Skip to main content
midnight shape and orange half circle

Global Privacy Center

Find out more about our privacy practices and how we work to keep your information protected.

Global Privacy Policy

Find out more about our privacy practices and how we work to keep your information protected.

Global Privacy Policy

Online Privacy Statement

This Online Privacy Statement describes how DFS Services LLC and its subsidiaries, including but not limited to, Diners Club International LTD and PULSE Network LLC (collectively, “we”, “our”, “us” and “Discover”; individually, a “Network”) treat your information on the sites on which this Online Privacy Statement appears ("Mobile App" or "Website"), as well as when you interact with us on social media sites (in each case, “Online Services”).

Please note that other Discover services, websites, applications and geographic regions may have different privacy practices. In those cases, we will display a different privacy statement that applies when you interact with those services, websites, applications and geographic regions. Please review the applicable privacy statement.

Our Online Services collect personal data.

We collect personal data from certain users of Online Services, such as a cardholder, natural person associated with, and acting on behalf of a merchant, issuer, acquirer, processor or other Participants to whom we offer a payment solution and/or card acceptance. Information about an entity including a Participant will only constitute personal data if the entity is a natural person or sole proprietor/sole trader/sole proprietorship.

In order to support card acceptance, resolve inquiries or improve customer experience, we, our agents, or our Service Providers may collect personal data from a merchant, issuer or other Participant including a merchant’s representative in a number of instances including, for example:

  • When a merchant directly or through an acquirer applies for payment card acceptance;
  • When an issuer, merchant or acquirer processes a card transaction as payment for goods or services or in exchange for cash;
  • When a sales representative is engaged to promote payment card acceptance or related products and services; and
  • When we allow cardholders, agents of acquirers, merchants, issuers, issuer processors, and other Participants to whom we offer a portal or a tool to support payment acceptance and/or related products or services.

The types of personal data that we collect, use and disclose depends on the Network, product or service that the merchant, issuer or other Participant receives from us and your relationship with the entity (e.g., owner, officer, director, and employee) and may include financial and related personal or business information including the following, as applicable:

  • Name, title and personal and business contact information including physical address, email address and telephone number;
  • IP address;
  • Card transactions, account number, account balances, transaction history, payment history and dispute information;
  • Date of birth; and
  • Other information with your consent or as permitted or required by applicable law.

Social Security Number Protection. Discover protects your Social Security number. Our policies and procedures:

  • Protect the confidentiality of Social Security numbers;
  • Prohibit the unlawful disclosure of Social Security numbers; and
  • Limit access to Social Security numbers to employees or others with legitimate business purposes.

These protections apply to all Social Security numbers collected or retained in any way by Discover in connection with customer, commercial, employee or all other relationships.

Security: How we Protect Your Data. We have implemented appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access to your data and to maintain data security. These safeguards take into account the sensitivity of the data that we collect, process and store. Technological safeguards that we implement to secure your data includes firewall protection, end-to-end encryption of your data while in transit, all the server connections made through one of our portals, such as the Online Dispute Resolution portal are HTTPS secured. Limit access to your data to specific and authorized personnel on a need-to-know basis.

Specific to the Online Dispute Resolution portal, we assume no liability or responsibility for disclosure of your data due to errors in transmission, unauthorized third-party access, or other causes beyond our control. You play an important role in keeping your Personal Data secure. You should not share your data with anyone. If we receive instructions using your data, we will consider that you have authorized such instructions. Further, notwithstanding anything contained in this Privacy Statement or elsewhere, we shall not be held responsible for any loss, damage or misuse of your data, if such loss, damage or misuse is attributable to any event that is beyond our reasonable control or is directly attributable to you.

Online data. We may also collect data about the browser, IP address, device (including device ID and advertising ID), and operating system you're using to digitally interact with us or to conduct or attempt a card transaction. We might look at what site you came from and/or the physical location where you conduct or attempt to conduct a card transaction, what you view within our Online Services, the length of time you visit the site, and/or what site you visit when you leave us. We may collect your electronic and/or physical location using a cellular network location, Wi-Fi networks, browser services, or data you provide.

