EEA, UK and Swiss Online Privacy Statement

Your online privacy


We may interact with you in a variety of ways online. From Discover websites, to our mobile apps, online services and presence on social media sites and apps—this Online Privacy Statement covers how Discover Financial Services treats your information.

Online Privacy Statement

Rights for European Economic Area, United Kingdom and Swiss Data Subjects

This supplement is being furnished to individuals in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland in order to provide additional information required by the European Union General Data Protection Regulation and its equivalent laws in the UK and Switzerland.

What Are Your Rights Under EEA, UK and Swiss Privacy Law

We adhere to applicable data protection laws in the EEA, the UK, and Switzerland, when relevant and appropriate. If you are a data subject located in one of these places, this means that:

  • if we process your personal data based on your consent, you have the right to withdraw your consent at any time for further processing;
  • you have the right to request access to, rectification or deletion of your personal data;
  • you have the right to object to the processing of your personal data;
  • you have the right to request us to transfer your personal data to another controller;
  • you have the right to request us to restrict the processing of your personal data;
  • you have the right to file a complaint with the Discover Data Protection Officer; and 
  • you you have the right to file a complaint with the appropriate Supervisory Authority based on the location of (i) your habitual residence, (ii) place of work, or (iii) where the alleged infringement happened.

The above rights are subject to legal restrictions, as provided by the applicable privacy law.

When we process your personal data, we rely on specific legal grounds. When we process your personal data, we do so with your consent and/or as necessary to provide our services and products, fulfil our contractual and legal obligations, or other legitimate interests as described in the sections "About the Information We Collect," "How We Use Information We Collect" and "What We Share." For example, we may process your personal data in order to (i) fulfill a contract with you or one between you and another party, such as a merchant or payment processor, (ii) support our Business Continuity Program, help prevent fraud and security incidents, or support our corporate governance, or (iii) comply with applicable law. We also process your personal data to support our legitimate interests, such as (i) to improve our products and services and (ii) to help prevent fraud and manage other risks.

You may access, correct, or delete some personal and account information online by logging into your account.

International Data Transfer

We rely on standard contractual clauses to govern the transfer of information between entities, when and if required. We may transfer personal data to countries other than the country in which the data was originally collected. Such countries may not have the same data protection laws as the country in which you initially provided the data. When we transfer your personal data to the United States, we will protect the data as described in this Online Privacy Statement.

When your personal data are transferred from the EEA, the UK, or Switzerland, it is the responsibility of the data exporter to ensure that such transfers are done in compliance with relevant data protection law. Where we are the data exporter, we put in place appropriate measures for such transfers to happen in compliance therewith. If you have more questions on when such situations might take place, you can send an e-mail to our Data Protection Officer at

Automated Decision-Making and Profiling. We sometimes use analytics and profiling tools in order to understand how individuals use our products and services. We may also use these tools for other business information purposes such as product development. These tools support our ability to improve our products and services. Additionally, we utilize the resultant information to help prevent security and fraud events. Discover will not make any automated decisions about you that may significantly impact you unless (1) such a decision is necessary as part of a contract with you, (2) we have your explicit consent, or (3) required by applicable law.


If you wish to exercise the above mentioned rights under EEA, UK, or Swiss data protection laws, or if you have any questions about this Online Privacy Statement, please send an email to our Data Protection Officer at, or by writing to us at:

Discover Financial Services
Attn: ECP Privacy Operations
P.O. Box 795
Deerfield IL 60015

To comply with the General Data Protection Regulation (2016/679) we have appointed a European representative. If you wish to contact them, their details are as follows:

Bird & Bird GDPR Representative Services SRL
Deloitte House
29 Earlsfort Terrace
Dublin 2, D02 AY28
Main point of contact: Vincent Rezzouk-Hammachi

Additionally, if you are in the UK, you may contact our representative at:

Diners Club International
The Ark
Attn: GDPR Representative
201 Talgarth Rd, Level One
Hammersmith, London, W6 8BJ

In your communication, please include the following information so that we may adequately address your request:

  • Full name
  • Physical address(es) on file with Discover
  • Product/service relationship(s) with Discover
  • Last four digits of your Discover accounts
  • Phone number

We reserve the right to decline requests in accordance with applicable law. EEA, UK, and Swiss data subjects may also contact their respective Supervisory Authority with any questions about our privacy practices.