Mastercard International Incorporated and its affiliates and other entities within Mastercard’s group of companies (“Mastercard", the "Company", "we", "us", or "our") respect your privacy.
This Privacy Notice ("Notice") applies to the Processing of Personal Information by Mastercard collected in connection with your employment application at Mastercard and our recruitment process. This Notice applies to all individuals who apply to work for or provide services to us (including current employees who apply for new positions with us) (“You" or "Individuals"). A reference to Mastercard in this Notice is a reference to either Mastercard or to the applicable responsible Mastercard entity/ies defined in Section 8 below. Please note that if you apply for a job outside of the country in which you reside, your Personal Information will be collected and processed in accordance with applicable laws.
This Notice does not cover the collection and use of your Personal Information by Mastercard in the context of other Mastercard programs, by third parties on Mastercard-branded websites, by your Mastercard Card issuers (e.g., your bank) or any other information or communications that may reference Mastercard outside of your recruitment process.
The Notice describes the types of Personal Information we collect in connection with the recruitment process and, if successful, the pre-employment/onboarding process, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of such data. It also tells You about your rights and choices with respect to your Personal Information, and how You can reach us to update your contact information or ask questions You may have about our privacy practices.
We collect the following Personal Information about you in connection with your employment application and as part of our recruitment process, as permitted under applicable law:
In certain circumstances and depending on the country in which You are located, the Company may collect additional types of Personal Information as required or permitted by law (e.g., tax identification number).
In certain jurisdictions, and only to the extent we may lawfully do so under applicable law, Mastercard might may process Sensitive Personal Information, such as racial or ethnic origin, health-related data (for example, disability information), religious beliefs, and trade union membership, for the limited purposes as set out under Section 2, below.
To the extent permitted by law, the Company may receive Personal Information directly from You (e.g., provided in Workday and/or through our Talent Community) and indirectly from third parties (e.g., former employers, educational institutions, publicly available sources and professional social networking sites, online recruitment platforms, professional recruitment agencies, and government agencies).
For the purpose of this Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with your application for employment and potential onboarding, we obtain Personal Information relating to You from various sources described below.
“Processing” means any operation or set of operations performed upon Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. Processing will be carried out on paper and by electronic means.
Where applicable during the recruitment process/pre-employment/onboarding process, we will indicate whether and why You must provide us with your Personal Information, as well as the consequences of failing to do so. If You do not provide Personal Information when requested, we may not be able to assess your suitability for employment and continue the recruitment/ pre-employment/onboarding process.
We may collect the following Personal Information:
Generally, Mastercard will only Process Sensitive Personal Information as defined by applicable law (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, criminal convictions and offences or related security measures, genetic data, health-related data, sexual orientation, or biometric data for the purpose of uniquely identifying a person) during the recruitment/pre-employment/onboarding process to the minimum extent required and as permitted by applicable law. For any Sensitive Personal Information we process, we implement appropriate security measures based on the risk level of such information to prevent unauthorized access to and public disclosure, use, modification, destruction, leakage, or loss of Personal Information.
We may carry out psychometric testing and credit history checks only to the extent that they are necessary to assess your eligibility for the position and always only to the extent permitted by applicable law. For instance, we may carry out psychometric testing through duly qualified persons to assess eligibility for sales roles or roles handling highly confidential information of our customers. We may carry out credit history checks in very limited circumstances and always only to the extent permitted by applicable law for finance roles or roles handling highly confidential information of our customers.
The Company requests Personal Information directly from You and indirectly from third parties, such as former employers, educational institutions, online recruitment platforms, professional recruitment agencies, government agencies and credit reporting agencies. Where required by law, we will obtain your consent prior to requesting Personal Information from these third parties. We may request Personal Information from such third parties in connection with:
We may use your Personal Information to:
Where we seek to review and implement measures to improve our recruitment activities and ensure compliance with our policies such as equal opportunity initiatives, we use anonymized and aggregated data.
The Company only Processes Personal Information for the above purposes to the extent permitted by applicable law and, where required, only when it can rely on a legal basis. In certain cases, such as when looking to fill a job opportunity, we may process Your Personal Information with assistance from automated employment tools. However, all decisions with regards to the use of automated employment tools also include the use of human review and/or intervention.
