Capital One Non-U.S. Associate Privacy Notice

Effective: January 1, 2026
View our printer-friendly version (PDF)

Capital One Non-U.S. Associate Privacy Notice

Effective: January 1, 2026
View our printer-friendly version (PDF)

Capital One Financial Corporation and its affiliates (collectively, “Capital One,” “we,” “us,” or “our”) are committed to protecting your personal information. This Capital One Non-US Associate Privacy Notice (“Notice”) explains how we collect, use, transfer, and disclose the personal information about certain current and former associates located outside of the United States.

WHAT THIS NOTICE COVERS

 

This Notice applies to personal information collected about the current and former associates of certain Capital One entities that make this notice available to you, including entities with the Capital One, Discover, and Velocity Mobile names. You can find more information about the affiliates covered by this Notice in the Appendix at the end of this Notice.

This Notice does not apply to Capital One affiliates or branches that provide separate privacy notices to their associates, such as Capital One (Europe) plc and Capital One (Canada Branch). It also does not apply to personal information about our US associates.

This Notice does not form part of any contract of employment or other contract to provide services.

For more information about how we collect, use and disclose personal information in other contexts, please visit capitalone.com/privacy.

WHAT INFORMATION ABOUT YOU WE COLLECT, USE, TRANSFER, AND DISCLOSE, AND WHY

 

In the course of your employment with a Capital One affiliate, we collect information about you and your working relationship with Capital One, or your spouse, domestic/civil partner, or dependents. We refer to such information as “Personal Information.” The Personal Information that we process will vary based on work location, your position, and the Capital One entity that employs you. For more specific information regarding what Personal Information Capital One may collect, use, transfer, or disclose, and the purposes for which it is collected, used, transferred, or disclosed, please see the Appendix at the end of this Notice.

If you do not provide us with the Personal Information necessary to manage your employment with us, we may not be able to deliver to you all the services, compensation, and benefits associated with your job or maintain our employment relationship with you. To the extent that you decide to provide or make available Personal Information that is not required for the purposes as described in the end of this Notice, your decision to provide Personal Information is voluntary. If we process Personal Information based on your consent, you may withdraw your consent at any time.

You will not be subject to decisions based exclusively on automated processing of Personal Information without prior notice, unless permitted by applicable law.

We may also receive Personal Information about you from other sources. See the Appendix at the end of this Notice for more information.

DATA INTEGRITY AND RETENTION

 

Capital One will take reasonable steps to ensure that the Personal Information processed is reliable for its intended use, and is accurate and complete for carrying out the purposes described in this Notice.

The Personal Information we collect will be retained for as long as reasonably necessary for the purposes set out in this Notice, consistent with our retention policies, and in accordance with applicable laws. When determining these retention policies we take into account the length of time Personal Information is required to be retained to provide or receive the services (e.g., the duration of your employment and period in which we have an ongoing relationship with you or your dependents); satisfy legal and compliance obligations and for audit purposes; address any complaints or troubleshoot issues related to the job application process or other services; and defend or bring potential legal claims or enforce our policies.

HOW WE SHARE YOUR PERSONAL INFORMATION

 

Due to the global nature of Capital One operations, we disclose Personal Information to personnel and departments throughout Capital One to fulfill the purposes set out in the Appendix at the end of this Notice. This may include transferring Personal Information to other countries, provinces, or regions. The primary company responsible for your Personal Information will be the Capital One company by which you are employed. However, other Capital One subsidiaries or affiliates, including affiliates in the United States, may process your Personal Information for certain purposes.

Access to Personal Information within Capital One will be limited to those who have a need to know the information for the purposes described in this Notice, and may include individuals in Human Resources (HR), Information Technology (IT), Global Workplace Solutions, Compliance, Legal, Finance and Accounting, and Internal Audit. All personnel within Capital One will generally have access to your business contact information available on One Page and other databases, such as name, employee ID, position, telephone number, postal address, and email address.

