This Privacy Statement is effective May 25, 2018.
As a leading provider of payment management services to hundreds of thousands of online businesses around the world, privacy and data protection are of the utmost importance to CyberSource Corporation and its subsidiaries, including Authorize.Net LLC, CyberSource Limited, CyberSource NI Ltd., CYBS Singapore Pte. Ltd., CyberSource K.K., CyberSource Payment Solutions Pty Ltd and other subsidiaries (collectively "CyberSource").
This Privacy Statement details CyberSource’s policies with respect to the handling of personally identifiable information ("Personal Information") submitted to or otherwise collected by CyberSource via CyberSource's website(s), mobile application(s), and/or in the course of providing its payment processing, payment security and fraud management solutions and services (collectively the “Services”). CyberSource will use and disclose Personal Information in accordance with the terms of this Privacy Statement.
Personal Information we collect
Personal Information is any information that we can use to identify, locate or contact you. It also includes other information that may be associated with your Personal Information. We collect Personal Information any time the Services are used. The Personal Information collected includes information provided to us directly by individuals and that is provided to us by merchants or financial institutions. The collection of Personal Information described herein is necessary for use of the Services. This information includes but is not limited to:
- Consumer Name
- Contact information (such as email address, phone number, and mailing address)
- Order and payment information
We collect other information, such as:
- IP address and information about the device used to access the Services
- How and which Services are used
- Merchant and merchant account information, including account information we may gather from third party sources
- Information provided to us through means such as social media or when you contact us through our website
We also collect or compile other information about you (such as enrolment numbers or demographic group information) which does not identify you. We may use or share any other information with third parties for any lawful purpose.
To find out more about cookies, including browser-specific instructions on how to restrict or block cookies, go to http://www.allaboutcookies.org. Remember, though, without cookies, users may not be able to take full advantage of all of our website features.
We may also use locally stored objects (sometimes referred to as “Flash cookies”) for security and fraud detection purposes. Flash cookies are not managed through web browser settings. Please visit Adobe’s Flash Player Help website for help with managing Flash cookies.
How we use Personal Information
Usage and disclosure of Personal Information varies based on a party’s relationship with CyberSource. CyberSource primarily uses this information to provide the Services and related features and to:
- Facilitate the processing of payment transactions
- Respond to requests and inquiries
- Provide support services
- Send administrative information, such as changes to our terms, conditions, and policies
- Administer promotions or contests
- Facilitate social sharing functionality
- Analyze and monitor Services usage and to make improvements
- Help secure the Services, prevent fraud and enforce our policies
- Help personalize our Services
- Communicate about other CyberSource services or those of our affiliates or other third parties
- To make contact, directly or through a third party vendor, to complete a survey or questionnaire
- To communicate, directly or through a third party vendor, about CyberSource offerings, about general company news and industry trends, and to address responses to a survey or questionnaire
- Compile information for use on an aggregated and de-identified basis
- Conduct data analysis and research, audits, develop new products, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
- Perform other activities with consent. For example, when we receive an application from a business, we may perform a search with a credit reference agency and fraud prevention agency on the individual company directors or partners.
How we share Personal Information
We will only share Personal Information as described in this policy. Specifically, we may share Personal Information:
- As necessary to perform the Services and to complete payment transactions
- With companies and vendors that help us to operate our business by providing services such as website hosting, fraud screening, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services
- With third parties that have contracted with CyberSource to perform certain functions on our behalf
- With third parties sponsors of promotions or contests where consent has been given
- To comply with law or other legal obligations such as responding to subpoenas, or other requests from public and government agencies, including laws and other legal obligations outside a party’s country of residence
- To protect our rights, operations or property, or that of our users
- To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of the Service’s terms and conditions
- With other companies that control, are controlled by, or are under common control with CyberSource that support the provision of Transaction Services or relationship with a party. This includes its subsidiaries and parent companies
- With a purchaser of all or a unit of CyberSource (or the majority of CyberSource’s or its unit’s assets), a merger, acquisition, or internal reorganization of CyberSource or a unit of CyberSource
- With consent
Please note that any information posted to public areas such as on our social media pages may be seen by other visitors.
