Legal, Privacy and Security Notices
LAST UPDATED: March, 2024.
WEX is a global provider of corporate payment solutions. You can find out more about WEX at https://www.wexinc.com or by contacting us using the information in the section How can you contact WEX?
This Privacy Notice explains how WEX and its affiliated companies across the globe (“WEX”, “we”, “us”, “our”) use your Personal Data when, for example, you use our products and services, visit our websites or offices, participate in recruitment activities, or otherwise interact with WEX.
The particular WEX entity responsible for your personal information under this Notice is the one that originally collects it (for example, at the point when you or your company engages us to provide a service or when we engage you to provide a service to us). For WEX global entities and contact information, visit https://www.wexinc.com/locations/.
Note: In some cases, you might find external links to third-party websites on WEX websites or other places displaying this Privacy Notice – neither this Notice nor any other WEX notice applies to your use of any third-party site.
WEX uses your Personal Data for many different business purposes, consistently with applicable laws. See the activities below to learn more details about why and how we use your Personal Data.
Note: WEX does not knowingly sell or share (for targeted advertising purposes) Personal Data from persons under the age of 16.
For visitors
Our business purposes for using your Personal Data
- Guest wifi or other systems access
- Health and safety
- Hospitality services
- Security
- Site access
Categories of data we may use
- Basic personal information
- Contact information
- ID information
- Photographs / Videos / Voice recordings
- Work information
Sources of the data
- Consultants, advisors, and professional services
- Current employees
- Customers (business-to-business)
- General public
- Job candidates
- Prospective customers (business-to-business)
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Consultants, advisors, and professional services
- Facilities management companies
- Leisure, travel, accommodation companies
- Property and real estates companies
- Security companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Improving digital presence and user experience
- Information security
Categories of data we may use
- Basic personal information
- Contact information
- Content of communications
- Digital footprints
Sources of the data
- Consumers
- Customers (business-to-business)
- General public
- Job candidates
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Advertising, marketing, public relations, and events promotions companies
- Business partners
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- E-commerce platform providers
- IT, software, and technology companies
- Social media companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Products and Services
Our business purposes for using your Personal Data
- Accounts payable
- Payment delivery
- Payment processing
- Payments technology
- Professional services
- Supplier enablement
- Technology development
Categories of data we may use
- Basic personal information
- Contact information
- Digital footprints
- History of purchases
- ID information
- Nationality and immigration status
- Personal financial data
- Work information
Sources of the data
- Business partners
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Business partners
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- Financial institutions
- Leisure, travel, accommodation companies
- IT, software, and technology companies
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Analytics and reporting
- Electric vehicles charging
- Factoring
- Fleet card payment management
- Fleet tracking
- Fuel cards
- Professional services
- Roadside services
- Savings network
- Trucking fleets
- Trucking fuel cards
Categories of data we may use
- Basic personal information
- Contact information
- Digital footprints
- Geolocation data
- History of purchases
- ID information
- Nationality and immigration status
- Personal financial data
- Work information
Sources of the data
- Business partners
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Business partners
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- Data analytics, search engine, and database providers
- Financial institutions
- IT, software, and technology companies
- Transportation providers, delivery, supply, ang logistics companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
If you are an individual obtaining a financial product or service from WEX Bank primarily for personal, family, or household purposes, the WEX Bank Privacy Notice (as mandated by US federal law) explains how it collects, shares, and protects your Personal Data.
The WEX Health Privacy Notice applies to all WEX Health websites, portals, mobile applications, social media sites, and benefit administration services operated and provided by WEX Health.