We use personal Information we obtain about you for the purposes set out below. Depending on the country in which you are located, we will only process your Personal Information when we have a legal basis for the processing as identified in the table below. However, please note that even though the chart below does not list consent as a legal basis for each processing activity, in some countries or regions (e.g., mainland China) consent is the only or most appropriate legal basis for the processing of Personal Information, and in those countries, we rely on consent for all or most of processing activities.
Processing activity | Legal basis for processing (where required under applicable law) |
---|---|
Identify and contact you (including for purposes of sending reminders to complete your job application). |
|
Process your application and the details of your potential employment with us. |
|
Schedule and facilitate interviews between You and our HR and hiring teams. |
|
Determine your suitability for current and future potential functions with us. |
|
Contact references or other individuals who may provide information to us about your employment history. |
|
Perform pre-employment screening and testing, for Individuals in the EEA, as described in the Screening Privacy Notice. |
|
In case of positive evaluation and decision to hire, to prepare terms of employment and/or, if applicable, an employment contract, as further described in the applicable workplace Privacy Notice. |
|
Financial planning and budgeting. |
|
Diversity and equal opportunity initiatives (where permitted by and in compliance with local law). |
|
Providing reasonable workplace accommodations and a safe workplace. |
|
Staffing decisions. |
|
In certain jurisdictions, enforce our Terms of Use and our other legal rights, including by responding to disputes and other legal proceedings. |
|
Make improvements to and further develop our recruitment process, practices, and websites (including by way of candidate experience surveys). |
We, or a third party, have a legitimate interest in carrying out the processing activity. |
Ensure the safety and security of our systems. |
|
Perform auditing, research, and analysis in order to maintain, protect, and improve the recruitment experience on our sites. |
We, or a third party, have a legitimate interest in carrying out the processing activity. |
Respond to and process your inquiries, complaints, disputes. |
|
Perform aggregated data analyses (including anonymization of personal information) to evaluate engagement, trends, forecasts, gaps (where permitted by and in compliance with local law). |
We, or a third party, have a legitimate interest in carrying out the processing activity. |
Comply with applicable legal requirements, industry standards and our internal policies. |
|
Specifically, in the European Economic Area, the United Kingdom and Switzerland (together, “Europe” or the “EEA”), Mastercard will only Process Your Sensitive Personal Information when:
Where required under applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms. For more information on our balancing tests, you may contact us as described in the “How to Contact Us” section below.
Where we seek to review and implement measures to improve our recruitment activities and ensure compliance with our policies such as equal opportunities, we use anonymized and aggregated data.
Eligibility Criteria and Use of Automated Employment Tools
In some countries and for certain roles, You may be asked to provide Personal Information in response to certain standard questions (such as right to work information), as well as some that are specific to the position for which You are applying (such as certain qualifications or licenses) which are required as minimum qualification to be eligible for consideration. If You do not respond or your responses to these questions indicate that You do not meet minimum standards, this may impact consideration of You for the role.
In certain cases, such as when looking to fill a job opportunity, we may process Your Personal Information with assistance from automated employment tools. However, all decisions with regards to the use of automated employment tools also include the use of human review and/or intervention.
We do not sell your Personal Information, or share your Personal Information with third parties other than as set out in this Section 3. We may share Personal Information with the following parties on a strictly need-to-know basis and in accordance with applicable law:
Subject to applicable law, we may also disclose Personal Information to other third parties or government agencies when we have a legal basis to do so, such as with the consent or authorization of the Individual; as required under applicable law; and to protect the rights and properties of the Company.
We honor the rights of individuals under the privacy and data protection laws to which their data is subject. Depending on the country in which you are located, You may have certain rights, including but not limited to the right to:
Please be aware, that if You exercise your right to object or your rights of restriction or deletion, or if You decline to share certain information with us, we may not be able to assess your suitability for (continued) employment.
You can contact the Data Protection Officer (“DPO”) as described in the “How To Contact Us” section below.
