Visa Solution Additional Country/Territory-Specific Privacy Notices

Brazil:

In addition to the personal information listed above, Visa Checkout also asks you to provide your Cadastro de Pessoas Físicas (CPF), to help facilitate transactions. Once you associate a CPF with an account, the CPF cannot be changed. Your CPF will be handled and protected in the same way as other personal information you provide.

European Economic Area:

1. Information about Visa

This information is being provided by Visa, Inc. for itself and its affiliates:

Visa USA, Inc.

900 Metro Center Boulevard

Foster City, CA 94404

USA

Visa USA, Inc. is based in the United States. Our representative in the EEA is:

Visa Europe Limited

1 Sheldon Square

London, W2 6TT.

Registration Number: Z8657396

To contact Visa’s data protection officer please write to us at either of the above addresses or email us at [email protected]

2. The purposes and legal basis for processing, including legitimate interests

The Visa Checkout Privacy Policy explains the reasons why we process your personal information. We only process personal information when we have a legal basis to do so as follows:

• To fulfil a contract with you or, as needed, to fulfil a contract between you and a  merchant or the financial institution that issued your card, where Visa is a data processor for that merchant or financial institution
• For closely-related purposes, such as payment processing and financial account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance
• With your consent (provided you have not objected or opted-out, as may be appropriate under applicable law), to provide you with marketing communications. You have the right to withdraw your consent at any time by following the instructions in the communications we send you or by sending an email with your request to [email protected]
• To comply with the laws that are applicable to us around the world

We may also process your personal information for the purposes of our own legitimate interests or for the legitimate interests of others, provided that processing does not and shall not outweigh your rights and freedoms. In particular, we will process your personal information as needed to:

• Protect you, us or others from threats (such as security threats or fraud),
• Enable or administer our business, such as for quality control, consolidated reporting and customer service,
• Manage corporate transactions, such as mergers or acquisitions and 
• Understand and improve our business or customer relationships in general.

3. Automated decision-making and profiling

We use profiling and analytics to understand how individuals use their Visa cards and other products for product development purposes and business intelligence purposes. These analytics help us understand and improve our products and to better serve our clients and consumers. We also use analytics for security and anti-fraud purposes, such as to identify unauthorised use of Visa cards.

We will not make automated-decisions about you that may significantly affect you, unless (1) the decision is necessary as part of a contract that we have with you, (2) we have your explicit consent or (3) we are required by law to use the technology. 

4. When you are required to provide personal information to Visa

In most cases, you are not required by law to provide any personal information to Visa. You are required to provide certain personal information to enable us to enter into a contract with you so that you can use our products and services. Our registration forms indicate which data elements are required for our contracts. If you do not provide these data elements, we cannot do business with you. 

5. Your rights

You always have the right to object to our marketing communications. To opt-out of emails, simply click the link labelled ‘unsubscribe’ at the bottom of any email we send you. To revoke permissions that you may have given to send text messages, text STOP in response to any message.  

Visa also respects the rights of EEA residents to access, correct and request erasure or restriction of their personal
information as required by law. Where Visa is a data controller, this means:

• You generally have a right to know if Visa processes your personal information. If we do process your personal information, you have the right to request that we provide you with a copy of that personal information or, in some cases, provide the information to another data controller. If your information is incorrect or incomplete, you have the right to ask us to update it.
• You have the right to object to our processing of your personal information. If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.
• You may also ask us to delete or restrict your personal information.

You may exercise these rights by accessing the following links:

• Request a copy of personal information and data for use with another data controller
• Update your personal information
• Delete your information

Alternatively, you may exercise these rights by contacting us via email at [email protected] or by writing to us at the address above, and a member of our Privacy team will assist you. Please understand that we may need to verify your identity before we can process your request.

If Visa is processing your personal information as a data processor, we will refer you to our client (such as to your Visa card issuer) for assistance with these requests. Visa supports its clients in responding to requests as required by law. 

If you believe that we have processed your personal information in violation of applicable law, you may also file a complaint with the Visa global privacy office, as above, or with a supervisory authority.

6. International transfers

As noted in the Visa Checkout Privacy Policy, your personal information may be transferred to, stored at or processed in the United States, Singapore, Australia and other countries that may not have equivalent privacy or data protection laws.

We generally use approved standard contractual clauses to assure that personal information is adequately protected when it is transferred out of the European Economic Area or Switzerland, but we may also make transfers to recipients with approved, binding corporate rules or to recipients in the United States who comply with the EU-US and/or Swiss-US privacy shield framework. 

Please contact us via email at [email protected] if you would like more information about cross-border transfers or to obtain a copy of the standard contractual clauses. 

7. Data retention

We will retain your personal information for as long as the information is needed for the purposes set forth above and for any additional period that may be required or permitted by law. The length of time your personal information is retained depends on the purpose(s) for which it was collected, how it is used and the requirements to comply with applicable laws. For example, you may request that we delete your personal information by contacting us via email at [email protected]. Unless we are required to retain your information, we will delete it as required by applicable law. 

Users in the European Economic Area may refer to our cookie policy.

Russia:

The recording, systematisation, accumulation, storage, refinement (including updating or changing) and extraction of any personal information of Russian citizens occurs with the use of databases located in the territory of the Russian Federation, except as otherwise permitted by Russian data protection legislation. We may process the personal information of Russian citizens using databases located in the United States, Singapore, the United Kingdom and Ireland, subject to compliance with Russian data protection legislation.