Your Privacy Rights

Effective date: March 3, 2023

California Supplementary Notice

This supplemental privacy notice only applies to residents of California whose information is processed pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

At Visa, we are committed to safeguarding the privacy and security of all the Personal Information that is entrusted to us. Visa has a Global Privacy Program to help ensure your information is handled properly, and your Personal Information is protected. It also reflects the requirements of the privacy laws in all the countries and states where Visa operates.

In the United States, payment transaction and other information Visa processes in connection with operating its electronic payments networks often is regulated by existing federal financial privacy laws. The CCPA recognizes that, where such financial information is already protected by federal privacy law, the CCPA does not apply to this information. Visa’s privacy program reflects the sensitivity of the financial and other information we handle. If you have questions about how we handle your data, please review the Visa Global Privacy Notice.

Visa also processes certain information that is subject to the CCPA. The CCPA may apply (1) to our marketing data, which we collect when consumers sign up for marketing from Visa, attend Visa-sponsored events, participate in surveys, or interact with our websites and apps, and (2) to information collected from individuals who use our click-to-pay services. This supplemental privacy notice explains our practices for this CCPA-covered information.

For information that Visa collects subject to the CCPA, the Visa Global Privacy Notice describes the categories of Personal Information that we may have collected or disclosed for business purposes in the past 12 months, the sources of the Personal Information, the business or commercial purposes for which we use or disclose the information, and the categories of third parties to whom we disclose the information for business purposes.

Visa retains the Personal Information it has collected as long as the information is needed for the purposes set for in the Visa Global Privacy Notice and this California supplement, and for any additional period that may be required or permitted by law. The length of time your Personal Information is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements to comply with applicable laws.

The CCPA provides California residents with specific privacy rights, including the right to correct inaccurate Personal Information, delete Personal Information, and access Personal Information, including in a portable format. The CCPA also gives California residents the right to opt-out of having their Personal Information sold or shared¹, as well as the right to limit the use and disclosure of their sensitive Personal Information. Finally, the law gives California residents the right not to receive discriminatory treatment for the exercise of any of these privacy rights.

¹ Personal Information of children under 16 cannot be sold or shared without affirmative consent. Visa does not knowingly sell or share children’s information.

: If you are a California resident, the CCPA provides you with the right to opt out of the “sale” of your Personal Information. Visa does not sell Personal Information for money, although our websites and applications may use cookies or similar technologies as described below. Our Global Privacy Notice describes how we disclose information to third parties, such as when we process payments, provide services to your card issuer, prevent fraud, or otherwise share information with your consent.
: If you are a California resident, the CCPA provides you with the right to opt out of the “sharing” of your Personal Information. The CCPA defines “sharing” to include certain sharing of your Personal Information for purposes of serving you advertisements that are relevant to you based on your activity across our services and other sites (“cross-contextual behavioral advertising”).

Like many companies, we use services that help deliver interest-based ads to you, and our websites and applications may use cookies or similar technologies that allow advertising partners to collect your Personal Information for their use. On most Visa websites, Visa only permits advertising partners to collect your Personal Information in this manner with your consent. To request to opt-in (or to change your mind after opting-in), you may adjust your preferences by accessing the Cookie Preferences link at the bottom of the Visa website you are interacting with.

Please note that some transfers of your Personal Information may not be considered “sharing,” and certain exemptions may apply under the CCPA. Your choices do not affect other disclosures of your information, as outlined in our Global Privacy Notice, such as when we process payments, provide services to your card issuer, or prevent fraud.
: In the United States, the payment transaction and certain other information that Visa collects when it operates its payment networks is regulated by existing federal financial privacy laws. Any sensitive Personal Information subject to the CCPA is only processed for permitted purposes under the CCPA for which you do not have a right to limit.
: If you are a California resident, you may exercise your rights or authorize another person to act on your behalf by:

Visiting our Privacy Rights Page

Calling Visa at 1-844-909-1620

Email us: [email protected]
Please do not include sensitive information, such as your account number, in emails.

