Online Privacy Statement
This Online Privacy Statement ("Privacy Statement") describes how DFS Services LLC and its subsidiaries, Diners Club International LTD, PULSE Network LLC (collectively, "we", "our", "us" and "Discover"; individually, a "Network") treat your information on the sites on which this Privacy Statement appears ("Mobile App" or "Website"), as well as when you interact with us on social media sites (in each case, "Online Services").
Please note that other Discover services, websites, applications and geographic regions may have different privacy practices. In those cases, we will display a different privacy statement that applies when you interact with those services, websites, geographic regions or applications. Please review the applicable privacy statement.
Our Online Services collect personal data.
We collect personal data from certain users of Online Services, such as a cardholder, natural person associated with, and acting on behalf of a merchant, issuer, acquirer, processor or other Participants to whom we offer a payment solution and/or card acceptance. Information about an entity including a Participant will only constitute personal data if the entity is a natural person or sole proprietor.
In order to support card acceptance, resolve inquiries or improve customer experience, we, our agents, or our Service Providers may collect personal data from a merchant, issuer or other Participant including a merchant's representative in a number of instances including, for example:
- when a merchant directly or through an acquirer applies for payment card acceptance;
- when an issuer, merchant or acquirer processes a card transaction as payment for goods or services or in exchange for cash;
- when a sales representative is engaged to promote payment card acceptance or related products and services; and
- when we allow cardholders, agents of acquirers, merchants, issuers, issuer processors, and other participants to whom we offer portal or a tool to support payment acceptance and/or related products or services.
The types of personal data that we collect, use and disclose depends on the Network, product or service that the merchant, issuer or other Participant receives from us and your relationship with the entity (e.g. owner, officer, director, and employee) and may include financial and related personal or business information including the following, as applicable:
- Name, title and personal and business contact information including physical address, email address and telephone number;
- IP Location;
- Card transactions, account balances, transaction history and payment history;
- Date of birth; and
- Other information with your consent or as permitted or required by applicable law.
Online data. We may also collect data about the browser, IP address, device (including device ID and advertising ID), and operating system you're using to digitally interact with us or to conduct or attempt a card transaction. We might look at what site you came from and/or the physical location where you conduct or attempt to conduct a card transaction, what you view within our Online Services, the length of time you visit the site, and/or what site you visit when you leave us. We may collect your electronic and/or physical location using GPS, a cellular network location, Wi-Fi networks, browser services, or data you provide.
We collect your data in the following ways:
- Data are collected directly from you. We collect personal data you submit to us when you use our Online Services. We also collect personal data you submit through our Online Services, such as requests to enroll in offers, alerts, newsletters, promotions prospective merchant referrals, and what you write when you chat with a customer service agent. We collect personal data when you complete an online survey, submit an online referral recommending that we or third parties contact a prospective merchant about card acceptance, respond to due diligence questionnaires, or when you click a link.
- Data are collected passively. Our Online Services and some e-mails may use tracking tools like cookies and pixel tags. Our Online Services gather online data about you over time across multiple websites, other platforms, or other mobile apps. Learn how you can control cookies and tracking tools in the section "How to Manage Your Online Privacy Choices".
Our Online Services collect data about you to operate effectively and to provide our services and products. We may use your information to:
- Send administrative information to you, such as changes to our terms, conditions, and policies.
- Respond to your requests or questions.
- Send alerts that you signed up for.
- Send you information about new products and special offers if you have chosen to opt-in.
- Send you newsletters or bulletins to provide you key announcements and updates from Discover.
- Administer promotions, sweepstakes or contests in which you choose to participate.
- Improve our products and services.
- Comply with legal, regulatory, industry self-regulatory, insurance, audit and security requirements including checking your identity against money laundering, terrorist financing or similar watch lists established or enforced by U.S. or other government regulators.
- Help customers find an ATM location.
- Monitor for fraud and manage risk.
- Otherwise communicate with you with your consent or as permitted or required by law.
We may keep personal data as long as necessary or relevant for the practices described in this Online Privacy Statement or as otherwise required by law. Actual retention periods vary depending on the type of services and products. The criteria we use to determine the retention periods include the following:
- personal data are needed to provide our services and products as described in this Online Privacy Statement (e.g. to provide access to our tools and websites);
- personal data are needed for auditing purposes;
- personal data are needed to troubleshoot problems or to assist with investigations;
- personal data are needed to enforce our policies; and
- personal data are needed to comply with legal requirements.
Regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records as the onboarding application, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years, respectively.
