Header background image Second header background image Background image

Priceless Global Privacy Notice

Effective Date: 31 October 2023

 

Mastercard International Inc., Mastercard Europe SA and their affiliates and other entities within the Mastercard Group of companies (collectively, “Mastercard”, “we”, “us”, or “our”) respect your privacy.

 

This Global Priceless Privacy Notice (“Privacy Notice”) applies to our processing of Personal Information in the context of Priceless solutions for which we act as a data controller (“Priceless Services”). Our Priceless solutions give eligible cardholders the opportunity to access experiences, enter prize draws and take advantage of other promotional offers and relevant content (collectively “Offers”). They include our B2C Priceless website (https://www.priceless.com/) and our B2B Priceless solutions.

 

Please note that when we process Personal Information on behalf of and under the instructions of our business customers in the context of some of our B2B Priceless solutions, we act as a data processor and the processing of your Personal Information in these contexts is not governed by this Privacy Notice. Similarly, when a merchant processes your Personal Information to provide you with a specific Offer, they are the data controllers for their processing of your Personal Information. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information in these contexts.

 

This Privacy Notice describes the types of Personal Information we process in in the context of the Priceless Services, the purposes for which we collect that Personal Information, the other parties with whom we may share it, including merchants that provide Offers, and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.

 

Children and minors (under the age of 18) are not eligible to use the Priceless Services. For more information about Mastercard’s privacy practices in other contexts, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html or other applicable privacy notices.

 

If you are resident in the European Economic Area, Serbia, Switzerland, the United Kingdom, Turkey or Israel, this Privacy Notice is provided to you by Mastercard Europe SA, which acts as the data controller for the processing of your Personal Information in the context of the Controller Services.



For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Priceless Services, we obtain Personal Information relating to you from various sources described below.

 

Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from the Priceless Services if that information is necessary to provide you with the service or if we are legally required to collect it.

 

Personal Information Provided by You

  • User registration and log-in details: When you register as a user of the Priceless Services, we collect your email address and the password you choose and create an account with a unique identification number. We may also ask for your personal account number so that we can confirm eligibility, but do not store it as part of your user profile. You are generally not required to register as a user when the Priceless Services are provided to you by your issuer, except if you want to take part in an auction. Offer and payment information: When you select an Offer and make a payment (where applicable) for that Offer, we may collect your contact details (such as username, name, email address, phone number and home address) and, where applicable and payment information (such as name, email address, phone number, billing or shipping address, personal account number, card expiration date and card verification code).
  • Prize draw entry and delivery information: When you enter a prize draw that is organized by Mastercard, we generally collect your name, email address, phone number and home address.
  • Information we process to provide you with the Priceless Services: We may collect different types of Personal Information depending on the Priceless Services. For example, Priceless Services designed to offer you location-based services will typically require the collection of your address or location. All these programs are voluntary, and your Personal Information is only collected if you subscribe to such Priceless Services. Other information you choose to provide: You may choose to provide other information, such as different types of content (e.g., photographs, comments), contact information of friends or other people you would like us to contact, content you make available through social media accounts or memberships with third parties, or any other information you want to share with us. 

 

Personal Information Provided by Third Parties
We may obtain Personal Information about you from third parties which may be located in countries other than your country. For example, another Priceless Services user may provide us with the contact information of a gift recipient, another individual who will share a Priceless experience with the purchaser, or a person who the user wishes to invite to use the Priceless Services. We may also obtain data from service providers that provide us with publicly available data.

 

Personal Information We Obtain from Your Interaction with the Priceless Services, Mastercard Ads, Websites, Apps or Other Digital Assets
We, our service providers and partners may collect certain information about you via automated means such as cookies, web beacons and similar technologies (collectively “Cookies”) when you interact with the Priceless Services. The information we collect in this manner may include: IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs and information on actions taken or interaction with the Priceless Services. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited.

