Your Privacy Rights

Effective date: October 7, 2024

U.S. State Privacy Laws Supplementary Notice

This supplemental privacy notice only applies to residents of certain U.S. States whose information is processed pursuant to applicable U.S. State law privacy requirements, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”) and the Oregon Consumer Privacy Rights Act (“OCPA”) (collectively, “State Privacy Laws”).

At Visa, we are committed to safeguarding the privacy and security of all the Personal Information that is entrusted to us. Visa has a Global Privacy Program to help ensure your information is handled properly, and your Personal Information is protected. It also reflects the requirements of the privacy laws in all the countries and states where Visa operates.

In the United States, payment transaction and other information Visa processes in connection with operating its electronic payments networks often is regulated by existing federal financial privacy laws. State Privacy Laws recognize that, where such financial information is already protected by federal privacy law, these State Privacy Laws do not apply to this information. Visa’s privacy program reflects the sensitivity of the financial and other information we handle. If you have questions about how we handle your data, please review the Visa Global Privacy Notice.

Visa also processes certain information that is subject to State Privacy Laws. State Privacy Laws may apply (1) to our marketing data, which we collect when consumers sign up for marketing from Visa, attend Visa-sponsored events, participate in surveys, or interact with our websites and apps, and (2) to information collected from individuals who use our Visa-branded products, for example click-to-pay or Visa Payment Passkey Services. This supplemental privacy notice explains our practices for this State Privacy Law-covered information.

For information that Visa collects subject to State Privacy Laws, the Visa Global Privacy Notice describes the categories of Personal Information that we may have collected or disclosed for business purposes in the past 12 months, the sources of the Personal Information, the business or commercial purposes for which we use or disclose the information, and the categories of third parties to whom we disclose the information for business purposes.

Visa retains the Personal Information it has collected as long as the information is needed for the purposes set for in the Visa Global Privacy Notice and this U.S. State Privacy Laws supplement, and for any additional period that may be required or permitted by law. The length of time your Personal Information is retained depends on the purpose(s) for which it was collected, how it is used, and the requirements to comply with applicable laws.

State Privacy Laws provide their residents with specific privacy rights, including the right to correct inaccurate Personal Information, delete Personal Information, and access Personal Information and other information about our Personal Information processing practices, including in a portable format. Some State Privacy Laws may also give their residents the right to appeal our decisions with respect to your privacy rights requests. As described further in the sections below, State Privacy Laws may also give their residents the right to opt-out of having their Personal Information sold, processed for targeted advertising purposes¹, or used for profiling in certain contexts, as well as certain rights in relation to the processing of their sensitive Personal Information. Finally, State Privacy Laws may give their residents the right not to receive discriminatory treatment for the exercise of any of these privacy rights.

¹ Personal Information of children under 16 cannot be sold or processed for targeted or cross-context behavioral advertising purposes without affirmative consent. Visa does not knowingly sell or process children’s information for these purposes.

: Some State Privacy Laws provide you with the right to opt out of the “sale” of your Personal Information. Visa does not sell Personal Information for money, although our websites and applications may use cookies or similar technologies as described below. Our Global Privacy Notice describes how we disclose information to third parties, such as when we process payments, provide services to your card issuer, prevent fraud, or otherwise share information with your consent.
: Some State Privacy Laws provide you with the right to opt out of the processing of your Personal Information for purposes of serving you advertisements that are relevant to you based on your activity across our services and other sites (“targeted advertising” or “cross-contextual behavioral advertising”), including the sharing of your Personal Information for these targeted advertising purposes.

Like many companies, we use services that help deliver interest-based ads to you, and our websites and applications may use cookies or similar technologies that allow advertising partners to collect your Personal Information for their use. On most Visa websites, Visa only permits advertising partners to collect your Personal Information in this manner with your consent. To request to opt-in (or to change your mind after opting-in), please visit the Cookie Preference Center or visit the Cookie Policy link in the footer of this site.

Please note that some transfers of your Personal Information may not be for purposes of targeted advertising, and certain exemptions may apply under applicable State Privacy Laws. Your choices do not affect other disclosures of your information, as outlined in our Global Privacy Notice, such as when we process payments, provide services to your card issuer, or prevent fraud.
: In the United States, the payment transaction and certain other information that Visa collects when it operates its payment networks is regulated by existing federal financial privacy laws. Further, any sensitive Personal Information subject to the applicable State Privacy Law is only processed for purposes under the applicable law which do not require your consent or for which you do not have a right to limit.
: You may exercise your rights, authorize another person to act on your behalf, or appeal a denial of a request by:

Visiting our Privacy Rights Page

Calling Visa at 1-844-909-1620

Emailing us at [email protected]

Please do not include sensitive information, such as your account number, in emails.