Depending on the country in which you are located, You may have the following rights:
If you reside in the United States, you may have additional rights as set out in our United States Privacy Policy.
Please be aware, that if You exercise your right to object or your rights of restriction or deletion, or if You decline to share certain information with us, we may not be able to assess your application. Also, some of these rights may be limited in certain circumstances by local law.
You can contact the DPO as described in the “How to Contact Us" section below.
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time in accordance with our data retention policies and practices or as otherwise required by applicable law.
We take measures to either delete your Personal Information or maintain it in a non-identifiable form when such information is no longer necessary for the original purposes for which we Process it unless we are required by law to keep this information for a longer period.
The Company maintains appropriate administrative, technical, and physical safeguards to protect Personal Information of Individuals against the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information transmitted, stored or otherwise Processed. More information about our security policies is available upon request.
When your Personal Information is no longer necessary for the original purposes for which we Processed it, we either delete such Personal Information or maintain it in a non-identifiable form (unless we are required by applicable law to keep this information for a longer period).
When determining the retention period, we consider various criteria such as the nature and length of our relationship with You, business needs, statutory retention periods and any retention necessary to anticipate legal actions in accordance with any applicable statute of limitations. The periods are indicated in Mastercard retention policies per country which reflect local legal requirements.
If you are hired by us, we will keep your Personal Information for a longer period as part of our employment relationship. For information as to how we process your Personal Information in connection with your employment, please review the applicable workplace Privacy Notice, which is available upon hire and on our intranet.
For further guidance on the applicable retention periods, please contact the Data Protection Officer (“DPO") as described in the "How to Contact Us" section below.
Mastercard is a global business. During the recruitment process, we may transfer your Personal Information to the United States and other countries that may not have the same data protection laws as the country in which you initially provided the information. Nonetheless we will protect your Personal Information in accordance with this Notice, or as otherwise disclosed to you.
We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located. If you are located in the EEA, we will transfer your Personal Information in accordance with adequacy decisions (see list of countries for which the European Commission has issued an adequacy decision here) Binding Corporate Rules, standard contractual clauses, and other data transfer mechanisms.
Additionally, Mastercard’s privacy practices, described in this Notice, comply with the APEC Cross Border Privacy Rules System (“APEC CBPR”). The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here.
Mastercard is a global business. During the recruitment process, we may transfer the Personal Information we collect about you to recipients in countries other than your country, including the United States, where we are headquartered. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Information to other countries, we will protect that information as described in this Notice or as disclosed to you at the time of data collection.
We comply with applicable legal requirements when transferring Personal Information to countries other than the country where you are located. In particular, we have established and implemented Binding Corporate Rules ("BCRs") that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information we process globally. We equally rely on UK BCRs to transfer Personal Information outside of the United Kingdom. A copy of our BCRs are available here.
We may also transfer Personal Information to countries for which adequacy decisions have been issued (see list of countries for which the European Commission has issued an adequacy decision here), use contractual protections for the transfer of Personal Information to third parties, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law, or rely on other data transfer mechanisms where applicable.
Additionally, Mastercard’s privacy practices, described in this Notice, comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework can be found here.
If you are located in mainland China, you understand that we may transfer the Personal Information we collect about you to recipients in countries or regions other than mainland China, including Mastercard International Incorporated in the United States, Mastercard Asia/Pacific Pte. Limited in Singapore and to other affiliates as listed here. When we conduct international transfers of Personal Information, we will comply with requirements stipulated under applicable laws. By applying for a position with us, you will be deemed as having consented to our cross-border sharing of your Personal Information to recipients in countries or regions other than mainland China in accordance with this Notice.
You may contact us as described in the "How to Contact Us" section below to obtain a copy of the safeguards we use to transfer Personal Information and, in certain jurisdictions, learn more about how we transfer your Personal Information internationally.
This Notice may be updated periodically to reflect changes in our privacy practices.
Mastercard may from time to time make changes to this Notice to reflect changes in its legal or regulatory obligations, or to reflect changes in the manner in which we Process your Personal Information or for any other reason we deem appropriate. We will notify you in case of substantial changes to this Notice.