We collect your data in the following ways:

  • Data are collected directly from you. We collect personal data you submit to us when you use our Online Services. We also collect personal data you submit through our Online Services, such as requests to enroll in offers, alerts, newsletters, promotions and prospective merchant referrals. We collect personal data when you complete an online survey, submit an online referral recommending that we or third parties contact a prospective merchant about card acceptance, respond to due diligence questionnaires, or when you click a link.
  • If using one of our portals such as the Online Dispute Resolution portal we may collect  non-personal data which refers to any personal data collected from you pursuant to your access/use of the Online Dispute Resolution Portal, including but not limited to data related to card transaction for which you are filing/filed a complaint including but not limited to transaction amount, transaction currency, transaction date, type of transaction, merchant name, in an “as is” manner.
  • We may also collect personal data that relates to you, which either directly or indirectly, in combination with other data available is capable of identifying you.  Personal data includes but is not limited to your name, account and card details, mobile number, email address, etc.
  • Data are collected passively. Our Online Services and some emails may use tracking tools like cookies and pixel tags. Learn how you can control cookies and tracking tools in the section “How to Manage Your Online Privacy Choices”.
  • We collect data from third parties, including social media sites. Our Business Partners and Service Providers may provide us data about you. We may collect personal data of merchants from others, such as cardholders, third-party providers of merchant information and location services, our affiliates or other companies, including those with whom you or the Participant purport to have or have had a business relationship, credit reports and third-party databases. We collect data about you when you interact with a Network on social media sites or other third-party websites such as YouTube, X (formerly known as Twitter), Facebook, Pinterest, LinkedIn, Instagram and Hoover.com. Your use of such site and which data each social media and other third-party site may share with us is subject to its privacy policies, terms of use, privacy and advertising settings. Never disclose any personal financial information on any social media site.

Our Online Services collect data about you to operate effectively and to provide our services and products. We may use your information to:

  • Send administrative information to you, such as changes to our terms, conditions, and policies;
  • Redressal of your dispute or grievance in relation to your account;
  • Provide you with customer support for any dispute, complaint, or questions;
  • Process and respond to your complaints, and requests;
  • Send alerts that you signed up for;
  • Send you communications in relation to a complaint/dispute/grievance registered by you on one of our portals;
  • Send you information about new products and special offers if you have chosen to opt in;
  • Send you newsletters or bulletins to provide you key announcements and updates from Discover;
  • Administer promotions, sweepstakes or contests in which you choose to participate;
  • Improve our products and services;
  • Comply with legal, regulatory, industry self-regulatory, insurance, audit and security requirements including checking your identity against money laundering, terrorist financing or similar watch lists established or enforced by U.S. or other government regulators;
  • Help customers find an ATM location;
  • Monitor for fraud and manage risk; and
  • Otherwise communicate with you, with your consent or as permitted or required by law.

We may keep personal data as long as necessary or relevant for the practices described in this Online Privacy Statement or as otherwise required by law. Actual retention periods vary depending on the type of services and products. The criteria we use to determine the retention periods include the following:

  • Personal data are needed to provide our services and products as described in this Online Privacy Statement (e.g., to provide access to our tools and websites);
  • Personal data are needed for auditing purposes;
  • Personal data are needed to troubleshoot problems or to assist with investigations;
  • Personal data are needed to enforce our policies; and
  • Personal data are needed to comply with legal requirements.

Regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. With respect to such records as the onboarding application, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years, respectively.

We may share your data:

  • With companies and vendors that help us to operate our business by providing services such as offers of card acceptance, terminal support for card acceptance, acquirers, terminal providers, website hosting, data analysis, information technology and related infrastructure provision, customer service, email delivery, auditing and other similar services;
  • If utilizing one of our portals, such as the Online Dispute Resolution portal, to the issuing bank, who has issued the Diners Club card to you;
  • To enforce or apply any portal terms of use;
  • With Participants and financial institutions that issue, acquire or process transactions on our Networks;
  • With affiliates and other vendors that perform services on our behalf, such as (as applicable) testing the ability of the merchant’s terminals to accept cards, services supporting card acceptance, network services support including data processing services, customer service, statement production, call center services, information technology services, data analytics, internal audit, management, billing or administrative purposes or otherwise to collect, use, disclose, store or process personal data on our behalf for the purposes described in this statement;
  • To credit bureaus, credit reporting agencies, financial institutions and to other third parties as necessary to maintain your credit history, provide credit references, process payments, and otherwise manage our accounts and fulfil our legal and regulatory requirements*;
  • With third-party sponsors of promotions or contests in which you choose to participate;
  • To any designated fraud Service Providers and partners used to authenticate cardholders and to authorize card transactions;
  • To comply with law or other legal obligations such as responding to subpoenas, including laws and other legal obligations outside your country of residence;
  • To respond to requests from public and government authorities including public and government authorities outside your country of residence;
  • To protect our rights, operations or property, or that of our users; and
  • To investigate, prevent, or take action regarding potential or suspected illegal activities, fraud, threats to the personal safety of any person, or violations of our terms and conditions.

