Mastercard NetsUnion – General Privacy Notice

Effective Date: Dec 31, 2024

Mastercard NetsUnion Information Technology Co., Ltd. (“Mastercard NetsUnion” or “we”) respects your privacy.

This General Privacy Notice (Hereinafter referred to as “this notice”) describes the types of Personal Information we collect, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data in the course of providing services or organizing activities in the People’s Republic of China (hereinafter referred to as “Mastercard NetsUnion activities”). It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us about our privacy practices.

Please note that we may also accept instructions from and process your Personal Information in accordance with the instructions of financial institutions, merchants and other partners that act as processors of personal information, including processing payment transactions. For more details on the processing of your Personal Information in these circumstances, please refer to their respective privacy policies.

Specific privacy notices may apply to some of our products and services. Please visit the webpage or digital asset of the specific product or service to learn more about our privacy and information practices in relation to that product or service.

  1. Personal Information We May Collect

    "Personal Information" means all types of information relating to an identified or identifiable natural person that is recorded electronically or otherwise, excluding anonymized information. We may collect or process the following categories of Personal Information:

    • Transaction information, including personal account number, payment token information, the merchant’s name and location, merchants’ details, transaction records (the date and the total amount of transaction), and other information provided by financial institutions or merchants when we act on their behalf (Please refer to their respective privacy policies for specific scope).
    • Product and service information, such as registration and payment information when you request a product or service directly from us or participate in a marketing program, and information specifically for use in such programs, including name, cell phone number, email address, verification code, and personal account number.
    • Website, device and mobile app usage, and similar information collected via automated means, such as cookies and similar technologies, including device information (may contain IP address, IDFA, Andrioid ID, device unique identifier such as MEID/UDID/OPENUDID, MAC address, IMEI, OAID, ICCID (SIM card serial number), WiFi information such as BSSID/SSID, network status, device model and status, GUID, app list, operating system, software version), browser type, log information, geographic area, location information, reference URL, third party social media account username.
    • Job applications and related information when you apply for a job with us, including your contact information (include name, postal address, email address and telephone number), work history, curriculum vitae, contact details of referees, and the application email and its attachments that you send to us.
    • Business contact information when you work for one of our business partners, including name, title, department and organization name, business email and mailing address, business phone number, answers to security questions, security passwords and other credentials.
    • Identifying information, including name, e-mail address, physical address, telephone number and IP address.

    Learn more

    For the purpose of this General Privacy Notice, "Personal Information" means all types of information relating to an identified or identifiable natural person that is recorded electronically or otherwise, excluding anonymized information. We may obtain different types of Personal Information relating to you in the situations described below. "Sensitive Personal Information" means Personal Information that, if disclosed or used unlawfully, could easily lead to the infringement of a natural person's human dignity or jeopardize the safety of his or her person or property. Examples of Sensitive Personal Information given under applicable laws include but not limited to financial account information (also known and hereinafter referred to as personal account number, transaction records, etc.). Usually, the information that we collect about you is not considered sensitive, but in limited circumstances, we may collect your Sensitive Personal Information. We will inform you of the categories of Sensitive Personal Information collect by us in bold and underlined font under specific situations described below or in the privacy notice related to specific programs.

    Once you have consented to your financial institution transferring your personal information to us, clicking a checkbox on a relevant page, signing a confirmation, choosing to bind a bank card, or performing other similar unsolicited actions, you will be deemed to have carefully read and fully understood this notice (and the privacy notice associated with a particular product, service or program, if any) and to have consented to the collection of such personal information. The details are set out below:

    Personal Information We Receive from Financial Institutions, Merchants, and Other Partners in Connection with Mastercard NetsUnion’s Products or Services

    As a processor of payment transactions and provider of related services, we obtain a limited amount of information in connection with your payment transactions such as the personal account number, payment token information, the merchant’s name and location, transaction records (include the date and the total amount of transaction). Among these, your personal account number, payment token information, transaction records may be regarded as Sensitive Personal Information; it is necessary for us to receive and process your personal account number in order to provide you with payment transactions and provider of related services. If you do not provide such information, we will not be able to provide you with the corresponding payment transactions and other services, but it does not affect your use of our other products and services. However, we do not collect the cardholder’s name or other contact information to process payment transactions.