You can update your account profile online or by email
We maintain electronic records of your personal data for the purposes described in this Privacy Statement. Depending on the website, you may be able to access and edit your personal data. Otherwise, you may contact us at the email address provided in the section "Contact Us" below to request access to or that we update, or correct the personal data collected by our Websites or when you use our Online Service. Your right to access or correct your personal data indicated in our records is subject to applicable legal restrictions including our right to retain documentation of our compliance with applicable legal requirements and technology limitations. We may take reasonable steps to verify your identity before granting access or making corrections to your personal data. You may be required to complete additional forms.
If we receive those data from some other sources, we may direct you to contact other third parties. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to a third party, including any app, social media platform, or wireless service provider.
When you provide us with your personal data, we ask you to consent to our collection, use and disclosure of your personal data for the purposes of providing those products and services as described in this statement. You may opt-out of certain uses and disclosures of your personal data as indicated in this statement. If you wish to opt-out of these uses or disclosures of your personal data:
- Contact us as described in the section "Contact Us" below.
We use common tracking technologies for a variety of reasons.We may use technologies such as cookies, browser information, location information, device-level advertising and user identifiers, and pixel tags to uniquely identify your computer or device and the pages you view within our Online Services from time to time as well as to provide information to us and third parties about sites you visit after seeing Discover ads or offers. Our Service Providers may also use these tools. We use tracking tools:
- to recognize new or past customers;
- to store your password if you are registered on our Website or Mobile App;
- to improve our Website, Mobile App and/or other Online Services;
- to serve you with interest-based or targeted advertising (see below for more on interest-based advertising);
- to observe your behaviors and browsing activities over time across multiple websites or other platforms; and
- to better understand the interests of our customers and users of our Website, Mobile App and/or other Online Services.
You can control tools on your mobile devices. For example, you can turn off the GPS locator or push notifications on your phone. If your phone allows, you can change app-specific location settings.
We Conduct Interest-based Advertising
We use interest-based advertising to target our advertising more effectively. To decide what is relevant to you, we use data you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our Service Providers or Business Partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others.
You may see Discover advertisements on other websites you visit from time to time. Some of these ads are based on your Internet browsing history over time and across different websites. We (or Service Providers on our behalf) collect data this way. This is called interest-based or online behavioral advertising.
Interest-based advertising or online behavioral advertising includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your online activities. These ads might be served on websites, apps or emails. We might serve these ads or third parties may serve ads. They might be about our products or other companies' products.
How you can opt out of interest-based advertising.There are several ways you can opt-out of interest-based advertising.
- First, you can opt-out of receiving interest-based ads from Discover or its partners using this tool.
- Second, you can opt-out right from the ad itself. Ads served using interest-based advertising will have an Advertising Option icon in the ad. If you see that icon on Discover ads, you can click on it. You will then get an option to opt-out. Note that you may have to opt out separately for each of the Networks: Discover Global Network, Diners Club International and PULSE.
- Third, the Self-Regulatory Program for Online Behavioral Advertising program provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes generally.
- On mobile devices, you can control device-level advertising privacy settings. For example, toggle the "Limit Ad Tracking" on iOS devices or "Opt out of interest-based ads" on Android devices.
- We provided additional options to allow you to configure your online ad experience. See Adchoices.
If you opt out via methods 1-3 above, your choice will be stored as a cookie. If you remove or delete cookies you will need to renew your preferences. Your choices are also device and browser-specific.
We also advertise in other ways. If you opt out of interest-based ads, you may still see Discover or its partners' ads. These are ads that are not based on your Internet browsing history. Some may be generic. Others may be targeted to you or an advertising segment you are in. The websites or services where targeted ads appear will have instructions about how to modify your advertising preferences within those sites. We encourage you to review those instructions and settings.
These Online Services are not intended for children. Our Online Services are meant for adults and are not directed to children. We do not knowingly collect personal data from children under 16 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 16 has given us data, you can e-mail us at Privacy@discover.com.
We may update this Online Privacy Statement at any time.We may change our Online Privacy Statement from time to time. We will notify you of any material changes to our Privacy Statement as required by law. Please check the Website and Mobile App periodically for updates. This Privacy Statement was last updated on December 30, 2019.
For more information, if you have questions about your personal data or if you have a privacy concern you may email our Data Protection Officer and/or Representative at: email@example.com or write to us at:Discover Financial Services
Attn: ECP Privacy Operations
P.O. BOX 795
Deerfield, IL 60015
Rights for European Union (EU) Data Subjects
We adhere to applicable data protection laws in the European Union ("EU"), when relevant and appropriate. If you are a data subject located in the European Union, this means that:
- if we process your personal data based on your consent, you have the right to withdraw your consent at any time for further processing;
- you have the right to request access to, rectification of or deletion of your personal data;
- you have the right to object to the processing of your personal data;
- you have the right to request us to transfer your personal data to another controller;
- you have the right to request us to restrict the processing of your personal data; and
- you have the right to file a complaint with the Supervisory Authority in the Member State of your habitual residence, place of work or where the alleged infringement happened.
