LAST UPDATED: September 2025.
WEX is a global provider of corporate payment solutions. You can find out more about WEX at https://www.wexinc.com or by contacting us using the information in the section How can you contact WEX?.
This Privacy Notice explains how WEX and its affiliated companies across the globe (“WEX”, “we”, “us”, “our”) use your Personal Data when, for example, you use our products and services, visit our websites, online portals, or mobile applications, participate in recruitment activities, or otherwise interact with WEX.
The particular WEX entity responsible for your personal information under this Notice is the one that originally collects it (for example, at the point when you or your company engages us to provide a service or when we engage you to provide a service to us). For WEX global entities and contact information, visit https://www.wexinc.com/locations/.
Note: In some cases, you might find external links to third-party websites on WEX websites or other places displaying this Privacy Notice – neither this Notice nor any other WEX notice applies to your use of any third-party site.
WEX uses Personal Data for many different business purposes, consistently with applicable laws. See the activities below to learn more details about why and how we use Personal Data.
Note: WEX does not knowingly sell or share (for targeted advertising purposes) Personal Data from persons under the age of 16.
For hosting visitors
Our business purposes for using Personal Data
- WiFi or other systems access
- Health and safety
- Hospitality services
- Security
- Site access
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Photographs / Videos / Voice recordings
- Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Photographs / Videos / Voice recordings may be used by surveillance systems for purposes of “Security” and “Site access.”
Sources of the data
- Consultants, advisors, and professional services
- Current employees
- Customers (business-to-business)
- General public
- Job candidates
- Prospective customers (business-to-business)
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Consultants, advisors, and professional services
- Facilities management companies (examples: cleaning, maintenance, canteen and food services)
- Leisure, travel, accommodation companies (examples: restaurants, hotels, airlines, travel agencies)
- Property and real estate companies (incl. sale, rent, and management)
- Security companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Improving digital presence and user experience
- Information security
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Content of communications (examples: mail, email, texts, etc. not for business purposes)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
Sources of the data
- Consumers
- Customers (business-to-business)
- General public
- Job candidates
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Advertising, marketing, public relations, and events promotions companies
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- E-commerce platform providers
- IT, software, and technology companies (incl. software and cloud computing)
- Social media companies
- Vendors / Third Parties
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
For delivering our products and services
Our business purposes for using Personal Data
- Accounts payable
- Payment delivery
- Payment processing
- Payments technology
- Professional services
- Supplier enablement
- Technology development
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Biometric data (examples: eye scanning, fingerprints, facial or voice recognition, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Nationality and immigration status
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Photographs / Videos / Voice recordings
- Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Biometric data may be used by facial or voice recognition technology to verify identity and prevent fraud, when using online portals or mobile apps for any business purposes. See the section How do we use biometric data?.
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- Financial institutions (examples: banks, insurance and pension companies)
- Leisure, travel, accommodation companies (examples: restaurants, hotels, airlines, travel agencies)
- IT, software, and technology companies (incl. software and cloud computing)
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Analytics and reporting
- Electric vehicles charging
- Factoring
- Fleet card payment management
- Fleet tracking
- Fuel cards
- Professional services
- Roadside services
- Savings network
- Trucking fleets
- Trucking fuel cards
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Biometric data (examples: eye scanning, fingerprints, facial or voice recognition, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
- Geolocation data (examples: GPS, location tracking, etc.)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Nationality and immigration status
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Photographs / Videos / Voice recordings
- Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Biometric data may be used by facial or voice recognition technology to verify identity and prevent fraud, when using online portals or mobile apps for any business purposes. See the section How do we use biometric data?.
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- Financial institutions (examples: banks, insurance and pension companies)
- IT, software, and technology companies (incl. software and cloud computing)
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
If you are an individual obtaining a financial product or service from WEX Bank primarily for personal, family, or household purposes, the WEX Bank Privacy Notice (as mandated by US federal law) explains how it collects, shares, and protects your Personal Data.
The WEX Health Privacy Notice applies to all WEX Health websites, online portals, mobile applications, social media sites, and benefit administration services operated and provided by WEX Health.
For operating our business
Our business purposes for using Personal Data
- Application vetting
- Collection of overdue, debt recovery and payment processing
- Credit insurance
- Monitoring and portfolio management
- Sanction screening
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Biometric data (examples: eye scanning, fingerprints, facial or voice recognition, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Photographs / Videos / Voice recordings
Note: Biometric data may be used by facial or voice recognition technology to verify identity and prevent fraud. See the section How do we use biometric data?.