    In addition, for certain products and services, your financial institutions, the merchants where you make a transaction or other partners may provide us with more information about you, or we may collect it directly from you to provide you with those products and services on their behalf, support their business or perform processing activities on their behalf. The specific scope of collection and use will be communicated separately and with your consent in the privacy statements for specific products and services.

    In the above situations, we accept the instruction from the financial institutions, merchants and other partners to process your personal information, the financial institutions, merchants and other partners are data processors. Unless otherwise authorized by law, we will process your Personal Information to process payment transactions or for the purposes agreed by the financial institutions, merchants and other partners. Please refer to their respective privacy policy for more information regarding the processing of your Personal Information.

    We may collect or use Personal Information for fraud prevention and monitoring, risk management, dispute resolution and other related purposes. Such information may include the personal account number, payment token information, merchant’s name and transaction records (include transaction data and total amount), IP address, fraud score, merchant details, items purchased and information about the dispute. Among these, your personal account number, transaction records, payment token information may be regarded as Sensitive Personal Information; it is necessary for us to receive and process your personal account number in order for the abovementioned purposes. If you do not provide such information, we will not be able to provide you with the corresponding payment transactions and other services but does not affect your use of our other products and services.

    Personal Information we collect when we provide products and services directly to you

    We may offer products and services directly to you, such as marketing programs, rewards programs. In order to take advantage of one or more of the products and services, you may submit information directly to us in a variety of ways: (i) during interactions on our websites, applications, etc., (ii) when responding to marketing newsletters or other communications, (iii) when signing up for a product or service, or (iv) when participating in an offer, program, or promotion. We may also obtain your Personal Information from the following sources: through your use of our products or services, from companies that use or facilitate our products or services, from publicly available sources, or from third party partners. Your financial institution, merchant or other business partner may also transfer your Personal Information to us.

    In order to provide you with such products and services, we may collect your name, cell phone number, email address, verification code, personal account number, device information (which may contain IP address, IDFA, Andrioid ID, device unique identifier such as MEID/UDID/OPENUDID, MAC address, IMEI, OAID, ICCID (SIM Card Serial Number), WiFi information such as BSSID/SSID, network status, device model and status, GUID, application list, operating system, software version), log information, merchant location information. Among these information, your personal account number, may be regarded as sensitive personal information, which we need to collect and process in order to provide you with specific products, services or related functions, if you do not provide such information, we will not be able to provide you with the corresponding products, services or related functions, but it will not affect your use of our other products, services and functions. Programs vary, so where applicable, please refer to the relevant program-specific privacy statement to learn more about how that particular program collects and uses your Personal Information.

    Personal Information We Obtain from Your Interaction with Mastercard NetsUnion’s Ads, Websites, Apps or Other Digital Assets

    We, our service providers and partners may collect certain information about you via automated means such as cookies and web beacons when you interact with our ads, mobile apps, or visit our websites, pages or other digital assets. The information we collect in this manner may include IP address, browser type, operating system, mobile device identifier, geographical area, referring URLs and log information on actions taken or interaction with our digital assets. A “cookie” is a text file placed on a computer’s hard drive by a web server. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, is a technology that helps us identify when content has been accessed or visited.

    After we desensitize, de-identify or anonymize this information, we may use it to improve our online products and services by assessing how many users access or use our online products and services, which content, products and features of our online products and services most interest our visitors, what types of offers our customers like to see and how our online products and services perform from a technical point of view. For instance, we may use third-party web analytics services on our websites and mobile apps, such as those of Adobe Omniture. The analytics providers that administer these services use technologies such as cookies and web beacons to help us analyze how visitors use our websites and apps. Neither we nor our third-party analytics service providers associate de-identified information with your real identifying information or perform any form of re-identification.