The above rights are subject to legal restrictions, as provided by the applicable EU privacy law.
When we process your personal data, we rely on specific legal grounds. When we process your personal data, we do so with your consent and/or as necessary to provide our services and products, fulfil our contractual and legal obligations, or other legitimate interests as described in the "Online Privacy Statement" section above, in the sections "How We Use Your Data" and "What and With Whom We Share".
We use security measures to protect your personal data. We take reasonable steps to protect your personal data using measures appropriate to the sensitivity of the personal data in our custody or control, which include safeguards to protect against unauthorized access and use. These measures include computer safeguards and secured files and buildings. Our authorized employees, agents and service providers who require access to your personal data to perform their obligations will have access to your personal data.
We store data in the United States. If you live outside of the United States, you understand and agree that we may transfer your personal data to the U.S. Our Online Services and associated practices are subject to applicable U.S. laws.
International data transfer. We may transfer personal data to countries other than the country in which the data was originally collected. We generally rely on standard contractual clauses to govern the transfer of information between entities. These countries may not have the same data protection laws as the country in which you initially provided the data. When we transfer your personal data to other countries, we will protect the data as described in this Privacy Statement.
When your personal data are transferred from the European Union, it is the responsibility of the data exporter to ensure that such transfers are done in, compliance with EU Privacy Law. If we were to be the data exporter, we would put in place appropriate measures for such transfers to happen in compliance with EU Privacy Law. If you have more questions on when such situations might take place, you can email us at: DGNPrivacy@discover.com.
For more information, if you have questions about your personal data or if you have a privacy concern you may email our Data Protection Officer and/or Representative at: Privacy@discover.com or write to us at:Discover Financial Services
Attn: ECP Privacy Operations
P.O. BOX 795
Deerfield, IL 60015
And/or to the Representative:Diners Club International
Attn: GDPR Representative
201 Talgarth Rd., Level One
Hammersmith, London, W6 8BJ
EU data subjects may also contact their respective Supervisory Authority with any questions about our privacy practices.
Rights for Individuals in Canada
Please visit https://www.discovernetwork.ca/privacy.html to download the privacy statement
Rights for Consumers in California
This California Consumer Privacy Act Disclosure ("Disclosure") explains how Discover Bank, DFS Services LLC, PULSE Network LLC, Diners Club International, Ltd., the Discover Global Network, Pulse EFT Association, Inc., DFS Corporate Services LLC, DFS International Incorporated, Discover Products Inc., the Student Loan Corporation and their affiliates and subsidiaries (collectively, "Discover", "we", or "us") collect, use, and disclose Personal Information relating to California residents that is subject to the California Consumer Privacy Act ("CCPA"). Discover affiliates and subsidiaries include companies related by common ownership or control with a Discover or DFS name and financial companies such as GTC Insurance Agency, Inc.
What is Personal Information?
Under the CCPA, "Personal Information" is information that identifies, relates to, or could reasonably be linked with a particular California resident or household. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act ("GLBA").
As a result, this Disclosure does not apply, for example, with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes ("GLBA Consumers").
Additionally, any personal information provided to or received by us related to a business or commercial product or service, including any information collected and used to conduct due diligence, is not subject to this Disclosure.
In the past 12 months, we have not "sold" Personal Information relating to California residents within the meaning of the CCPA. For purposes of this Disclosure, "sold" means the disclosure of Personal Information to a business or third party for monetary or other valuable consideration.
Our Collection, Use, and Disclosure of Personal Information
We collect Personal Information relating to California residents in a variety of contexts as described below. For example, we collect Personal Information relating to California residents for marketing purposes and from individuals who apply for employment with us or are our employees, vendors, contractors, or similar personnel. The specific Personal Information that we collect, use, and disclose relating to a California resident will depend on our specific relationship or interaction with that individual. In the past 12 months, we have: (1) collected the following categories of Personal Information relating to California residents; and (2) shared or disclosed the following categories of Personal Information relating to California residents to vendors or other counterparties for our business purposes:
(1) Personal Identifiers, such as name and mail address;
(2) Personal information, as defined in the California safeguards law,such as contact information and financial information;
(3) Characteristics of protected classifications under California or federal law, such as age, citizenship, and marital status;
(4) Commercial information,such as transaction and account information;
(5) Internet or electronic network activity information, such as browsing history and interactions with our website;
(6) Geolocation data,such as device location and certain device information;
(7) Sensory data, including audio, electronic, visual, and similar information such as call recordings;
(8) Professional or employment-related information,such as current employment information or employment history;
(9) Education information, such as school and date of graduation; and
(10) Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual's preferences and characteristics.