 

We use this information to improve the Priceless Services and our other online products and services by assessing how many users’ accesses or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on the Priceless Services, such as those of Adobe. The analytics providers that administer these services use Cookies to help us analyze how visitors use the Priceless Services.

 

We, our service providers and partners may also collect information about you to provide you with content and advertising tailored to your individual interests. The information collected for these purposes may include details about things like the particular pages or ads you view in the context of the Priceless Services and the actions you take in that context.

 

We, our service providers and partners may collect certain information about you via automated means such as, social media tools, widgets or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link or post directly to your social media account. When you visit a website or app in the context of the Priceless Services that contains such tools or plugins, the social media or other service provider may learn of your visit. However, your interactions with these tools are governed by the privacy policies of the corresponding social media platforms. As we do not control these third parties’ data handling practices, we recommend that you review their privacy policies, terms of use, and license agreements (if any). For further details, please consult Section 7 (“Features and Links to Other Websites”) of this Privacy Notice.

 

In addition, some of our online products and services include advanced fraud prevention technology using behavioral-based data, such as keystroke timing, device accelerometer, scroll position and mouse-location.

 

Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertisings.

 

Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your choices.

 

Depending on the geographic location from which you are accessing the Priceless Services, you may be able to allow or reject Cookies that aren’t strictly necessary for delivering the Priceless Services when you first access the website or app, and any time thereafter using the “Manage Cookies” button or link at the bottom of the page.

 

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Mastercard does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com.


Depending on the country in which you are located, we will only process your Personal Information when we have a legal basis as identified in the table below. Please note that although the table does not list consent as a legal basis for each processing activity, we rely on consent for all processing activities in countries where consent is the only, or most appropriate, legal basis.

 

Processing Activity

Legal Basis for Processing (where required under    applicable law)

  • Develop, host, and maintain the Priceless Services to provide and administer Offers, which may include the disclosure of your Personal Information to third parties including issuers and merchants.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of developing, hosting, and maintaining the Priceless Services to provide and administer Offers.
  • Determine eligibility to register with the Priceless Services and to receive certain Offers in connection with your card type.
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of determining eligibility to register with the Priceless Services and receive Offers in connection with your card type.
  • Create and manage your Priceless.com account.
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of creating and managing your Priceless.com account.
  • Communicate with you in connection with the Priceless Services by email, phone, and/or SMS or other means, for example to send order confirmations or respond to your inquiries. We may also contact you by email and/or at the phone number you provided at the time of purchase to fulfil or facilitate your use of the purchased Offer.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information to communicate with you.
  • Protect against and prevent fraud, unauthorized transactions, claims and other liabilities.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of protecting against and preventing fraud, unauthorized transactions, claims and other liabilities.

For more information on our fraud prevention and  monitoring activities, please see our Fraud & Security Notice.

  • Send you marketing communications and deliver advertisements to you about Priceless Services and Offers.
  • You consented to the use of your Personal Information; or
  • We, or a third party, have a legitimate interest in using your Personal Information to deliver marketing communications and advertisements.
  • Provide you with personalized services and recommendations. For example, we may analyze your preferences, spending patterns, interests and behavior in order to provide you with personalized content and the most relevant Offers, recommendations and email communications, based on your interaction with the Priceless Services, your online behavior and other Personal Information we may obtain about you. We seek consent from you for this use, where required by law.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of providing you personalized services and recommendations.
  • Facilitate your interaction with us through social media.
  • You consented to the use of your Personal Information; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of facilitating interaction through social media.
  • Process and fulfill purchases made in the context of the Priceless Services.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purpose of processing and fulfilling purchases made in the context of the Priceless Services.
  • Operate, evaluate and improve our business, including anonymization and analytics.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for entering into, or performance of a contract to which you are a party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of operating, evaluating and improving our business, including anonymization and analytics; or
  • The processing is undertaken for statistical and/or research purposes (in jurisdictions where this legal ground is available).
  • Enforce our Priceless.com Terms of Use and Content-specific Terms and Conditions and our other legal rights.
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of enforcing the Terms of Use and Content-specific Terms and Conditions and our other legal rights.
  • Comply with applicable legal requirements and industry standards and our policies.
  • You consented to the use of your Personal Information; or
  • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
  • The processing is necessary for entering into, or performance of a contract to which you are party; or
  • We, or a third party, have a legitimate interest in using your Personal Information for the purposes of complying with industry standards and our policies.