    We, our service providers and partners may collect certain information about you via automated means such as social media tools, widgets or plug-ins to connect you to your social media accounts. These features may allow you to sign in through your social media account, share a link or post directly to your social media account. Such information may include third-party social media account usernames, device information (MAC address, BSSID, SSID, AndrioidID), application listings. When you visit a website that contains such tools or plugins, the social media or other service provider may learn of your visit. However, your interactions with these tools are governed by the privacy policies of the corresponding social media platforms. As we do not control these third-parties’ data handling practices, we recommend that you review their privacy policies, terms of use, and license agreements (if any). For further details, please consult Section 7 ("Features and Links to Other Websites") of this General Privacy Notice.

    Where required under applicable law, we obtain your consent prior to using the above automated means, and prior to sending you marketing communications, tailored content and advertisings.

    Please see the "Your Rights and Choices" section of this General Privacy Notice to learn about your choices.

    Personal Information We Obtain when You Apply for a Job with Us

    If you are applying for a job at Mastercard NetsUnion, we may collect certain Personal Information from your job applications on our Career website, such as your contact information (including name, postal address, email address and phone number), job history, curriculum vitae, contact details of your referees and any other Personal Information you choose to submit along with your application proactively.

    Personal Information We Collect in the Context of Our Business Relationship with Financial Institution, Merchant or other Entity Partnering with Mastercard NetsUnion

    For purposes of delivering products and services directly to financial institutions, corporate clients, merchants, customers and partners, managing our business relationships and financial reporting, for franchise development and integrity management, for marketing and compliance with applicable laws, and for accounting, auditing and billing purposes, we may collect Personal Information from individuals working for one of our business partners (including financial institutions, merchants, customers, suppliers, vendors and other partners), including name, job title, department and name of organization, business email and postal addresses, business telephone number, answers to security questions, security passwords and other credentials. Among these, answers to security questions, security passwords and other credentials may be regarded as Sensitive Personal Information, and we need such information for authentication purposes, if such individuals do not provide such information, we will not be able to authenticate and establish a business relationship with them, but this will not affect their use of our other products, services and features. The above-mentioned financial institutions, corporate clients, merchants, customers and partners should meet the requirements of applicable laws when processing Sensitive Personal Information and cross-border transfer of Personal Information, including obtaining your separate consent.

    Exceptions to obtain authorized consent

    In accordance with relevant laws and regulations, we may collect and use your personal information without obtaining your consent in the following cases in accordance with the law:

    (1) Where it is related to the fulfillment of the obligations of the controller of personal information under laws and regulations;

    (2) Directly related to national security and national defense security;

    (3) Directly related to public safety, public health, and significant public interests;

    (4) Directly related to criminal investigation, prosecution, trial and judgment execution, etc.;

    (5) For the purpose of safeguarding the life, property and other significant legitimate rights and interests of the subject of the personal information or other individuals, but it is difficult to obtain the authorized consent of the person himself/herself;

    (6) Where the personal information involved is disclosed to the public by the subject of personal information on his/her own initiative;

    (7) Where it is necessary for the conclusion and performance of a contract at the request of the subject of personal information;

    (8) Where the personal information is collected from legitimate publicly disclosed information, such as legitimate news reports, government information disclosure and other channels;

    (9) Necessary for maintaining the safe and stable operation of the products or services provided, such as discovering and disposing of product or service failures;

    (10) Other circumstances stipulated by laws and regulations.

  2. How We May Use Your Personal Information

    We May Use Your Personal Information to:

    • Process your payment transactions.
    • Protect against and prevent fraud, and other legal or information security risks.
    • Operate, evaluate and improve our business.
    • Process your job application.
    • Serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by law such as to meet the regulatory requirements under applicable laws.

    Where required under applicable law, we will only use your Personal Information with your consent; as necessary to provide you with products and services; or to comply with a legal obligation.

    Learn more

    We may use Personal Information we obtain about you for the purposes set below. We will only process your Personal Information with your consent and/or when we have a legal basis for processing as listed below:

    Processing ActivityLegal Basis for Processing
    • Process your payment transactions (including authorization, clearing, token payment, chargebacks and other related dispute resolution activities).

