Online Privacy Statement

This Online Privacy Statement ("Privacy Statement") describes how DFS Services LLC and its subsidiaries, Diners Club International LTD, PULSE Network LLC (collectively, "we", "our", "us" and "Discover"; individually, a "Network") treat your information on the sites on which this Privacy Statement appears ("Mobile App" or "Website"), as well as when you interact with us on social media sites (in each case, "Online Services").

Please note that other Discover services, websites, applications and geographic regions may have different privacy practices. In those cases, we will display a different privacy statement that applies when you interact with those services, websites, geographic regions or applications. Please review the applicable privacy statement.

Our Online Services collect personal data.

We collect personal data from certain users of Online Services, such as a cardholder, natural person associated with, and acting on behalf of a merchant, issuer, acquirer, processor or other Participants to whom we offer a payment solution and/or card acceptance. Information about an entity including a Participant will only constitute personal data if the entity is a natural person or sole proprietor.

In order to support card acceptance, resolve inquiries or improve customer experience, we, our agents, or our Service Providers may collect personal data from a merchant, issuer or other Participant including a merchant's representative in a number of instances including, for example:

  • when a merchant directly or through an acquirer applies for payment card acceptance;
  • when an issuer, merchant or acquirer processes a card transaction as payment for goods or services or in exchange for cash;
  • when a sales representative is engaged to promote payment card acceptance or related products and services; and
  • when we allow cardholders, agents of acquirers, merchants, issuers, issuer processors, and other participants to whom we offer portal or a tool to support payment acceptance and/or related products or services.

The types of personal data that we collect, use and disclose depends on the Network, product or service that the merchant, issuer or other Participant receives from us and your relationship with the entity (e.g. owner, officer, director, and employee) and may include financial and related personal or business information including the following, as applicable:

  • Name, title and personal and business contact information including physical address, email address and telephone number;
  • IP Location;
  • Card transactions, account balances, transaction history and payment history;
  • Date of birth; and
  • Other information with your consent or as permitted or required by applicable law.

Online data. We may also collect data about the browser, IP address, device (including device ID and advertising ID), and operating system you're using to digitally interact with us or to conduct or attempt a card transaction. We might look at what site you came from and/or the physical location where you conduct or attempt to conduct a card transaction, what you view within our Online Services, the length of time you visit the site, and/or what site you visit when you leave us. We may collect your electronic and/or physical location using GPS, a cellular network location, Wi-Fi networks, browser services, or data you provide.

We collect your data in the following ways:

  • Data are collected directly from you. We collect personal data you submit to us when you use our Online Services. We also collect personal data you submit through our Online Services, such as requests to enroll in offers, alerts, newsletters, promotions prospective merchant referrals, and what you write when you chat with a customer service agent. We collect personal data when you complete an online survey, submit an online referral recommending that we or third parties contact a prospective merchant about card acceptance, respond to due diligence questionnaires, or when you click a link.
  • Data are collected passively. Our Online Services and some e-mails may use tracking tools like cookies and pixel tags. Our Online Services gather online data about you over time across multiple websites, other platforms, or other mobile apps. Learn how you can control cookies and tracking tools in the section "How to Manage Your Online Privacy Choices".
  • We collect data from third parties, including social media sites. Our Business Partners and Service providers may provide us data about you. We may collect personal data of merchants from others, such as cardholders, third party providers of merchant information and GPS location services, our affiliates or other companies, including those with whom you or the Participant purport to have or have had a business relationship, credit reports and third party databases. We collect data about you when you interact with a Network on social media sites or other third-party websites such as YouTube, Twitter, Facebook, Google+, Pinterest, LinkedIn, Instagram and Hoover.com. Your use of such site and which data each social media and other third party site may share with us is subject to its privacy policies, terms of use, privacy and advertising settings. Never disclose any personal financial information on any social media site.

Our Online Services collect data about you to operate effectively and to provide our services and products. We may use your information to:

  • Send administrative information to you, such as changes to our terms, conditions, and policies.
  • Respond to your requests or questions.
  • Send alerts that you signed up for.
  • Send you information about new products and special offers if you have chosen to opt-in.
  • Send you newsletters or bulletins to provide you key announcements and updates from Discover.
  • Administer promotions, sweepstakes or contests in which you choose to participate.
  • Improve our products and services.
  • Comply with legal, regulatory, industry self-regulatory, insurance, audit and security requirements including checking your identity against money laundering, terrorist financing or similar watch lists established or enforced by U.S. or other government regulators.
  • Help customers find an ATM location.
  • Monitor for fraud and manage risk.
  • Otherwise communicate with you with your consent or as permitted or required by law.

