Disclosures for California residents

If you are a California resident from whom we collect personal information as a business under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) ("CCPA"), please read our Global Privacy Notice as supplemented by the below information.

For the purpose of this Privacy Notice, "personal information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is publicly available, deidentified, or aggregated (as those terms are defined in the CCPA) or otherwise excluded from the scope of the CCPA.

1. Categories of Personal Information about you that we Collect and Disclose

The Personal Information that we Collect and Disclose will depend on your use of the tool. Please avoid inputting any proprietary, confidential, sensitive personal data, or any other content that you do not have the right to use into the chatbot. For the beta pilot of the Chatbot, the following is a list of categories of Personal Information (as defined by, and with reference to the paragraph numbers in the CCPA) we collect and disclose for a business purpose, depending on your interaction with the Chatbot:

A. Identifiers.

Examples: Personal and business contact information (e.g., name, business address, telephone number), online identifier, device identifier(s), internet protocol address, personal or business email address, authentication information, and similar identifiers.

B. Categories of Personal Information in Cal. Civ. Code Section 1798.80(e).

Examples: Name, address, telephone number, email address, and IP address.

F. Internet or Other Electronic Network Activity Information.

Examples: Cookie and web beacon data, IP address, browser type, operating system, mobile device identifier, referring URLs, pages viewed and other actions you take on the Chatbot.

G. Geolocation Data.

Example: Your city, state, country, and/or IP address.

2. Sources of Collection of Personal Information

We have collected Personal Information from the following categories of sources:

A. You/Your Devices:

You or your devices directly.

B. Analytics Providers:

Including but not limited to Adobe Analytics.

C. ISPs:

Internet service providers.

D. OS/Platform Provider:

Operating systems and platforms.

3. Use of your Personal Information

We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes below:

A. Providing Services:

Providing our Chatbot service to you.

B. Fraud and Incident Prevention:

Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.

C. Research and reporting on our beta pilot program.

Undertaking internal research and analysis for technological and product development.

4. Disclosure of your Personal Information to Third Parties

With respect to the categories of Personal Information identified above in Section 1, we disclose your Personal Information to the following categories of third parties:

A. Analytics Providers:

Companies that help us analyze and improve our Chatbot. We disclose your Personal Information to Analytics Providers only at your direction and only with your consent (for e.g., Adobe Analytics). Personal Information we disclose: Identifiers; Internet or Other Electronic Network Activity; Geolocation Data.

B. Vendors:

Vendors and service providers. Personal Information we disclose: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Internet or Other Electronic Network Activity Information; Geolocation Data.

C. Third Parties as Legally Required:

Third parties as required by law and similar disclosures. Personal Information we disclose: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Internet or Other Electronic Network Activity Information; Geolocation Data.

D. Third Parties in Merger/Acquisition:

Third parties in connection with a merger, sale, or asset transfer. Personal Information we disclose: Identifiers; Categories of Personal Information in Cal. Civ. Code Section 1798.80(e); Internet or Other Electronic Network Activity Information; Geolocation Data.

E. Third Parties with Consent or Direction:

Other third parties for whom we have obtained your direction or permission to disclose your Personal Information. Personal Information we may disclose: Identifiers.

We do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit under the CCPA.

5. Collection and Sale of your Personal Information to Other Parties

We do not sell or share your personal information in relation to the Chatbot service.

We do not have actual knowledge that we sell Personal Information of consumers under 16 years of age or that we share Personal Information of consumers under 16 years of age for cross context behavioral advertising.

6. Retention

We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

7. Your Privacy Rights

If you are a California resident, you may exercise the following rights.

Right to Know and Access.

You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected, sold, shared with third parties for CCPA, or disclosed by us; (2) purposes for which categories of Personal Information are collected, sold, or shared with third parties for cross-context behavioral advertising by us; (3) categories of sources from which we collect Personal Information; (4) categories of third parties with whom we disclosed Personal Information; and (5) specific pieces of Personal Information we have collected about you.

Right to Delete.

Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you. We maintain a record of such request as required by the CCPA.

Right to Correct.

You have the right to correct inaccurate Personal Information that we maintain about you.

Verification.

Requests for access, deletion, or correction of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested pursuant to relevant CCPA requirements, limitations, and regulations. Mastercard is committed to secure personal information. When consumers exercise their privacy rights through the My Data portal, a two-step verification will enable their account to be guarded by an extra layer of security. In addition to their email, name, and surname, we require additional verification through the second factor of authentication that they have chosen (mobile one-time passcode or security answer) during registration. Before disclosing information, we also ask consumers to respond to specific questions about the products they use and that are in scope of their privacy request. Similarly, when consumers reach out to Mastercard via email, we verify their identity by using their contact information (email, name, and surname) and specific questions about the products they use.

Right to Opt Out.

In some circumstances, you may opt out of the sale of Personal Information.

Right to Equal Service and Price.

You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations. We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise your rights, except where the different price or level of quality of good or service is reasonably related to the value of the data that we receive from you.

Submit Requests.

To exercise your rights under the CCPA, please submit your request on Mastercard's "My Data" portal, email us at privacyanddataprotection@mastercard.com, or call our toll-free number: 1-833-244-4084.

Authorizing an Agent.

If you are acting as an authorized agent to make a request to know, delete, correct, or opt out on behalf of a California resident, you may submit a request on Mastercard's "My Data" portal, email us at privacyanddataprotection@mastercard.com, or call our toll-free number: 1-833-244-4084. Please note that we will require you to attach a written authorization signed by the resident whose Personal Information will be subject to the request.

Disclosures for U.S. residents, other than California Residents

If you are a U.S. resident from whom we collect personal data as a controller, you may have certain rights under an applicable U.S. state privacy law. You may rely on the disclosures in the Global Privacy Notice regarding how we collect, use, and disclose your personal information as well as the choices you can make related to your personal information.

Collection and Sale of your Personal Information to Other Parties

We do not sell or share your personal data with third parties for targeted advertising in relation to the Chatbot.

Your Rights and Choices

In addition to the rights identified in Section 4 ("Your Rights and Choices") of our Global Privacy Notice, you may have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you; where applicable, the right to question the result of such a decision based on profiling, to be informed of the reason the profiling resulted in the decision and, if feasible, to be informed of what actions might have been taken to secure a different decision and the actions that might be taken to secure a different decision in the future; the right to review the data used in the profiling, and if the decision is determined to have been based on inaccurate personal data, taking into account the nature of the personal data and the purpose of the processing, the right to have the data corrected and the profiling decision reevaluated based upon the corrected data; and the right to appeal a decision we make with respect to your privacy rights.