From time to time, Capital One will need to make Personal Information available to other unaffiliated third parties. Some of these unaffiliated third parties will be located outside of your home jurisdiction, including in the United States, United Kingdom (UK), Canada, Mexico, India, the Philippines, Singapore, or any other country, province, or region in which we or they have operations. These jurisdictions may have data protection rules that are different from those of your country, province, or region. In all such cases, and generally for any processing operations, we take appropriate security measures to protect your Personal Information in accordance with this Notice. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries, provinces, or regions may be entitled to your Personal Information. For more specific information about how we share Personal Information about you with unaffiliated third parties, please see the Appendix at the end of this Notice.

Capital One may need to transfer Personal Information to our subsidiaries, affiliates, or unaffiliated third parties in countries that have not been recognized as providing an adequate level of protection of Personal Information by certain jurisdictions. For transfers from the European Economic Area (EEA), the UK, the Dubai International Finance Centre (DIFC) in the United Arab Emirates, and Japan to countries not considered adequate by the European Commission, the UK government, the DIFC, and Japan respectively, we put in place adequate measures, such as standard contractual clauses, to protect your Personal Information. The list of countries recognized by the EEA, the United Kingdom, the DFIC, and Japan as providing an adequate level of protection according to EEA, UK, DIFC, and Japanese standards respectively is available here for the EEA, here for the UK, here for the DIFC, and here for Japan.

You may obtain a copy of these measures by contacting us using the details set out below in the Your rights, questions and complaints section of this Notice.

SECURITY AND INTERNAL POLICIES

 

We limit access to your Personal Information to those associates, agents, contractors, and other third parties who have a business need to know. We have an information security program that includes administrative, technical, and physical measures that are designed to protect information within Capital One. While we strive to protect information about you, no method of data transmission or storage is 100% secure, and we cannot ensure or warrant the security of such information.

Capital One also maintains internal procedures and policies regarding our processing of Personal Information to facilitate compliance with this Notice and applicable laws, including with respect to retention, access, and the security of Personal Information. For more information, please review the policies and procedures provided to you or contact us using the details set out in the Your rights, questions, and complaints section of this Notice.

YOUR RIGHTS, QUESTIONS, AND COMPLAINTS

 

You may have rights under applicable privacy laws depending on the jurisdiction in which you reside. For example, to the extent that relevant rights are provided to you by applicable law, you may have rights to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), issue a complaint about our processing of your Personal Information, receive a copy of your Personal Information for purposes of transmitting it to another company, and exercise any other rights provided under applicable law.

Please contact the appropriate data protection contact listed below if you have any questions about how Capital One uses Personal Information or if you would like to request to exercise your rights where available under applicable law.

We will respond to your request consistent with applicable law. Please note, however, that certain Personal Information may be exempt from requests pursuant to applicable data protection laws or other laws and regulations. Importantly, available privacy rights vary by jurisdiction and applicable law, and the above rights are not available in all jurisdictions. In some jurisdictions, you may lodge a complaint with a data protection authority for your country, province, or region (see the Appendix at the end of this Notice for contact details).

YOUR OBLIGATIONS

 

Please keep Personal Information up to date and inform us of any significant changes to Personal Information. You may access, review, and change Personal Information that Capital One holds about you by updating your Workday profile. You agree to inform your dependents whose Personal Information you provide to Capital One about the content of this Notice, and ensure you have the right to provide that information to Capital One. You further agree to follow applicable law and Capital One’s policies, standards, and procedures that are brought to your attention when handling any Personal Information to which you have access during your relationship with Capital One. In particular, you will not access or use any Personal Information for any purpose other than in connection with and to the extent necessary for your work with Capital One. You understand that these obligations continue to exist after termination of your relationship with Capital One.

CHANGES TO THIS NOTICE

 

We may change or update this Notice in the future. When we do, we will post the revised Notice on capitalone.com/privacy. This Notice was last updated and became effective on the date posted at the top of this page.

