Legal

Marqeta Privacy Notice

Last Updated and Effective on June 18, 2021

Marqeta, Inc. (“Marqeta”, “we”, “our”, or “us”) is committed to protecting personal data and privacy rights. This Privacy Notice (“Notice”) describes how we collect, use, and share your personal data. We seek to clearly explain to you what personal data we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important.

Changes to this Notice may be made periodically to reflect changes in our data practices or relevant laws. If the changes we make are material, we will provide you with notice or obtain consent regarding such changes, if and as required by law. If the changes we make are non-material, this Notice will be updated by posting an updated version on our website. You can tell when this Notice was last updated by looking at the date at the top of the Notice.

By using our Services (defined below) you acknowledge that you have read and understood this Notice. Services (“Services”) include purchase, access, use, interaction, or engagement of our: website(s), app(s), online feature(s), social media platform(s), customer service channels, dashboard(s), and sandbox(es).

What This Notice Covers

This Privacy Notice applies to Marqeta and to our controlled affiliates and subsidiaries and to the Services that display or reference this Notice. It does not apply to any services that display or reference a different privacy notice. For example, if you apply for a job with Marqeta, the personal information provided in your job application will be treated in accordance with our Applicant and Candidate Privacy Notice and not this one. This Notice will also not apply where Marqeta processes personal data on behalf of other companies to whom we provide services. In that instance, your personal data will actually be handled in accordance with another companies’ privacy notice and not this one. For example, a company may provide employees with expense cards issued by a bank. In this example, Marqeta would provide services to the company by processing the employee expense card transactions. Marqeta’s processing of the personal data of the employees when providing these services will be governed by the employer’s privacy notice and the privacy notice of the bank that issued the card and not by this Privacy Notice (even though Marqeta processes the transactions on their behalf). Any questions about the data practices of the company that Marqeta processes payments for should be directed to that specific company.

We may provide you with supplemental privacy notices contained within or in connection with the provision of Services. These supplemental notices may describe in more detail our data collection, use, and sharing practices. Where there is a conflict with this Notice and unless we say otherwise, supplemental privacy notices will govern the context to which they apply.
collection, use, and sharing practices. Where there is a conflict with this Notice and unless we say otherwise, supplemental privacy notices will govern the context to which they apply.

Personal Data We Collect

The table below describes the categories of data Marqeta may collect depending on the context of our interaction with you. These categories of data may include data you may provide, data created during the use of our Services, collected automatically when you use our Services, inferences we make about you when you use our Services, and data from other sources like third-party service providers.

Categories of Personal Data We May Collect

Category of Personal Data

Type of Data

Personal Information

Claim or Dispute Information

What We Collect

Any personal information provided by you when you correspond with us about a claim or dispute – for example, your name, contact information, or transactional information.

Personal Information

Communications Data/ User Content

What We Collect

Information provided by you when you corresponded with us – for example, via phone call, chat, email, “contact us” forms, or social media. Information you submit when contacting Marqeta support. This may include feedback, photographs, or other recordings.

Personal Information

Contact details

What We Collect

Name, telephone number, job title, department, email address, office location or postal address, and language preferences.

Personal Information

Device Data

What We Collect

Information collected automatically about your computer, or device through your web browser and other technology such as cookies, web beacons, or other tracking/recording tools – for example, your IP address, device type, unique device identification numbers, and browser type.

Personal Information

Feedback

What We Collect

Feedback from you – for example, about the nature and quality of our services.

Personal Information

Identity Verification

What We Collect

Information about your business, the control persons and beneficial owners or other identity verification information.

Personal Information

Information Obtained From Third-Party Sources

What We Collect

Details about your place of employment such as: your business addresses, usage data, and social media accounts. We may also collect personally identifiable information about you including name, job title, work email address, phone number, social media networks, and address. We may also collect personal information from marketing vendors, social media sources, third-party conferences, and other sources to the extent permitted by applicable law.

We may obtain any of the above categories of information from third parties sources which include: 1) Data brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect. 2) Third-party partners. Third-party applications and services, including social networks you choose to connect with or interact with through our services. 3) Co-branding/joint partners. Partners with which we offer co-branded services or engage in joint marketing activities. 4) Service providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address. 5) Publicly available sources. Public sources of information such as open government databases

Personal Information

Location Data

What We Collect

Information about your geographic location (country or city-level) inferred from device data, such as IP address.

