Skip to main content Skip to main navigation
Skip to access and inclusion page Skip to search input

Presto Virtual Terminal – Cardholders Notice

Privacy Notice

Your privacy is important to us, and so is being transparent about how we collect, use, share, and store your personal data. Personal Data means any information relating to you where you are either identified or identifiable from that information.

Westpac provides some of our merchant customers (“Merchants”) with a virtual terminal product, known as the “Presto Virtual Terminal”. This virtual terminal allows Merchants to carry out transactions online using your card details as if you had actually interacted with a terminal in their shop, and to issue receipts for those transactions (“Presto Receipt”). By doing so, the Merchant collects your Personal Data and passes it on to Westpac to process the transaction.

This Privacy Notice relates to the use of the Presto Virtual Terminal and is intended to help you understand how we collect, use, share and store your Personal Data when transactions are performed by a Merchant using the Presto Virtual Terminal.

Who are we?

When we say “Westpac”, “we”, “our”, or “us”, we mean the Westpac Banking Corporation ABN 33 007 457 141 which acts as the data controller for the Personal Data we process about you, unless stated otherwise. References to the “Westpac Group” in this Privacy Notice are a reference to Westpac Banking Corporation and its related companies, both in Australian and overseas.

How do we collect your Personal Data?

When a Merchant uses the Presto Virtual Terminal, they will need to collect Personal Data from you such as (i) card details including cardholder name, card number, expiry date, CVV (“Card Details”) and (ii) your email address (“Email Address”). Your Card Details are stored on the Presto Virtual Terminal but not your Email Address.

The Merchant may also collect other Personal Data, such as: your address for delivery; and telephone number to complete your order/ transaction (“Additional Information”). Additional Information is not recorded in the Presto Virtual Terminal. Any concerns you have about the collection, use, or storage of Additional Information should be directed to the relevant Merchant.

Why do we collect your Personal Data?

Your Card Details and Email Address are collected by the Merchant and provided to Westpac to enable Westpac to process transactions where you have paid the Merchant using the Presto Virtual Terminal, and for Presto Receipts to be issued.

Who do we share your Personal Data with?

We are required to disclose your Personal Data to process your payment. This may include disclosure to an organisation that is not part of the Westpac Group (which may be located overseas) and includes: a card issuer; card scheme operator; or organisation otherwise involved in any card scheme or payment network, for any purpose relating to the operation of those schemes or payment networks to enable the transaction paid for using the Presto Virtual Terminal to be processed.

We may also share your Personal Data to regulated bodies, government agencies, and law enforcement bodies in any jurisdiction, subject always to a legitimate and lawful basis for sharing or disclosing Personal Data.

How do we store data?

We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the Personal Data we hold. For example:


  • Access to our information systems is controlled through identity and access management controls
  • Employees and our contracted service providers are bound by internal information security policies and are required to keep information secure
  • All employees are required to complete training about information security 
  • We regularly monitor and review our compliance with internal policies and industry best practice.


Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with the Merchant or us is no longer secure (for example, if you feel that the security of any account you have has been compromised), please contact us immediately (please refer to the How to contact us section below).

We retain your Personal Data until such time as the purpose of processing has been achieved or for any period of time specified by applicable law, whichever is the greater. If we no longer need to use your Personal Data for the purposes set out in this Privacy Notice, we will take reasonable steps to destroy or de-identify your Personal Data.

What are your rights?

Our Privacy Policy and the EU Data Protection Policy covers:


  • How you can request access to, or correct, or erase the Personal Data we hold about you
  • How you can make a complaint where you have concerns about our handling of your Personal Data (including where you believe there has been a breach of the local privacy law), and how we will deal with your complaint.


For more details about how you may exercise your rights, please see our Privacy Policy and EU Data Protection Policy. To access either of these policies, please see the Further Information section below.

If you are not satisfied about how we are processing your Personal Data, or you would like to make a complaint, please contact us (see the How to contact us section below).

How to contact us

You can contact us in the following ways:


Further information

For more details about how we handle Personal Data and complaints or how you may exercise your rights, please see our Privacy Policy and EU Data Protection Policy (as applicable). You can view or download a copy of these policies by visiting or request a printed copy in a Westpac branch or by contacting us using the details in the How to contact us section.