Business operations
Our business purposes for using your Personal Data
- Board meetings
- Business strategy
- Corporate recordkeeping
- General meetings and voting
- Investor and shareholder relations
- Reports and filing
- Securities law
Categories of data we may use
- Basic personal information
- Contact information
- ID information
- Nationality and immigration status
- Personal financial data
- Photographs / Videos / Voice recordings
- Work information
Sources of the data
- Beneficial owners
- Business partners
- Corporate directors
- Current employees
- Shareholders
Third-party recipients of the data (outside of WEX)
- Business partners
- Consultants, advisors, and professional services
- Financial institutions
- Legal services
- State authorities and governmental bodies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Application vetting
- Collection of overdue, debt recovery and payment processing
- Credit insurance
- Monitoring and portfolio management
- Sanction screening
Categories of data we may use
- Basic personal information
- Contact information
- Criminal records
- Digital footprints
- History of purchases
- ID information
- Nationality and immigration status
- Personal financial data
- Work information
Sources of the data
- Business partners
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Business partners
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- IT, software, and technology companies
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Account set-ups
- Card production
- Customer transactions
- Processing customer requests
- Responding to customer queries
Categories of data we may use
- Basic personal information
- Contact information
- Content of communications
- History of purchases
- ID information
- Photographs / Videos / Voice recordings
Sources of the data
- Business partners
- Consumers
- Customers (business-to-business)
- Prospective customers (business-to-business)
Third-party recipients of the data (outside of WEX)
- Business partners
- Business process / transformation outsourcing services
- Consultants, advisors, and professional services
- IT, software, and technology companies
- Transportation providers, delivery, supply, and logistics companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Commercial affairs
- Contracts and service agreements
- Cooperation with state authorities
- Data security incidents
- Due diligence of beneficial owners
- Employment law
- Investigations
- Litigation
- Mergers and acquisitions
- Negotiations
- Product development
- Real estate purchases and management
- Regulatory affairs
- Trade sanctions
Categories of data we may use
- Basic personal information
- Contact information
- Content of communications
- Criminal records
- Family information
- Health data
- ID information
- Nationality and immigration status
- Personal financial data
- Personal history and background
- Photographs / Videos / Voice recordings
- Trade union membership
- Work information
Sources of the data
- Beneficial owners
- Business partners
- Consumers
- Current employees
- Customers (business-to-business)
- Job candidates
- Past employees
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
- Shareholders
- State authorities and governmental bodies
- Vendors / Third Parties
- Whistleblower service providers
Third-party recipients of the data (outside of WEX)
- Business partners
- Consultants, advisors, and professional services
- Courts, regulatory tribunals, and arbitral bodies
- Data analytics, search engine, and database providers
- Financial institutions
- Forensics services
- IT, software, and technology companies
- Legal services
- Property and real estates companies
- State authorities and governmental bodies
- Whistleblower service providers
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Advertising
- Communications about services
- Customer experiences
- Customer insights
- Data analysis
- Events
- Social media activities
Categories of data we may use
- Basic personal information
- Contact information
- Content of communications
- Digital footprints
- Personal financial data
- Photographs / Videos / Voice recordings
- Work information
Sources of the data
- Business partners
- Consumers
- Customers (business-to-business)
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
- Websites, social media, and applications
Third-party recipients of the data (outside of WEX)
- Advertising, marketing, public relations, and events promotions companies
- Business partners
- Consultants, advisors, and professional services
- E-commerce platform providers
- IT, software, and technology companies
- Press and media agencies
- Social media companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Managing vendor relationships
- Service agreements
- Vendor due diligence
- Vendor monitoring
- Work information
Categories of data we may use
- Basic personal information
- Contact information
- Work information
Sources of the data
- Business partners
- Private databases, registers, or Third Parties
- Vendors / Third Parties
Third-party recipients of the data (outside of WEX)
- Business partners
- Consultants, advisors, and professional services
- Financial institutions
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Contract with the data subject (Art. 6(b) of the GDPR)
- Legal obligation (Art. 6(c) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Recruiting
Categories of data we may use
- Basic personal information
- Contact information
- Education and CV details, qualifications
- Health (medical) data
- Nationality and immigration status
- Racial or ethnic origin
- Remuneration / Benefits information
- Work information
Sources of the data
- Job candidates
- Recruitment, headhunter, and HR agencies
Third-party recipients of the data (outside of WEX)
- Recruitment, headhunter, and HR agencies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
Our business purposes for using your Personal Data
- Analysis and prospect tracking
- Business-to-business sales
- Customer relationship management
Categories of data we may use
- Basic personal information
- Contact information
- Geolocation data
- History of purchases
- ID information
- Nationality and immigration status
Sources of the data
- Business partners
- Customers (business-to-business)
- Private databases, registers, or Third Parties
- Prospective customers (business-to-business)
- Public databases, registers, or other public or government sources
Third-party recipients of the data (outside of WEX)
- Business partners
- Consultants, advisors, and professional services
- IT, software, and technology companies
Has WEX sold or shared this data for reasons other than the purposes above?
- No
Do we use Artificial Intelligence or other technology to make wholly automated decisions which might adversely affect you in a personal capacity?
- No
The primary Legal Basis for using the data (for the EU, EEA, and UK only)
- Consent of the data subject (Art. 6(a) of the GDPR)
- Legitimate interests (Art. 6(f) of the GDPR)
WEX discloses your Personal Data within and between our affiliated companies, as our business purposes require. Sometimes we also disclose your Personal Data to select third-party recipients outside of WEX, such as business partners and service providers, where this is relevant and necessary for us to achieve those business purposes. As required by applicable law, we put in place written Data Processing Agreements or other contractual terms with these recipients, obligating them to protect your data.
You can see what kinds of recipients might access your data by viewing any of the activities in the section How does WEX use your Personal Data?.
Some of our disclosures within WEX and to third-party recipients may involve the transfer of Personal Data (or access to it) across international borders (for example, when our international team members collaborate internally in improving our services or so we can take advantage of outside global technological expertise).