We may keep personal data as long as necessary or relevant for the practices described in this Online Privacy Statement or as otherwise required by law. Actual retention periods vary depending on the type of services and products. The criteria we use to determine the retention periods include the following:

  • personal data are needed to provide our services and products as described in this Online Privacy Statement (e.g. to provide access to our tools and websites);
  • personal data are needed for auditing purposes;
  • personal data are needed to troubleshoot problems or to assist with investigations;
  • personal data are needed to enforce our policies; and
  • personal data are needed to comply with legal requirements.

Regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records as the onboarding application, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years, respectively.

We may share your data:

  • With companies and vendors that help us to operate our business by providing services such as offers of card acceptance, terminal support for card acceptance, acquirers, terminal providers, website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services.
  • With participants and financial institutions that issue, acquire or process transactions on our Networks.
  • With affiliates and other vendors that perform services on our behalf, such as (as applicable) testing the ability of the merchant's terminals to accept cards, services supporting card acceptance, network services support including data processing services, customer service, statement production, call center services, information technology services, internal audit, management, billing or administrative purposes or otherwise to collect, use, disclose, store or process personal data on our behalf for the purposes described in this statement.
  • To credit bureaus, credit reporting agencies, financial institutions and to other third parties as necessary to maintain your credit history, provide credit references, process payments, and otherwise manage our accounts and fulfil our legal and regulatory requirements*.
  • With third parties sponsors of promotions or contests in which you choose to participate.
  • To any designated fraud service providers and partners used to authenticate cardholders and to authorize card transactions.
  • To comply with law or other legal obligations such as responding to subpoenas, including laws and other legal obligations outside your country of residence.
  • To respond to requests from public and government authorities including public and government authorities outside your country of residence.
  • To protect our rights, operations or property, or that of our users.
  • To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of our terms and conditions.

* We may combine data we get from you with data about you or others that we get from third parties.

You can update your account profile online or by email

We maintain electronic records of your personal data for the purposes described in this Privacy Statement. Depending on the website, you may be able to access and edit your personal data. Otherwise, you may contact us at the email address provided in the section "Contact Us" below to request access to or that we update, or correct the personal data collected by our Websites or when you use our Online Service. Your right to access or correct your personal data indicated in our records is subject to applicable legal restrictions including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to verify your identity before granting access or making corrections to your personal data. You may be required to complete additional forms.

If we receive those data from some other sources, we may direct you to contact other third parties. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to a third party, including any app, social media platform, or wireless service provider.

When you provide us with your personal data, we ask you to consent to our collection, use and disclosure of your personal data for the purposes of providing those products and services as described in this statement. You may opt-out of certain uses and disclosures of your personal data as indicated in this statement. If you wish to opt-out of these uses or disclosures of your personal data:

  • Contact us as described in the section "Contact Us" below.

We Use Cookies and Similar Technologies

We use common tracking technologies for a variety of reasons.We may use technologies such as cookies, browser information, location information, device-level advertising and user identifiers, and pixel tags to uniquely identify your computer or device and the pages you view within our Online Services from time to time as well as to provide information to us and third parties about sites you visit after seeing Discover ads or offers. Our Service Providers may also use these tools. We use tracking tools:

  • to recognize new or past customers;
  • to store your password if you are registered on our Website or Mobile App;
  • to improve our Website, Mobile App and/or other Online Services;
  • to serve you with interest-based or targeted advertising (see below for more on interest-based advertising);
  • to observe your behaviors and browsing activities over time across multiple websites or other platforms; and
  • to better understand the interests of our customers and users of our Website, Mobile App and/or other Online Services.

You can control cookies and tracking tools on our Website. Our Online Services do not respond to browser-level "do not track" settings because this setting is not universal across browsers. However, your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to clear past and reject future cookies. If you block cookies on your browser, certain features of our Online Services may not work. Additionally, if you block or delete cookies, not all of the tracking activities we have described here will stop. Choices you make are both browser and device-specific.