The purposes for which we use the Personal Information that we collect depend on our relationship or interaction with a specific California resident. Nonetheless, we may use Personal Information we collect to operate, manage, and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives. For example, we use Personal Information we collect to:
(1) Detect security incidents;
(2) Personalize, develop, market, advertise, and provide our products and services (including analytic services);
(3) Provide customer service;
(4) Process payments or transactions, provide financing, or fulfill orders;
(5) Conduct research and data analysis;
(6) Detect and prevent fraud (including protecting against and/or prosecuting malicious, deceptive, fraudulent, or illegal activity);
(7) Perform identity verification;
(8) Maintain our systems, infrastructure, and facilities including debugging to identify and repair errors that impair existing intended functionality;
(9) Maintain or service accounts;
(10) Conduct risk and security control and monitoring;
(11) Perform accounting;
(12) Perform audit functions, including auditing interactions with consumers;
(13) Maintain and enhance a product or service;
(14) Verify and provide employment benefits and administration (e.g., employment eligibility, payroll, and performance management); and
(15) Conduct other internal functions, such as investigations or research for technology development, comply with legal obligations, maintain business records, and exercise and defend legal claims and rights.
We collected the categories of personal information set forth above from the following categories of sources:
A. Directly from you;
B. Through Discover affiliates and subsidiaries;
C. Through non-affiliated business partners or other counterparties;and
D. CCPA Service Providers, with whom we have a contractual relationship to perform services on our behalf;
We may share or disclose personal information for a business purpose to the following categories of third-parties:
A. Discover affiliates and subsidiaries;
B. Non-affiliated business partners or other counterparties;
C. CCPA Service Providers,with whom we have a contractual relationship to perform services on our behalf; and
D. Regulatory agencies and law enforcement.
Your Rights Under the CCPA
If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
(1) The categories of Personal Information that we collected about you and the categories of sources from which we collected such Information;
(2) The business or commercial purposes for collecting Personal Information about you;
(3) The categories of Personal Information about you that we disclosed for a business purpose and the categories of third parties to whom we disclosed such Personal Information (if applicable); and
(4) The specific pieces of Personal Information we collected about you.
If you are a California resident, you may also request that we delete Personal Information that we collected from you. The CCPA sets forth exceptions for when information is not required to be deleted, including but not limited to where information is necessary to maintain in order to provide a good or service that you requested, comply with a legal obligation, detect security incidents or protect against malicious, deceptive, fraudulent, or illegal activity.
Further, in some instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer, where the Personal Information that we maintain about you is not subject to CCPA requirements, or where the Personal Information is a trade secret.
Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
Changes to This California Consumer Privacy Act Disclosure
We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page.
- Submit a request online here. By submitting a request via this link, we will search for your personal information in connection with Pulse, Diners Club International and Discover Global Network.
- Call us at 1-800-239-9719.
For information related to Discover Bank, you may click the link to visit the website and follow the instructions in the Privacy Notice for California Residents.
You may only exercise your right to receive disclosures twice within a twelve (12) month period. The request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or you are an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
In order to respond to your deletion request or provide you with personal information we must: (1) verify your identity or authority to make the request, and (2) confirm the personal information relates to you. We will use personal information provided in a request for security purposes and to verify the requestor's identity or authority to make the request.
Any request for disclosure or deletion shall not apply to any information collected from you to the extent that you were acting as a job applicant, an employee, or a contractor.
Business Partners: Companies and other Financial Institutions that we partner with to jointly market and/or deliver products and services to cardmembers, issuers, merchants, acquirers and other Participants. Business Partners include third party networks. We also partner with certain organizations, like trade associations, to offer financial products using their organizational logo.
Card (regardless of whether capitalized): A valid payment card that is issued by an issuer within a number range designated by us that is approved for acceptance on a Network to purchase goods or services and, in certain cases, in exchange for cash.
Cookies: Small pieces of text that are placed in your browser by the websites you visit and the advertising companies and content partners for those sites. No personal data are stored in cookies.
IP address: A unique "Internet Protocol" number assigned to a device connected to the Internet. Discover treats IP addresses as non-personal data unless otherwise required by law.
Participant: An entity that has entered into an agreement with a Network to conduct specified business activities pertaining to card issuance, card acceptance, card transactions and/or processing (e.g. issuer, acquirer, merchant, network alliance) or an agent of such entity (e.g. processor, gateway).
Personal data: Information that personally identifies an individual.
Pixel tags: Enables two websites to share information. It consists of a small piece of software code that incorporates a graphic image on a web page or e-mail.
Service Providers: Third parties with whom we have a contractual relationship to perform services on our behalf. Service Providers may not use personal data for any other purpose other than carrying out the services.