EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 10/2/2017
Next Certification Due Date: 10/1/2020
Data Collected: NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 10/3/2018
Next Certification Due Date: 10/1/2020
Data Collected: NON-HR

Purpose of Data Collection

EMVCo collects personal data from our subscribers, event attendees, mailing list recipients, as well as website visitors. The personal data we collect is typically contact information and payment information (processed by a third party payment processor), as well as any other personal data our users choose to submit to us. We may use personal data to: operate our website and services; provide support or to carry out the service(s) that have been requested or authorized; troubleshoot issues and provide users with effective customer service; distribute messages concerning specification updates and news about EMVCo; to prevent and detect fraudulent behavior or illegal activities, or for such other purposes as required or permitted by law. EMVCo partners with and occasionally hires other companies to provide services on its behalf. Personal data may be shared with these companies; however, the use and amount of personal data shared is limited to the purpose for collection. These third parties are required to maintain the confidentiality and security of personal data and are required to observe certain safeguards when transferring personal data.

Privacy Policy

Non-HR Data


EMVCo Privacy Policy Last Updated: October 2, 2019 Your privacy is important to EMVCo. This privacy policy (“Policy”) applies to the information about you collected by EMVCo, LLC (“EMVCo” or “we”) when you use our Web sites or otherwise interact with us, and explains how we collect, use, and disclose this information. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the Policy and, in some cases, we may provide you with additional notice (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Policy whenever you access the web sites and services or otherwise interact with us to stay informed about our information practices and the choices available to you. COLLECTION OF INFORMATION Information You Provide to Us We collect information you voluntarily provide to us. For example, we collect your name, postal address, email address, phone number, and other information you provide to us when you register for a subscription, register for or attend meetings, fill out a form or survey, submit orders, sign up to receive email notices, request customer support, or submit queries or comments. If you use a paid subscription or service, purchase an item, or submit an order, our payment-processing vendor collects your payment method information. We also collect information when you participate in any interactive features of the web sites, fill out a form, communicate with us, fill out a survey, submit queries, request customer support or otherwise communicate with us. Information About Your Use of the Services Automatically Collected Information When you access or use our web sites, we automatically collect information about you, including: • Log File Information. It is standard for your Web browser to automatically send log file information to every Web site you visit including ours. That information includes the type of browser you use, access times, pages viewed, your IP address, and the page you visited before navigating to our web site. • Device Information We collect information about the computer or mobile device you use to access our web sites, including the hardware model, operating system and version, unique device identifiers, and mobile network information. • Information Collected by Cookies and Other Tracking Technologies. We and our service providers use various technologies to collect information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our web sites and your experience, see which areas and features of our web sites are popular and count visits. Web beacons are electronic images that may be used on our web sites or emails and help deliver cookies, count visits and understand usage and campaign effectiveness. For more information about cookies and how to disable them, please see “Your Choices” below. Information We Collect from Other Sources We obtain information from other sources and combine that with information we collect through our web sites and services. For example, we collect information about you from third parties, including but not limited to export control and restricted list verification services if your request may trigger those obligations. USE OF INFORMATION We use the information we collect to: • provide, maintain, personalize and improve our web sites and services, as well as our events and operations; • process any purchase transactions or meeting registrations; • respond to your comments and queries and provide customer service; • monitor and analyze trends, usage and activities in connection with our Web sites and services; • personalize our web sites, services and features and to improve your experience on our web sites and services, such as providing content or features to match your registration information and making the sites or services easier to use; • deliver your EMVCo subscription communications and other services and content you request and to send you information related to your subscriptions and services, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages; • send you information about specification releases, new program benefits and features, promotions, upcoming events such as user group or vendor meetings, and other news about products and services offered by EMVCo and others we think may be of interest to you; • link or combine it with information we get from others to help understand your needs and provide you with better service; • send you technical notices, updates, security alerts and support and administrative messages; and • detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of EMVCo and others. SHARING OF INFORMATION EMVCo’s participation programs by their nature facilitate sharing of certain limited non-sensitive information among its participants to foster program communications and deliver benefits, services and events. For example, we post lists of meeting attendees to be shared with other participants. Except as described above, EMVCo will only share information about you with third parties as follows: • with third party vendors, consultants and other service providers who are working on our behalf and need access to your information to carry out their work for us; • in response to a request for information if we believe disclosure is in accordance with, or otherwise required by, any applicable law, regulation or legal process; • if we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property and safety of EMVCo, our agents, members, and others, including to enforce our agreements, policies and terms of use; • in connection with, or during negotiations of, any merger, sale of company assets, financing or acquisition of all or a portion of our business to another company. If such a transaction is completed, we will provide notice that we have transferred the information we collected to another company; and • with your consent or at your direction. TRANSFER OF INFORMATION TO THE U.S. AND OTHER COUNTRIES EMVCo is based in the United States and we process and store information in the U.S. As such, we and our service providers may transfer your information to, or store or access it in, jurisdictions that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it. We comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”) with respect to personal data we process from the EU and Switzerland and transfer to the United States. For more information about the Privacy Shield, and to view our certification, please visit the Privacy Shield website. We remain responsible and liable under the Privacy Shield for any personal data that we share with third parties for external processing on our behalf, as described in the “Sharing of Information” section above, unless we prove we are not responsible for the event giving rise to the damage. If you have an inquiry regarding our adherence to the Privacy Shield, we encourage you to contact us. We are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. You may also refer your complaint free-of-charge to JAMS, our designated Privacy Shield dispute resolution provider. In certain circumstances, the Privacy Shield provides the right to invoke binding arbitration to resolve complaints (see Annex I to the Privacy Shield Principles for more details). ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE If you are a resident of the European Economic Area or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data. Legal Basis for Processing When we process your personal data we will only do so in the following situations: • We need to use your personal data to perform our responsibilities under a contract with you such as processing payments for providing the EMVCo services you have requested. • We need to use your personal data to comply with legal obligations we have such as satisfying export control list requirements. • We have a legitimate interest in processing your personal data. For example, we may process your personal data to send you informational emails, to communicate with you about changes to our web sites and services, and to provide, secure, and improve our web sites and services. • We have your consent to do so. When consent is the lawful basis for our processing, you may withdraw such consent at any time. Data Subject Rights Requests You have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you can log into your EMVCo account. Alternatively, you may contact us as indicated below. Questions or Complaints If you are a resident of the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see:, or for Swiss residents, see YOUR CHOICES • Account information. You may update, correct or delete information about you at any time by logging into your online account or by contacting us. If you wish to delete or deactivate your account, please contact us, but note that we may retain certain information as required by law or for legitimate business purposes. We may also retain cached or archived copies of information about you for a certain period of time. • Promotional emails. You may “opt-out” of receiving promotional emails from EMVCo by following the instructions in those emails or by contacting us. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations. • Cookies. Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our web sites. DATA RETENTION We store the information we collect about you for as long as is necessary for the purpose(s) for which we originally collected it. We may retain certain information for legitimate business purposes or as required by law. QUESTIONS If you have any questions about this Policy, please contact us. Alternatively, you may write to us at EMVCo, 901 Metro Center Boulevard, Mailstop M3-3D, Foster City, California, 94404, USA.

Effective Date: 10/2/2019

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact EMVCo, LLC at:

Julie Peterson
EMVCo Legal Secretariat
900 Metro Center Boulevard
Foster City, California 94404
Fax: 650-362-2334

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from EMVCo, LLC to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against EMVCo, LLC regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission