Lighthouse Development Program Privacy Notice
Effective Date: 25 May 2018
The Lighthouse Development Program was established as a joint effort between Mastercard and NFT Ventures. Mastercard Europe SA, its affiliates and other entities within the Mastercard’s group of companies (“Mastercard”) and NFT Ventures (“NFT”) act as data controllers with respect to the processing of your Personal Data as described in this Privacy Notice. Mastercard and NFT respect your privacy.
Mastercard and NFT are collectively referred to throughout this Privacy Notice as “we” (or “us”).
This Privacy Notice applies to the processing of Personal Information collected in the context of the Lighthouse Development Program (the “Program”) as well as to the https://www.mclighthouse.com/ website (the “Website”). This Privacy Notice does not cover the collection and use of your Personal Information by Mastercard or NFT in the context of other programs, by third parties on other Mastercard branded websites, by your Mastercard Card issuers (e.g., your bank), or any other information or communications that may reference Mastercard outside of the Program or NFT Ventures’ official webpage.
This Privacy Notice describes the types of Personal Information we collect in connection with the Program, the purposes for which we collect that Personal Information, the other parties with whom we may share it and the measures we take to protect the security of the data. It also tells you about your rights and choices with respect to your Personal Information, and how you can reach us to update your contact information or get answers to questions you may have about our privacy practices.
Your registration to the Program, participation in events and interaction with Mastercard or NFT in the context of the Program are subject to this Privacy Notice. Children under the age of 16 are not eligible to use the Program. For more information about Mastercard’s privacy practices, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html.
1. Personal Information We May Collect
We may collect the following Personal Information:
- Registration information and contact details.
- Content posted within the Program or on the Program website.
- Information related to your use of the Website collected via cookies and other similar technologies.
For the purpose of this Privacy Notice, “Personal Information” means any information relating to an identified or identifiable individual. In connection with the Program, we obtain Personal Information relating to you from various sources described below.
If you do not provide the Personal Information in the required fields (including first/last name, email address, telephone number, job title or function, you may not be able to register with the Program or attend events as that information is necessary to enroll you.
a. Personal Information Provided by You
When you register for the Program, we ask you to provide certain Personal Information, such as your name, e-mail address, place of employment, telephone number, job title or function
When you use the Program, we may also collect the content you post within the Website, or that you provide via the Program (i.e., comments, photos, replies to surveys, messages, questions).
If you are a speaker, exhibitor, or sponsor of one our events, we may pre-populate the Program with personal information that you provide to us about your participation in the event via conference registration or otherwise with your consent. If you are a speaker, we may collect your name, company name, title and photo. If you are an exhibitor or sponsor, we may collect your designated employee name, title, company name and logo, photo, booth information, and/or company contact information.
b. Personal Information Provided by Other Program Users
Other users of the Program may provide personal information about you through the Program. We may collect personal information about you posted by other users in the Program, such as comments or photographs that concern you.
c. Personal Information Obtained from Your Interaction with the Program
2. How We May Use Your Personal Information
We may use your Personal Information to:
- Communicate with you.
- Provide, improve and develop the Program.
- Send you updates about the program and related activity
- Protect against fraud and ensure safety and security.
- Comply with our legal obligations
We may use the Personal Information we obtain about you to:
- Communicate with you through the Program, by email or other means.
- Provide you with: information about the event that you are attending, including via email; general event information; schedule reminders; and meeting room or venue changes.
- Respond to and process your inquiries, complaints, disputes.
- Protect against and prevent fraud; unauthorized activity; and claims and other liabilities; and manage risk exposure.
- Perform auditing, research, and analysis in order to maintain, protect, and improve our services.
- Operate, evaluate and improve our business (including by developing new products and services; managing our communications; determining the effectiveness of our advertising; analyzing our products, services, and websites; facilitating the functionality of our websites and mobile applications; and performing accounting, auditing, billing, reconciliation, and collection activities).
- Comply with applicable legal requirements and industry standards and our policies.
We will only process your Personal Information for the above purposes when we have a valid legal ground for the processing, including if:
- You consented to the use of your Personal Information.
- We need your Personal Information to respond to your inquiries.
- The processing is necessary for compliance with a legal obligation.
- We, or a third party, have a legitimate interest in using your Personal Information, such as to ensure and improve the safety, security, and performance of our products and services, to protect against and prevent fraud, [and] to anonymize Personal Information.
3. How We Share Your Personal Information
We may share Personal Information with:
- Mastercard’s headquarters in the U.S., our affiliates and other entities within Mastercard’s group of companies.
- NFT affiliates in Finland.
- Service providers acting on behalf of Mastercard or NFT.
- Other Program users, for example to enable the exchange of contact information.
- Third parties in the event of a sale or transfer of Mastercard’s or NFT’s business or assets, or for other lawful purposes.
We do not share or otherwise disclose Personal Information we collect about you, except as described in this Privacy Notice or otherwise disclosed to you at the time the data is collected.
We may share the Personal Information we collect with our headquarters and affiliates.