Users can choose not to provide us Personal Information when you use our website(s) or mobile application(s). However if the information request is not identified as optional and a user chooses to not provide required Personal information, then the user may not be able to use the features of the website or mobile application.
Users can opt out of receiving promotional email from CyberSource by following the unsubscribe link in those email messages. Users can opt out of receiving SMS text messages from CyberSource by replying STOP to any message.
Users can learn more about CyberSource’s use of online behavioral advertising and how it can manage its choices for online behavioral advertising by clicking here
Users can configure its browser to reject cookies, or to notify it when a cookie is set. However, if you reject cookies, the Services may not operate properly.
Accessing or editing Personal Information
CyberSource may be contacted at the email address at the bottom of this policy to request access to or that we update, or correct the Personal Information collected by our Services. Please note, that consistent with local law, CyberSource may retain Personal Information for auditing purposes, to troubleshoot problems, assist with investigations, enforce our policies or comply with legal requirements. Please note that we are not responsible for permitting the review, or the updating or deleting Personal Information provided to a third party, including any mobile application, social media platform, or wireless service provider.
Third Parties and Linked services
CyberSource is not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, including any Personal Information disclosed to other organizations through or in connection with the Services.
The inclusion of a link on the CyberSource website does not imply endorsement of the linked site or service by CyberSource.
Information Security and Data Retention
We use physical, technical, organizational, and administrative safeguards to help protect your Personal Information from unauthorized access or loss. For example, we use technology like encryption to protect sensitive Personal Information (such as your account number) during transmission. We will retain your Personal Information for as long as the information is needed for the purposes listed above and for any additional period that may be required or permitted by law.
Use of the Services by minors
Our websites and applications are not directed to children under 16 and we do not knowingly collect any Personal Information directly from children under 16.
We may also receive Personal Information about children from merchants, such as when children are authorized users of payment cards. If you believe that we are processing information pertaining to a child inappropriately, please contact us using the information provided under the contact us section below so that we may investigate and restrict the data.
How to Contact Our Privacy Office
If you have questions or comments about our privacy practices, or would like help exercising your rights in accordance with this Privacy Notice, please
- Email us: email@example.com
- Mail us a letter:
Visa Global Privacy Office
900 Metro Center Blvd.
Foster City, CA, 94404
European Economic Area (EEA) - Privacy Notice
We are providing this supplemental privacy notice to give individuals in the European Economic Area (EEA) the additional information required by the EU General Data Protection Regulation. These provisions, together with the statements in the Privacy Statement above explain our practices with regard to EEA Personal Information.
1. Information About Us
CyberSource Corporation (“CyberSource”) is an Affiliate of Visa, Inc. This information is being provided by CyberSource and our Affiliates:
900 Metro Center Boulevard
Foster City, CA 94404
We are based in the United States. Our representative in the EEA is:
Visa Europe Limited
1 Sheldon Square
London, W2 6TT
Registration Number: Z8657396
You can contact the Visa Global Privacy Office by emailing firstname.lastname@example.org or writing to us at:
Visa Global Privacy Office
900 Metro Center Boulevard
Foster City, CA 94404
2. The Purposes and Legal Basis for Processing, including Legitimate Interests
Our Privacy Statement explains the reasons why we process your Personal Information (as defined in our Privacy Statement). We only process Personal Information when we have a legal basis for the processing, as follows:
- To fulfill a contract with you, or as needed to fulfill a contract between you and a merchant or between you and the financial institution or other entity that issued your card, where we are providing payment services or acting as a data processor,
- For closely-related purposes, such as payment processing and financial account management, contract management, website administration, business continuity and disaster recovery, security and fraud prevention, corporate governance, reporting and legal compliance,
- With your consent (or provided you have not objected, or opted-out, as may be appropriate under applicable law), to provide you with marketing communications, or,
- To comply with the laws that are applicable to us around the world
We may also process your Personal Information for the purposes of our own legitimate interests or for the legitimate interests of others, provided that processing does not and shall not outweigh your rights and freedoms. In particular, we will process your Personal Information as needed to:
- Protect you, us or others from threats (such as security threats or fraud),
- Enable or administer our business, such as for quality control, consolidated reporting, and customer service,
- Manage corporate transactions, such as mergers or acquisitions, and
- Understand and improve our business or customer relationships generally.
