Mastercard Prepaid Management Services Privacy Notice

Effective Date: December 2022.

Mastercard Prepaid Management Services Limited, its affiliates and other entities within the Mastercard’s group of companies (“Mastercard”, “we”, “us”, or “our”) respect your privacy.

This Privacy Notice applies to the processing of Personal Information collected in the context of Mastercard Prepaid Management Services (the “Services”). This Privacy Notice does not cover the collection and use of your Personal Information by Mastercard in the context of other programs, by third parties on other Mastercard branded websites, by your Mastercard Card issuers (e.g., your bank), or any other information or communications that may reference Mastercard outside of Mastercard Prepaid Management Services.

This Privacy Notice describes the types of Personal Information we collect in connection with the Services, the purposes for which we collect that Personal Information, the other parties with whom we may share it, and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact or get answers to questions you may have about our privacy practices.

Your visit to the Services’ websites and apps and your participation in the program is subject to this Privacy Notice and to our Terms of Use. For more general information about Mastercard’s privacy practices, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html.

1.  Mastercard's Role and Purposes for Which We Process Your Personal Information 

In connection with the Services, we ask you to provide certain Personal Information when you order and register a prepaid product or service directly with us on our website, participate in the related offer or promotion, or submit information on our websites. Mastercard is a data controller for the Processing of your Personal Information for these purposes.

This Privacy Notice covers Mastercard’s processing of your Personal Information as a controller.

We also process your Personal Information for the purpose of operating your prepaid card account when you have ordered and registered your prepaid card with another prepaid card distributor (which could be a merchant, post office, travel, or money exchange agency, a bank, etc.). In this context, Mastercard is a data processor acting on behalf of and under the instructions of the card issuer. Please refer to the Privacy Notice of the issuer of your prepaid card for more information regarding the processing of your Personal Information by the issuer. 

2.  Personal Information We Collect

• Full name and address
• Contact information including phone number information, and other details, (such as name, postal or e-mail address)
• Government identification details (such as details in your driver’s license, if applicable depending on the jurisdiction, government issued ID documents, or and passport information, and utility bills, if applicable)
• Payment card information and financial information, including transactional and balance data relating to your transactions with the prepaid card and chargeback information
• Information collected via automated means, when you visit our website
• Other information (such as language preference, age, and date of birth)

For the purpose of this Privacy Notice, unless otherwise specified, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Services, we obtain Personal Information relating to you from various sources described below.

Where applicable, we indicate whether and why you must provide us with your Personal Information. Some information is necessary to provide you with the Services or are legally required to be collected. If you do not provide these, you may not be able to benefit from the Services.

1. Personal Information Provided by You

We collect certain Personal Information when you sign up for the Services, including your name, and contact details (such as phone number information or address), government identification details (such as driver’s license, passport information, or utility bills), payment card information and financial information (including transactional and balance data relating to your transactions).

2. Personal Information Automatically Obtained from Your Interaction with the Services

When you use the Services, we collect information by automated means. The information is collected by cookies and include browser type, operating system, referring URL, IP address, device ID, location data, information on actions taken on the website of the Services, dates and times of actions. A “cookie” is a text file placed on a computer’s hard drive by a web server. We will not subject you to a decision solely based on automated processing that produces legal effects concerning you or similarly significantly affects you.

We use this information to improve the Services by assessing how many users access or use the Services, which content, products, and features of our service most interest our visitors, what types of offers our customers like to see, and how our service performs from a technical point of view. For more information, please view our Cookie Consent Tool.

3.  How We Use Your Personal Information

We Use Your Personal Information to:

• Provide you with the Services, including selling you the prepaid card and registering you with the Services
• Communicate with you, including to provide you service messages concerning your prepaid card
• Enforce our Terms of Use and comply with our legal obligations

We use Personal Information we obtain about you for the purposes set out below. Depending on the country in which you are located, we will only process your Personal Information when we have a legal basis for the processing as identified in the table below. However, please note that even though the chart below does not list consent as a legal basis for each processing activity, in some countries consent is the only legal basis for the processing of Personal Information, and in those countries, we rely on consent for all processing activities.

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below.

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing where required under applicable law, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud. 

4.  We Share Your Personal Information

We share Personal Information with:

• Mastercard’s headquarters in the U.S., our affiliates, and other entities within Mastercard’s group of
• Our service providers acting on our
• Other participants in the payment ecosystem, including the issuer of your prepaid card, financial institutions.
• Credit reference agencies and fraud prevention
• Other third parties for fraud monitoring and prevention purposes, or other lawful
• Third parties in the event of a sale or transfer of our business or

We do not sell Personal Information we collect about you, as defined by the California Consumer Privacy Act.

