Online Privacy Statement
This Online Privacy Statement ("Privacy Statement") describes how DFS Services LLC and its subsidiaries, Diners Club International LTD, Pulse Network LLC (collectively, "we", "our", "us" and "Discover") treat your information on the sites on which this Privacy Statement appears ("Online Services", "Mobile App" or "Website"), as well as when you interact with us on social media sites.
Please note that other Discover services, websites, applications and geographic regions may have different privacy practices. In those cases, we will display a different privacy statement that applies when you interact with those services, websites, geographic regions or applications. Please review the applicable privacy statement.
Which Data We Collect About You
Our Online Services collect personal data.
We collect personal data from certain users, such as a cardholder, natural person associated with, and acting on behalf of a merchant, card issuer, processor or other participants to whom we offer a payment solution and/or Card acceptance. Information about an entity will only constitute personal data if a merchant is a natural person or sole proprietor.
In order to support card acceptance, resolve inquiries or improve customer experience, we, our agents, or our service providers may collect personal data from merchant, Issuer or other participant including a merchant's representative in a number of instances including, for example:
- when a merchant directly or through an Acquirer applies for payment card acceptance
- when an Issuer, Merchant or Acquirer processes a Card transaction as payment for goods or services or in exchange for cash
- when a sales representative is engaged to promote payment card acceptance or related products and services;
- when we allow Cardholders, agents of Acquirers, Merchants, Issuers Issuer Processors, and other participants to whom we offer portal or a tool to support payment acceptance and/or related products or services
The types of personal data that we collect, use and disclose depends on the Affiliate, product or service that the merchant or Issuer other participant receives from us and your relationship with the entity (e.g. owner, officer, director, and employee) and may include financial and related personal or business information including the following, as applicable:
- Name, title and personal and business contact information including physical address, email address and telephone number;
- IP Location
- Card transactions, account balances, transaction history and payment history;
- Date of Birth
- Other information with your consent or as permitted or required by applicable law
Online data. We may also collect data about the browser, IP address, device (including device ID and advertising ID), and operating system you're using to conduct or attempt a Card transaction. We might look at what site you came from and/or the physical location where you conduct or attempt to conduct a Card transaction, what you view within our Online Services, the length of time you visit the site, and/or what site you visit when you leave us. We may collect your electronic and/or physical location using GPS, a cellular network location, Wi-Fi networks, browser services, or data you provide.
How We Collect Your Data
We collect your data in the following ways:
- Data are collected directly from you. We collect personal data you submit to us when you use our Online Services. We also collect personal data you submit through our Online Services, such as requests to enroll in offers, alerts, newsletters, promotions prospective merchant referrals, and what you write when you chat with a customer service agent. We collect personal data when you complete an online survey, submit an online referral recommending that we or third parties contact a prospective merchant about card acceptance, respond to due diligence questionnaires, or when you click a link.
- Data are collected passively. Our Online Services and some e-mails may use tracking tools like cookies and pixel tags. Our Online Services gather online data about you over time across multiple websites, other platforms, or other mobile apps. Learn how you can control cookies and tracking tools.
How We Use Your Data
Our online services collect data about you to operate effectively and to provide our services and products. We may use your information to:
- Send administrative information to you, such as changes to our terms, conditions, and policies.
- To respond to your requests or questions.
- Send alerts that you signed up for
- send you information about new products and special offers if you have chosen to opt -in
- send you newsletters or bulletins to provide you key announcements and updates from Network
- Administer promotions, sweepstakes or contests in which you choose to participate
- Improve our products and services
- to comply with legal, regulatory, industry self-regulatory, insurance, audit and security requirements including checking your identity against money laundering, terrorist financing or similar watch lists established or enforced by U.S. or other government regulators;
- Help a customer find an ATM location
- Monitor for fraud and manage risk
- Otherwise with your consent or as permitted or required by law.
How Long We Retain Your Data
We may keep personal data as long as necessary or relevant for the practices described in this Online Privacy Statement or as otherwise required by law. Actual retention periods vary depending on the type of services and products. The criteria we use to determine the retention periods include the following:
- personal data are needed to provide our services and products as described in this Online Privacy Statement. E.g. to provide access to our tools and websites
- personal data are needed for auditing purposes;
- personal data are needed to troubleshoot problems or to assist with investigations;
- personal data are needed to enforce our policies;
- personal data are needed to comply with legal requirements.
Regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records as the onboarding application, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years, respectively.
