Skip to Contact an Expert Skip to Main Content
First Data
  • Corporate
  • Financial Institutions
  • Merchants
  • Corporate
  • Financial Institutions
  • Merchants
Binding Corporate Rules

Binding Corporate Rules

Binding Corporate Rules (“BCRs”) express Fiserv’s commitment to privacy. BCRs are legally binding data protection policies and a detailed code of conduct, approved by EU and UK data protection authorities following significant consultation. BCRs are Fiserv’s commitment to uphold standards of data protection in our processing of EU and UK Personal Data based on strict principles established by EU and UK data protection authorities. The approval of our BCRs demonstrates that Fiserv has implemented a consistent set of robust privacy practices worldwide for the processing of EU and UK Personal Data.  

BCRs facilitate the transfer of EU and UK Personal Data internationally to our affiliates around the world in compliance with EU and UK data protection law.​ ​BCRs provide confidence to employees, clients and data subjects that their EU and UK Personal Data is being processed using legally binding standards which provide for strong privacy and security protections.

The EU and the UK recognize two kinds of BCRs: Controller BCRs and Processor BCRs.

Chronology of Fiserv BCRs 

  • 2011; First Data obtained approval from Information Commissioners Office (“ICO”) for EU Processor BCRs
  • 2014; First Data obtained approval from ICO for EU Controller BCRs
  • 2019; First Data was acquired by Fiserv. The change in corporate ownership did not impact the BCRs for the activities of those companies who were signatories.
  • 2021; As a result of Brexit, it was necessary to split our BCRs into distinct EU and UK BCRs. Irish Data Protection Commission (“DPC”) became our Lead Supervisory Authority for our EU BCRs. ICO remains our Supervisory Authority for UK BCRs.
  • 2023; DPC approved the extension of the original First Data EU BCRs to the wider Fiserv group and original Fiserv companies.
     

​Additional information on our BCRs can be found within the following documents, found on the links posted below:​

  • ​A copy of both our Processor and Controller BCRs ​for each of the EU and the UK
  • A listing of the entities that have signed an Intragroup Agreement which binds those entities to comply with the respective set of BCRs.

The contents of this page, and the BCRs themselves, will be updated when appropriate. Should you have any queries or concerns about the BCRs please contact dpo@fiserv.com.

EU Binding Corporate Rules

Full EU Controller Binding Corporate Rules
Download PDF
List of entities that have signed an IGA for​ EU Controller BCRs
Download PDF
Full EU Processor Binding Corporate Rules
Download PDF
List of entities that have signed an IGA for​ EU Processor BCRs
Download PDF

UK Binding Corporate Rules

Full UK Controller Binding Corporate Rules
Download PDF​
List of entities that have signed an IGA for​ UK Controller BCRs
Download PDF​
Full UK Processor Binding Corporate Rules
Download PDF​
List of entities that have signed an IGA for​ UK Processor BCRs
Download PDF​
  • Privacy
  • Binding Corporate Rules
  • Cookies

Company

  • Fiserv.com
  • About
  • Careers
  • Investors
  • Press
  • Privacy

SMB Merchant Sites

  • United Kingdom
  • Poland
  • Germany
  • Austria

Enterprise Merchant Solutions

  • United Kingdom
  • Germany, Austria & Swizterland
  • Poland

Financial Institutions

  • France
  • Germany
  • Middle East
  • Poland
  • South Africa
  • Spain
  • United Kingdom
  • More in Europe

© 2025 Fiserv, Inc. or its affiliates.

All trademarks, service marks, and trade names referenced in this material are the property of their respective owners.

Site Selector