We do not share or otherwise disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time the data is collected.

We may share the Personal Information we collect with our headquarters and affiliates, including Mastercard International.

We may share the Personal Information we collect with financial institutions that issue payment cards, entities that assist with payment card fraud prevention, (where relevant).

We may share your Personal Information with credit reference agencies and fraud prevention agencies (i) to make enquiries when you ask for a Cash Passport or any of our Services or to assist us in managing the Cash Passport; (ii) to share information about you and how you manage the Cash Passport; or (iii) if you give us false or inaccurate information or we suspect fraud. These agencies keep a record of our enquiries (whether or not you proceed with your application, and whether or not your application is successful) and may record, use and give out information we give them to lenders, insurers and other organizations to make assessments on you and members of your household, and to assist with identity verification, for debt tracing, and to prevent fraud and money laundering.

We also may disclose data about you: (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

We also reserve the right to transfer Personal Information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any enquiries concerning the processing of that information.

For more information on how we may share your Personal Information, please read our Global Privacy Notice.

5.  Your Rights and Choices

Depending on your country, you may have the right or choice to:

• Opt-out of some collection or uses of your Personal Information, including the use of cookies (You can exercise your choice regarding the use of cookies and similar technologies via the ‘Manage Cookies’ banner displayed in the bottom right corner of our websites. The default rule is that you do not consent to our use of cookies, except for strictly necessary Cookies. We provide you with the possibility to opt-in to our use of Cookies when accessing the Services’ webpages.)
• Access your Personal Information, obtain a copy of it, rectify it, restrict or object to its processing, or request its deletion, destruction or anonymization.
• Receive the Personal Information you provided to us to transmit it to another company
• Withdraw any consent provided
• Where applicable, lodge a complaint with your Supervisory Authority

If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please contact one of our DPO (contact information below) and give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

You, or a party authorized to act on your behalf, can exercise your rights by contacting us as described in the “How to Contact Us” section. If you want more information on how to exercise your rights and choices, please read our Global Privacy Notice.

6.  How We Protect Your Personal Information

We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.

The security of your Personal Information is important to Mastercard. We are committed to protecting the information we collect. We maintain reasonable administrative, technical, and physical safeguards designed to protect the Personal Information you provide, or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information.

We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period.

For more information on How We Protect Your Personal Information, please read our Global Privacy Notice.

7.  Data Transfers

Mastercard is a global business. We may transfer your Personal Information to the United States and other countries which may not have the same data protection laws as the country in which you initially provided the information, but we will protect your Personal Information in accordance with this Privacy Notice.

We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located. If you are located in the EEA, we will transfer your Personal Information in accordance with adequacy decisions (see list of countries for which the European Commission has issued an adequacy decision here), Binding Corporate Rules, standard contractual clauses, and other data transfer mechanism where applicable. We equally rely on BCRs to transfer Personal Information outside of the United Kingdom. A copy of our BCRs is available here. You may contact us a specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of your jurisdiction.

Mastercard’s privacy practices, described in this Privacy Notice, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies.

If you want more information on our data transfer practices, please read our Global Privacy Notice.

8.  Updates to This Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in our privacy practices pertaining to Personal Information. We will post a prominent notice on our websites to notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.

9.  How to Contact Us

You can e-mail our Global Privacy Office, and our Data Protection Officer at privacyanddataprotection@mastercard.com.

If you are located in the EEA, UK, Switzerland, Middle East or Africa, Mastercard Prepaid Management Services Limited is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at privacyanddataprotection@mastercard.com, or write to us at:

Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
B-1410 Waterloo
Belgium 

If you are located in Australia, Mastercard Prepaid Management Services Australia Pty Ltd is the entity responsible for the processing of your Personal Information. If you are located in Japan, Mastercard Prepaid Management Services Japan KK is the entity responsible for the processing of your Personal Information. If you are located in New Zealand, Mastercard Prepaid Management Services (NZ) Ltd is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at: 

Asia Pacific Data Protection Officer
Mastercard Asia/Pacific Pte Ltd
3 Fraser Street, DUO Tower, Level 17
Singapore 189352

For more information on Mastercard’s privacy practices in other contexts, including how to withdraw from certain processing activities, please refer to our Global Privacy Notice available at https://www.mastercard.us/en-us/vision/corp-responsibility/commitment-to-privacy/privacy.html