Marqeta Privacy Notice
Last Updated and Effective on December 2022
Marqeta, Inc. and its affiliates, Marqeta UK LTD, Marqeta Australia Pty Ltd, and Marqeta Singapore Pte. Ltd., (collectively, “Marqeta”, “we”, “our”, or “us”) are committed to protecting your personal information and privacy rights. This Privacy Notice (or “Notice”) describes how we collect, use, and share your personal information when you use our Services. We seek to clearly explain to you what personal information we collect, how we use it and what rights you have in relation to it, and we hope you take the time to read through this Notice carefully.
For purposes of this Notice, our Services (“Services”) include any access, use, interaction, or engagement you have with Marqeta via our websites, apps, online features, social media platforms, customer service channels, dashboards, developer community, and sandboxes. By using our Services you acknowledge that you have read and understand this Notice.
This Privacy Notice applies only to Marqeta Services that display or reference this Notice. It does not apply to any Marqeta websites, tools or platforms that display or reference a different privacy notice. For example, if you apply for a job with Marqeta, the personal information provided in your job application will be treated in accordance with our Applicant and Candidate Privacy Notice and not this Notice. This Notice will also not apply to personal information Marqeta processes on behalf of other companies to whom we provide our products and services. In those instances, your personal information will be handled in accordance with our agreements with such other companies and such other companies’ privacy notices.
We may also provide you with supplemental privacy notices in connection with the provision of certain Services. These supplemental notices describe our data collection, use, and sharing practices for specific activities in more detail, and in some cases may differ from the terms of this Notice. In the event of any conflict with this Notice, supplemental privacy notices will govern the specific activities to which they apply, unless we state otherwise in the supplemental notice.
Personal Information We Collect
How We Use Personal Information
Information Sharing and Disclosure
Information Retention
Bases for Processing Personal Information
Information Security
Global Data Protection
Your Rights and Choices
Third-Party Websites and Services
Cookies and Related Technologies
Changes to this Privacy Notice
Personal Information We Collect
Below we describe the categories of personal information Marqeta may collect depending on the context of our interaction(s) with you. These categories include information you provide directly to us, information created or collected during your use of the Services, inferences we make about you when you communicate with us or use the Services, and information we obtain from other sources, such as third-party service providers and public databases.
| Categories of Personal Information We Collect | |
Claim or Dispute Information | Personal information you provide when you correspond with us about a claim or dispute, such as your name, contact information, or transactional information. |
Communications Data/ User Content | Personal Information you provide when you communicate with us, including by phone call, chat, email, “contact us” forms, or social media. This may include your feedback, photographs, or recordings. |
Contact details | Personal and business contact information, such as your name, telephone number, job title, department, email address, office location or postal address, and language preference. |
Device Information | Information collected automatically about your computer or device through your web browser and other technologies, such as cookies, web beacons, or other tracking/recording tools, such as your IP address, device type, unique device identification numbers, or browser type. |
Identity Verification | Information about your business, including personal information about control persons and beneficial owners or other information used to verify identification. |
Location Information | Information about your geographic location (country or city-level) inferred from your device data, such as an IP address. |
Inferences | Information about your preferences and interests that we infer from your personal information and your use of our Services, such as the topics you would like to learn more about. |
Publicly Available Information | Information obtained from public sources and databases, such as your current place of employment. |
Usage Information | Information about how your device has interacted with our website and products, including the pages and products accessed and links you clicked on.We also collect certain information automatically when you use our Services, such as Internet page views, time spent on a page, “click stream” data, location information, and other technical usage information. |
User Credentials | Information you provide to us when you create a profile, such as a user ID, email address, name, password, authentication, and profile information. |
Information Obtained From Third-Party Sources | We may collect some of the personal information described above from third parties, such as marketing vendors, social media sources, participation in industry conferences and events, and other sources to the extent permitted by applicable law, including: 1) data brokers and aggregators from whom we obtain data to supplement the information we collect; 2) third-party applications and services, including social networks you choose to connect with or interact with through our services; 3) partners with whom we offer co-branded services or engage in joint marketing activities; 4) third parties that collect or provide information in connection with work they do on our behalf; and 5) public sources of information, such as open government databases. |
How We Use Personal Information
We use the personal information we collect for the purposes described in this Notice or as otherwise disclosed to you in a supplemental notice. For example, we may use any of the above categories of information to:
Provide the Services to you, including to create and manage an account for you
Verify your identity
Maintain, improve and enhance the delivery of our Services
Better understand website visitors and the users of our Services, including where they come from and what content is of interest
Provide information related to new products, software updates, upgrades, and system enhancements
Market and advertise our Services across different forums, including sending you informational and marketing materials and promotions, where permitted by applicable law
Obtain your feedback
Respond to correspondence and inquiries
Provide support and customer service
Run contests, sweepstakes or other promotional activities, where permitted by applicable law
Monitor and enforce compliance with our policies, applicable laws and regulations, and contractual terms
Information Sharing and Disclosure
We may disclose your personal information to the following categories of recipients:
Affiliates: We may provide your personal information to our global affiliates. We share information with our affiliates so they can help us deliver our services or conduct data processing on our behalf.