Mailing us a letter:
Visa Global Privacy Office
900 Metro Center Blvd.
Foster City, CA, 94404

Please note that we will need to verify your identity before we can fulfill your CCPA-related request. Because the information that we maintain that is subject to CCPA generally consists of marketing information, we will generally verify your identity using your email address. Where possible, we will respond to requests using the email address that is associated with the information we maintain.

If you would like to designate an agent, please send an email from your own email address to [email protected] indicating the name and email address of your agent. We will respond to that’s person’s requests using both your email address and the agent’s email address.

Please understand that your rights are subject to some limitations, such as:

For security reasons and to prevent unauthorized disclosure of Personal Information, cardholders should contact their payment card issuers to access their information. This helps ensure that access to the information is only provided to the authorized individuals, subject to the issuer’s verification processes.

The CCPA contemplates that service providers should refer access and deletion requests to the companies with whom the individual has the direct relationship. In many cases, we act as a service provider for card issuers and merchants, including rewards networks. If you have questions about how your issuer or a rewards network handles your Personal Information, please check the privacy notices provided by these companies and contact them directly for assistance with your relevant privacy requests.

The CCPA also prohibits companies from including certain elements of sensitive Personal Information, such as payment card number, in their access reports, even if you have provided those data elements to use for marketing.

If you request that we delete your Personal Information, we will do so except in those situations where our retention is permitted by the CCPA (such as for fraud prevention or legal compliance, or where reasonably necessary to provide the services requested by the consumer or for our internal business purposes). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.

If you have any other questions or requests, please contact us at [email protected].
: Visa provides loyalty and other similar promotional programs in order to reward and thank loyal customers for using the Visa payment network and other Visa services. You can opt into these programs through the mechanisms described when they are offered to you, such as via email. Visa collects and uses Personal Information, such as Contact Information, in order to provide these programs. Visa does not assign monetary value for the information we collect through these programs when sending email communications. Based on our reasonable and good faith estimate, we receive value from these programs in increased loyalty and purchases.

You may opt-out of receiving commercial email communications at any time by clicking the “unsubscribe” link included within any commercial email we send you.

You also can opt-out of loyalty and similar programs at any time by using the mechanisms described to you in relevant program terms and conditions. We will not discriminate against you if you exercise your rights under CCPA. However, if you ask us to delete your information, you will not be able to receive additional offers or promotions for which the deleted information was needed for program participation. Where possible, offers or promotions sent to you previously will continue to be honored according to their original terms.
: The CCPA requires certain businesses to compile and disclose information each year regarding their compliance with the CCPA for the previous twelve-month period. Visa has elected to provide these reports annually for the preceding calendar year 2022.

CCPA Reporting requirements and totals.

Total CCPA Requests Received

408

Number of Unverified Request Received^*

48

Verifiable CCPA Requests Received from Consumers by Category

Number of Requests to Know Received

137

Number of Requests to Know Fulfilled

108

Number of Requests to Know Denied

5

Number of Requests to Delete Received

176

Number of Requests to Delete Fulfilled

160

Number of Requests to Delete Denied^**

3

Number of Do Not Sell Requests Received

95

Number of Do Not Sell Requests Granted in Fulfilled^***

N/A

Average Number of Days for Visa to Respond to Verifiable Requests

25

* Requests which could not be validated due to insufficient location information or individuals failed to verify their identity in the OneTrust tool. These requests are not included in the totals above.

** Data retained in accordance with CCPA.

*** Visa does not sell Personal Information for money, although our websites and applications may use cookies or similar technologies.


Total CCPA Requests Received	408
Number of Unverified Request Received^*	48
Verifiable CCPA Requests Received from Consumers by Category
Number of Requests to Know Received	137
Number of Requests to Know Fulfilled	108
Number of Requests to Know Denied	5
Number of Requests to Delete Received	176
Number of Requests to Delete Fulfilled	160
Number of Requests to Delete Denied^**	3
Number of Do Not Sell Requests Received	95
Number of Do Not Sell Requests Granted in Fulfilled^***	N/A
Average Number of Days for Visa to Respond to Verifiable Requests	25