For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Priceless Services, we obtain Personal Information relating to you from various sources as described below. 

Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from the Priceless Services if that information is necessary to provide you with the service or if we are legally required to collect it. 

Personal Information Provided by You 

• User registration and log-in details: When you register as a user of the Priceless Services, we collect your email address and the password you choose and create an account with a unique identification number. We may also ask for your personal account number so that we can confirm eligibility, but we do not store it as part of your user profile. You are generally not required to register as a user when the Priceless Services are provided to you by your issuer, except if you want to take part in an auction.  
• Contact details and payment information: When you select an Offer and make a payment (where applicable) for that Offer, we may collect your contact details (such as username, name, email address, phone number and home address) and, where applicable, payment information (such as name, email address, phone number, billing or shipping address, personal account number, card expiration date and card verification code).  
• Prize draw entry and delivery information: When you enter a prize draw that is organised by Mastercard, we generally collect your name, email address, phone number and home address. 
• Information we process to provide you with the Priceless Services: We may collect different types of Personal Information depending on the Priceless Services. For example, Priceless Services designed to offer you location-based services will typically require the collection of your address or location. All these programs are voluntary, and your Personal Information is only collected if you subscribe to such Priceless Services.  
• Other information you choose to provide in relation to the Priceless Services, as will be made clear to you at the time of collection.  

Personal Information Provided by Third Parties 

We may obtain Personal Information about you from third parties which may be located in countries other than your country. For example, another Priceless Services user may provide us with the contact information of a gift recipient, another individual who will share a Priceless experience with the purchaser, or a person whom the user wishes to invite to use the Priceless Services.  

Personal Information We Obtain from Your Interaction with the Priceless Services, Mastercard Ads, Websites, Apps or Other Digital Assets 

We, our service providers and partners may collect certain information about you via automated means such as cookies, web beacons and similar technologies (collectively “Cookies”) when you interact with the Priceless Services. The information we collect in this manner may include: IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs and information on actions taken or interaction with the Priceless Services. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited. 

We use this information to improve the Priceless Services and our other online products and services by assessing how many users access or use our online products and services; which content, products and features of our online products and services most interest our visitors; what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on the Priceless Services, such as those of Adobe. The analytics providers that administer these services use Cookies to help us analyze how visitors use the Priceless Services. 

We, our service providers and partners may also collect information about you to provide you with content and advertising tailored to your individual interests. The information collected for these purposes may include details about things like the particular pages or ads you view in the context of the Priceless Services and the actions you take in that context. 

Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertising.  

Please see the “Your Rights and Choices” section of this Privacy Notice to learn about your choices. 

Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, Mastercard does not respond to web browser-based DNT signals at this time. To learn more about browser tracking signals and DNT, visit http://www.allaboutdnt.com. 

Depending on the geographic location from which you are accessing the Priceless Services, you may be able to allow or reject Cookies that are not strictly necessary for delivering the Priceless Services when you first access the website or app, and any time thereafter using the “Manage Cookies” button or link at the bottom of the page. 

Depending on the country in which you are located, we will only process your Personal Information when we have a legal basis as identified in the table below. 

Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below. 

We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard, or when we are legally required to use your Personal Information in this way, for example to prevent fraud. 

If you provide us with any information or material relating to another individual, you should make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his Personal Information and obtain her/his consent, as may be necessary under applicable laws. 

We do not disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time of the data collection.  

We do not sell Personal Information we collect about you, as defined by the California Consumer Privacy Act. Please see the “Data Transfers” section below to understand how we comply with applicable cross-border data transfer rules. 

We may share your Personal Information: 

• With financial institutions and other entities that issue payment cards or merchants to process payment transactions and perform other activities that you request. 
• With entities that partner with Mastercard or assist Mastercard in providing Offers such as merchants and alliance partners (including non-profits) who fulfil your purchased Offer. For example, if you purchase a Priceless experience to a restaurant, sports event, or an award show, we will disclose your Personal Information to the Offer provider merchant (e.g., restaurant) for the fulfilment of your Offer, or as otherwise necessary to provide you with the Priceless Services. Such third parties may act as a data controller with respect to such data in order to provide you with additional services in connection with the Priceless Services. 
• With financial institutions or Co-brand Partners with whom we offer or develop products and services, in connection with those offerings. 
• With our service providers who perform services on our behalf for the purposes described in this Privacy Notice. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the Personal Information they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Information.  
• With third parties whose features (e.g., third-party cookies, widgets, plug-ins) are integrated in our products and services. For further details, please consult Section 7 (Features and Links to Other websites) of this Privacy Notice. 
• With social media networks when you directly engage with those platforms. For further details, please consult Section 7 (Features and Links to Other Websites) of this Privacy Notice. 
• With other third parties with your consent. 
• As required under applicable law or legal process, or to respond to requests from law enforcement or government agencies. When we receive such requests, we will follow the process set out in our Binding Corporate Rules (see Section 5 Data Transfers below), where applicable. 
• Where we believe disclosure is necessary to protect individuals’ vital interests, to enforce our Terms of Use, prevent Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. 
• In the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information. 

