Visa · Visa Privacy Notice

Data Sharing with Financial Institution Clients and Merchants

Medium severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Visa may share your personal information — including transaction data — with the banks that issue Visa cards and with merchants, as well as with other business partners, for analytics and marketing purposes.

Consumer impact (what this means for users)

Your personal and transaction data may be shared with Visa's network of financial institution clients and merchants, which could result in targeted marketing or profiling by entities beyond just your card-issuing bank.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Submit a data access request through Visa's privacy rights portal to obtain a list of the categories of third parties with whom Visa has shared your personal information.

Cross-platform context

See how other platforms handle Data Sharing with Financial Institution Clients and Merchants and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This provision establishes a broad data-sharing network that includes both the banks you directly interact with and merchants whose stores you visit, enabling your spending data to flow across multiple commercial entities.

View original clause language
We may share your personal information with our financial institution clients, merchants, and other partners in connection with providing our products and services, including analytics and marketing services. We may also share your information with third parties for other purposes as described in this Privacy Notice.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: This provision implicates GLBA Regulation P (12 C.F.R. §§1016.10–1016.13) governing disclosure of nonpublic personal information to nonaffiliated third parties; CCPA/CPRA (Cal. Civ. Code §1798.115) disclosure requirements for categories of third parties with whom data is shared; GDPR Arts. 13 and 26 (joint controller obligations where applicable); and FTC Act Section 5 for transparency in third-party data sharing practices.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • CFPB
    The CFPB oversees compliance with GLBA Regulation P governing the sharing of consumer financial information with nonaffiliated third parties by financial institutions including payment network operators.
    File a complaint →
  • FTC
    The FTC has enforcement authority under Section 5 of the FTC Act regarding deceptive or unfair practices in third-party data sharing, including inadequate disclosure of commercial data flows.
    File a complaint →

Provision details

Document information
Document
Visa Privacy Notice
Entity
Visa
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003383
Document ID
CA-D-00114
Evidence Provenance
Source URL
https://usa.visa.com/legal/privacy-policy.html
Wayback Machine
View archived versions →
SHA-256
0f3b20918fcde3434b1eb83f3ef5b6abd53b678f83f5a8ee823c96cbbe17c540
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Visa | Document: Visa Privacy Notice | Record: CA-P-003383
Captured: 2026-04-27 12:33:46 UTC | SHA-256: 0f3b20918fcde343…
URL: https://conductatlas.com/platform/visa/visa-privacy-notice/data-sharing-with-financial-institution-clients-and-merchants/
Accessed: April 29, 2026
Classification
Severity
Medium
Categories
Unknown

Other provisions in this document