Third-Party Service Providers: We may provide your personal information to our third-party service providers (such as IT service providers) who perform certain functions for us and will process your personal information on our behalf.
Parties in a Corporate Transaction or Proceeding: We may share personal information with actual or prospective parties to an actual or potential corporate transaction or proceeding, including their representatives and other relevant participants in or during negotiations of any sale, merger, acquisition, restructuring, bankruptcy, dissolution, or a change in control, divestiture, or sale involving all or a portion of Marqeta’s business or assets.
We may also access, transfer, use, disclose, and preserve personal information when we believe that doing so is necessary to:
Comply with applicable law or respond to valid legal process, including from law enforcement, supervisory or regulatory authorities, or other government agencies
Protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone
Operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks, or
Protect the rights or property or ourselves or others, including enforcing our agreements, terms, and policies.
For information about the safeguarding measures we implement when sharing personal information with entities outside of regions where you may reside, please see the “Global Data Protection” section below.
We do not sell your personal information to third parties for the purposes of them marketing third-party products or services directly to you.
Information Retention
We retain personal information for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different types of information and the different Services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the information, the availability of automated controls that enable users to delete information, and our legal or contractual obligations.
If you wish to receive further information about the period of time for which we retain your personal information, please contact privacy@marqeta.com.
Bases for Processing Personal Information
Applicable law in certain jurisdictions requires us to set out in this Privacy Notice the legal bases upon which we rely when we collect and process personal information as a data controller (i.e., when information is collected or processed for our own purposes). When we collect and process personal information on behalf of our customers or other parties (for example, when we process information solely to provide a service to a customer), we are typically acting as a data processor and rely on our customer’s legal basis for processing.
We rely on different lawful bases for collecting and processing personal information about you in different circumstances, for example:
Consent. We may process your personal information where we have received your explicit consent to do so.
Contract. We may process your personal information as necessary to perform our obligations under any contract with you (for example, to complete a transaction you initiate with us or to fulfill the terms of use of our website).
Legal Obligations. We may process your personal information as necessary for complying with our legal obligations (for example, to conduct sanction checks or respond to valid legal process).
Legitimate Interests. Where another lawful basis does not apply, we may process your personal information where necessary to achieve our legitimate interests or the legitimate interests of others (for example, to respond to inquiries or provide support, to operate and develop our business, to protect against fraud, or to ensure the security of our Services). If we rely on this lawful basis, we undertake a balancing test to ensure that our legitimate interests are not outweighed by your interests and fundamental rights.
When we rely on consent as the basis for our processing, you can request to withdraw or partially revoke your consent any time by contacting us at privacy@marqeta.com or by following the instructions for revoking your consent contained within communications we send you. We honor such requests as required by applicable laws.
If you have questions about or need further information concerning the legal basis we rely on to process your personal information, please contact us via email at privacy@marqeta.com.
Information Security
We use reasonable and appropriate technical and organizational security measures to protect the personal information that we collect and process about you.
To help us protect personal information, we request that you use a strong password with our Services and never share your password with anyone or use the same password with other sites or accounts.