*We may combine data we get from you with data about you or others that we get from third parties.

You can update your account profile online or by email

We maintain electronic records of your personal data for the purposes described in this Online Privacy Statement. Depending on the website or service, you may be able to view and update your account profile, including your contact information, by logging in to your account and updating your profile page. Otherwise, you may email us at DGNPrivacy@discover.com. Your right to update your personal data may be subject to applicable legal restrictions.

If we receive your data from other sources, we may direct you to contact those other third parties. Please note that we are not responsible for permitting you to review, or for updating or deleting personal data that you provide to a third party, including any app, social media platform, or wireless service provider.

When you provide us with your personal data, we may ask you to consent to our collection, use and disclosure of your personal data for the purposes of providing those products and services as described in this statement. You may opt out of certain uses and disclosures of your personal data as indicated in this Online Privacy Statement.

We Use Cookies and Similar Technologies

We use common tracking technologies for a variety of reasons. We may use technologies such as cookies, browser information, location information, device-level advertising and user identifiers, and pixel tags to uniquely identify your computer or device and the pages you view within our Online Services from time to time as well as to provide information to us and third parties about sites you visit after seeing Discover ads or offers. We use tracking tools:

  • To recognize new or past customers; 
  • To store your password if you are registered on our Website or Mobile App; 
  • To improve our Website, Mobile App and/or other Online Services; 
  • To serve you with interest-based or targeted advertising (see below for more on interest-based advertising); 
  • To observe your behaviors and browsing activities over time across multiple websites or other platforms; and 
  • To better understand the interests of our customers and users of our Website, Mobile App and/or other Online Services.

You can control cookies and tracking tools on our Website. Industry standards continue to evolve around browser-level "do not track" settings. Your browser may give you the ability to control tracking tools like cookies and pixel tags. Certain browsers can be set to clear past and reject future cookies. If you block cookies on your browser, certain features of our Online Services may not work. Additionally, if you block or delete cookies, it is possible that not all of the tracking activities we have described here will stop. Choices you make are both browser and device-specific. 

You can control tracking tools on your mobile devices.  For example, you can turn off the location or push notifications on your phone. If your phone allows, you can change app-specific location settings.

We Conduct Interest-based Advertising

We use interest-based advertising to target our advertising more effectively. To decide what is relevant to you, we use data you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our Service Providers or Business Partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others.

You may see Discover advertisements on other websites you visit from time to time. Some of these ads are based on your Internet browsing history over time and across different websites. We (or Service Providers on our behalf) collect data this way. This is called interest-based or online behavioral advertising.

Interest-based advertising includes ads served to you after you leave our website, encouraging you to return. It also includes ads we think are relevant based on your online activities. These ads might be served on websites, apps or emails. We might serve these ads or third parties may serve ads. These ads might be about our products or other companies' products.

Please note: PULSE Network LLC does not conduct interest-based advertising at this time.

How you can opt out of interest-based advertising. There are several ways you can opt out of interest-based advertising.

  1. You can opt out right from the ad itself. Ads served using interest-based advertising will have an Advertising Option icon in the ad. If you see that icon on Discover ads, you can click on it. You will then get an option to opt out. Note that you may have to opt out separately for each of the Networks: Discover Global Network and Diners Club International.
  2. The Self-Regulatory Program for Online Behavioral Advertising program provides consumers with the ability to opt out of having their online behavior recorded and used for advertising purposes generally.

  3. On mobile devices, you can control device-level advertising privacy settings.

If you opt out via methods 1-2 above, your choice will be stored as a cookie. If you remove or delete cookies, you will need to renew your preferences. Your choices are also device- and browser-specific.

We also advertise in other ways. If you opt out of interest-based ads, you may still see Discover or its partners’ ads. These are ads that are not based on your Internet browsing history. Some ads may be generic. Other ads may be targeted to you or an advertising segment you are in. The websites or services where targeted ads appear will have instructions about how to modify your advertising preferences within those sites. We encourage you to review those instructions and settings.

California residents covered by the California Consumer Privacy Act may have additional rights. Please see the Privacy Notice for California Residents for more information.