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- IT, software, and technology companies (incl. software and cloud computing)
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- Yes
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Account set-ups
- Card production
- Customer transactions
- Processing customer requests
- Responding to customer queries
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Content of communications (examples: mail, email, texts, etc. not for business purposes)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Photographs / Videos / Voice recordings
Note: Photographs / Videos / Voice recordings may be used by call recording technology for the above purposes of “Processing customer requests” and “Responding to customer queries.”
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- IT, software, and technology companies (incl. software and cloud computing)
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Advertising
- Communications about services
- Customer experiences
- Customer insights
- Data analysis
- Events
- Social media activities
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Content of communications (examples: mail, email, texts, etc. not for business purposes)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Photographs / Videos / Voice recordings
Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Photographs / Videos / Voice recordings may be used by call recording technology for the above purposes of improving “Customer experiences.”
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Customers (business-to-business)
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Advertising, marketing, public relations, and events promotions companies
- Business partners
- Consultants, advisors, and professional services
- E-commerce platform providers
- IT, software, and technology companies (incl. software and cloud computing)
- Press and media agencies (examples: newspapers, television, radio)
- Social media companies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Analysis and prospect tracking
- Business-to-business sales
- Customer relationship management
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Geolocation data (examples: GPS, location tracking, etc.)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Nationality and immigration status
Photographs / Videos / Voice recordings
Note: Photographs / Videos / Voice recordings may be used by call recording technology for the purposes of “Business-to-business sales” and “Customer relationship management.”
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Customers (business-to-business)
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- IT, software, and technology companies (incl. software and cloud computing)
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
For supporting and managing the company
Our business purposes for using Personal Data
- Commercial affairs
- Contracts and service agreements
- Cooperation with state authorities
- Data subject requests
- Due diligence
- Employment law
- Investigations
- Litigation
- Mergers and acquisitions
- Negotiations
- Product development
- Real estate purchases and management
- Regulatory affairs
- Security incidents
- Trade sanctions
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Biometric data (examples: eye scanning, fingerprints, facial or voice recognition, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Content of communications (examples: mail, email, texts, etc. not for business purposes)
- Criminal records
- Family information (examples: marital status, relatives, children, etc.)
- Health (medical) data
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Nationality and immigration status
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Personal history and background (examples: background checks)
- Photographs / Videos / Voice recordings
- Trade union membership
- Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Biometric data may be used by facial or voice recognition technology to verify identity and prevent fraud. See the section How do we use biometric data?.
Sources of the data
- Beneficial owners
- Business partners (examples: partnerships, mergers and acquisitions)
- Consumers
- Current employees
- Customers (business-to-business)
- Job candidates
- Past employees
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
- Shareholders
- State authorities and governmental bodies (examples: state institutions, agencies, officials)
- Vendors / Third Parties
- Whistleblower service providers
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- Courts, regulatory tribunals, and arbitral bodies
- Data analytics, search engine, and database providers
- Financial institutions (examples: banks, insurance and pension companies)
- Forensics services
- IT, software, and technology companies (incl. software and cloud computing)
- Legal services
- Property and real estate companies (incl. sale, rent, and management)
- State authorities and governmental bodies (examples: state institutions, agencies, officials)
- Whistleblower service providers
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- Yes
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Board meetings
- Business strategy
- Corporate recordkeeping
- General meetings and voting
- Investor and shareholder relations
- Reports and filing
- Securities law
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Nationality and immigration status
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Photographs / Videos / Voice recordings
- Work information (examples: job, performance, travel, work history, military service, etc.)
Sources of the data
- Beneficial owners
- Business partners (examples: partnerships, mergers and acquisitions)
- Corporate directors
- Current employees
- Shareholders
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- Financial institutions (examples: banks, insurance and pension companies)
- Legal services
- State authorities and governmental bodies (examples: state institutions, agencies, officials)
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Access databases
- Budgets
- Expense reports and corporate cards
- Financial record maintenance and payroll
- Financial statements
- Internal reporting
- Payments to individual contracts / consultants
- Revenue processing
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
- Geolocation data (examples: GPS, location tracking, etc.)
- History of purchases
- ID information (examples: social security numbers, driver’s license, ID card, passport, etc.)
- Personal financial data (examples: accounts, log-in data, credit/debt, pensions, tax, etc.)
- Remuneration / Benefits information (examples: salary, bonuses, etc.)