 

APPENDIX - FURTHER INFORMATION ABOUT HOW WE PROCESS PERSONAL INFORMATION

The Personal Information that we process will vary based on work location, your position, and the Capital One entity that employs you. The categories of Personal Information we process may include the following:

  • Personal contact details or identifiers, such as name, work or home contact details (email, phone numbers, physical address), online identifiers, signature, Internet Protocol address, and account login credentials.
  • Demographic information, such as gender, date and place of birth, age, national origin, ethnicity, disability, military/veteran status, and participation in sponsored groups.
  • Identification information, such as national identification number, driver’s license number, employee identification number or other national ID, and photograph.
  • Marital status and family information, such as marital/civil partnership status, domestic partners, dependents, emergency contact information.
  • Financial and tax information, such as banking details (including financial account numbers, securities account numbers, trading activity), tax identification number, tax location code, tax planning information for expatriates, beneficiaries, credit card numbers and transactions, and social security number.
  • Work authorization information, such as citizenship, passport data, and details of residency or work permit.
  • Background clearance information (if permitted by local law), such as name, Social Security number, date of birth, credit reports, school transcripts, military records, professional history, and criminal records.
  • Position and employment status, such as description of current position, job title, corporate status, management category, business unit, job code, salary plan, pay grade or level, job function(s) and subfunction(s), company name and code (i.e., your legal employer entity), branch/unit/department name and code, location, employment status and type, full-time/part-time, retirement eligibility, and reporting manager(s) information, internal job and work history, job responsibilities, service date, promotion dates, employee class, length of service.
  • Professional history, skills, and certifications, such as work history, hire/re-hire and termination date(s) and reason, length of service, promotions and disciplinary records, date of transfers, and details contained in letters of application and resume/CV (internal and external employment history, education information, student transcripts, grade point average, grades, disciplinary records, professional qualifications, language and other relevant skills, certification, and certification expiration dates).
  • Talent management information, such as details on performance management ratings, e-learning programs, performance and development reviews, willingness to relocate, information used to populate associate biographies, third party references and letters of application, associate satisfaction, opinions, and inferences.
  • Training attendance and certifications, such as training and development program attendance, completion, and certification, and certification expiration dates.
  • Compensation and payroll, such as base salary, incentive compensation, bonus, benefits and allowances, compensation type, salary step within assigned grade, details on stock options, stock grants and other awards, currency, pay frequency, effective date of current compensation, salary reviews, long-term compensation awards, total compensation, benefit election statements, shares purchased in the associate stock purchase plan, other company equity grants, payroll identification number, trade union deductions and equity data, overtime eligibility, and overtime pay.
  • Management records, such as details of any shares of common stock or directorships.
  • Contract information, such as terms of employment, employment contract and other policies that apply to your employment, severance plan and eligibility data.
  • Leave information, such as working time records (including vacation and other absence records, leave status, hours worked and department standard hours), pay data, and hire/re-hire and termination date(s) and reason.
  • System and application access and usage data, such as information required to access Capital One systems, instant messaging account, mainframe ID, system passwords, branch, country/region/province, previous company/branch/department details, call or video recordings , and electronic content produced using Capital One systems, system usage data, and other device data (including browsing history and browser logs, email logs and messages, system or development tool logs, other access and activity logs, web browser and operating system type and version, search history, text and instant messaging content sent or received using a Capital One device, device location/geolocation data, and video and audio information derived from conferences/meetings, screen sharing, trainings, and webinars).
  • Access control and physical security information, such as badge swipe data, building entrance pass, CCTV records, and license plate.
  • Travel and event information, such as dietary restrictions, travel and transaction details for business related travel, expense reimbursement information, and travel itinerary details.
  • Survey data, such as your responses to questionnaires, surveys, and requests for feedback.
  • Social media data and other publicly accessible data, such as publicly accessible information available on your social media accounts.
  • Inferences, such as inferences regarding your preferences, abilities, aptitudes, and characteristics.
  • Health/medical information, such as COVID-19 symptoms and test results, vaccination status, temperature, accommodations requested. We collect this information in order to accommodate a disability or illness, promote associate and public health, manage the workforce, and provide benefits.
  • Sensitive information: In certain cases, we process certain types of sensitive information, such as race/ethnic origin, gender/gender identity, disability, and health/medical information. We will only collect this information if necessary to meet specific obligations, provide specific benefits, or monitor equal opportunity, and this collection is permitted by applicable law. Where required by law, we will request your consent before we process any Personal Information considered sensitive under applicable laws, which can include race/ethnic origin, national origin, religion, gender/gender identity, sex life or practices or sexual orientation, marital status, disability, health/medical information (including disability status and vaccine information), genetic or biometric information (including biometric templates), political or philosophical beliefs, political party or trade union membership, veteran status, certain background check information, and criminal records or information on other judicial or administrative proceedings.
  • Any other information you elect to provide us.