These Online Services are not intended for children. Our Online Services are meant for adults and are not directed to children. We do not knowingly collect personal data from children under 16 without permission from a parent or guardian. If you are a parent or legal guardian and think your child under 16 has given us data, you can email us at Privacy@discover.com

Our Online Services may link to third-party services or apps that we do not control. If you click on a link to a third-party site, you will be taken to websites or apps we do not control. This includes social media sites. This Online Privacy Statement does not apply to the privacy practices of those websites. Carefully read the privacy policy of other websites. We are not responsible for these third-party practices. 

We may update this Online Privacy Statement at any time. We may change our Online Privacy Statement from time to time. We will notify you of any material changes to our Online Privacy Statement as required by law, such as by posting the revised privacy statement on this page with a new "last updated" date. Please check the Website and Mobile App periodically for updates. This Online Privacy Statement was last updated on April 19, 2024.

For more information, if you have questions about your personal data or if you have a privacy concern you may email our Data Protection Officer at: Privacy@discover.com or write to us at: 

Discover Financial Services

Attn: ECP Privacy Operations

P.O. BOX 795

Deerfield, IL 60015

USA

Rights for European Economic Area, United Kingdom and Swiss Data Subjects 

This supplement is being furnished to individuals in the European Economic Area (EEA), the United Kingdom (UK) and Switzerland in order to provide additional information required by the European Union General Data Protection Regulation and its equivalent laws in the UK and Switzerland.

We adhere to applicable data protection laws in the EEA, the UK and Switzerland, when relevant and appropriate. If you are a data subject located in one of these places this means that:

  • If we process your personal data based on your consent, you have the right to withdraw your consent at any time for further processing;
  • You have the right to request access to, rectification of or deletion of your personal data;
  • You have the right to object to the processing of your personal data;
  • You have the right to request us to transfer your personal data to another controller;
  • You have the right to request us to restrict the processing of your personal data;
  • You have the right to file a complaint with the Discover Data Protection Officer; and
  • You have the right to file a complaint with the appropriate Supervisory Authority based on the location of (i) your habitual residence, (ii) place of work or (iii) where the alleged infringement happened.

Where we process your personal data in our capacity as a data processor, we will refer you to our partner (such as your related Network card issuer) for further assistance; we cooperate with our partners with respect to such requests as required by applicable law. 

The above rights are subject to legal restrictions, as provided by the applicable privacy law.

We use integrated components for certain services, which includes plug-ins and other data gathering technologies. These technologies are automatically deployed on one or more webpages you visit to collect personal data discussed in the "We Use Cookies and Similar Technologies" section of the Online Privacy Statement above. This collection enables the third parties listed below, as applicable, including social media companies and data analytics companies (“Data Third Parties”), to obtain personal data during your visit to our site. If such a collection through a Data Third Party’s plug-in or data capture component is not desirable, then you may prevent this by logging off from your account on the related Data Third Party site(s) before a call-up to our website is made. The applicable data protection provisions can be accessed by visiting the privacy section of the related Data Third Party’s website.

Data Third Parties:

Facebook

LinkedIn

X (formerly known as Twitter)

YouTube 

When we process your personal data, we rely on specific legal grounds. When we process your personal data, we do so with your consent and/or as necessary to provide our services and products, fulfil our contractual and legal obligations, or other legitimate interests as described in the Online Privacy Statement above, in the sections “How We Use Your Data” and “What and With Whom We Share”. For example, we may process your personal data in order to (i) fulfill a contract with you or one between you and another party such as a merchant or payment processor, (ii) support our Business Continuity Program, help prevent fraud and security incidents or support our corporate governance, or (iii) comply with applicable law. We also may process your personal data to support our legitimate interests, such as (i) to improve our products and services and (ii) to help prevent fraud and manage other risks.

We use security measures to protect your personal data. We take reasonable steps to protect your personal data using measures appropriate to the sensitivity of the personal data in our custody or control, which include safeguards to protect against unauthorized access and use. These measures include computer safeguards and secured files and buildings. Our authorized employees, agents and Service Providers who require access to your personal data to perform their obligations will have access to your personal data. 

We store data in the United States of America. If you live outside of the United States of America (U.S.), you understand and agree that we may transfer your personal data to the U.S. Our Online Services and associated practices are subject to applicable U.S. laws. 

International data transfer. We may transfer personal data to countries other than the country in which the data was originally collected. We generally rely on standard contractual clauses to govern the transfer of information between entities. Such countries may not have the same data protection laws as the country in which you initially provided the data. When we transfer your personal data to other countries, we will protect the data as described in the Online Privacy Statement above. 