You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications on your phone. If your phone allows, you can change app-specific location settings.

We Conduct Interest-based Advertising

We use interest-based advertising to target our advertising more effectively. To decide what is relevant to you, we use data you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our Service Providers or Business Partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others.

You may see Discover advertisements on other websites you visit from time to time. Some of these ads are based on your Internet browsing history over time and across different websites. We (or Service Providers on our behalf) collect data this way. This is called interest-based or online behavioral advertising.

Interest-based advertising or online behavioral advertising includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your online activities. These ads might be served on websites, apps or emails. We might serve these ads or third parties may serve ads. They might be about our products or other companies' products.

How you can opt out of interest-based advertising.There are several ways you can opt-out of interest-based advertising.

  1. First, you can opt-out of receiving interest-based ads from Discover or its partners using this tool.
  2. Second, you can opt-out right from the ad itself. Ads served using interest-based advertising will have an Advertising Option icon in the ad. If you see that icon on Discover ads, you can click on it. You will then get an option to opt-out. Note that you may have to opt out separately for each of the Networks: Discover Global Network, Diners Club International and PULSE.
  3. Third, the Self-Regulatory Program for Online Behavioral Advertising program provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes generally.
  4. On mobile devices, you can control device-level advertising privacy settings. For example, toggle the "Limit Ad Tracking" on iOS devices or "Opt out of interest-based ads" on Android devices.
  5. We provided additional options to allow you to configure your online ad experience. See Adchoices.

If you opt out via methods 1-3 above, your choice will be stored as a cookie. If you remove or delete cookies you will need to renew your preferences. Your choices are also device and browser-specific.

We also advertise in other ways. If you opt out of interest-based ads, you may still see Discover or its partners' ads. These are ads that are not based on your Internet browsing history. Some may be generic. Others may be targeted to you or an advertising segment you are in. The websites or services where targeted ads appear will have instructions about how to modify your advertising preferences within those sites. We encourage you to review those instructions and settings.

These Online Services are not intended for children. Our Online Services are meant for adults and are not directed to children. We do not knowingly collect personal data from children under 16 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 16 has given us data, you can e-mail us at Privacy@discover.com.

Our Online Services may link to third-party services or apps that we do not control. If you click on a link to a third-party site, you will be taken to websites or apps we do not control. This includes social media sites. This Online Privacy Statement does not apply to the privacy practices of those websites. Carefully read the privacy policy of other websites. We are not responsible for these third-party practices.

We may update this Online Privacy Statement at any time.We may change our Online Privacy Statement from time to time. We will notify you of any material changes to our Privacy Statement as required by law. Please check the Website and Mobile App periodically for updates. This Privacy Statement was last updated on December 30, 2019.

For more information, if you have questions about your personal data or if you have a privacy concern you may email our Data Protection Officer and/or Representative at: privacy@discover.com or write to us at:

Discover Financial Services
Attn: ECP Privacy Operations
P.O. BOX 795
Deerfield, IL 60015
USA

Rights for European Union (EU) Data Subjects

We adhere to applicable data protection laws in the European Union ("EU"), when relevant and appropriate. If you are a data subject located in the European Union, this means that:

  • if we process your personal data based on your consent, you have the right to withdraw your consent at any time for further processing;
  • you have the right to request access to, rectification of or deletion of your personal data;
  • you have the right to object to the processing of your personal data;
  • you have the right to request us to transfer your personal data to another controller;
  • you have the right to request us to restrict the processing of your personal data; and
  • you have the right to file a complaint with the Supervisory Authority in the Member State of your habitual residence, place of work or where the alleged infringement happened.

The above rights are subject to legal restrictions, as provided by the applicable EU privacy law.

When we process your personal data, we rely on specific legal grounds. When we process your personal data, we do so with your consent and/or as necessary to provide our services and products, fulfil our contractual and legal obligations, or other legitimate interests as described in the "Online Privacy Statement" section above, in the sections "How We Use Your Data" and "What and With Whom We Share".

We use security measures to protect your personal data. We take reasonable steps to protect your personal data using measures appropriate to the sensitivity of the personal data in our custody or control, which include safeguards to protect against unauthorized access and use. These measures include computer safeguards and secured files and buildings. Our authorized employees, agents and service providers who require access to your personal data to perform their obligations will have access to your personal data.