We may process Personal Information about you for the purposes listed below based on one or more of the following reasons in accordance with applicable laws: (i) because we are required to do so by local applicable law; (ii) because such information is necessary to fulfill the employment contract and other policies that apply to your employment; (iii) because such information is of particular importance to us and we have a specific legitimate interest to process it; or (iv) where necessary to protect the vital interests of any person.

  • Recruitment and performing background checks: Recruit job applicants and associates for open positions and perform background checks to confirm veracity of application details, such as education, experience, work authorization (including right to work checks in the UK and visa sponsorship if applicable), and qualifications; making reasonable adjustments in our recruiting processes; and ensuring appropriate safeguards are in place to protect against unfair bias in our recruiting processes. We will engage in these activities with your consent, to comply with a legal obligation and/or based on, where applicable, our legitimate interests, such as ensuring the accuracy of your application and promoting a safe work environment.
  • Onboarding: Incorporate a new hire (or re-hire) into our human resources system and manage the new-hire process (including by giving a new-hire with email account, access to systems and facilities); and process work permissibility. We will engage in these activities to manage our contractual relationship with you.
  • Administering payroll and benefits: Administer and process salary, payment, reviews, wages, and other awards such as stock options, stock grants and bonuses, pensions and savings plans, leave, healthcare; provide loans; facilitate income tax deductions; process leave and sickness leave; manage business expenses and reimbursements; honor other contractual benefits. We will engage in these activities to manage our contractual relationship with you.
  • Discipline and performance management: Perform appraisals, performance management; process promotions; provide employment references; manage disciplinary matters; and review employment decisions. We will engage in these activities to manage our contractual relationship with you and/or based on, where applicable, our legitimate interests, such as promoting talent within Capital One and disciplining associates for employment contract or policy violations.
  • Associate training: Plan, administer and monitor training requirements and career development activities and skills. We will engage in these activities to manage our contractual relationship with you.
  • Off-boarding (i.e., processing leave, transfers, secondments and termination): Process leave; manage sickness leave; secondments; transfers; terminations; and providing references about you to other employers. We will engage in these activities to manage our contractual relationship with you.
  • Promoting diversity initiatives and group affiliations: Monitor and foster equal opportunity in recruitment processes and employment, including to comply with related applicable laws and regulation (such as requirements to prepare and disclose statistics on diversity within Capital One); and promote company sponsored associate groups. We will engage in these activities based on, where applicable, our legitimate interests, such as promoting diversity in the workplace and/or with your consent.
  • Travel arrangements and events: Make business travel arrangements; facilitate overseas work; accommodate dietary restrictions and disability; and promote associate and public health (such as in the context of the COVID-19 pandemic). We will engage in these activities to manage our contractual relationship with you, based on, where applicable, our legitimate interests, such as arranging events and travel and to protect the vital interests of our associates, and/or with your consent.
  • Communications, facilities and operations: Operate and manage the IT, communications systems, and facilities; create and maintain one or more internal associate directories; facilitate communications with you; and protect the health and safety of associates and promote public health (such as in the context of the COVID-19 pandemic). We will engage in these activities based on, where applicable, our legitimate interests, such as operating IT systems, communications, and facilities and/or to protect the vital interests of our associates.