Sources of the data
- Beneficial owners
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professionals
- Corporate directors
- Current employees
- Customers (business-to-business)
- Members of associations and groups
- Past employees
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
- Shareholders
- State authorities and governmental bodies (examples: state institutions, agencies, officials)
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Accountants, bookkeeping, and payroll companies
- Business partners (examples: partnerships, mergers and acquisitions)
- Financial institutions (examples: banks, insurance and pension companies)
- IT, software, and technology companies (incl. software and cloud computing)
- State authorities and governmental bodies (examples: state institutions, agencies, officials)
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Data governance
- Hardware management
- Information security
- Network and systems administration
- Security operations
- Software management
- Systems architecture
- Technology support
- Web development
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Content of communications (examples: mail, email, texts, etc. not for business purposes)
- Digital footprints (examples: cookies, online activities, social media accounts, device/IP identifiers, etc.)
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professionals
- Consumers
- Current employees
- Customers (business-to-business)
- General public
- Job candidates
- Past employees
- Prospective customers (business-to-business)
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- IT, software, and technology companies (incl. software and cloud computing)
- Vendors / Third Parties
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Managing vendor relationships
- Service agreements
- Vendor due diligence
- Vendor monitoring
- Work information (examples: job, performance, travel, work history, military service, etc.)
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Work information (examples: job, performance, travel, work history, military service, etc.)
Sources of the data
- Business partners (examples: partnerships, mergers and acquisitions)
- Private databases, registers, or Third Parties
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Business partners (examples: partnerships, mergers and acquisitions)
- Consultants, advisors, and professional services
- Financial institutions (examples: banks, insurance and pension companies)
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- No
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using Personal Data
- Recruiting
Categories of data we may use
- Basic personal information (examples: name, age, date of birth, gender, physical description, etc.)
- Biometric data (examples: eye scanning, fingerprints, facial or voice recognition, etc.)
- Contact information (examples: address, email, phone number, etc.)
- Criminal records
- Education and CV details, qualifications
- Family information (examples: marital status, relatives, children, etc.)
- Health (medical) data
- Nationality and immigration status
- Personal history and background (examples: background checks)
- Photographs / Videos / Voice recordings
- Racial or ethnic origin
- Remuneration / Benefits information (examples: salary, bonuses, etc.)
- Work information (examples: job, performance, travel, work history, military service, etc.)
Note: Biometric data may be used by facial or voice recognition technology to verify identity and prevent fraudulent applications for employment. See the section How do we use biometric data?.
Sources of the data
- Job candidates
- Recruitment, headhunter, and HR agencies
Third-party recipients of the data (outside of WEX)
- Recruitment, headhunter, and HR agencies
Has WEX sold or shared this data for targeted advertising purposes?
- No
Do we use Artificial Intelligence or other technology to make significant automated decisions about individuals for any of the purposes above?
- Yes
If you live in the EU, EEA, or UK, what is our Legal Basis for using the data?
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
WEX discloses Personal Data within and between our affiliated companies, as our business purposes require. Sometimes we also disclose Personal Data to select third-party recipients outside of WEX, such as business partners and service providers, where this is relevant and necessary for us to achieve those business purposes. As required by applicable law, we put in place written Data Processing Agreements or other contractual terms with these recipients, obligating them to protect Personal Data.
You can see what kinds of recipients might access Personal Data by viewing any of the activities in the section How does WEX use Personal Data?.
Some of our disclosures within WEX and to third-party recipients may involve the transfer of Personal Data (or access to it) across international borders (for example, when our international team members collaborate internally in improving our services or so we can take advantage of outside global technological expertise).
If you are resident in the EU, EEA, UK, or Canada, we take special measures required by law to safeguard your Personal Data when it is disclosed internationally and to ensure that it is protected at the same level as the EU, EEA, UK, and Canada and its provinces.
WEX stores Personal Data for as long as necessary to serve the purpose of its use. However, in some cases we must keep that data longer, for example, to:
- anticipate legal challenges and litigation
- comply with applicable laws or contractual obligations
- document complaints
- document compliance and satisfy regulatory authorities
- investigate misconduct
- meet tax and accounting requirements prevent fraud
- resolve disputes
- service ongoing business relationships and accounts
WEX implements reasonable administrative, physical, and technical safeguards designed to protect Personal Data from unauthorized access, use, or disclosure. We take measures, for example, to:
- encrypt certain sensitive data (such as credit card information) when transmitted
- ensure that only authorized users can access Personal Data for approved purposes
- keep computers and networks secure, using firewalls, virus protection, strong access controls (like multi-factor authentication), other industry leading cybersecurity tools, etc.