When your personal data are transferred from the EEA, the UK or Switzerland, it is the responsibility of the data exporter to ensure that such transfers are done in compliance with relevant data protection law. Where we are the data exporter, we put in place appropriate measures for such transfers to happen in compliance therewith. If you have more questions on when such situations might take place, you can send an email us at: DGNPrivacy@discover.com

Automated Decision-Making and Profiling. We sometimes use analytics and profiling tools in order to understand how individuals use Network cards and our other products and services and for other business information purposes such as product development. These tools support our ability to improve our products and services. Additionally, we utilize the resultant information to help prevent security and fraud events. Discover will not make any automated decisions about you that may significantly impact you unless (1) such decision is necessary as part of a contract with you, (2) we have your explicit consent, or (3) required by applicable law. 

For more information, if you have questions about your personal data, if you would like to exercise any of your rights, or if you have a privacy concern, you may email our Data Protection Officer and/or Representative at: Privacy@discover.com or write to us at: 

Discover Financial Services

Attn: ECP Privacy Operations

P.O. BOX 795

Deerfield, IL 60015

USA 

To comply with the General Data Protection Regulation (2016/679) we have appointed a European representative. If you wish to contact them, their details are as follows:

Bird & Bird GDPR Representative Services SRL

Deloitte House

29 Earlsfort Terrace

Dublin 2, D02 AY28

Ireland

EUrepresentative.DiscoverGlobalNetwork@twobirds.com

Main point of contact: Vincent Rezzouk-Hammachi 

Additionally, if you are in the UK, you may contact our representative at:

Diners Club International

The Ark

Attn: GDPR Representative

201 Talgarth Rd., Level One

Hammersmith, London, W6 8BJ

UK 

EEA, UK and Swiss data subjects may also contact their respective Supervisory Authority with any questions about our privacy practices.

Rights for Individuals in Canada 

Please visit https://www.discovernetwork.ca/privacy.html  to download the privacy statement.

Rights for Consumers in California 

Discover Financial Services and its subsidiaries* (collectively, “Discover”, “our”, “us” or “we”) collect Personal Information relating to California residents in a variety of contexts as described below. For example, we collect Personal Information relating to California residents for marketing purposes and from individuals who apply for employment with us or are our employees, vendors, contractors, or similar personnel. 

* Discover Bank, DFS Services LLC, PULSE Network LLC, Diners Club International, Ltd., the Discover Global Network, Pulse EFT Association, Inc., DFS Corporate Services LLC, DFS International Incorporated, Discover Products Inc., The Student Loan Corporation, and their affiliates and subsidiaries, including companies related by common ownership or control with a Discover or DFS name and financial companies such as GTC Insurance Agency, Inc.

We may collect Personal Information to operate, manage, and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives. For example, we use the Personal Information we collect to: 

(1) Personalize, develop, market, advertise, and provide our products and services (including analytic services);

(2) Provide customer service;

(3) Process payments or transactions, provide financing, or fulfill orders;

(4) Help to ensure security and integrity;

(5) Conduct research and data analysis;

(6) Perform identity verification;

(7) Maintain our systems, infrastructure, and facilities including debugging to identify and repair errors that impair existing intended functionality;

(8) Maintain and service accounts;

(9) Conduct risk and security control and monitoring;

(10) Perform audit functions, including auditing interactions with consumers;

(11) Maintain and enhance a product or service;

(12) Verify and provide employment benefits and administration (e.g., employment eligibility, payroll, and performance management); and

(13) Conduct other internal functions, such as investigations or research for technology development, comply with legal obligations, maintain business records, and exercise and defend legal claims and rights.

We may keep Personal Information as long as necessary or relevant for the practices described in this Disclosure or as otherwise required by law. Actual retention periods vary depending on product and service. We use the following to determine retention periods: Personal Information that is needed to provide our products and services as described in this Disclosure, for auditing purposes, to troubleshoot problems or assist with investigations, to enforce our policies and to comply with legal requirements. Laws and regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. It is the policy of Discover that our records reflect our customer’s name, physical address, date of birth, and identification number. With respect to records such as customer applications, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years.

In the past 12 months, based upon our actual knowledge, we have not “sold” Personal Information or Sensitive Personal Information relating to California residents (including minors under 16 years of age) nor have we “shared" Personal Information with third parties for targeted advertising purposes.

