Mastercard International Incorporated, Mastercard Europe SA, and their subsidiaries and affiliates (collectively, "Mastercard", “we” or “us”) respect your privacy. This Applicant Privacy Notice (“Notice”) describes the types of Personal Data we collect in relation to your application and our recruitment process, how we use the data, with whom we share it, and the choices you can make about our use of the data. We also describe the measures we take to protect the security of your Personal Data and how you can contact us about our privacy practices.
Mastercard Europe SA is Mastercard’s headquarters in the EEA and Switzerland (together “Europe”) and is the entity responsible for the processing of Personal Data described in this Notice. However, if you applied for a position with a local affiliate of Mastercard, that affiliate may be the entity responsible for the Processing of Personal Data described in this Notice. Please refer to Appendix A for a list of local Mastercard entities.
For the purpose of this Notice, “Personal Data” means any information relating to an identified or identifiable individual.
Types of Personal Data That We Process
Personal Data that we may collect includes:
- Your name;
- Contact details (such as telephone number, email address and postal address);
- Curriculum vitae/resume;
- Date of birth;
- Current and previous employment details (such as salary/bonus and employee benefits schemes, employment with government regulator, potential conflicts of interests from applicant or applicant’s relatives, and other potential restrictions for employment such as non-compete or non-disclosure agreements);
- Academic background (such as your university or school diplomas/certificates and other educational achievements);
- Results of any pre-employment testing such as psychometric testing and credit history checks subject to strict conditions, as permitted under applicable law;
- Immigration status and work permits;
- Languages spoken and level of proficiency;
- Job preferences including willingness to travel and/or relocate;
- Any video/photo images or audio recordings that you voluntarily submit to us in connection with your job application and that will be withdrawn at your request;
- Results of the selection and matching process;
- Any pre-employment screening information; and
- Any other information which you decide to submit to us.
We do not generally seek to collect sensitive data (i.e., racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation). In the circumstances where we do seek to collect such data or you voluntarily choose to provide us with this information as part of your application, we will seek to obtain your informed and explicit consent, unless we can rely on another legal basis for the processing of such data.
To the extent permitted by applicable law, we may also process Personal Data regarding third parties that you provide in relation to your application for employment with Mastercard (such as details of your referees that you have submitted to us voluntarily).
We may process your Personal Data in paper form and by electronic means.
Sources of Personal Data
We may receive Personal Data from you and from third parties, such as former employers, educational institutions, publicly available sources and professional social networking sites (e.g. LinkedIn), and government agencies.
Purposes of Processing
Your Personal Data will be used for recruitment purposes, including:
- To identify and contact you;
- To determine your suitability for current and future potential roles with us; and
- To process your application and the details of your employment with us.
In addition, we may process your Personal Data for pre-employment screening purposes.
In case of positive evaluation and decision to hire, we will also use your Personal Data to prepare an employment contract.
Where we seek to monitor and implement measures to improve our recruitment activities and monitor compliance with our policies such as equal opportunities, we use anonymized and aggregated data.
Legal Grounds of Processing
We may process Personal Data for the above purposes when:
- consent is provided to use the Personal Data. For instance, we may request your consent to the processing of sensitive Personal Data if required under applicable law;
- this is necessary to enter into an employment agreement with you, or to respond to your inquiries;
- this is necessary for compliance with a legal obligation to which we are subject; or
- we or a third party have a legitimate interest in using the Personal Data. In particular, we have a legitimate interest in assessing and evaluating job applicants before making an offer for employment, in order to ensure the good functioning of our business.
For the purposes stated above, your Personal Data will only be disclosed to authorized staff within Mastercard involved in the recruitment process. Mastercard may send your Personal Data to a department other than the one to which you have sent your application, for the sole purpose of recruitment. We will maintain a record of data processing activities relating to your recruitment in our candidate relationship management system.
In addition, we may disclose your Personal Data to the following third parties:
- Service providers such as providers of HR hosting services (e.g. Workday), or candidate relationship management services. We impose contractual obligations on such third party service providers to provide appropriate protection for Personal Data.
- Agents, advisors and other third parties providing services to support Mastercard’s business operations under a duty of confidentiality to Mastercard, such as recruitment agencies and background screening agencies;
- Governmental, judicial, regulatory and other bodies and authorities where required by applicable law;
- Lawyers in connection with legal proceedings, to obtain legal advice, or to support Mastercard’s rights;
- Any third party to whom we may transfer our rights and obligations under any agreement we may have in connection with the acquisition, sale or restructuring of any part of Mastercard.
We may transfer Personal Data to countries other than the country in which the information was originally collected, including the United States, where we are headquartered, where necessary to fulfil the purposes described in this Notice.
These countries may not have the same data protection laws as the country in which the Individual initially provided the information. We comply with EU data protection law when transferring your Personal Data. In particular, we have established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Data we process globally. A copy of our BCRs is available here.
We may also transfer Personal Data to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Data to third parties, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable. You may contact us as described below to obtain a copy of the safeguards we use to transfer Personal Data outside of the EEA.
Mastercard maintains appropriate administrative, technical and physical safeguards to protect Personal Data against the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Personal Data will not be kept for longer than necessary for the purposes for which they have been collected or further Processed. We take measures to delete Your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we Process it, unless we are required by law to keep this information for a longer period. In case you are hired, we will keep your Personal Data for a longer period in the context of our employment relationship.
We have defined retention periods by type of data based on a number of criteria, such as legal obligations to retain Personal Data for a minimum period, business needs to retain the data and statute of limitations to protect us against risks and liabilities. Those retention periods are indicated in Mastercard retention policies per country which reflect local legal requirements. For further guidance on applicable retention periods, write to the Data Protection Officer (“DPO”) as described in the Contact Us section below.
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Data we maintain about you, to update and correct inaccuracies in your Personal Data, to restrict or to object to the processing of your Personal Data, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Data, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
Those rights may be limited in some circumstances by local law requirements. To exercise your rights, please contact us as described in the “Contact Us” section below.
If you have any questions about this Applicant Privacy Notice or concerns about how we manage your Personal Data or would like to exercise your rights in relation to the processing of your Personal Data, please contact us by e-mailing us at email@example.com, or writing to us at:
Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
Updates to this Applicant Privacy Notice
Mastercard may from time to time make changes to this Applicant Privacy Notice to reflect changes in its legal or regulatory obligations, or to reflect changes in the manner in which we treat your personal data or for any other reason we deem appropriate. We will notify you in case of substantial changes to this Notice.