3. Automated Decision-Making and Profiling
We use profiling and analytics to understand how individuals use their payment cards and other products, for product development purposes and business intelligence purposes. These analytics help us understand and improve our products and better serve our clients and consumers. We also use analytics for security and anti-fraud purposes, such as to identify unauthorized use of payment cards.
We will not make automated-decisions about you that may significantly affect you, unless (1) the decision is necessary as part of a contract that we have with you or to fulfill a contract between you and a merchant or between you and the financial institution or other entity that issued your card, (2) we have your explicit consent, or (3) we are required by law to use the technology.
4. When You are Required to Provide Personal Information to Us
You are not required by law to provide any Personal Information to us. For example, you always decide whether to participate in our promotions or to use our services. You are required to provide certain Personal Information to enable us to enter into a contract with you so that you can use our products and services or participate in promotions. Our registration forms indicate which data elements are required for our contracts.
When we provide payment processing services or acts as a data processor, we receive your Personal Information from third parties as needed to provide services.
5. Your Rights
You have choices about how we use your Personal Information. You always have the right to object to our marketing communications.
We also respect the rights of EEA residents to access, correct and request erasure or restriction of their Personal Information as required by law. Where we are a data controller, this means:
- You generally have a right to know if we are storing your Personal Information. If we are, you have the right to request that we provide you with a copy of that Personal Information, or in some cases, provide the information to another data controller. If your information is incorrect or incomplete, you have the right to ask us to update it.
- You have the right to object to our processing of your Personal Information. If we are processing your Personal Information based on your consent, you have the right to withdraw your consent at any time.
- You may also ask us to delete or restrict your Personal Information.
To exercise these rights, please contact us via email to email@example.com or write to the Global Privacy Office at the address above and a member of our Privacy Team will assist you. Please understand that we may need to verify your identity before we can process your request.
If we are processing your Personal Information as a data processor, we will refer you to our client (such as to the merchant) for assistance with these requests. We support our clients in responding to requests as required by law.
If you believe that we have processed your Personal Information in violation of applicable law, you may also file a complaint with our Data Protection Officer, who can be reached by contacting the Visa Global Privacy Office, or with a supervisory authority.
6. International Transfers
Your Personal Information may be transferred to, stored at or processed in the United States, Singapore, Australia and other countries that may not have equivalent privacy or data protection laws.
We generally use approved Standard Contractual Clauses to assure that Personal Information is adequately protected when it is transferred out of the European Economic Area or Switzerland, but we may also make transfers to recipients with approved Binding Corporate Rules or to recipients in the United States who have certified to the EU-US and/or Swiss-US Privacy Shield Framework.
Please contact us via email to firstname.lastname@example.org if you would like more information about cross-border transfers or to obtain a copy of the Standard Contractual Clauses.
7. Data Retention
We will retain your Personal Information for as long as the information is needed for the purposes set forth above and for any additional period that may be required or permitted by law. The length of time your Personal Information is retained depends on the purpose(s) for which it was collected, how it’s used, and the requirements to comply with applicable laws. You may request that we delete your Personal Information by contacting us via email to email@example.com or writing to the Global Privacy Office at the address above. If we do not have a legal basis for retaining your information, we will delete it as required by applicable law.