-
Merchant Solutions
Back
Commerce Solutions - Carat
-
Create payment experiences that help drive more commerce.
- Omnichannel Solutions
- eCommerce Solutions
- Global Currency Solutions
- B2B Payments
- Payment Facilitator & Marketplaces
Value Added Solutions
-
Secure commerce and optimize payment and payout strategies
- Security & Fraud
- Payment Optimization
- Payouts / Disbursements
- Digital ACH
- Alternative Credit Data
Prepaid Solutions
-
Innovate and streamline gift and payroll card programs.
- Gift Solutions
- Payroll Card Solutions
- Incentives & Rewards
Introducing Carat Omnichannel Ecosystem
-
- Resources
- Clients
- Partners
- Developers
Binding Corporate Rules
First Data Corporate Security / Data Privacy Hotline
+1 800-368-1000
PLEASE NOTE: First Data was recently acquired by Fiserv. The change in corporate ownership does not impact the applicability of the Binding Corporate Rules, which remain in force relating to the activities of companies listed in the documents posted below. The contents of this page, and of the BCRs themselves, will be updated when appropriate. Should you have any queries or concerns about the BCRs, as to their continued effectiveness or otherwise, please contact dpo@firstdata.com.
Binding Corporate Rules (BCRs) express our commitment to data protection at First Data. BCRs are a legally binding agreement with the Data Protection Authorities of the EU member states to uphold standards of data protection in connection with providing services to our data subjects (individuals) and clients. BCRs facilitate First Data’s transfer of Personal Data internationally to our global affiliates in compliance with EU data protection law.
The EU currently recognizes two kinds of BCRs: Controller BCRs and Processor BCRs. Our Controller BCRs enable us to transfer Personal Data that we control (for example, employee information) within First Data globally. Processor BCRs enable us to make global transfers of personal data that we process on behalf of our clients from the EU to other First Data locations. First Data is one of very few groups of companies to have obtained approval for both Controller BCRs and Processor BCRs.
BCRs provide confidence to First Data employees, clients, data subjects (individuals), and end-consumers that their Personal Data is being processed using legally binding standards. BCRs offer a competitive advantage over other processors without this approval.
BCRs do not override client contracts or local laws and regulations, so any restrictions contained in those documents and laws still apply.
Additional information can be found within the following documents, which are posted below:
- A copy of both our processor and controller BCRs
- A listing of the First Data entities that have executed intra-group agreements (IGAs)