    In most cases, we process your payment transactions as data processor on behalf of your financial institutions, merchants and other partners which act as data controller. When we act as a processor, controllers are responsible for ensuring a legal basis for the processing of your Personal Information. Please refer to their respective privacy policies for more information regarding the processing of your Personal Information in these contexts.

    In some limited cases (e.g., chargebacks), we may process your payment transactions as a controller, provided that:

    • You consented to the use of your Personal Information; or
    • The processing is necessary for entering into, or performance of a contract to which you are a party; or
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations.
    • Protect against and prevent fraud, unauthorized transactions, claims and other liabilities, and manage risk exposure and franchise quality with respect to the integrity and security of our payments network.

    When we process Personal Information for fraud prevention, we may act as a processor or as a controller. When we act as a controller, we rely on one of the following legal grounds:

    • You consented to the use of your Personal Information; or
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations.
    • Manage our customer, supplier and vendor relationships, (which may include business contact information).
    • You consented to the use of your Personal Information; or
    • The processing is necessary for entering into, or performance of a contract to which you are a party.
    • Operate, evaluate and improve our business (including developing new products and services); analyzing our products, services, websites, mobile apps and any other digital assets in order to facilitate their functionality;
    • You consented to the use of your Personal Information; or
    • The processing is necessary for entering into, or performance of a contract to which you are a party.
    • Performing due diligence reviews, accounting, auditing, billing, reconciliation and collection activities.
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
    • The processing is necessary for entering into, or performance of a contract to which you are a party.
    • Evaluate your interest in employment and contact you regarding possible employment with Mastercard NetsUnion.
    • You consented to the use of your Personal Information; or
    • The processing is necessary for entering into, or performance of a contract to which you are a party.
    • As necessary to establish, exercise and defend legal rights.
    • The processing is necessary for entering into, or performance of a contract to which you are a party; or
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
    • We, or a third party, may use your Personal Information for the purposes of enforcing the Terms of Use and establishing, exercising and defending legal rights.
    • As may be required by applicable laws and regulations, including for compliance with Know Your Customers, Anti-Money Laundering, anti-corruption and sanctions screening requirements, or as requested by any judicial process, law enforcement or governmental agency having or claiming jurisdiction over Mastercard NetsUnion.
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations; or
    • We, or a third party, may use your Personal Information for the purposes of responding to a judicial process, law enforcement or governmental agency.
    • Comply with industry standards and our policies.
    • You consented to the use of your Personal Information; or
    • The processing is necessary for compliance with a legal obligation or other regulatory obligations.
    • For other purposes for which we provide specific notice at the time of collection.
    		Please consult the Specific Privacy Notice at the time of the collection.

    We will not subject you to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless you explicitly consented to the processing, the processing is necessary for entering into, or performance of a contract between you and Mastercard NetsUnion, or when we are legally required to use your Personal Information in this way, for example to prevent fraud.

    If you provide us with any information or material relating to another individual, you must make sure that the sharing with us and our further use as described to you from time to time is in line with applicable laws, so for example you should duly inform that individual about the processing of her/his Personal Information and obtain her/his consent, as may be necessary under applicable laws.

  3. How We Delegate the Processing, Share, Transfer Your Personal Information

    In order to fulfill the purposes described in this General Privacy Notice (or related program-specific privacy statements), we may delegate the processing of your information to relevant service providers.

    We also May Share Personal Information with:

    • As we operate as part of Mastercard-branded bank card clearing business, we may share Personal Information with Mastercard’s group of affiliated companies as listed in the Section 5 below “International Data Transfers”.
    • Service providers acting on our behalf, such as NetsUnion Clearing Corporation in China (contact address at Building 7, NO. 1 Yuetan South Road, Xicheng District, Beijing, the PRC, 100045; contact e-mail: contact@nucc.com) or other affiliates and entities within NetUnion's group of companies.
    • Other participants in the payment ecosystem, including financial institutions, and merchants.
    • Third parties for fraud monitoring and prevention purposes, or other purposes required by law.
    • Third parties whose feature you use in connection with our products and services or with your separate consent.
    • Other entities as required under applicable law or in the event of a sale or transfer of our business or assets.

