Merchant Risk Council - Stairs of people

Privacy Policy

Protecting your privacy is important to us. We hope the following information and policies help you understand how the Merchant Risk Council collects, uses, and safeguards the information you provide to us on or through our website located at: or when you otherwise interact with us through our Website, app, or registration platforms (collectively, the "Website").

The Merchant Risk Council agrees with the spirit and principles of the EU General Data Protection Regulation (GDPR) and is extending its protections to all users, regardless of region.

If you have any questions about this Privacy Policy, or do not see your concerns addressed here, you should contact us by email at:


As a Merchant Risk Council membership subscriber or an event attendee, or when signing up for MRC updates via email, we require your first and last name, email address (which also serves as a user name), job title, company name or organization, and company address. We also ask you to assign a password for yourself. Other business information is optional. If you are logging in from outside the United States, your information will be transferred to and stored in the U.S.

If you are located in a country outside the United States of America and voluntarily submit personal information to us, you thereby consent to the general use of such personal information as provided in this Privacy Policy and to the transfer of that information to, and/or storage of that information in, the United States of America.

In addition, when you interact with the Website, our servers may keep an activity log that does not identify you personally. Generally, this information is collected though "traffic data." We collect and store certain administrative and traffic information viewed, software crash reports, type of browser used, and the type of device you are using to access this Website.


The Merchant Risk Council collects and stores information for these purposes:

  1. To list your company or organization as a Merchant Risk Council subscriber who supports our fraud prevention standards.
  2. To e-mail you notices of upcoming reports, newsletters, events, and updated information.
  3. To help us better tailor our offerings to the preferences and needs of our members.
  4. To provide our members with resources and, if you consent, allow vendors to contact you with useful information.
  5. To respond to your comments, questions, and requests, and provide customer service.
  6. To send you technical notices, updates, security alerts, and support and administrative messages.
  7. Detect, investigate, and/or prevent fraudulent, unauthorized, or illegal activity.

The optional business information you provide may be aggregated in order to help us understand the types and sizes of Merchant Risk Council site subscribers.

The Merchant Risk Council uses the data we collect to operate our organization and provide you with the services we offer, which includes using data to improve our offerings. We may also use the data to communicate with you to inform you about your account and our offerings. However, we do not use what you say in any service contacts to us to target information to you.

We share your personal data with your consent or as necessary to complete any transaction or provide any service you have requested or authorized. We also share data with MRC subsidiaries, vendors working on our behalf, or when required by law or to respond to legal processes. These entities have access to the personal information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of that personal information. They are restricted from using, selling, distributing, or altering this data in any way other than to provide the requested services.

This Privacy Policy only addresses the Merchant Risk Council's use and disclosure of your Personal Data. The
Website contains links to other websites. Please be aware that we are not responsible for the privacy policies of other websites, and we are not liable for any third party website's misuse of personal information which may occur. When visiting a link from the Website, we encourage you to review their privacy policy, as it may contain privacy provisions that differ from the provisions of our Privacy Policy.


If you are a resident of the EEA or Switzerland, the following information applies with respect to personal data collected through your use of the Website.

a. Purposes of Processing and Legal Basis for Processing
As explained above, the Merchant Risk Council processes personal data in various ways depending upon your use of the Website. We process personal data on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide the Website services; and (3) as necessary for our legitimate interests in providing the Website services where those interests do not override your fundamental rights and freedom related to data privacy.

b. Right to Lodge a Complaint
Users that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. Contact details for data protection authorities are available here.

c. Your Rights
You are entitled to the rights under Chapter III of the EU General Data Protection Regulation or Section 2 of the Swiss Federal Act on Data Protection with respect to the processing of your personal data, which include the right to access and rectify your personal data and to request erasure of your personal data. To exercise these rights, contact

4. How to Access and Control Your Personal Data

a. Right of Access
If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data. Subscribers can view and edit Personal Data in the MRC Member Portal at:

b. Right to Rectification
If your Personal Data is inaccurate or incomplete, you are entitled to have it corrected or completed. Subscribers can view and edit Personal Data in the MRC Member Portal at: If we have shared your Personal Data with others, we will tell them about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.

c. Right to Erasure
You may ask us to remove your personal data. To request removal, please email the Merchant Risk Council at: If we have shared your data with others, we will tell them about the erasure where possible. If you ask us, where possible and lawful to do so, we will also tell you with whom we shared your personal data so that you can contact them directly.