In the past 12 months, we have collected the following categories of Personal Information relating to California residents: 

(1) Personal Identifiers, such as name and mailing address;

(2) Personal Information, as defined in the California Customer Records statute, such as contact information and financial information;

(3) Characteristics of protected classifications under California or federal law, such as age, citizenship, and marital status;

(4) Commercial information, such as transaction and account information;

(5) Internet or electronic network activity information, such as browsing history and interactions with our website;

(6) Geolocation data, such as device location and certain device information;

(7) Biometric data, such as faceprint or a voiceprint;

(8) Sensory data, such as call recordings, audio, electronic, visual, and similar information;

(9) Professional or employment-related information, such as current employment information or employment history;

(10) Education information, such as school and date of graduation; 

(11) Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics; and

(12) Sensitive Personal Information, such as Personal Information that reveals: certain government identifiers (e.g., social security number, driver’s license number, state identification card number, passport number); account credentials; or biometric information for the purposes of uniquely identifying a California resident. For employees, former employees, or applicants, examples of Sensitive Personal Information may also include racial or ethnic origin, religious or philosophical beliefs, or union membership, health or sex life or sexual orientation. 

This California Consumer Privacy Act Disclosure (“Disclosure”), explains how Discover Financial Services and its subsidiaries* (collectively, “Discover”, “our”, “us” or “we”) collect, use, and disclose, share, and retain Personal Information subject to the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act of 2020 (the “CCPA”).

This Disclosure applies solely to California residents and covers both online and offline practices (e.g., phone and in-person).

* Discover Bank, DFS Services LLC, PULSE Network LLC, Diners Club International, Ltd., the Discover Global Network, Pulse EFT Association, Inc., DFS Corporate Services LLC, DFS International Incorporated, Discover Products Inc., The Student Loan Corporation, and their affiliates and subsidiaries, including companies related by common ownership or control with a Discover or DFS name and financial companies such as GTC Insurance Agency, Inc.

What is Personal Information? 

Under the CCPA, “Personal Information” is information that identifies, relates to, describes, or could reasonably be linked with a particular California resident or household. The CCPA, however, does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act (“GLBA”). As a result, this Disclosure does not apply, for example, with respect to information that we collect about California residents who apply for or obtain our financial products and services for personal, family, or household purposes (“GLBA Consumers”). 

For more information about how we collect, disclose, and secure information relating to our GLBA Consumers, please refer to our Consumer Privacy Statements. If you have an account relationship with us, you are also able to access important account, transaction, and other information by logging in to your secure account at Discover.com.

Our Information Practices Regarding Personal Information

We collect, use, disclose, and retain Personal Information relating to California residents in a variety of contexts, as described below. For example, we collect Personal Information relating to California residents for marketing purposes and from individuals who apply for employment with us or are our employees, vendors, contractors, or similar personnel. The specific Personal Information that we collect, use, disclose, and retain relating to a California resident, will depend on our specific relationship or interaction with that individual. 

In the past 12 months, we have collected the following categories of Personal Information relating to California residents: 

(1) Personal identifiers, such as name and mailing address;

(2) Personal Information, as defined in the California Customer Records statute, such as contact information and financial information;

(3) Characteristics of protected classifications under California or federal law, such as age, citizenship, and marital status;

(4) Commercial information, such as transaction and account information;

(5) Internet or electronic network activity information, such as browsing history and interactions with our website;

(6) Geolocation data, such as device location and certain device information;

(7) Biometric data, such as faceprint or a voiceprint;

(8) Sensory data, such as call recordings, audio, electronic, visual, and similar information;

(9) Professional or employment-related information, such as current employment information or employment history;

(10) Education information, such as school and date of graduation; 

(11) Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics; and

(12) Sensitive Personal Information, such as certain government identifiers (e.g., social security number, driver’s license number, state identification card number, passport number; account access credentials or biometric information for the purposes of uniquely identifying a California resident. For employees, former employees, or applicants, examples of Sensitive Personal Information may also include racial or ethnic origin, religious or philosophical beliefs, or union membership, health information or sex life or sexual orientation. 

We may keep Personal Information as long as necessary or relevant for the practices described in this Disclosure or as otherwise required by law. Actual retention periods vary depending on product and service. We use the following to determine retention periods: Personal Information that is needed to provide our products and services as described in this Disclosure, for auditing purposes, to troubleshoot problems or assist with investigations, to enforce our policies and to comply with legal requirements. Laws and regulations require all financial institutions to obtain, verify, and record information that identifies each person for whom we open or have established an account. It is the policy of Discover that our records reflect our customer’s name, physical address, date of birth, and identification number. With respect to records such as customer applications, account statements, and payments on the account, Discover generally retains those records for a minimum of seven years.