We store data in the United States. If you live outside of the United States, you understand and agree that we may transfer your personal data to the U.S. Our Online Services and associated practices are subject to applicable U.S. laws.

International data transfer. We may transfer personal data to countries other than the country in which the data was originally collected. We generally rely on standard contractual clauses to govern the transfer of information between entities. These countries may not have the same data protection laws as the country in which you initially provided the data. When we transfer your personal data to other countries, we will protect the data as described in this Privacy Statement.

When your personal data are transferred from the European Union, it is the responsibility of the data exporter to ensure that such transfers are done in, compliance with EU Privacy Law. If we were to be the data exporter, we would put in place appropriate measures for such transfers to happen in compliance with EU Privacy Law. If you have more questions on when such situations might take place, you can email us at: DGNPrivacy@discover.com.

For more information, if you have questions about your personal data or if you have a privacy concern you may email our Data Protection Officer and/or Representative at: Privacy@discover.com or write to us at:

Discover Financial Services
Attn: ECP Privacy Operations
P.O. BOX 795
Deerfield, IL 60015
USA

And/or to the Representative:

Diners Club International
The Ark
Attn: GDPR Representative
201 Talgarth Rd., Level One
Hammersmith, London, W6 8BJ
UK

EU data subjects may also contact their respective Supervisory Authority with any questions about our privacy practices.

Rights for Individuals in Canada

Please visit https://www.discovernetwork.ca/privacy.html to download the privacy statement

Rights for Consumers in California

This California Consumer Privacy Act Disclosure ("Disclosure") explains how Discover Bank, DFS Services LLC, PULSE Network LLC, Diners Club International, Ltd., the Discover Global Network, Pulse EFT Association, Inc., DFS Corporate Services LLC, DFS International Incorporated, Discover Products Inc., the Student Loan Corporation and their affiliates and subsidiaries (collectively, "Discover", "we", or "us") collect, use, and disclose Personal Information relating to California residents that is subject to the California Consumer Privacy Act ("CCPA"). Discover affiliates and subsidiaries include companies related by common ownership or control with a Discover or DFS name and financial companies such as GTC Insurance Agency, Inc.

What is Personal Information?

Under the CCPA, "Personal Information" is information that identifies, relates to, or could reasonably be linked with a particular California resident or household. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act ("GLBA").

As a result, this Disclosure does not apply, for example, with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes ("GLBA Consumers").

Additionally, any personal information provided to or received by us related to a business or commercial product or service, including any information collected and used to conduct due diligence, is not subject to this Disclosure.

In the past 12 months, we have not "sold" Personal Information relating to California residents within the meaning of the CCPA. For purposes of this Disclosure, "sold" means the disclosure of Personal Information to a business or third party for monetary or other valuable consideration.

Our Collection, Use, and Disclosure of Personal Information

We collect Personal Information relating to California residents in a variety of contexts as described below. For example, we collect Personal Information relating to California residents for marketing purposes and from individuals who apply for employment with us or are our employees, vendors, contractors, or similar personnel. The specific Personal Information that we collect, use, and disclose relating to a California resident will depend on our specific relationship or interaction with that individual. In the past 12 months, we have: (1) collected the following categories of Personal Information relating to California residents; and (2) shared or disclosed the following categories of Personal Information relating to California residents to vendors or other counterparties for our business purposes:

(1) Personal Identifiers, such as name and mail address;

(2) Personal information, as defined in the California safeguards law,such as contact information and financial information;

(3) Characteristics of protected classifications under California or federal law, such as age, citizenship, and marital status;

(4) Commercial information,such as transaction and account information;

(5) Internet or electronic network activity information, such as browsing history and interactions with our website;

(6) Geolocation data,such as device location and certain device information;

(7) Sensory data, including audio, electronic, visual, and similar information such as call recordings;

(8) Professional or employment-related information,such as current employment information or employment history;

(9) Education information, such as school and date of graduation; and

(10) Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual's preferences and characteristics.