 

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below.

 

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.

 

If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his Personal Information and obtain her/his consent, as may be necessary under applicable laws.


We do not disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time of the data collection. We do not sell Personal Information we collect about you, as defined by the California Consumer Privacy Act. Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules.

 

We may also share your Personal Information:

  • With financial institutions and other entities that issue payment cards or merchants to process payment transactions and perform other activities that you request.
  • With entities that partner with Mastercard or assist Mastercard in providing Offers, such as merchants and alliance partners (including non-profits) who fulfill your purchased Offer. For example, if you purchase a Priceless experience to a restaurant, sports event, or an award show, we will disclose your Personal Information to the Offer provider merchant (e.g., restaurant) for the fulfillment of your Offer, or as otherwise necessary to provide you with the Priceless Services. Such third parties may act as a data controller with respect to such data in order to provide you with additional services in connection with the Priceless Services.
  • With our service providers who perform services on our behalf for the purposes described in this Privacy Notice. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Information. 
  • With third parties whose features (e.g., third-party cookies, widgets, plug-ins) are integrated in our products and services. For further details, please consult Section 7 (Features and Links to Other websites) of this Privacy Notice.
  • With social media networks when you directly engage with those platforms. For further details, please consult Section 7 (Features and Links to Other Websites) of this Privacy Notice.
  • With other third parties with your consent.
  • As required under applicable law or legal process, or respond to requests from law enforcement or governmental agencies. When we receive such requests, we will follow the process set out in our Binding Corporate Rules (see Section 5 below), where applicable.
  • Where we believe disclosure is necessary to protect individuals’ vital interests, to enforce our Terms of Use, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • In the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information.

You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.

 

If you are located in California, we will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights, except where the different price or level of good or service is reasonably related to the value of the data that we receive from you. In some instances, we may not be able to provide you with the good or service that you request if you choose to exercise certain rights.

 

You can choose:

  • Not to provide Personal Information to Mastercard by refraining from conducting payment transactions or from submitting Personal Information directly to us. 
  • To opt out of the collection and use of certain information, which we collect about you by automated means, when you visit website or apps in the context of the Priceless Services. In certain jurisdictions, you can exercise your choice regarding the use of Cookies by clicking on the ‘Manage Cookies’ button or link at the bottom of the page. Your browser may tell you how to be notified of and opt out of having certain types of Cookies placed on your device. Note that without certain Cookies you may not be able to use all of the features of the Priceless Services. 
  • To opt out of certain uses of information, which we collect about you by automated means, when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customized and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customize and serve these ads. Mastercard ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Please click here or, where applicable, on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes.
  • To tell us not to send you marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below. You also may opt out of receiving marketing emails from Mastercard by clicking here.
  • To opt out of the anonymization of your Personal Information to perform data analyses by clicking here.

Depending on the country in which you are located, you may have the right to:

  • Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
  • Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.

For information on the number of privacy requests Mastercard processed pursuant to the California Consumer Privacy Act and other privacy laws globally, please review the “My Data Report” section of the “My Data Center” portal.

 

You may opt out from certain processing of your Personal Information, e.g., via our opt-out webpage.

 

Note that this list may not be exhaustive, which means that you may have additional rights in accordance with local laws. In addition, the above rights may be limited in some circumstances by local law requirements.

 

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How To Contact Us" section below. 


 
We have developed Mastercard’s “My Data Center” portal to facilitate the exercise of your rights. You, or a party authorized to act on your behalf, can exercise your rights on Mastercard’s “My Data Center” portal or by submitting a request as described in the “How To Contact Us” section below.