In the past 12 months, we have collected the categories of Personal Information set forth above from the following categories of sources: 

(1) Directly from you;

(2) Discover affiliates and subsidiaries;

(3) Online and mobile app services, including cookies, pixel tags, beacons, and software development kits;

(4) Consumer reporting agencies;

(5) Data analytics providers;

(6) Government entities, including federal, state, or local government(s), or other public sources;

(7) Third parties such as social networks and advertising networks;

(8) Businesses or Nonbusinesses that you have authorized or directed to disclose your information to us; and

(9) Service providers or contractors, with whom we have a contractual relationship to perform services on our behalf, or that you have authorized or directed to disclose your information with including data brokers as defined under California law.

We may collect Personal Information to operate, manage, and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives. For example, we use the Personal Information we collect to: 

(1) Personalize, develop, market, advertise, and provide our products and services (including analytic services);

(2) Provide customer service;

(3) Process payments or transactions, provide financing, or fulfill orders;

(4) Help to ensure security and integrity;

(5) Conduct research and data analysis;

(6) Perform identity verification;

(7) Maintain our systems, infrastructure, and facilities including debugging to identify and repair errors that impair existing intended functionality;

(8) Maintain and service accounts;

(9) Conduct risk and security control and monitoring;

(10) Perform audit functions, including auditing interactions with consumers;

(11) Maintain and enhance a product or service;

(12) Verify and provide employment benefits and administration (e.g., employment eligibility, payroll, and performance management); and

(13) Conduct other internal functions, such as investigations or research for technology development, comply with legal obligations, maintain business records, and exercise and defend legal claims and rights. 

We do not use or disclose Sensitive Personal Information for purposes other than as specified in CCPA.

In the past 12 months, we have disclosed the following categories of Personal Information relating to California residents to the following categories for our business purposes, as indicated: 

(1) Personal identifiers, such as name and mailing address, Personal Information, as defined in the California Customer Records statute, such as contact information and financial information, and Professional or employment-related information, such as current employment information or employment history, have been disclosed to Discover affiliates and subsidiaries, service providers, regulatory agencies, law enforcement, and other government entities, consumer reporting agencies, social networks/advertising networks, and data analytics providers;

(2) Characteristics of protected classifications under California or federal law, such as age, citizenship, and marital status, and Education information such as school and date of graduation, have been disclosed to Discover affiliates and subsidiaries, service providers, regulatory agencies, law enforcement, and other government entities, consumer reporting agencies, and data analytics providers;

(3) Commercial information, such as transaction and account information, has been disclosed to Discover affiliates and subsidiaries, service providers, and regulatory agencies, law enforcement, and other government entities;

(4) Internet or electronic network activity information, such as browsing history and interactions with our website, has been disclosed to Discover affiliates and subsidiaries, service providers, and consumer reporting agencies, social networks/advertising networks, and data analytics providers;

(5) Geolocation data, such as device location and certain device information, has been disclosed to Discover affiliates and subsidiaries, service providers, and data analytics providers;

(6) Sensory data, such as call recordings, has been disclosed to Discover affiliates and subsidiaries, service providers, regulatory agencies, law enforcement, and other government entities, and social networks;

(7) Inferences drawn from any of the Personal Information listed above has been disclosed to Discover affiliates and subsidiaries; and

(8) Sensitive Personal Information  such as certain government identifiers (e.g., social security number, driver’s license number, state identification card number, passport number); account access credentials; or processing of biometric information for the purposes of uniquely identifying a California resident has been disclosed to service providers, regulatory agencies, law enforcement and other government entities, and consumer reporting agencies. For employees, former employees or applicants, examples of Sensitive Personal Information may also include racial or ethnic origin, religious or philosophical beliefs, or union membership, health information, or sex life or sexual orientation has been disclosed to service providers, regulatory agencies, law enforcement and other government entities.

Additionally, we have disclosed Personal Information to Business or Nonbusiness third parties based upon the consent or at the direction of a California resident to disclose the information. 

In the past 12 months, based upon our actual knowledge, we have not “sold” Personal Information or Sensitive Personal Information relating to California residents (including minors under 16 years of age) nor have we “shared" Personal Information with third parties for targeted advertising purposes. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a business or third party for monetary or other valuable consideration. For purposes of this Disclosure, “share” means sharing a consumer’s Personal Information with a third party for cross-contextual behavioral advertising for monetary or other valuable consideration or for the benefit of a business in which no money is exchanged.