The purposes for which we use the Personal Information that we collect depend on our relationship or interaction with a specific California resident. Nonetheless, we may use Personal Information we collect to operate, manage, and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives. For example, we use Personal Information we collect to:

(1) Detect security incidents;

(2) Personalize, develop, market, advertise, and provide our products and services (including analytic services);

(3) Provide customer service;

(4) Process payments or transactions, provide financing, or fulfill orders;

(5) Conduct research and data analysis;

(6) Detect and prevent fraud (including protecting against and/or prosecuting malicious, deceptive, fraudulent, or illegal activity);

(7) Perform identity verification;

(8) Maintain our systems, infrastructure, and facilities including debugging to identify and repair errors that impair existing intended functionality;

(9) Maintain or service accounts;

(10) Conduct risk and security control and monitoring;

(11) Perform accounting;

(12) Perform audit functions, including auditing interactions with consumers;

(13) Maintain and enhance a product or service;

(14) Verify and provide employment benefits and administration (e.g., employment eligibility, payroll, and performance management); and

(15) Conduct other internal functions, such as investigations or research for technology development, comply with legal obligations, maintain business records, and exercise and defend legal claims and rights.

We collected the categories of personal information set forth above from the following categories of sources:

A. Directly from you;

B. Through Discover affiliates and subsidiaries;

C. Through non-affiliated business partners or other counterparties;and

D. CCPA Service Providers, with whom we have a contractual relationship to perform services on our behalf;

We may share or disclose personal information for a business purpose to the following categories of third-parties:

A. Discover affiliates and subsidiaries;

B. Non-affiliated business partners or other counterparties;

C. CCPA Service Providers,with whom we have a contractual relationship to perform services on our behalf; and

D. Regulatory agencies and law enforcement.

Your Rights Under the CCPA

If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:

(1) The categories of Personal Information that we collected about you and the categories of sources from which we collected such Information;

(2) The business or commercial purposes for collecting Personal Information about you;

(3) The categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom we disclosed such Personal Information (if applicable); and

(4) The specific pieces of Personal Information we collected about you.

If you are a California resident, you may also request that we delete Personal Information that we collected from you. The CCPA sets forth exceptions for when information is not required to be deleted, including but not limited to where information is necessary to maintain in order to provide a good or service that you requested, comply with a legal obligation, detect security incidents or protect against malicious, deceptive, fraudulent, or illegal activity.

Further, in some instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer, where the Personal Information that we maintain about you is not subject to CCPA requirements, or where the Personal Information is a trade secret.

Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

Changes to This California Consumer Privacy Act Disclosure

We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page.

  • Submit a request online here. By submitting a request via this link, we will search for your personal information in connection with Pulse, Diners Club International and Discover Global Network.
  • Call us at 1-800-239-9719.

For information related to Discover Bank, you may click the link to visit the website and follow the instructions in the Privacy Notice for California Residents.

You may only exercise your right to receive disclosures twice within a twelve (12) month period. The request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or you are an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

In order to respond to your deletion request or provide you with personal information we must: (1) verify your identity or authority to make the request, and (2) confirm the personal information relates to you. We will use personal information provided in a request for security purposes and to verify the requestor's identity or authority to make the request.

Any request for disclosure or deletion shall not apply to any information collected from you to the extent that you were acting as a job applicant, an employee, or a contractor.

Glossary

Business Partners: Companies and other Financial Institutions that we partner with to jointly market and/or deliver products and services to cardmembers, issuers, merchants, acquirers and other Participants. Business Partners include third party networks. We also partner with certain organizations, like trade associations, to offer financial products using their organizational logo.

Card (regardless of whether capitalized): A valid payment card that is issued by an issuer within a number range designated by us that is approved for acceptance on a Network to purchase goods or services and, in certain cases, in exchange for cash.

Cookies: Small pieces of text that are placed in your browser by the websites you visit and the advertising companies and content partners for those sites. No personal data are stored in cookies.

IP address: A unique "Internet Protocol" number assigned to a device connected to the Internet. Discover treats IP addresses as non-personal data unless otherwise required by law.

Participant: An entity that has entered into an agreement with a Network to conduct specified business activities pertaining to card issuance, card acceptance, card transactions and/or processing (e.g. issuer, acquirer, merchant, network alliance) or an agent of such entity (e.g. processor, gateway).

Personal data: Information that personally identifies an individual.

Pixel tags: Enables two websites to share information. It consists of a small piece of software code that incorporates a graphic image on a web page or e-mail.

Service Providers: Third parties with whom we have a contractual relationship to perform services on our behalf. Service Providers may not use personal data for any other purpose other than carrying out the services.