  • Responding to emergencies: Ensuring the safety of on-site personnel and visitors; responding to, handling and documenting on-site accidents and medical and other emergencies; actively monitoring properties to ensure adequate incident prevention, response and documentation (including CCTV); and requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc). We will engage in these activities to comply with our legal obligations, for example, relating to health and safety incidents, based on, where applicable, our legitimate interests, such as monitoring properties through CCTV to ensure individuals’ safety and/or to protect individuals’ vital interests, such as contacting medical or emergency services when someone’s life is at risk.
  • Detecting, investigating, preventing fraud and other crimes or malpractice or breaches of internal company policies: Monitoring and testing compliance with our internal policies, including pursuant to the Company’s policies and procedures with regard to monitoring of telephone, email, Internet, and other company resources, and other monitoring activities as permitted by local law; and conduct investigations including associate reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns, and complying with internal policies and procedures. We will engage in these activities based on, where applicable, our legitimate interests such as to prevent fraud and/or to comply with a legal obligation.
  • Monitoring, searching, and reviewing corporate and associate communications and use of corporate assets to ensure compliance with internal policies and applicable laws/regulations: Monitor compliance with our internal policies, including pursuant to Capital One’s policies and procedures with regard to monitoring of telephone, email, Internet, and other Capital One resources, and other monitoring activities as permitted by local law. We will engage in these activities based on, where applicable, our legitimate interests such as to prevent fraud and/or to comply with a legal obligation.
  • Conducting workforce analytics and planning, and business continuity: Perform workforce reporting and data / trend analysis and strategic planning, succession planning, project management; manage company assets; conduct associate surveys; design associate retention programs; allocate company assets and human resources; and ensure business continuity and crisis management. We will engage in these activities based on, where applicable, our legitimate interests, such as allocating resources appropriately and evenly and ensuring business continuity, and/or with your consent.
  • Performing business operations: Operate and manage IT communications systems and facilities; manage product and service development; improve products and services, manage company assets; allocate company assets and human resources; strategic planning; project management; business continuity; compilation of audit trails and other reporting tools; maintain records relating to business activities, budgeting, financial management and reporting; communications; and managing mergers, acquisitions, sales, re-organizations or disposals and integration with purchaser. We will engage in these activities based on, where applicable, our legitimate interests and/or to comply with a legal obligation.
  • Implementing and developing an information security program: Perform workforce analytics to identify patterns in the use of technology systems and information entrusted to us as well as Capital One’s people and property; and applying technical safeguards to secure Capital One information, including implementing data loss prevention software to detect potential data security incidents. We will engage in these activities based on, where applicable, our legitimate interests, such as ensuring that our information and networks are secure and/or to comply with a legal obligation.
  • Complying with legal requirements (in all countries in which we operate): Complying with legal and other requirements applicable to our businesses in all countries, provinces, or regions in which we operate, such as record-keeping and reporting obligations; conducting audits; compliance with government inspections and other requests from government or other public authorities; responding to legal processes such as subpoenas; pursuing legal rights and remedies; defending litigation; managing any internal complaints or claims (including those received through the hotline); conducting investigations including into reporting of allegations of wrongdoing, policy violations, fraud, or financial reporting concerns; and complying with internal policies and procedures. We will engage in these activities to manage our contractual relationship with you, based on, where applicable, our legitimate interests, such as protecting our brand and bringing or defending legal claims and/or to comply with a legal obligation such as legal processes.

