Last updated January 8, 2019.
Collection of Personal Information
Information submitted by you: We collect personal information from visitors to the website through the use of online forms or when you correspond with us via email or other means of communication.
What we collect: Contact details including name, telephone numbers, job title, department, email address, office location, and postal address.
Why we collect: To respond to correspondence and inquiries you send us. In some cases, to gather information needed to provide products and services requested by you or your employer. To obtain your feedback regarding our products and services. To send you information about our products and services where we are permitted to do so.
What we collect: User credentials including name, email address, and personal information you provide to us in a profile.
Why we collect: To set up and maintain your user account. To monitor and enforce compliance with our contractual terms.
Preferences and interests
What we collect: Your preferences and interests, for instance which topics you would like to learn more about.
Why we collect: To enable us to send you tailored information on our products and services across our departments that may be of interest to you.
What we collect: Feedback from you about the nature of the quality of our services.
Why we collect: To improve our services.
What we collect: Information provided by you when you correspond with us.
Why we collect: To respond to correspondence and enquiries you send us.
Information collected through technology: When you visit the website, we or our service providers will collect certain information about your location, computer, or device through your web browser and technology such as cookies, web beacons, or other tracking/recording tools. Specifically, the information we collect automatically includes details like your IP address, device type, unique device identification numbers, browser type, broad geographic location (i.e., country- or city-level location), page views, time on page, "click stream" data, pointer location data, and other technical information. We also collect information about how your device has interacted with our website and products, including the pages and products accessed and links clicked. In some countries, including in the European Economic Area (EEA), this information is considered personal information under applicable data protection laws.
Collecting this information enables us to better understand the visitors who come to our website and the users of our products and services, including where they come from and what content on our website, products, and services is of interest to them. We use this information:
Some of this information may be collected using cookies and similar tracking technology, as explained under the heading “Cookies and Similar Tracking Technology".
Information we obtain from third-party sources: From time to time, we may receive personal information about you from third-party sources, but only when we have verified that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
The types of information we collect from other third parties include details about your organization (place of employment): company HQ, company addresses, industries, website technologies used, social media followers, stock ticker, number of employees, number of offices, company status (public or privately held), and funding raised. We may also collect personally identifiable information about you in respect to your place of employment: name, job title, work email address, phone number, social media networks, and work address. For example, we collect personal information from marketing vendors, social media sources, third-party conferences, and other sources to the extent permitted by applicable law. We use the information we receive from these third parties to market our products and services across our departments to you, to supplement personal information we have for purposes such as maintaining and correcting our records, adding supplemental data fields, and similar reasons to enhance the delivery of our products and services to you.
Sharing of Personal Information
We may disclose your personal information to the following categories of recipients:
Learn More Below
Our group companies
Third-party service providers
We provide personal information to third-party service providers (such as IT service providers) who provide data-processing services to us.
We provide personal information to any competent law enforcement body, regulators, government agencies, courts, or other appropriately empowered third-party government entities where we believe disclosure is necessary (i) as a matter of applicable law or regulation, including to meet national security or law enforcement requirements, (ii) to exercise, establish, or defend our legal rights, or (iii) to protect your vital interests or those of any other person with your consent to the disclosure.
Legal Basis for Processing Personal Information (EEA Visitors / Users Only)
Learn More Below
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Where we send you communications regarding our products or services from our different departments and affiliates that may be of interest to you, we do so based on your consent, if and when required by applicable law.
Cookies and Similar Tracking Technology
You must be aged 13 or over to purchase products or services from us. Our website and services are not directed at children and we do not knowingly collect any personal information from children.
If you are a child and we learn that we have inadvertently obtained personal information from you from our website, or from any other source, then we will delete that information as soon as possible.
Please contact us at email@example.com if you are aware that we may have inadvertently collected personal information from a child.
We use appropriate technical and organizational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
Marqeta is Level 1 PCI-DSS Certified, which means that we receive the highest level of scrutiny due to the volume of transactions that we process. The PCI-DSS Security Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around card holder data to reduce credit card fraud. Validation of this compliance is performed annually by an external Qualified Security Assessor (QSA) that creates a Report on Compliance for our organization.
An example of the PCI Standards that we apply is to encrypt card holder data both in transit and at rest. Physical access controls to premises, least-privileged access principles, staff training, anti-virus software, application and hardware firewalls, system hardening, and many other security mechanisms are in place to mitigate the risk of unauthorized access and/or data leakage.
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our servers are located in the USA, which may be located outside of the jurisdiction where we collected the data. This means that when we collect your personal information, we may transfer it to or process it in the USA.
Our group companies, third-party service providers, product content providers, and partners (with whom we may share personal information as described above) are located in and transfer personal information to various jurisdictions around the world.
Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting us at firstname.lastname@example.org at any time.
We retain personal information we collect from you where we are legally required to do so, or we have an ongoing legitimate business need to do so (for example, to provide you with a product or service you have requested, as set forth in our information governance procedures, or to comply with applicable legal, tax, or accounting requirements).
When we have no ongoing legal requirement or legitimate business need to process your personal information, we follow our information governance procedures and either delete or anonymize your personal information; if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If you wish to receive further information about the period of time for which we will process your personal information, please contact email@example.com.
Your Data Protection Rights – Access and Limiting Use and Disclosure
Your rights include the right to access, correct, update or request deletion of your personal information. You also have the right to withdraw any consent you have provided to us in respect of our use of your personal information. You have the following data protection rights:
We will consider all such requests and provide our response within a reasonable period (i.e., within one month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise, or defend legal claims.
Further Questions and How to Make a Complaint
In compliance with the Privacy Shield Principles, Marqeta commits to resolve complaints about our collection or use of your personal information.
If you have any inquiries or complaints about our collection, use, or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please send us an email at firstname.lastname@example.org. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.
EU individuals with inquiries or complaints regarding the Privacy Shield Framework should first contact Marqeta at email@example.com. Marqeta has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. EU individuals may also make a complaint to the Information Commissioner's Office in the UK, or the data protection regulator in the country where they usually live or work, or where an alleged infringement of the General Data Protection Regulation has taken place. Alternatively, they may seek a remedy through the relevant European courts if they believe their rights have been breached.
Marqeta is subject to the investigatory and enforcement powers of the United States Federal Trade Commission and/or the United States Department of Transportation.
An individual may invoke binding arbitration, at her or his own cost, subject to the procedures set forth in the Privacy Shield Framework.