Your Rights Under the CCPA 

If you are a California resident, you may have certain rights over the Personal Information we have about you. You may request the following:

  • The categories of Personal Information that we collected about you and the categories of sources from which we collected such information;
  • The business or commercial purposes for collecting Personal Information about you;
  • The categories of third parties to whom we disclosed such Personal Information (if applicable);
  • The categories of Personal Information that we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that category of Personal Information (if applicable);
  • Access to specific pieces of Personal Information we collected about you;
  • Deletion of Personal Information that we collected from you;
  • Correction of Personal Information that may be inaccurate; and
  • Limitations regarding the use of your Sensitive Personal Information

In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer, where the Personal Information that we maintain about you is not subject to CCPA requirements, or where the Personal Information is a trade secret. We may also decline to honor your request if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual.

The CCPA also sets forth exceptions for when a business is not required to delete Personal Information, including but not limited to, where it is reasonably necessary to maintain Personal Information to provide a good or service that you requested, comply with a legal obligation, or to help ensure security and integrity. As you would reasonably expect, the Sensitive Personal Information we collect, use, and disclose is done so to provide goods and services you requested, thus we cannot limit the use of your Sensitive Personal Information.

Furthermore, we may decline the request to correct Personal Information depending on the nature of the Personal Information, the accuracy of the request, how the information was obtained and the business purposes for which the information was collected, maintained, or used.

Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA. 

If you are a California resident, you may submit a request by:

  • Submit a request online. By submitting a request via this link, we will search for your Personal Information in connection with PULSE, Diners Club International, and Discover Global Network; and/or
  • Call us at 1-800-239-9719.

If you are an employee, former employee, or job applicant, you may submit a request online. By submitting a request via this link, we will search for your Personal Information within our employment or application records.

For information related to Discover Bank , you may click the link to visit the website and follow the instructions in the California Privacy Notice.

You may only exercise your rights to receive specific pieces of Personal Information twice within a 12-month period. The request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal information; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

To respond to your request, we must verify your identity and confirm the Personal Information in our systems relates to you. We will use Personal Information provided by you, including your name, home address, email address and telephone number, as well as any merchant information, as applicable, including your business address, merchant ID, Tax Identification Number, and last four digits of your Social Security number to verify your identity. We will attempt to match the Personal Information that you provide in support of your CCPA request with the information already maintained in our systems.

Contact Us 

If you have questions or concerns regarding the above-mentioned rights or our practices under the CCPA, please call us at 1-800-239-9719

For general questions, or to learn more about Discover’s consumer privacy statements and practices, you may email us at Privacy@discover.com or write to us at:

Discover Financial Services 

Attn: ECP Privacy Operations 

P.O. BOX 795 

Deerfield, IL 60015 

USA

Changes to This California Consumer Privacy Act Disclosure

We may change or update this Disclosure from time to time. When we do, we will post the revised Disclosure on this page. This Disclosure was last updated on April 19, 2024.

Glossary

Business Partners: Companies and other Financial Institutions that we partner with to jointly market and/or deliver products and services to cardmembers, issuers, merchants, acquirers and other Participants. Business Partners include third party networks. We also partner with certain organizations, like trade associations, to offer financial products using their organizational logo.

Card (regardless of whether capitalized): A valid payment card that is issued by an issuer within a number range designated by us that is approved for acceptance on a Network to purchase goods or services and, in certain cases, in exchange for cash.

Cookies: Small pieces of text that are placed in your browser by the websites you visit and the advertising companies and content partners for those sites. No personal data are stored in cookies.

IP address: A unique "Internet Protocol" number assigned to a device connected to the Internet. Discover treats IP addresses as non-personal data unless otherwise required by law.

Participant: An entity that has entered into an agreement with a Network to conduct specified business activities pertaining to card issuance, card acceptance, card transactions and/or processing (e.g. issuer, acquirer, merchant, network alliance) or an agent of such entity (e.g. processor, gateway).

Personal data: Information that identifies or relates to a living individual.

Pixel tags: Enables two websites to share information. It consists of a small piece of software code that incorporates a graphic image on a web page or email.

Service Providers: Third parties with whom we have a contractual relationship to perform services on our behalf. Service Providers may not use personal data for any other purpose other than carrying out the services.