your precise location from your mobile device. We use this information to deliver personalised content and for analytics. We may also offer automatic ("push") notifications. We will provide push notifications only if you opt-in to receive them. You do not have to provide location information or enable push notifications to use our mobile apps.

Certain mobile applications controlled by Visa may allow us to share data with advertising platforms for the purposes of showing you interest-based ads. We rely on the mobile network operators’ settings to allow you to opt in to this type of sharing when you download our applications. However, where possible, we will also provide you with choices within the account profile section of the application.

We collect device identifiers and other device-related information, including your device’s advertising ID, if available. This information is used to identify your device and authenticate you. We may also use device-related information to associate you with different devices that you may use, including for fraud-protection purposes and to better target advertising. In many cases, you can reset your device’s advertising ID. Both Android and iOS devices enable you to reset your device identifier under the “settings” menu.  

We respect your rights to access, correct and delete your information in accordance with applicable laws. If you have an online account with Visa, you can log in to your account to access, update and delete your information. You can also submit requests under relevant laws to us via the Privacy Rights Portal.

For any other assistance, you may contact us, including any queries to the applicable Data Protection Officers within Visa, using the information below:

  • Email us: [email protected]
    Please do not include sensitive information, such as your account number, in emails.
  • Mail us a letter:
    Visa Global Privacy Office
    900 Metro centre Blvd.
    Foster City, CA, 94404 USA

This Global Privacy Notice is supplemented by the following additional notices, depending on how you interact with us and where:

Our Cookie Notice explains our practices regarding cookies, tags and similar types of online data that we collect.