Global Data Protection
We align our practices to applicable data protection and privacy laws wherever we do business. In the event an applicable data protection or privacy law requires any action or imposes any standard more stringent than this Notice, the requirements of that law shall control and take precedence over the requirements of this Notice.
Your personal information may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We take steps designed to ensure that the personal information we collect under this Notice is processed and protected according to the provisions of this Notice and applicable law wherever the information is located.
Residents of the European Economic Area, UK, and Switzerland should note that we may also transfer personal information from these jurisdictions and countries to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection. When we do so, we use a variety of mechanisms, including standard contractual clauses, to help ensure your rights and protections. To learn more about the European Commission’s decisions on the adequacy of personal information protections, please visit Adequacy Decisions.
Further details on how we protect your personal information are available by request by contacting us at privacy@marqeta.com.
Your Rights and Choices
Depending on your state or country of residence, you may have some or all of the following rights:
Right of access. You may have the right to request copies of the personal information that we hold about you and to receive information from us about how your information is used.
Right of erasure. In certain circumstances, you may have the right to require us (or any parties with whom we have shared your information) to delete the personal information that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
Right to object to or opt-out of processing. You may have the right to request that Marqeta stop processing your personal information or that we restrict processing of your personal information in certain circumstances. For example, you may receive marketing email communications from us. If you would like to stop receiving these communications, you can update your preferences by using the “Unsubscribe” link found in those emails.
Right of portability. You may have a right to obtain and reuse your personal information for your own purposes or across different services, including so that you can provide or “port” that information to another provider.
Right to correction. You may have the right to require us to correct any inaccurate or incomplete personal information.
Right to lodge a complaint. You may have the right to complain to your local Data Protection Authority about our collection and use of your personal information. If you reside in the EU, you can find information about your local Data Protection Authority by visiting: EU National Data Protection Authorities.
Please refer to the Contact Us section below to contact us if you would like to exercise any of your rights. Marqeta does not discriminate against individuals who exercise their rights under applicable laws and regulations
When contacting us about a rights request, please identify yourself and describe your request in sufficient detail to enable us to properly understand, evaluate, and respond to it. We will consider all requests and provide our response within a reasonable period in accordance with applicable laws. Please note that we cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request or confirm the personal information we hold relates to you. To verify your identity, we will seek to match the information you provide when you submit your request to any personal information we already maintain, and we may ask you to provide additional verification information in order to assist you with your request.
In some jurisdictions, you may designate, in writing or through a power of attorney, an authorized agent to make requests to exercise rights on your behalf. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized them to act on your behalf. Please note, we may deny a request from your authorized agent if they do not submit proof that they have been authorized by you to act on your behalf. We may also require you to verify your identity directly with us.
We may decline to process certain requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or conflict with our legal obligations. If we decline your request, we will notify you of the rationale for declining. In some jurisdictions, you may have the right to appeal any denial of a rights request, subject to applicable laws.
Third-Party Websites and Services
Marqeta Services may provide links to (or may be linked from) websites and apps run by other companies or other third-party properties, none of which are governed by this Privacy Notice. This Privacy Notice does not apply to any third-party website, app, or online product, service, feature, or businesses you may access from the Services or elect to use. Marqeta is not responsible for third-party content or information practices. We strongly encourage you to review the privacy notices of those third-party properties carefully.
Cookies and Related Technologies
For more information on our cookies and similar identification technologies, please see our Cookies and Related Technologies Notice.
Changes to this Privacy Notice
Changes to this Notice may be made periodically to reflect changes to our information handling practices or relevant laws. If the changes we make are material, we will provide you with prior notice and/or obtain consent regarding such changes in accordance with applicable laws. If the changes we make are not material, this Notice will be updated by posting an updated version on our website. You can tell when this Notice was last updated by looking at the date at the top of the Notice.
Contact Us
If you have any inquiries about our collection, use, or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information or to contact Marqeta’s Data Protection Officer, please send us an email at privacy@marqeta.com.
Inquiries can also be directed to us by mail at:
Marqeta, ATTN: Legal - Privacy, 180 Grand Ave, Oakland, CA 94612, USA