    By using our relevant products or services or participating in the specific program, you will be deemed as having consented to our sharing of your Personal Information to recipients whose identities or categories are described above in accordance with this General Privacy Notice (and the relevant program-specific privacy notice, if any).

    Learn more

    We do not disclose Personal Information we collect about you, except as described in this General Privacy Notice, as disclosed to you at the time of data collection or as described in our program specific privacy notice. We do not sell Personal Information we collect about you.

    In order to fulfill the purposes described in this General Privacy Notice (or the relevant program-specific privacy statement), we may engage relevant service providers to process your information. We contractually require such service providers to process personal information only in accordance with our instructions and as necessary to perform services on our behalf or to comply with applicable law. We also require them to protect the security and confidentiality of the personal information they process on our behalf by, among other things, implementing appropriate technical and organizational security measures and disciplining employees who access personal information.

    We do not share your personal information with companies, organizations and individuals outside of us, except in the following circumstances:

    • We transfer Personal Information globally to certain Mastercard group of affiliated companies consistent with the terms of this General Privacy Notice or as we otherwise disclose at the time the data is collected.
    • Sharing with explicit consent: We will share your personal information with other parties after obtaining your explicit consent.
    • Sharing under legal circumstances: We may share your personal information in accordance with the provisions of laws and regulations, the need to resolve litigation disputes, or at the request of administrative or judicial authorities in accordance with the law.
    • Sharing with Authorized Partners: We may share your personal information with partners and other third parties to provide the services you need, but we will only share personal information that is necessary and subject to the purposes stated in this policy. We may share your personal information with the following categories of partners:
      • With financial institutions and other entities that issue bank cards or merchants to process payment transactions and perform other activities that you request.
      • With entities that partner with Mastercard NetsUnion or assist Mastercard NetsUnion in providing its products and services, including for fraud prevention and monitoring and third party identification services, to ensure the security of transactions and our payment processing system.
      • When we act as a service provider for third parties and provide them with Personal Information that we process on their behalf. With third parties whose features (e.g. third-party cookies, widgets, plug-ins) are integrated in our products and services. For further details, please consult Section 7 (Features and Links to Other websites) of this General Privacy Notice.

    We will not transfer your personal information to any company, organization or individual, except for the following: obtaining your prior express consent.

    In the event of a merger, acquisition, or bankruptcy and liquidation involving the transfer of personal information, we will ask the new company, organization, or other subject holding your information to continue to be bound by this statement, and we will ask the company, organization, or other subject to ask for your authorization and consent again in the event of a change in the collection, processing, or purpose of use of personal information as agreed to in this statement. In the event that the company goes into bankruptcy and there is no recipient, we will delete your data.

    Before transferring or sharing any Personal Information, including access to Personal Information, we require that appropriate privacy and Personal Information security protections be included in our agreements with third parties. We implement a comprehensive third-party risk management program and conduct appropriate due diligence to implement that program.

    When required to do so by applicable laws and regulations, we will inform you of matters relating to the provision of your Personal Information by us to third parties, including the name of the recipient of the Personal Information, contact information, the purpose of the processing, the manner of the processing, and the type of Personal Information. If it involves cross-border transfer of Personal Information to overseas third parties, we will inform you of the manner and procedures, etc., for exercising the relevant rights to the overseas Personal Information recipients, and provide your Personal Information to the overseas third parties when you have made other agreements with us on information sharing or when we have obtained your individual consent in specific scenarios, as detailed in Article 5 of this Policy.

  4. Your Rights and Choices

    We take your concerns about your Personal Information very seriously and protect you from exercising your rights in relation to your Personal Information. Your rights include:

    Access to and correction of your Personal Information

    You have the right to access and correct your Personal Information at any time, except as provided by law or regulation. You may contact us at any time and we will respond to your request in the manner and within the time period set out in this General Privacy Notice.

    Deletion of your Personal Information

    You may delete your Personal Information by contacting us in the manner set out in this General Privacy Notice. You may request the deletion of your Personal Information from us in the following circumstances:

    • If our handling of Personal Information violates laws and regulations;
    • If we collect or use your Personal Information without your consent;
    • If our handling of Personal Information seriously violates our agreement with you.