Mailing us a letter:
Visa Global Privacy Office
900 Metro Center Blvd.
Foster City, CA, 94404

Please note that we will need to verify your identity before we can fulfill your State Privacy Law-related request. Because the information that we maintain that is subject to State Privacy Laws generally consists of marketing information, we will generally verify your identity using your email address. Where possible, we will respond to requests using the email address that is associated with the information we maintain.

If you would like to designate an agent, please send an email from your own email address to [email protected] indicating the name and email address of your agent. We will respond to that’s person’s requests using both your email address and the agent’s email address.

Please understand that your rights are subject to some limitations, such as:

For security reasons and to prevent unauthorized disclosure of Personal Information, cardholders should contact their payment card issuers to access their information. This helps ensure that access to the information is only provided to the authorized individuals, subject to the issuer’s verification processes.

State Privacy Laws contemplate that service providers should refer access and deletion requests to the companies with whom the individual has the direct relationship. In many cases, we act as a service provider for card issuers and merchants, including rewards networks. If you have questions about how your issuer or a rewards network handles your Personal Information, please check the privacy notices provided by these companies and contact them directly for assistance with your relevant privacy requests.

Some State Privacy Laws may also prohibit companies from including certain elements of sensitive Personal Information, such as payment card number, in their access reports, even if you have provided those data elements to use for marketing.

If you request that we delete your Personal Information, we will do so except in those situations where our retention is permitted by the applicable State Privacy Laws (such as for fraud prevention or legal compliance, or where reasonably necessary to provide the services requested by the consumer or for our internal business purposes). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.

If you have any other questions or requests, please contact us at [email protected].
: Visa provides loyalty and other similar promotional programs in order to reward and thank loyal customers for using the Visa payment network and other Visa services. You can opt into these programs through the mechanisms described when they are offered to you, such as via email. Visa collects and uses Personal Information, such as Contact Information, in order to provide these programs. Visa does not assign monetary value for the information we collect through these programs when sending email communications. Based on our reasonable and good faith estimate, we receive value from these programs in increased loyalty and purchases.

You may opt-out of receiving commercial email communications at any time by clicking the “unsubscribe” link included within any commercial email we send you.

You also can opt-out of loyalty and similar programs at any time by using the mechanisms described to you in relevant program terms and conditions. We will not discriminate against you if you exercise your rights under applicable State Privacy Laws. However, if you ask us to delete your information, you will not be able to receive additional offers or promotions for which the deleted information was needed for program participation. Where possible, offers or promotions sent to you previously will continue to be honored according to their original terms.
: The CCPA requires certain businesses to compile and disclose information each year regarding their compliance with the CCPA for the previous twelve-month period. Visa has elected to provide these reports annually for the preceding calendar year 2023.

CCPA Reporting requirements and totals.

Total CCPA Requests Received

840

Number of Unverified Requests Received^*

240

Verifiable CCPA Requests Received from Consumers by Category

Number of Requests to Know Received

280

Number of Requests to Know Fulfilled

261

Number of Requests to Know Denied

19

Number of Requests to Delete Received

222

Number of Requests to Delete Fulfilled

219

Number of Requests to Delete Denied^**

3

Number of Do Not Sell Requests Received

98

Number of Do Not Sell Requests Granted or Fulfilled***

78

Average Number of Days for Visa to Respond to Verifiable Requests

34.2

* Requests which could not be validated due to insufficient location information or individuals failed to verify their identity in the OneTrust tool. These requests are not included in the totals above.

** Data retained in accordance with CCPA.

*** Visa does not sell Personal Information for money, although our websites and applications may use cookies or similar technologies.


Total CCPA Requests Received	840
Number of Unverified Requests Received^*	240
Verifiable CCPA Requests Received from Consumers by Category
Number of Requests to Know Received	280
Number of Requests to Know Fulfilled	261
Number of Requests to Know Denied	19
Number of Requests to Delete Received	222
Number of Requests to Delete Fulfilled	219
Number of Requests to Delete Denied^**	3
Number of Do Not Sell Requests Received	98
Number of Do Not Sell Requests Granted or Fulfilled***	78
Average Number of Days for Visa to Respond to Verifiable Requests	34.2