Personal Information

Inferences

What We Collect

Your preferences and interests – for example, the topics you would like to learn more about.

Personal Information

Publicly Available Information

What We Collect

Information like your current place of employment from public sources and databases that, for example, help us verify your identity.

Personal Information

Usage Data

What We Collect

Automatically collected information, such as Internet page views, time on page, “click stream” data, location data, and other technical usage information. We also collect information about how your device has interacted with our website and products, including the pages and products accessed and links clicked.

Personal Information

User credentials

What We Collect

Additional information you provide to us in a profile like a user ID, email address, name, password, authentication, and profile information.

How We Use Your Personal Data

We use the personal data we collect for purposes described in this Notice or otherwise disclosed to you. For example, we may use any of the above categories of data as applicable to:

  • Better understand website visitors and the users of our Services, including; where you come from and what content is of interest to you
  • Create an account
  • Enhance the delivery of our Services to you
  • Enroll, set-up and maintain Services
  • Improve our Services
  • Market and advertise our Services across different forums
  • Monitor and enforce compliance with our policies, applicable law, and contractual terms
  • Obtain feedback
  • Provide announcements related to new products, software updates, upgrades, and system enhancements
  • Respond to correspondence and inquiries
  • Provide support and customer service
  • Run opt-in contests, sweepstakes or other promotional activities, where allowed
  • Send informational and marketing materials and promotions, where allowed
  • Supplement personal information we have for purposes such as maintaining and correcting our records, adding supplemental data fields, and verify the identity of applicable persons and companies

Data Sharing and Disclosure

We may disclose your personal information to the following categories of recipients:

  • Affiliates: We may provide your personal information to our international affiliate Marqeta UK LTD. We share data with our affiliate so it can help us deliver our services or conduct data processing on our behalf. Marqeta Inc. processes and stores data in the United States on behalf of Marqeta UK LTD.
  • Third-Party Service Providers: We may provide your personal data to third-party service providers (such as IT service providers) who will process your personal data on our behalf.
  • Parties in a Corporate Transaction or Proceeding: We may share personal data with actual or prospective parties in a corporate transaction or proceeding, their representatives and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, bankruptcy, dissolution, or a change in control, divestiture, or sale involving all or a portion of Marqeta’s business or assets.

We will also access, transfer, disclose, and preserve personal data when we believe that doing so is necessary to:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
  • Protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone
  • Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks, or
  • Protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.

For information on the safeguarding measures we implement when sharing certain personal data with entities outside of regions where you may reside), please see the “Global Data Protection” section below.

We do not sell your personal data to third parties for the purposes of them marketing third-party products or services directly to you.

Data Retention

We retain personal information for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.

If you wish to receive further information about the period of time for which we retain your personal information, please contact
 privacy@marqeta.com 

Lawful Bases for Data Processing 

We rely on different lawful bases for collecting and processing personal data about you, for example:

  • We process your personal data where we have your consent.
  • Our use of your personal information is necessary to perform our obligations under any contract with you (for example, to fulfill an order which you place with us or to comply with the terms of use of our website which you accept by browsing our website).
  • Our use of your personal information is necessary for complying with our legal obligations (for example, for sanction checks).
  • Where the prior lawful bases do not apply, we use your personal information where its use is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our website). Our legitimate interests are to (i) operate and develop business, (ii) reply to inquiries and provide support, (iii) operate our website, (iv) improve or provision Services, (v) carry out marketing, market research, and business development, and (vi) use for administrative purposes. If we rely on this lawful basis, we undertake a balancing test to ensure that our legitimate interests are not outweighed by your interests and fundamental rights.

When we rely on your consent, you can request to withdraw or partially revoke your consent any time by contacting us at privacy@marqeta.com or for consent for certain communications, following the instruction within the communications for revoking your consent. We honor such requests as required by applicable laws.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us via email at privacy@marqeta.com

To help us protect personal data, we request that you use a strong password with our Services and never share your password with anyone or use the same password with other sites or accounts.