What and with whom we share
We may share your data:
- With companies and vendors that help us to operate our business by providing services such as offers of card acceptance, terminal support for card acceptance, acquirers, terminal providers, website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services.
- With participants and Financial Institutions that issue, acquire or process transactions on our Network.
- With affiliates and other vendors that perform services on our behalf, such as (as applicable) testing the ability of the merchant's terminals to accept Cards, services supporting Card acceptance, network services support including data processing services, customer service, statement production, call center services, information technology services, internal audit, management, billing or administrative purposes or otherwise to collect, use, disclose, store or process personal data on our behalf for the purposes described in this statement.
- To credit bureaus, credit reporting agencies, financial institutions and to other third parties as necessary to maintain your credit history, provide credit references, process payments, and otherwise manage our accounts and fulfil our legal and regulatory requirements*.
- With third parties sponsors of promotions or contests in which you choose to participate.
- To any designated fraud service providers and partners used to authenticate cardholders and to authorize card transactions.
- To comply with law or other legal obligations such as responding to subpoenas, including laws and other legal obligations outside your country of residence.
- To respond to requests from public and government authorities including public and government authorities outside your country of residence.
- To protect our rights, operations or property, or that of our users.
- To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of our terms and conditions.
We may combine data we get from you with data about you or others that we get from third parties.
How to Manage Your Online Privacy Choices
You can update your account profile online or by email.
We maintain electronic records of your personal data for the purposes described in this Privacy Statement. Depending on the website, you may be able to access and edit your personal data. Otherwise, you may contact us at the email address at the bottom of this policy to request access to or that we update, or correct the personal data collected by our Websites. Your right to access or correct your personal data indicated in our records is subject to applicable legal restrictions including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to verify your identity before granting access or making corrections to your personal data. You may be required to complete additional forms.
If we receive those data from some other sources, we may direct you to contact other third parties. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to a third party, including any app, social media platform, or wireless service provider.
When you provide us with your personal data we ask you to consent to our collection, use and disclosure of your personal data for the purposes of providing those products and services as described in this statement. You may opt-out of certain uses and disclosures of your personal data as indicated in this statement. If you wish to opt-out of these uses or disclosures of your personal data:
- Contact us as described in the section "Feel free to contact us if you have any questions."
We use common tracking technologies for a variety of reasons. We may use technologies such as cookies, browser information, location information, device-level advertising and user identifiers, and pixel tags to uniquely identify your computer or device and the pages you view within our Online Services from time to time as well as to provide information to us and third parties about sites you visit after seeing Discover ads or offers. Our Service Providers may also use these tools. We use tracking tools:
- to recognize new or past customers;
- to store your password if you are registered on our Website or Mobile App;
- to improve our Website and Mobile App;
- to serve you with interest-based or targeted advertising (see below for more on interest-based advertising);
- to observe your behaviors and browsing activities over time across multiple websites or other platforms;
- to better understand the interests of our customers and our Website and Mobile App visitors;
You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications on your phone. If your phone allows, you can change app – specific location settings.
We Conduct Interest-based Advertising
We use interest-based advertising to target our advertising more effectively. To decide what is relevant to you, we use data you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our Service Providers or Business Partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others.
You may see Discover advertisements on other websites you visit from time to time. Some of these ads are based on your Internet browsing history over time and across different websites. We (or Service Providers on our behalf) collect data this way. This is called interest-based or online behavioral advertising.
Interest-based advertising or online behavioral advertising includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your online activities. These ads might be served on websites, apps or emails. We might serve these ads, or third parties may serve ads. They might be about our products or other companies' products.
How you can opt out of interest-based advertising. There are several ways you can opt-out of interest-based advertising.
- First, you can opt-out of receiving interest-based ads from Discover or its partners using this tool.
- Second, you can opt-out right from the ad itself. Ads served using interest-based advertising will have an Advertising Option icon in the ad. If you see that icon on Discover ads, you can click on it. You will then get an option to opt-out. Note that you may have to opt out separately for each of the Networks, Discover Global Network, Diners Club International and PULSE.
- Third, the Self-Regulatory Program for Online Behavioral Advertising program provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes generally.
- On mobile devices, you can control device-level advertising privacy settings. For example, toggle the "Limit Ad Tracking" on iOS devices or "Opt out of interest-based ads" on Android devices.
- We provided additional options to allow you to configure your online ad experience. See Adchoice.
If you opt out via methods 1-3 above, your choice will be stored as a cookie. If you remove or delete cookies you will need to renew your preferences. Your choices are also device and browser-specific.