    If we decide to respond to your request for deletion, we will also notify, to the extent possible, the entities from whom we obtained your Personal Information and ask them to delete it in a timely manner, unless otherwise required by law or regulation, or if these entities have received independent authorization from you.

    Changing the Scope of Your Authorized Consent or Withdrawing Your Authorization

    You may change the scope of your consent or withdraw your consent by contacting us in the manner set forth in this General Privacy Notice. You have the right to object to certain collection or use of your Personal Information, including the use of cookies and similar technologies, the use of your Personal Information for marketing purposes, and automated decision-making with respect to your Personal Information.

    Please understand that each business function requires some basic Personal Information in order to be completed, and when you withdraw your consent or authorization, we will not be able to continue to provide you with the services for which you withdrew your consent or authorization, and we will no longer process your corresponding Personal Information. However, your decision to withdraw your consent or authorization will not affect the processing of Personal Information previously carried out on the basis of your authorization.

    Copying, transferring your Personal Information

    You have the right to obtain a copy of your Personal Information. If you would like a copy of the Personal Information we have collected about you, you can contact us in the manner set out in this General Privacy Notice. We will provide you with a copy of your Personal Information upon request, subject to compliance with relevant laws and where technically feasible.

    If you need to transfer your Personal Information collected and stored by us, we will provide you with a transfer route in accordance with the requirements of laws and regulations.

    Others

    • You have the right to ask us to explain our rules regarding the processing of Personal Information.
    • You have the right to lodge a complaint with a supervisory authority where applicable.

    Learn more

    You can exercise your rights by submitting a request as described in the "How to Contact Us" section below.

    You have certain rights regarding the Personal Information we maintain about you and certain choices about what Personal Information we collect from you, how we use it, and how we communicate with you.

    You may opt out from certain processing of your Personal Information, e.g. by emailing privacy@mastercardnucc.com.

    To update your preferences, ask us to remove your information from our mailing lists or submit a request to exercise your rights under applicable law, contact us as specified in the "How to Contact Us" section below.

    If we fall short of your expectations in processing your Personal Information or you wish to make a complaint about our privacy practices, please tell us because it gives us an opportunity to fix the problem. To assist us in responding to your request, please give full details of the issue. We attempt to review and respond to all complaints within a reasonable time and as required under applicable law.

  5. International Data Transfers

    Storage of personal information. Unless otherwise provided by law or administrative regulations, we will only store your personal information for the shortest period of time necessary to fulfill the purpose of the processing. We will determine the duration of the storage of personal information based on the following criteria: the duration of the services we provide to you, the legal or commercial obligations we have assumed. After the aforementioned storage period, we will delete or anonymize your personal information.

    We will provide personal information outside of the country in accordance with applicable laws and regulations and fulfill our legal obligations related to the cross-border transfer of personal information to ensure the security of your personal information and to protect your legal rights and interests in personal information.

    As part of our Mastercard-branded card clearing business and as Mastercard is a global company, we may transfer your Personal Information outside of China for legitimate purposes such as customer profiling, risk/fraud prevention, dispute resolution, etc. We may also transfer your Personal Information outside of China for legitimate purposes as disclosed in Section 3 "How We Share Your Personal Information". As disclosed in Section 3 "How We Share Your Personal Information", we may transfer your Personal Information to Mastercard Asia/Pacific Pte. Limited in Singapore, whose contact address is 3 Fraser Street, DUO Tower, #17-21/28, Singapore. Limited (whose contact address is 3 Fraser Street, DUO Tower, #17-21/28, Singapore 189352) ("Mastercard Asia/Pacific") in Singapore, which may further transfer your Personal Information to, for example, Mastercard Technologies, LLC in the United States (whose contact address is 2200 MasterCard Boulevard, 63368-7263 O'Fallon, MO United States) in the United States and Mastercard International Incorporated at 2000 Purchase Street Purchase, NY 10577, United States).

    The name of the offshore recipient, contact information, purpose of processing, processing method and other information, you can click here for details.

  6. How We Protect Your Personal Information

    We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited minimum period of time that is necessary to achieve the purposes for which such Personal Information was collected.