It is our policy and practice to comply with applicable data protection and privacy laws wherever we do business. In the event an applicable data protection or privacy law requires any action or imposes any standard more stringent than this Notice, the requirements of that law shall control and take precedence over the requirements of this Notice.

Your personal information may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Specifically, Marqeta servers are located in the United States (“U.S.”), which may be located outside of the jurisdiction where we collect your data. When we collect personal information, it may be transferred to or processed in the U.S. We take steps designed to ensure that the data we collect under this Notice is processed and protected according to the provisions of this Notice and applicable law wherever the data is located.

We transfer personal data from the European Economic Area, UK, and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of legal mechanisms, including standard contractual clauses, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal data protections, please visit Adequacy Decisions.

Marqeta complies with the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the USA. Marqeta has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov. /

Further details on how we protect your personal information are available by request by contacting us at privacy@marqeta.com

Depending on your state or country of residence – for example, if you are a data subject in certain jurisdictions – you may have some of the following data rights:

  • Right of access. You may have the right to access and receive copies of the personal data that we hold about you and receive information from us about how and why the data is used.
  • Right of portability. You may have a right to obtain and reuse your personal data for your own purposes or across different services, including so that you can provide or “port” that data to another provider.
  • Right of erasure. In certain circumstances, you may have the right to require us to delete the personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected). In addition, Marqeta will pass your requests on to other parties with which we’ve shared your personal data unless it is impossible or involves disproportionate effort. You can contact Marqeta to learn which parties have received your data and for more information about the right of erasure by emailing us at privacy@marqeta.com
  • Right to not be discriminated against for exercising your rights.
  • Right to lodge a complaint to your local Data Protection Authority. You have the right to complain to a Data Protection Authority about our collection and use of your personal data.
  • Right to object to/opt-out of processing. You may have the right to request that Marqeta stop processing your personal data and/or to stop sending you marketing communications, even when our processing is on the basis of our or another party’s legitimate interests. You may also have the right to opt out of certain processing and sharing activities, such as sales of data for monetary or other consideration, targeted advertising, and profiling activities. We do not knowingly sell the personal information of minors under 16 years of age.
  • Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information.
  • Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held). You can contact us to learn more about the circumstances in which this is relevant by emailing us at privacy@marqeta.com

You may receive marketing email communications from us where permissible. If you would like to stop receiving these communications, you can update your preferences by using the “Unsubscribe” link found in those emails.

In some jurisdictions, you may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

Additional instructions on how to contact us are located in the “How to Make Inquiries” section below. When contacting us about a rights request, please identify yourself and specify your request. We will consider all requests and provide our response within a reasonable period (i.e., within one month of your request unless we tell you we are entitled to a longer period under applicable law). We may ask you to provide additional verification information in order to assist you with your request. The additional information we may need will depend on the nature of your request. Depending on your jurisdiction we may be allowed to decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or conflict with our legal obligations. If we decline your request, we will notify you of the rationale for declining and the exception that applies that enables Marqeta to decline to process your request. In some jurisdictions, you may have the right to appeal any denial of a rights request, subject to applicable laws. To request to do so, please email us at privacy@marqeta.com

Marqeta Services may provide links to (or links from) websites and apps run by other companies or other third-party properties, none of which are governed by this Privacy Notice. This Privacy Notice does not apply to any third-party website, app, or online product, service, feature, or businesses you may access from the Services or elect to use. Marqeta is not responsible for third-party content or data practices. We strongly encourage you to review the privacy notices of those third-party properties carefully.

For more information on our cookies and similar identification technologies, please see our Cookies and Related Technologies Notice.

If you have any inquiries about our collection, use, or storage of your personal data, or if you wish to exercise any of your rights in relation to your personal information, please send us an email at privacy@marqeta.com. Marqeta’s Data Protection Officer can be reached at privacy@marqeta.com. Inquiries can also be directed to ATTN: Privacy Legal, 180 Grand Ave, Oakland, CA 94612.

Launch your next payment innovation

Let’s talk and see how we can help.

Launch your next payment innovation

Let’s talk and see how we can help.