Mastercard International Inc. is Mastercard’s global headquarters and the entity responsible or “Data Controller” for the Processing of Personal Information described in this Notice.
If You applied for a position with or are employed by a local affiliate of Mastercard, that affiliate is the entity responsible for the Processing of Personal Information described in this Notice. Please, consult the “Learn more” section below to check which entity is responsible for the processing of your Personal Information. If You applied for a position located in Europe, please refer to Appendix A – Local Mastercard Entities for a list of the local Mastercard entity that is acting as Your data controller.
You can e-mail our Global Privacy Office at privacyanddataprotection@mastercard.com. You may also submit a request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com.
Mastercard International Inc. is Mastercard’s global headquarters and the entity responsible or “Data Controller” for the Processing of Personal Information described in this Notice.
If You applied for a position with or are employed by a local affiliate of Mastercard, that affiliate is the entity responsible for the Processing of Personal Information described in this Notice. If You applied for a position located in the EEA, please refer to Appendix A – Local Mastercard Entities for a list of the local Mastercard entity that is acting as Your data controller.
If you have any questions, comments or complaints about this Notice and our privacy practices, or would like to update your privacy preferences, please email us at: privacyanddataprotection@mastercard.com or write to us at:
Global Privacy Office
Mastercard International Incorporated
2000 Purchase Street
Purchase, New York 10577
USA
If you are located in California, to exercise your rights under the CCPA, you may submit your request by emailing us at: privacyanddataprotection@mastercard.com, or call our toll-free number: 1-833-244-4084.
If you are located in the EEA, Mastercard Europe SA is the entity responsible for the processing of your Personal Information (or data controller). You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com, or write to us at:
Europe Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
B-1410 Waterloo
Belgium
If you are located in Brazil, Mastercard Brasil Soluções de Pagamento Ltda. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at:
Brazil Data Protection Officer
Mastercard Brasil Soluções de Pagamento Ltda.
Avenida das Nações Unidas, 14.171, 20º andar, Crystal Tower
São Paulo/SP
Brasil
CEP 04794-000
If you are located in Asia Pacific (excluding mainland China), Middle East or Africa, Mastercard Asia Pacific Pte. Ltd. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at:
Asia Pacific, Middle East and Africa Data Protection Officer
Mastercard Asia/Pacific Pte Ltd
3 Fraser Street, DUO Tower, Level 17
Singapore 189352
If you are located in mainland China Mastercard Shanghai Business Consulting Ltd. is the entity responsible for the processing of your Personal Information. You may submit your request to exercise your rights to your Personal Information by emailing us at: privacyanddataprotection@mastercard.com or write to us at:
China Data Protection Officer
Room 2907-14, Part of 29/F Tower 2
Shanghai IFC, 8 Century Avenue
China (Shanghai) Pilot Free Trade Zone
If you are located in Quebec, Canada, you may contact our Data Protection Officer at privacyanddataprotection@mastercard.com.
For more information on Mastercard’s privacy practices in other contexts, please refer to our Global Privacy Notice.
If you reside in the United States, this U.S. Privacy Addendum supplements the information above for certain states, as indicated in this Section 9.
LAST UPDATED: March 16, 2023
Application
This U.S. Privacy Addendum supplements the information contained in the global Mastercard Applicant Privacy Notice for California residents, as indicated below.
Additional disclosures for California residents
If you are a California resident from whom we collect Personal Information as a business under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) (“CCPA”), you may rely on the global Mastercard Applicant Privacy Notice and the additional information below.
For the purpose of this section for California residents, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise defined by the CCPA. Personal Information does not include information that is publicly available, deidentified, or aggregated (as those terms are defined in the CCPA) or otherwise excluded from the scope of the CCPA.
1. Categories of Personal Information about you that we Collect and Disclose
The chart below provides the categories of Personal Information (as defined by the CCPA) we have collected and disclosed for a business purpose.
