Mastercard “UEFA Champions League – Win a priceless mascot experience for your child – Match Days 2018/2019” CAMPAIGN
Effective Date: 04/09/2018
Mastercard Europe SA, its affiliates and other entities within the Mastercard’s group of companies (“Mastercard”, “we”, “us”, or “our”) respect your privacy.
This Privacy Notice applies to the processing of Personal Information collected in the context of Mastercard “UEFA Champions League – Win a priceless mascot experience for your child – Match Days 2018/2019” Campaign (“the Campaign”). This Privacy Notice does not cover the collection and use of your Personal Information by Mastercard in the context of other campaigns and programs, by third parties on other Mastercard branded websites, by your Mastercard Card issuers (e.g., your bank), or any other information or communications that may reference Mastercard outside of the Campaign.
This Privacy Notice describes the types of Personal Information we collect in connection with the Campaign, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
Your participation in the Campaign is subject to this Privacy Notice and to our Terms and Conditions. For more information about Mastercard’s privacy practices, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html
1. Personal Information we may collect
We may collect the following Personal Information:
Your first name, last name, telephone number, email address, county, child’s full name, child’s age, child’s height and your child’s picture and/or video image.
For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Campaign, we obtain Personal Information relating to you from various sources described below.
Where applicable, we indicate whether and why you must provide us with your Personal Information, as well as the consequences of failing to do so. If you do not provide Personal Information when requested, you may not be able to benefit from the Campaign if that information is necessary to provide you with it or if we are legally required to collect it.
a. Personal Information Provided by You
In connection with the Campaign, we ask you to provide certain Personal Information, such as Your first name, last name, telephone number, email address, county, child’s full name, child’s age, child’s height and your child’s picture and/or video image.
b. Personal Information Obtained from Your Interaction with the Mastercard.co.uk website
2. How we may use your personal information
We may use your Personal Information to:
- Provide you with the Campaign and communicate with you.
- Improve, develop and promote the Campaign.
- Enforce our Terms and Conditions and comply with our legal obligations.
- To ensure your child is eligible for the prize
- Contact you to manage your experience and provide you with further information
We may use the Personal Information we obtain about you to:
- Provide you with the Campaign and communicate with you, including determining winners, contacting winners, announcing their names and countries.
- Improve, develop and promote the Campaign.
- Enforce our Terms and Conditions.
- Contact you to ensure your child is eligible for the prize and to manage your experience and provide you with further information
We will only process your Personal Information for the above purposes when we have a valid legal ground for the processing, including if:
- You consented to the use of your Personal Information. For example, we may seek to obtain your consent for our uses of cookies or similar technologies, to send you marketing communications or to process Personal Information deemed sensitive pursuant to applicable law.
- We need your Personal Information to provide you with products and services, or to respond to your inquiries.
- The processing is necessary for compliance with a legal obligation such as to prevent and monitor fraud in payment transactions.
- We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent fraud, to anonymize Personal Information and carry out data analyses.
3. How we share your personal information
We may share Personal Information with:
- Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
- Mastercard’s agencies Big Group and Octagon.
- Our service providers acting on our behalf.
- Third parties in the event of a sale or transfer of our business or assets.
4. Your rights and choices
Subject to applicable law, you have the right to:
- Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion.
- Receive the Personal Information you provided to us to transmit it to another company.
- Withdraw any consent provided.
- Where applicable, lodge a complaint with your Supervisory Authority.
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements.
If you are located in the EEA or Switzerland, you can exercise your rights via Mastercard’s My Data Portal. You may also submit a request as described in the “How to Contact Us” section.
5. How we protect your personal information
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.
We maintain appropriate administrative, technical, and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of the Campaign or when you request their deletion, unless we are required by law to keep the information for a longer period. We complete periodic reviews of our databases, and have established specific time limits for data deletion, taking into account the type of data collected, the type of services provided in the context of the Campaign, the length of the customer relationship, possible re-enrolment with the program, mandatory retention periods, and the statute of limitations.
6. Data transfers
We may transfer your Personal Information outside of the EEA, including to the United States, in compliance with our Binding Corporate Rules and other data transfer mechanisms.
Mastercard is a global business. We may transfer or disclose Personal Information we collect about you to recipients in countries other than your country, including to the United States where our global headquarters are located. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Privacy Notice.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information we process globally. A copy of our BCRs is available here. We may also transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable. You may contact us as specified in the “How to Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.
7. Updates to this privacy notice
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may seek your consent.
8. How to contact us
If you are located in the EEA or Switzerland, you may submit your request to exercise your rights in relation to your Personal Information on Mastercard’s “My Data” Portal. Otherwise, you can e-mail us at firstname.lastname@example.org.
Mastercard Europe SA is the entity responsible for the processing of your Personal Information.
If you are located in the EEA or Switzerland, you can easily exercise your rights via Mastercard’s “My Data” Portal. You may submit a request to exercise your rights or share any questions, comments, or complaints about this Privacy Notice or our privacy practices by e-mailing us at email@example.com, or writing to us at:
Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
For more information on Mastercard’s privacy practices in other contexts, please refer to our Global Privacy Notice available at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html
For all other enquiries about your Mastercard card and your purchase, you must contact your issuing bank or the participating merchant. More information about how to contact them can be found on their respective websites.