You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you. You can choose: 

• Not to provide Personal Information to Mastercard by refraining from conducting payment transactions or from submitting Personal Information directly to us.  
• To opt out of the collection and use of certain information, which we collect about you by automated means, when you visit website or apps in the context of the Priceless Services. In certain jurisdictions, you can exercise your choice regarding the use of Cookies by clicking on the “Manage Cookies” button or link at the bottom of the page. Your browser may tell you how to be notified of and opt out of having certain types of Cookies placed on your device. Note that without certain Cookies you may not be able to use all of the features of the Priceless Services.  
• To opt out of certain uses of information, which we collect about you by automated means, when you visit third-party websites and interact with our ads. We may use service providers to serve ads on those third-party websites. These ads may be customized and served based on the use of data we and our partners have collected on our websites and apps. In addition, some of our service providers and partners may collect information about your online activities over time and across third-party websites to customize and serve these ads. Mastercard ads are sometimes delivered with icons that help consumers (i) learn more about how their data is being used and (ii) exercise choices they may have regarding the use of their data. Where applicable, you may click on the icon in our targeted ads to learn about your ability to opt out or limit the use of your browsing behavior for advertising purposes. 
• To tell us not to send you marketing emails by clicking on the unsubscribe link within the marketing emails you receive from us or by contacting us as indicated below. You also may opt out of receiving marketing emails from Mastercard by clicking here. 
• To opt out of the anonymization of your Personal Information to perform data analyses by clicking here. 

Depending on the country in which you are located, you may have the right to: 

• Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer your Personal Information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place. 
• Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.  

For information on the number of privacy requests Mastercard processed pursuant to the California Consumer Privacy Act and other privacy laws globally, please review the “MyData Report” section of the “My Data” portal. 

You may opt out from certain processing of your Personal Information, e.g., via our opt-out webpage. 

Note that this list may not be exhaustive, which means that you may have additional rights in accordance with local laws. In addition, the above rights may be limited in some circumstances by local law requirements. 

To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How To Contact Us" section below.  

We have developed Mastercard’s “My Data” portal to facilitate the exercise of your rights. You, or a party authorised to act on your behalf, can exercise your rights on Mastercard’s “My Data” portal or by submitting a request as described in the “How To Contact Us” section below. 

If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.   

To learn more about the APEC Certification and access Dispute Resolution, please click on the TRUSTe seal. 

Mastercard is a global business. We may transfer the Personal Information we collect about you to recipients in countries other than your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will protect that information as described in this Privacy Notice, or as disclosed to you at the time of data collection. 

We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA and UK data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here.  

We may also transfer Personal Information to countries for which adequacy decisions have been issued or use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law or rely on other lawful data transfer mechanisms where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of your jurisdiction. 

Additionally, Mastercard’s privacy practices, described in this Privacy Notice, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here. 

If you are located in mainland China, you understand that we may transfer the Personal Information we collect about you to recipients in countries or regions other than mainland China, including Mastercard International Incorporated in the United States, Mastercard Asia/Pacific Pte. Limited in Singapore and to other affiliates as listed here. When we conduct international transfers of Personal Information, we will always ensure to comply with requirements stipulated under applicable laws. By using the Priceless Services, you will be deemed as having consented to our cross-border sharing of your Personal Information to recipients in countries or regions other than mainland China in accordance with this Privacy Notice. 

The security of your Personal Information is important to Mastercard. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information. 

We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations. 

Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking sites and geo-location tools, operate independently from Mastercard, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard, we suggest that you review the privacy practices of the websites. 

Mastercard offers you the possibility to share, link to, or mention things on social media about Mastercard’s products and services.  For example, you may “like” an Offer via your Facebook account, or “tweet” an Offer using X (formerly known as Twitter). When you visit a website with a social media button, your browser establishes a direct connection to that social media provider, and data concerning your visit, including IP address, is transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account. 

You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Facebook and X (formerly known as Twitter), and these other third parties, are independent from Mastercard and do not necessarily share the same policy as Mastercard regarding the protection of privacy. Please verify their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features. 

The Priceless Services are not directed to or intended for children under the age of 16. However, Mastercard may process Personal Information about children below 16 years of age with the parent or guardian’s consent or based on another legal basis in accordance with applicable law. If you learn that Mastercard is processing children’s Personal Information in violation of this Privacy Notice, then you may alert us at privacyanddataprotection@mastercard.com. 

This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will post a prominent notice on relevant websites to notify you of any significant or material changes to our Privacy Notice prior to them being effective and indicate at the top of the Privacy Notice when it was most recently updated. If we update our Privacy Notice, in certain circumstances, we may seek your consent. 

If you reside in the United States, this U.S. Privacy Addendum supplements the information above for certain states, as indicated in Section 11.  

If you have any questions, comments or complaints about this Privacy Notice and our privacy practices, or would like to update your privacy preferences, please email us at privacyanddataprotection@mastercard.com or write to us at: 

Global Privacy Office 
Mastercard International Incorporated 
2000 Purchase Street 
Purchase, New York 10577 
USA 

If you are located in the EEA or Switzerland, Mastercard Europe SA is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data” portal,  or email us at privacyanddataprotection@mastercard.com, or write to us at: 

EEA Data Protection Officer  
Mastercard Europe SA 
Chaussée de Tervuren 198A 
B-1410 Waterloo 
Belgium 

If you are located in Brazil, Mastercard Brasil Soluções de Pagamento Ltda. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information on Mastercard’s “My Data” portal, or email us at privacyanddataprotection@mastercard.com or write to us at: 

Brazil Data Protection Officer 
Mastercard Brasil Soluções de Pagamento Ltda. 
Avenida das Nações Unidas, 14.171, 20º andar, Crystal Tower 
São Paulo/SP 
Brasil 
CEP 04794-000 

If you are located in Asia Pacific (excluding mainland China), Middle East or Africa, Mastercard Asia Pacific Pte. Ltd. Is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at: 

Asia Pacific, Middle East and Africa Data Protection Officer 
Mastercard Asia/Pacific Pte Ltd 
3 Fraser Street, DUO Tower, Level 17 
Singapore 189352 

If you are located in mainland China, Mastercard Shanghai Business Consulting Ltd. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or writing to us at: 

China Data Protection Officer 
Room 2907-14, Part of 29/F Tower 2 
Shanghai IFC, 8 Century Avenue 
China (Shanghai) Pilot Free Trade Zone