If you are resident in the EU, EEA, or UK, we take special measures required by law to safeguard your Personal Data when it is disclosed internationally. Certain countries outside the EU, EEA, and UK have been approved by the European Commission or UK authorities as providing essentially equivalent protections to EU, EEA, and UK data protection law and, therefore, no extra safeguards are required to disclose your Personal Data to recipients in these locations. For other countries, we will use appropriate additional safeguards to protect any Personal Data disclosed, such as EU Commission-approved standard contractual clauses or other mechanisms, to ensure that your Personal Data is protected at the same level as the EU, EEA, and UK.
WEX stores your Personal Data for as long as necessary to serve the purpose of its use. However, in some cases we must keep that data longer, for example, to:
- anticipate legal challenges and litigation
- comply with applicable laws or contractual obligations
- document complaints
- document compliance and satisfy regulatory authorities
- investigate misconduct
- meet tax and accounting requirements
- prevent fraud
- resolve disputes
- service ongoing business relationships and accounts
WEX implements reasonable administrative, physical, and technical safeguards designed to protect Personal Data from unauthorized access, use, or disclosure. We take measures, for example, to:
- encrypt certain sensitive data (such as credit card information) when transmitted
- ensure that only authorized users can access Personal Data for approved purposes
- keep computers and networks secure, using firewalls, virus protection, strong access controls (like multi-factor authentication), other industry leading cybersecurity tools, etc.
- maintain physical security over our paper and electronic data stores and premises
- require that third-party recipients of Personal Data store and use it securely
When you visit our global websites, WEX uses cookies and other similar technologies that enable us to maintain our websites, provide you with a good user experience, and ensure that content and marketing are relevant to your interests.
To learn more about how we use cookies, see our Cookie Notice.
If we use your Personal Data, you might have certain legal rights over that data depending on the location where you reside. For example, the laws where you live (like the EU, EEA, UK, or California and certain other states) might give you rights to:
- request further details about how we use your Personal Data
- request a copy of your Personal Data or that it be sent to an authorized third party.
- request that we correct or update your Personal Data
- request that we delete your Personal Data (subject to allowable exceptions).
- request that we restrict the use of your Personal Data
- object to our use of your Personal Data, unsubscribe from communications, or opt-out from, for example, direct marketing, automated decision-making, or personal profiling
- limit our use or disclosure of certain sensitive Personal Data (where this is used by WEX)
- opt-out of the sale or sharing of your Personal Data with third parties
- not be subjected to discriminatory treatment or retaliation for exercising these or any other rights over your Personal Data, which are given to you by applicable law
These rights depend on applicable law in your place of residence, may not all be available in that location, and may be subject to certain legal exceptions and exemptions. WEX might also be subject to binding obligations based on other laws, contracts, or the rights of others, which allow us to retain and continue to use Personal Data, despite an individual’s request to exercise an otherwise valid legal right.
In all cases, WEX carefully evaluates every request regarding the exercise of Personal Data rights and complies as required or permitted by applicable law.
If you wish to exercise any of the above rights (or others) given to you under applicable law, you or your authorized agent can contact us in one of the following three ways:
- By emailing us at privacy@wexinc.com
- Through this online form
- For California residents only, by calling us toll-free at 1-833-CALL-WEX (1-833-225-5939).
In some circumstances, WEX might be required to verify your identity (or your authorization of an agent) before acting upon your request. In this case, we will promptly solicit from you further information or proof of identification to the extent this is necessary.
You may request more information about this Global Privacy Notice or otherwise complain to WEX by emailing privacy@wexinc.com. Local law where you live might also give you a right to complain to an official Privacy or Data Protection Authority. For example, if you are resident in:
Australia, you can contact the Office of the Australian Information Commissioner (the OAIC) by visiting its website at https://www.oaic.gov.au/ or a state/territorial privacy agency.
California, you can contact the California Privacy Protection Agency (the CPPA) by visiting its website at https://cppa.ca.gov/ or the California Attorney General at https://oag.ca.gov/privacy/ccpa/.
Canada, you can contact the Office of the Privacy Commissioner of Canada (the OPC) by visiting its website at https://www.priv.gc.ca/en/ or a provincial/territorial privacy agency.
The EU, you can contact the applicable Data Protection Supervisory Authority in your country of residence, listed by the European Data Protection Board (EDPB) at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
Norway, you can contact the Data Protection Authority (the Datatilsyn) by visiting its website at https://www.datatilsynet.no/en/
Singapore, you can contact the Personal Data Protection Commission (the PDPC) by visiting its website at https://www.pdpc.gov.sg/.
The UK, you can contact the Information Commissioner’s Office (the ICO) by visiting its website at https://ico.org.uk/.
For WEX global office locations and contact information, visit https://www.wexinc.com/locations/.
WEX Inc. Global Headquarters
1 Hancock Street
Portland, Maine 04101
United States
1-207-773-8171
WEX Privacy
privacy@wexinc.com
For more information