Category | We Collect | We Disclose |
---|---|---|
A. Identifiers. Examples: Personal and business contact information (e.g., name, postal address, telephone number, job title), unique personal identifiers or numbers, online identifier, device identifier(s), internet protocol address, email address, and similar identifiers. We may collect this information about other people if you give us their information. We may also associate information that you submit to us, such as content on our social media pages, with your identifiers. |
Yes |
Yes |
B. Categories of Personal Information in Cal. Civ. Code Section 1798.80(e). Examples: Name, address, telephone number, email address, and IP address. |
Yes |
Yes |
C. Characteristics of Protected Classifications under California or Federal Law. Examples: Gender, family status, age range, and military and veteran status. |
Yes |
Yes |
F. Internet or Other Electronic Network Activity Information. Examples: Cookie and web beacon data, IP address, and pages viewed and actions you take on our online properties and apps. |
Yes |
Yes |
H. Sensory Information. Examples: Photographs, audio recordings, and video recordings. |
Yes |
Yes |
J. Non-Public Education Information (as defined in 20 U.S.C. 1232g; 34 C.F.R. Part 99). Examples: Records that are directly related to a student maintained by an educational agency or institution or by a party acting for the agency or institution. |
Yes |
Yes |
I. Professional or Employment-Related Information. Examples: Professional information such as job title, department, and business unit. Additionally, information you provide as part of your job application, e.g., contact information and employment history. |
Yes |
Yes |
K. Inferences Drawn from Personal Information. Examples: Personal characteristics and interests. |
Yes |
Yes |
L. Sensitive Personal Information. Examples: Racial or ethnic origin (as required by applicable law). (We note, however, that we do not use or disclose sensitive personal information for purposes which would require us to offer consumers the right to limit our collection and processing of this data under the CCPA). |
Yes |
No |
2. Sources of Collection of Personal Information
We have collected Personal Information from the following categories of sources:
3. Use of your Personal Information
We collect, use, and disclose your Personal Information in accordance with the specific business and commercial purposes described in Section 2 of the Mastercard Global Applicant Privacy Notice, entitled “How We May Use Your Personal Information”.
4. Disclosure of your Personal Information to Third Parties
With respect to the categories of Personal Information identified above in Section 1, we disclose your Personal Information to the following categories of third parties:
We do not have actual knowledge that we sell Personal Information of consumers under 16 years of age or that we share Personal Information of consumers under 16 years of age for CCBA.
We do not sell your Personal Information or “share” Personal Information with third parties for “cross-context behavioral advertising”.
We do not collect, use or discloses sensitive personal information for purposes other than those permitted by the CCPA.
Retention
We take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as, the nature and length of our relationship with you, the impact on your application if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
5. Your Privacy Rights
If you are a California resident, you have the rights as set out in this section and may exercise them by following this guidance.
Your rights:
Right to Know and Access. You may submit a verifiable request for (as applicable to you as a Mastercard job applicant) information regarding the: (1) categories of Personal Information collected, or disclosed by us; (2) purposes for which categories of Personal Information are collected by us; (3) categories of sources from which we collect Personal Information; (4) categories of third parties with whom we disclosed Personal Information; and (5) specific pieces of Personal Information we have collected about you.
Right to Delete. Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.
Right to Correct. You have the right to correct inaccurate Personal Information that we maintain about you.
Verification. Requests for access, deletion, or correction of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested pursuant to relevant CCPA requirements, limitations, and regulations. Mastercard is committed to secure personal information. When applicants exercise their privacy rights via email, we verify their identity by using their contact information (email and/or name, surname or employee identification number (for active employees applying for new positions).
Right to Not Receive Discriminatory Treatment. You have the right not to receive discriminatory treatment for the exercise of your CCPA privacy rights, subject to certain limitations. We will not retaliate against you for exercising your CCPA privacy rights.
How to Submit Data Subject Rights Requests as a job applicant:
To exercise your rights under the CCPA, please submit your request to privacyanddataprotection@mastercard.com, or call our toll-free number: 1-833-244-4084.
Authorizing an Agent. If you are acting as an authorized agent to make a request to know, delete, correct, or opt out on behalf of a California resident, you may email us at privacyanddataprotection@mastercard.com, or call our toll-free number: 1-833-244-4084. Please note that we will require you to attach a written authorization signed by the resident whose Personal Information will be subject to the request.