We also may share Personal Information with service providers who perform services on behalf of Mastercard or NFT and in relation to the purposes described in this Privacy Notice, such as companies that develop and support the operation of the Program, and send email or other electronic communications. We require these service providers by contract to only process Personal Information in accordance with our instructions and as necessary to perform services on our behalf or comply with legal requirements. We also require them to safeguard the security and confidentiality of the Personal Information they process on our behalf by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Personal Information.
We also may disclose Personal Information about you: (i) if we are required to do so by law or legal process, (ii) in response to a request from a court, law enforcement authorities, or government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
We also reserve the right to transfer Personal Information we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Notice.
4. Your Rights and Choices
Subject to applicable law, you have the right to:
- Access your Personal Information, rectify it, restrict or object to its processing, or request its deletion.
- Receive the Personal Information you provided to us to transmit it to another company.
- Withdraw any consent provided.
- Where applicable, lodge a complaint with your Supervisory Authority.
You may submit a request as described in the “Contact Us” section
Subject to applicable law, you have the right to:
- Request access to and receive information about the Personal Information we maintain about you, to update and correct inaccuracies in your Personal Information, to restrict or to object to the processing of your Personal Information, to have the information anonymized or deleted, as appropriate, or to exercise your right to data portability to easily transfer information to another company. In addition, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
- Opt out from receiving marketing communications by clicking on the unsubscribe link contained in such communications.
Those rights may be limited in some circumstances by local law requirements.
To exercise your rights, you can contact us as specified in the “Contact Us” section below.
The Program is not intended for children, and Mastercard does not knowingly collect information from persons younger than the age of sixteen (16). If we learn that we have inadvertently collected information from a person younger than the age of 16, we will take commercially reasonable efforts to delete that information.
5. How We Protect Your Personal Information
We maintain appropriate security safeguards to protect your Personal Information and only retain it for a limited period of time.
We maintain appropriate administrative, technical, and physical safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. We restrict access to Personal Information about you to those employees who need to know that information to provide products or services to you.
We also take measures to delete your Personal Information or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it in the context of the Program or when you request their deletion, unless we are required by law to keep the information for a longer period. When determining the retention period, we take into account various criteria, such as the type of products and services requested by or provided to you, the nature and length of our relationship with you, possible re-enrolment with the Program, the impact on the services we provide to you if we delete some information from or about you, mandatory retention periods provided by law and the statute of limitations.
6. Data Transfers
We may transfer your Personal Information outside of the EEA.
We may transfer or disclose Personal Information we collect about you to recipients in countries other than your country, including to the United States. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer or disclose your Personal Information to other countries, we will protect that information as described in this Privacy Notice.
We comply with applicable legal requirements providing adequate safeguards for the transfer of Personal Information to countries other than the country where you are located.
In particular, Mastercard has established and implemented a set of Binding Corporate Rules (“BCRs”) that have been recognized by EEA data protection authorities as providing an adequate level of protection to the Personal Information Mastercard processes globally. A copy of the Mastercard BCRs is available here. Mastercard may also transfer Personal Information to countries for which adequacy decisions have been issued, use contractual protections for the transfer of Personal Information to third parties, such as the European Commission's Standard Contractual Clauses, or rely on third parties’ certification to the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks where applicable.
You may contact us as specified in the “Contact Us” section below to obtain a copy of the safeguards we use to transfer Personal Information outside of the EEA.
7. Features and Links to Other Websites
You may choose to use certain features for which we partner with other entities that operate independently from Mastercard and NFT Ventures.
You may choose to use certain features for which we partner with other entities, or click on links to other websites for your convenience and information. These features, which may include social networking services, geographic location tools, and other websites, may operate independently from Mastercard or NFT. They may have their own privacy notices or policies, which we strongly suggest you review. To the extent any features or linked websites you visit are not owned or operated by Mastercard or NFT, we are not responsible for these websites’ content, use, or privacy practices.
8. Updates to This Privacy Notice
This Privacy Notice may be updated periodically to reflect changes in our privacy practices.
This Privacy Notice may be updated periodically to reflect changes in our Personal Information practices. We will notify you of any significant changes to our Privacy Notice and indicate at the top of the notice when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may inform you.
9. How to Contact Us
You can e-mail Mastercard at firstname.lastname@example.org.
You can e-mail NFT at: email@example.com
Mastercard Europe SA and NFT Ventures are the entities responsible for the processing of your Personal Information. You may submit your request to exercise your rights with respect to the processing of your Personal Information by contacting Mastercard or NFT as described below.
If you have any questions or comments about this Privacy Notice or if you would like to exercise your rights or to update the information Mastercard has about you or your preferences, you may contact Mastercard by email at firstname.lastname@example.org or write to Mastercard at:
Data Protection Officer
Mastercard Europe SA
Chaussée de Tervuren 198A
If you have any questions or comments about this Privacy Notice or if you would like to exercise your rights or to update the information NFT Ventures has about you or your preferences, you may contact NFT Ventures by email at email@example.com or write to NFT Ventures at:
Birger Jarlsgatan 5
Sweden 111 45
For more information about Mastercard’s privacy practices, please visit Mastercard’s Global Privacy Notice at https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy.html.