- maintain physical security over our paper and electronic data stores and premises
- require that third-party recipients of Personal Data store and use it securely
If you access certain online portals or mobile apps, contact us by telephone, or apply for certain jobs, WEX or our service providers may use biometric data derived from facial or voice recognition technology to verify the authenticity of a photographic ID (like a driving license), a “selfie” picture, a video that you voluntarily submit to us, or your voice. We do this for purposes such as verifying your identity and preventing fraud.
WEX and our service providers delete this biometric data as soon as reasonably possible after it has achieved these purposes, unless applicable laws require or permit us to keep it longer under some circumstances.
We do not sell biometric data or trade it for any benefits, and we will only share it with others (like our service providers) with your consent, to complete a transaction you have requested using biometric data, or as otherwise required or permitted by law.
When you visit our global websites, WEX uses cookies and other similar technologies that enable us to maintain our websites, provide you with a good user experience, and ensure that content and marketing are relevant to your interests.
To learn more about how we use cookies, see our Cookie Notice.
If we use your Personal Data, you might have certain legal rights over that data depending on the location where you reside. For example, the laws where you live (like the EU, EEA, UK, California and some other US states, or Canada and certain provinces) might give you rights to:
- request further details about how we use your Personal Data
- request a copy of your Personal Data or that it be sent to an authorized third party.
- request that we correct or update your Personal Data
- request that we delete your Personal Data (subject to allowable exceptions).
- request that we restrict the use of your Personal Data
- object to our use of your Personal Data, unsubscribe from communications, or opt-out from, for example, direct marketing, automated decision-making, or personal profiling
- limit our use or disclosure of certain sensitive Personal Data (where this is used by WEX)
- opt-out of the sale or sharing of your Personal Data with third parties for targeted advertising purposes or opt-out of automated decision-making.
- not be subjected to discriminatory treatment or retaliation for exercising these or any other rights over your Personal Data, which are given to you by applicable law
These rights depend on applicable law in your place of residence, may not all be available in that location, and may be subject to certain legal exceptions and exemptions. WEX might also be subject to binding obligations based on other laws, contracts, or the rights of others, which allow us to retain and continue to use Personal Data, despite an individual’s request to exercise an otherwise valid legal right.
In all cases, WEX carefully evaluates every request regarding the exercise of Personal Data rights and complies as required or permitted by applicable law.
If you wish to exercise any of the above rights (or others) given to you under applicable law, you or your authorized agent can contact us in one of the following three ways:
- By emailing us at privacy@wexinc.com
- Through this online form
- For California residents only, by calling us toll-free at 1-833-CALL-WEX (1-833-225-5939).
In some circumstances, WEX might be required to verify your identity (or your authorization of an agent) before acting upon your request. In this case, we will promptly solicit from you further information or proof of identification to the extent this is necessary.
You may request more information about this Privacy Notice or otherwise complain to WEX by emailing privacy@wexinc.com.
Local law where you live might also give you a right to complain to an official Privacy or Data Protection Authority. For example, if you are resident in:
Australia, you can contact the Office of the Australian Information Commissioner (the OAIC) by visiting its website at https://www.oaic.gov.au/ or a state/territorial privacy agency.
Brazil, you can contact the Autoridade Nacional de Proteção de Dados (the ANPD) at https://www.gov.br/anpd/pt-br.
California, you can contact the California Privacy Protection Agency (the CPPA) by visiting its website at https://cppa.ca.gov/ or the California Attorney General at https://oag.ca.gov/privacy/ccpa/.
Canada, you can contact the Office of the Privacy Commissioner of Canada (the OPC) by visiting its website at https://www.priv.gc.ca/en/ or a provincial/territorial privacy agency. For Quebec, you can contact the Commission d’accès à l’information du Québec (the CAI) at https://www.cai.gouv.qc.ca/.
The EU, you can contact the applicable Data Protection Supervisory Authority in your country of residence, listed by the European Data Protection Board (EDPB) at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
Singapore, you can contact the Personal Data Protection Commission (the PDPC) by visiting its website at https://www.pdpc.gov.sg/.
The UK, you can contact the Information Commissioner’s Office (the ICO) by visiting its website at https://ico.org.uk/.
For WEX global office locations and contact information, visit https://www.wexinc.com/locations/.
EX Inc. Global Headquarters
1 Hancock Street
Portland, Maine 04101 United States
WEX Privacy
privacy@wexinc.com