We will retain information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with our services or to comply with applicable legal, tax, or accounting requirements).

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion or anonymization is possible.


A cookie is a small string of text that a website can send to your browser. A cookie cannot retrieve any other data from your hard drive or pass on computer viruses. In general, cookies may be used to optimize websites, enable a user to keep items in a shopping cart, or to facilitate advertising.

If you are just browsing the Website and are not a registered user, you do not have to accept a cookie and you may still continue using the Website. However, in order to access the portion of the site that requires a password, you must accept the Website's cookies as they are essential for site administration and security. If you do not want your browser to accept cookies, you can change this preference within your browser. You can learn more about setting or changing cookies preferences for Apple Safari, Google Chrome, Microsoft Edge, Microsoft Internet Explorer, Mozilla Firefox, or Opera by visiting the Apple, Google, Microsoft, Mozilla, or Opera Software websites.

Because an industry-standard Do-Not-Track protocol has not yet been established, our information collection practices on our sites will continue to operate as described in this online privacy policy regardless of any "Do Not Track" signals that may be sent by certain browsers. However, you may refuse to accept cookies in order to prevent tracking activities.

We may allow third party service providers, such as Google Analytics, to provide analytics services on our behalf. These entities may use cookies, web beacons (also known as "tracking pixels") and other technologies to collect information about your use of our Website and other websites, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and other information. This information may be used to, among other things, analyze and track data, determine the popularity of certain content on our Website, and better understand your activity when you visit our Website.

Google Analytics is a web analytics service provided by Google, Inc., used on the Website. Google Analytics uses cookies or other tracking technologies to help us analyze how users interact with and use the Website, compile reports, and provide other services related to Website activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website. We do not use Google Analytics to gather information that personally identifies you. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google's privacy policies. You can learn how Google collects and processes data, and how to opt out of tracking of analytics by Google, by clicking here.


Our Site is not specifically targeted to children, we do not actively solicit information from children, and we do not knowingly collect personal information from children without proper parental consent. If you believe that we may have collected personal information from someone under the applicable age of consent without parental consent, please write to us at the physical address set forth below in the section "Inquiries" or email and we will promptly address the issue.


California residents may request certain information pursuant to California Civil Code Section 1798.83 regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to with "Request for California Privacy Information" in the subject line and in the message.


As the Merchant Risk Council enhances our services and offerings, we may update this Privacy Policy to reflect these changes. We reserve the right to modify or amend the terms of our Privacy Policy at any time, for any reason, and may do so by posting a new version online. Your continued use of our Websites and/or the continued provision of Personal Data to us will be subject to the terms of the then-current Privacy Policy. If we make any material changes, or if otherwise required by applicable law, we will notify you via email (sent to the email address associated with your account) or by means of a notice on this Privacy Policy to the change(s) becoming effective. If we make changes to this Privacy Policy, we will indicate that by revising the date on the bottom of this Page.


The Merchant Risk Council takes reasonable precautions in order to protect your personal information from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction, using recommended industry security architecture. While we try our best to safeguard your personal information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.


Your feedback is important to us. If you ever have any questions regarding our Privacy Policy, or would like to change the information you have provided, you may contact us by one of the following methods:

Phone: (206) 364-2789
Merchant Risk Council, Inc.
8201 164th Ave NE #200 PMB #50
Redmond, WA 98052

Last updated: January 31, 2023

Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.