We also advertise in other ways. If you opt out of interest-based ads, you may still see Discover or its partners' ads. These are ads that are not based on your Internet browsing history. Some may be generic. Others may be targeted to you or an advertising segment you are in. The websites or services where targeted ads appear will have instructions about how to modify your advertising preferences within those sites. We encourage you to review those instructions and settings.
What Are Your Rights Under EU Privacy Law
We adhere to applicable data protection laws in the European Union ("EU"), when relevant and appropriate. If you are a data subject located in the European Union, this means that:
- if we process your personal data based on your consent, you have the right to withdraw your consent at any time for further processing;
- you have the right to request us access to, rectification or deletion of your personal data;
- you have the right to object to the processing of your personal data;
- you have the right to request us to transfer your personal data to another controller;
- you have the right to request us to restrict the processing of your personal data;
- you have the right to file a complaint with the Supervisory Authority, in the Member State of your habitual residence, place of work or where the alleged infringement happened;
The above rights are subject to legal restrictions, as provided by the applicable EU privacy law.
Other Important Privacy Information
When we process your personal data, we rely on specific legal grounds. When we process your personal data, we do so with your consent and/or as necessary to provide our services and products, fulfil our contractual and legal obligations, or other legitimate interests as described in the section "How We Use Your Data" and "What and With Whom We Share Your Personal Data".
We use security measures to protect your personal data. We take reasonable steps to protect your personal data using measures appropriate to the sensitivity of the personal data in our custody or control, which include safeguards to protect against unauthorized access and use. These measures include computer safeguards and secured files and buildings. Our authorized employees, agents and service providers who require access to your personal data to perform their obligations will have access to your personal data.
We store data in the United States. If you live outside of the United States, you understand and agree that we may transfer your personal data to the U.S. Our Online Services and associated practices are subject to applicable U.S. laws.
International data transfer. We may transfer personal data to countries other than the country in which the data was originally collected. We rely on standard contractual clauses to govern the transfer of information between entities. These countries may not have the same data protection laws as the country in which you initially provided the data. When we transfer your personal data to other countries, we will protect the data as described in this Privacy Notice.
When your personal data are transferred from the European Union, it is the responsibility of the data exporter to ensure that such transfers are done in, compliance with EU Privacy Law. If we were to be the data exporter, we would put in place appropriate measures for such transfers to happen in compliance with EU Privacy Law. If you have more questions on when such situations might take place, you can email us at: DGNPrivacy@discover.com
These Online Services are not intended for children. Our Online Services are meant for adults and are not directed to children. We do not knowingly collect personal data from children under 13 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 13 has given us data, you can e-mail us at Privacy@discover.com. Please mark your inquiries "COPPA Information Request."
We may update this Online Privacy Statement at any time. We may change our Online Privacy Statement from time to time. We will notify you of any material changes to our Privacy Statement as required by law. Please check the Website and Mobile App periodically for updates. This Privacy Statement was last updated on May 14, 2018.
Feel free to contact us if you have any questions. For more information, if you have questions about your personal data or if you have a privacy concern you may e-mail our Data Protection Officer and/or Representative at: firstname.lastname@example.org, or write to us at:Discover Financial Services
Attn: ECP Privacy Operations
P.O. BOX 795
Deerfield, IL 60015
And/or to the Representative at:Diners Club International
Attn: GDPR Representative
201 Talgarth Rd, Level One
Hammersmith, London, W6 8BJ
EU data subjects may also contact their respective Supervisory Authority with any questions about our privacy practices.
Business Partners: Companies and other Financial Institutions we partner with to jointly market and/or deliver products and services to Cardmembers, Issuers, merchants, Acquirers and others. Business Partners include other Networks or co-brand Business Partners. We also partner with certain organizations, like trade associations, to offer financial products using their organizational logo.
Cookies: Cookies are small pieces of text that are placed in your browser by the websites you visit and the advertising companies and content partners for those sites. No personal data are stored in cookies.
IP address: A unique "Internet Protocol" number assigned to a device connected to the Internet. Discover treats IP addresses as non-personal data unless otherwise required by law.
Participant: An entity that has entered into an agreement with the Network to conduct specified business activities pertaining to Card transactions and processing.
Personal data: Information that personally identifies an individual.
Pixel tags: Enables two websites to share information. It consists of a small piece of software code that incorporates a graphic image on a web page or e-mail.
Service Providers: Third parties with whom we have a contractual relationship to perform services on our behalf. Service Providers may not use personal data for any other purpose other than carrying out the services.