 
If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.  
To learn more about the APEC Certification and access Dispute Resolution, please click on the TRUSTe seal.


Mastercard is a global business. We may transfer the Personal Information we collect about you to recipients in countries other than your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will protect that information as described in this Privacy Notice, or as disclosed to you at the time of data collection.

 

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA and UK data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here.

 

We may also transfer Personal Information to countries for which adequacy decisions have been issued, or use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law or rely on other lawful data transfer mechanisms where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of your jurisdiction.

 

Additionally, Mastercard’s privacy practices, described in this Global Privacy Notice, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here.
If you are located in mainland China, you understand that we may transfer the Personal Information we collect about you to recipients in countries or regions other than mainland China, including Mastercard International Incorporated in the United States, Mastercard Asia/Pacific Pte. Limited in Singapore and to other affiliates as listed here. When we conduct international transfers of Personal Information, we will always ensure to comply with requirements stipulated under applicable laws. By using the Priceless Services, you will be deemed as having consented to our cross-border sharing of your Personal Information to recipients in countries or regions other than mainland China in accordance with this Privacy.

 


The security of your Personal Information is important to Mastercard. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information.

 

We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.


Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking sites and geo-location tools, operate independently from Mastercard, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard, we suggest that you review the privacy practices of the websites.

 

Mastercard offers you the possibility to share, link to, or mention things on social media about Mastercard’s products and services. For example, you may “like” an Offer via your Facebook account, or “tweet” an Offer using Twitter. When you visit a website with a social media button, your browser establishes a direct connection to that social media provider, and data concerning your visit, including IP address, is transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account.

 

You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Facebook and Twitter, and these other third parties, are independent from Mastercard and do not necessarily share the same policy as Mastercard regarding the protection of privacy. Please verify their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features.


Priceless Services are not directed to, or intended for, children under the age of 18. However, Mastercard may collect Personal Information about children below the age of 18 years of age from the parent or guardian directly in accordance with applicable law. If you learn that a child has provided us with Personal Information contrary to our Terms of Use, then you may alert us at privacyanddataprotection@mastercard.com.


This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will post a prominent notice on relevant websites to notify you of any significant or material changes to our Privacy Notice prior to them being effective and indicate at the top of the Privacy Notice when it was most recently updated. If we update our Privacy Notice, in certain circumstances, we may seek your consent.


If you have any questions, comments or complaints about this Privacy Notice and our privacy practices, or would like to update your privacy preferences, please email us at privacyanddataprotection@mastercard.com or write to us at:

 

Global Privacy Office Mastercard International Incorporated 2000 Purchase Street Purchase, New York 10577 USA

 

If you are located in the EEA or Switzerland or Serbia, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data Center” portal, or email us at privacyanddataprotection@mastercard.com, or write to us at:

 

EEA Data Protection Officer Mastercard Europe SA Chaussée de Tervuren 198A B-1410 Waterloo Belgium

 

If you are located in Brazil, Mastercard Brasil Soluções de Pagamento Ltda. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data Center” portal, or email us at privacyanddataprotection@mastercard.com or write to us at:

 

Brazil Data Protection Officer Mastercard Brasil Soluções de Pagamento Ltda. Avenida das Nações Unidas, 14.171, 20ºandar, Crystal Tower São Paulo/SP Brasil CEP 04794-000

 

If you are located in Asia Pacific (excluding mainland China), Middle East or Africa, Mastercard Asia Pacific Pte. Ltd. Is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at:

 

Asia Pacific, Middle East and Africa Data Protection Officer Mastercard Asia/Pacific Pte Ltd 3 Fraser Street, DUO Tower, Level 17 Singapore 189352

 

If you are located in mainland China, Mastercard Shanghai Business Consulting Ltd. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or writing to us at:
China Data Protection Officer Room 2907-14, Part of 29/F Tower 2 Shanghai IFC, 8 Century Avenue China (Shanghai) Pilot Free Trade Zone