    Learn More

    The security of your Personal Information is important to Mastercard NetsUnion. We are committed to protecting the information we collect. We maintain reasonable administrative, technical and physical safeguards designed to protect the Personal Information you provide or we collect against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We use SSL encryption on a number of our websites from which we transfer certain Personal Information. We may use enhanced measures to protect the security of Sensitive Personal Information that are proportionate with the risks associated.

    We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it, unless we are required by law to keep this information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with our products or services, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.

  7. Features and Links to Other Websites

    Our websites may include links to other third-party websites, social media tools, widgets or plug-ins, permitting sharing web content including IP address, with third parties and social media providers. These social media providers may learn of your visit even if you are not logged in to your social media account or if you do not have an account with them. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard NetsUnion, we suggest that you review their own privacy notices or policies.

    Learn More

    Our websites may provide links to other websites for your convenience and information. Our website may also contain certain features for which we partner with other entities. These entities may learn of your visit regardless of whether you use these features. These websites and features, which may include social networking and geo-location tools, operate independently from Mastercard NetsUnion, and are clearly identified as such. To the extent any linked websites or features you visit or use are not owned or controlled by Mastercard NetsUnion, we suggest that you review the privacy practices of the websites.

    Mastercard NetsUnion offers you the possibility to share, link to, or mention things on social media about Mastercard NetsUnion’s products and services. When you visit a website with a social media button, your browser establishes a direct connection to that social media provider, and data concerning your visit, including IP address, is transferred to the social media provider. If you have an account with the social media provider, the provider may link your visit to your account, even if you are not logged into this account.

    You may also choose to use certain features on our websites that can be accessed through, or for which we partner with, other entities that are not otherwise affiliated with Mastercard NetsUnion. These features, including geo-location tools, are operated by third parties and are clearly identified as such. Social media providers such as Weibo and WeChat, and these other third parties, are independent from Mastercard NetsUnion and do not necessarily share the same policy as Mastercard NetsUnion regarding the protection of privacy. Please verify their privacy notices if you decide to use their services and consult your social media account settings if you want to deactivate certain features.

  8. Children’s Privacy

    Mastercard NetsUnion’s products and services are not directed to, or intended for, children under the age of 14.

    Learn More

    Mastercard NetUnion’s products and services are not directed to, or intended for, children under the age of 14. However, Mastercard NetsUnion may collect Personal Information about children below the age of 14 years of age from the parent or guardian directly, and with that person’s explicit consent.

    If we become aware that we have collected personal information from a child without first obtaining verifiable parental or guardian consent, we will attempt to delete the data as soon as possible. If you are the guardian of a child, please contact us at the contact information listed in this statement if you have questions about the personal information of a child in your custody.

  9. Updates to This General Privacy Notice

    This General Privacy Notice may be updated periodically to reflect changes in our privacy practices.

    Learn More

    This General Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will post a prominent notice on relevant websites to notify you of any significant or material changes to our General Privacy Notice prior to them being effective and indicate at the top of the General Privacy Notice when it was most recently updated. Your continued use of our website, our products and services or participation of our specific program after we update our General Privacy Notice signifies your consent to such updated General Privacy Policy.

  10. How to Contact Us

    You can contact us and our Personal Information Protection Officer by sending an email or calling us directly.

    Learn More

    If you have any questions, comments or dissatisfaction with this General Privacy Notice and our privacy practices, or would like to update your privacy preferences, or would like to exercise your rights and choices with respect to your Personal Information, please contact us by sending an e-mail or postal mail to the address below, or you may call us directly during business hours on weekdays, and we will make a request for verification and processing of your rights within fifteen (15) working days of receipt.

    Personal Information protection officer e-mail: privacy@mastercardnucc.com

    Address: Room 111, No. 101, Building 3, No. A29, Beisanhuan Middle Road, Xicheng District, Beijing, China

    Customer Service Hotline: 400-890-7888 (please follow the tone)

    For enquiries about your Mastercard card and your purchase, you should contact your financial institution or merchant. More information about how to contact them can be found on their respective websites.