We may share Personal Information with the following unaffiliated third parties, in addition to sharing Personal Information with our affiliates:

  • Professional advisors: Accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors in all of the countries, provinces, or regions where Capital One operates.
  • Service providers: Companies that provide products and services to Capital One such as human resources services, benefit providers, travel management services, performance management, expense management, IT systems suppliers and support; credit card companies, trade bodies and associations, and other service providers.
  • Public and Governmental authorities: Entities that regulate or have jurisdiction over Capital One such as regulatory authorities, law enforcement and public and judicial bodies.
  • In connection with a sale or business transaction: We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
  • Other third parties that you have authorized or directed to share Personal Information with us, such as family members.

We may receive Personal Information directly from you as well as from other sources:

  • Capital One colleagues;
  • Our customers;
  • Prior employers, schools, or other referees;
  • Our service providers (including facilities, HR-management platforms such as Workday and other IT service providers);
  • Recruiters and agencies;
  • Licensing/certification organizations;
  • Public authorities (e.g., tax authorities, social security agencies, enforcement agencies or other governmental agencies);
  • Benefit providers (including company health providers and insurers);
  • Professional advisors (including accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors);
  • Publicly available databases (such as professional social media accounts);
  • Background check and credit check providers (when permitted by local law); and
  • Other third parties that you have authorized or directed to share Personal Information with us, such as family members.

The affiliates that may be covered by this Notice include:

  • Capital One, N.A.
  • Capital One Services, LLC
  • Capital One Services (Canada) Inc
  • Capital One Services (India) Private Limited
  • Capital One Philippines Support Services Corp.
  • Capital One Services, Inc (UK Branch)
  • Capital One Technology Labs Mexico, WeWork Torre Reforma Latino, c/o Capital One Technology Labs Mexico, S. De R.L. de C.V. Av. Paseo de la Reforma 296, Int. 27-101, Col. Juárez, Alcaldía Cuauhtémoc 06600, Ciudad de México, México
  • Discover Financial Services
  • Discover Global Employment Corporation Private Ltd, Herwana, Secretary - Corporate Department, 25 North Bridge Road, Level 7, Singapore 179104
  • Discover Information Technology (Shanghai) Ltd
  • DFS International Incorporated
  • DFS (Hong Kong) Ltd
  • DFS Services LLC
  • DFS UK Ltd, including French Branch
  • Diners Club Services Private Ltd Mumbai
  • Diners Club Taiwan Ltd
  • Velocity Mobile Limited

Please contact us using the details set out above in the Your rights, questions, and complaints section of this Notice if you have any questions about how Capital One uses Personal Information for the above affiliates.

You may contact the data protection authority for your country or region using the following contact details where applicable:

  • Canada (Federal) – Office of the Privacy Commissioner of Canada
  • Canada (Quebec) – Commission d'accès à l'information du Québec (Quebec Information Commission)
  • France – Commission Nationale de l’Informatique et des Libertés (National Commission on Data Files, Data Processing and Civil Liberties)
  • Germany – State Data Protection Authorities
  • Hong Kong – Office of Privacy Commissioner for Personal Data
  • India – Data Protection Board (not yet established)
  • Japan – PPC 個人情報保護委員会 (Personal Information Protection Commission)
  • Mexico – La Secretaria Anticorrupción y Buen Gobierno (Secretariat for Anti-Corruption and Good Governance)
  • Philippines – National Privacy Commission
  • Singapore – Personal Data Protection Commission
  • Sweden – Integritetsskyddsmyndigheten (Privacy Protection Authority)
  • Taiwan – 個人資料保護委員會 (Personal Data Protection Commission) (not yet established)
  • Turkey – Kisisel Verileri Koruma Kurumu (Personal Data Protection Authority)
  • UK – Office of the Information and Data Protection Commissioner
  • United Arab Emirates (DIFC) – Commissioner of Data Protection, Dubai International Financial Centre Authority