Skip to Content

Effective Date: 1st March 2024

At Mastercard, we offer a market-leading program that helps to provide you with a secure and seamless payment experience (“Automatic Billing Updater” or “ABU Program”). In particular, our ABU Program provides a secure and simple way for acquirers and merchants to receive updated payment account credentials when a payment card has expired or has been renewed. For example, if you saved your payment card details in a merchant’s application and the card subsequently expires, Mastercard can provide the merchant with your updated payment details, without the need for you to take further action.

We recommend that you read this notice together with Mastercard's Global Privacy Notice.

1. SCOPE OF THIS NOTICE

This privacy notice (“Notice”) describes how Mastercard Europe SA (collectively “Mastercard”, “us” or “we”) processes Personal Information when it operates the ABU Program in the European Economic Area, the United Kingdom and Switzerland. “Personal Information” means any information relating to an identified or identifiable individual (“you”).

This Notice does not cover the processing where we act on behalf of and under the instructions of financial institutions (e.g., the bank that issued your Mastercard card), merchants and other partners which act as data controllers, including for processing payment transactions. Please refer to their privacy notices for information about the processing of your Personal Information in such cases.

2. WHAT PERSONAL INFORMATION WE PROCESS FOR THE ABU PROGRAM

We collect the following types of Personal Information relating to you:

  • Information about your expired payment card: old account number and old expiration date.
  • Information about your new payment card: new account number and new expiration date.

We obtain the above categories of Personal Information from the financial institutions that issued your payment card.

3. HOW WE USE YOUR PERSONAL INFORMATION

We may use your Personal Information for the purposes set out below and will only process your Personal Information when we have a legal basis for the processing, as identified in the table below.

    Processing Activity

Legal Basis for Processing

    Provide, support, and enable the ABU Program, including making updated payment card information available to other Mastercard products and services.
  • We, or a third party, have a legitimate interest in using your Personal Information to reduce payment failure and increase the security of the payment network by operating the ABU Program.

    Detect, investigate, and prevent fraud.

    For more information on our fraud and security activities, please see our Fraud and Security Notice.
  • We, or a third party, have a legitimate interest in using your Personal Information to protect against fraud, securing our ABU Program, our network, and the payment transactions that we process.

    Evaluate, improve, and develop our products and services, including the ABU Program.
  • We, or a third party, have a legitimate interest in using your Personal Information to evaluate, improve, and develop our products and services.

    De-identify or anonymize Personal Information and prepare aggregated reports for internal analysis and benchmarking.
  • We, or a third party, have a legitimate interest in de-identifying or anonymizing Personal Information and preparing aggregated data reports for internal business purposes.

    Comply with legal obligations and law enforcement requests.
  • The processing is necessary for compliance with a legal or regulatory obligation.

    Establish, exercise and defend legal rights.
  • We, or a third party, have a legitimate interest in using your Personal Information to establish, exercise, and defend legal rights.

    Comply with industry standards and our policies.
  • We, or a third party, have a legitimate interest in using your Personal Information to comply with industry standards and our policies.

4. HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your Personal Information:

  • With Mastercard’s headquarters in the U.S., our affiliates, and other entities within Mastercard’s group of companies.
  • With participants to the ABU Program, such as financial institution(s) (i.e., banks that issued the card(s) enrolled in the ABU Program and acquirers) and participating merchants.
  • With service providers who perform services on our behalf and in connection with the purposes described in this Notice. We subject them to strict contractual data protection and security obligations.
  • When we believe disclosure is necessary to protect individuals’ vital interests, to protect Mastercard against harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • As required under applicable law or legal process, or to respond to requests from law enforcement or governmental agencies. When receiving such requests, we will follow the process set out in our Binding Corporate Rules, where applicable.
  • In the event of the sale or transfer of our business or assets, in whole or in part. In such event, we will use reasonable efforts to direct the transferee to use the Personal Information you provided to us in a manner consistent with this Notice.

5. YOUR RIGHTS AND CHOICES, HOW TO CONTACT US, AND ADDITIONAL INFORMATION ABOUT OUR PRACTICES

For more information about your rights, how to contact us, or to learn more about how we share, transfer, retain and protect your Personal Information, please read our Global Privacy Notice.

You have certain rights and choices, as detailed in the Global Privacy Notice, regarding the Personal Information we maintain about you. You, or a party authorized to act on your behalf, can exercise these rights on Mastercard’s My Data Centre portal or by submitting a request as described in the Global Privacy Notice.

For enquiries about your Mastercard card and your purchases, please contact your financial institution or merchant. More information about how to contact them can be found on their websites.