Privacy Centre


Our privacy practices for people who take payments for their good and services using GoCardless

How does GoCardless use personal data?

Reason for processing

Type of personal data we use

Providing our payment services

We provide payment services and deliver key features of our services, such as operating the merchant dashboard, displaying transaction history and payment status, and integrating with partners.

Identification, contact, financial, transaction, connection

Complying with anti-money laundering laws and due diligence obligations

We are required by law to conduct due diligence on our merchants and prevent money laundering or other illegal activities. We verify the identities of prospective and current merchants and their employees and beneficial owners. We may conduct background or credit checks and verify your employment history and the businesses with which you are connected. Where applicable, we may access your criminal history, presence on sanctions lists or in adverse media searches, and links to politically exposed persons.

Identification, contact, due diligence

Learn more about how we make automatic decisions.

Communicating with you 

We send service emails, we alert you to changes in our services, and we communicate with you to provide customer support. Unless you tell us not to, we also promote our services to you, communicate news and industry updates, and communicate with you when we host or participate in events. Learn more about our marketing practices.

Identification, contact

Preventing fraud or unauthorised use

We analyse merchant interactions with GoCardless to make sure our merchants are using our services legitimately. We check to see if merchants are authentic, and we may block transactions or suspend accounts we believe to be fraudulent or violate our terms.

Identification, contact, financial, transaction, connection, due diligence

Learn more about how we make automatic decisions.

Measuring satisfaction

We try to understand how merchants feel about our services so that we can resolve issues and make improvements. We send surveys to merchants and use other tools to seek and measure feedback and engagement.

Identification, contact, transaction, connection

Improving our services

We analyse how people engage with our site and services so that we can improve our services and develop new products or features. For example, we might use personal data and other observations to make our dashboard easier to use or our machine learning models more accurate.

Identification, contact, financial, transaction, connection

Investigating claims and other legal activities

Where we believe it is necessary to protect our legal rights and interests and the interests of others, we use personal data in connection with legal claims, compliance, regulatory and audit functions, and in connection with the acquisition, merger or sale of a business.

Under exceptional circumstances, we may be required by law to provide personal data to law enforcement agencies, courts or others in connection with claims and other litigation.

Identification, contact, financial, transaction, connection, due diligence

What personal data do we use?

When you set up and use a GoCardless account, we collect personal data about you and your company’s employees, directors, trustees or beneficial owners.

  • Identification information, such as name, job title, birthdate, nationality, government-issued identification (for example, a passport or driver’s license), and account username and password.
  • Contact information, such as email address, phone number, work address, company or organisation name, country and language  
  • Financial information, such as sort code, bank account number and account holder name and address.
  • Transaction information, such as the names of transacting parties, transaction description, payment amounts, and the devices and payment methods used to complete the transactions.
  • Connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, log-in records, IP address and location derived from it.
  • Due diligence information: Identity verification, background check and credit references (for example, Onfido, LexisNexis or Creditsafe), from financial institutions (such as our banking partners), from social media such as LinkedIn, or from other public sources.
  • If you have a question or a problem

    You can contact our privacy team to ask a question or exercise your rights or choices about our privacy practices.

    If we can’t resolve your concerns, you may have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.

    The legal details

    If you'd like to read more about our data protection compliance and the disclosures we're required to make by law, click here.

    GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

    GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.