Privacy Centre

Updated – 26 May 2023

Got a question? Raise a ticket with our Support team

Merchants

Our privacy practices for people who take payments for their goods and services using GoCardless

How does GoCardless use personal data?

We use identification, contact, usage, connection and due diligence data to comply with anti-money laundering laws and due diligence obligations.

What do we do with the data?

We are required by law to conduct due diligence on our merchants and prevent money laundering or other illegal financial activities. We verify the identities of prospective and current merchants and their employees and beneficial owners. We may conduct background or credit checks and verify your employment history and the businesses with which you are connected. Where applicable, we may access your criminal history, presence on sanctions lists or in adverse media searches, and links to politically exposed persons.Technology helps us make automatic decisions about money laundering and financial crime.

We use identification, transaction and contact data to communicate with you.

What do we do with the data?

We send service emails, we alert you to changes in our services, and we communicate with you to provide customer support. Unless you tell us not to, we also promote our services to you, communicate news and industry updates, and communicate with you when we host or participate in events. We also track open rates and measure the effectiveness of our communications. Learn more about our marketing practices and how cookies support some of these activities.

We use identification, contact, financial, transaction, usage, connection and due diligence data to monitor and prevent fraud and unauthorised use of our services.

What do we do with the data?

We analyse merchant interactions with GoCardless to make sure our merchants are using our services legitimately. We assess whether your activities match patterns of previous fraudulent behaviour.We check to see if merchants are authentic, and we may block transactions or suspend accounts we believe to be fraudulent or violate our terms. Technology helps us make automatic decisions about fraud and unauthorised use. Read more about our fraud prevention tools.

We use identification, contact, financial, usage, transaction and connection data to improve our services.

What do we do with the data?

We analyse how people engage with our site and services so that we can improve our services and develop new products or features. For example, we might use personal data and other observations to make our dashboard easier to use or our machine learning models more accurate.

We use identification, contact, financial, transaction, connection and due diligence data to protect our legal rights and interests.

What do we do with the data?

Where we believe it is necessary to protect our legal rights and interests and the interests of others, we use personal data in connection with legal claims, compliance, regulatory and audit functions, and in connection with the acquisition, merger or sale of a business.Under exceptional circumstances, we may be required by law to provide personal data to law enforcement agencies, courts or others in connection with claims and other litigation.

What personal data do we use?

When you set up and use a GoCardless account, we collect personal data about you and your company’s employees, directors, trustees or beneficial owners. That includes:

Identification information, such as name, job title, birthdate, nationality, government-issued identification (for example, a passport or driver’s license), and account username and password.
Contact information, such as email address, phone number, work address, company or organisation name, country and language.
Financial information, such as sort code, bank account number and account holder name and address.
Transaction information, such as the names of transacting parties, transaction description, payment amounts, and the devices and payment methods used to complete the transactions.
Usage information, such as how you enter data on our sites and services and how long it takes, and whether you opened an email or clicked a link. To collect this data we use cookies and other tracking technologies.
Connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, log-in records, IP address and location derived from it.
Due diligence information, such as identity verification, background check and credit references (for example, Onfido, LexisNexis or Creditsafe), from financial institutions (such as our banking partners), from social media such as LinkedIn, or from other public sources.

If you have a question or a problem

You can contact our privacy team to ask a question or exercise your rights or choices about our privacy practices.If we can’t resolve your concerns, you may have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.

More legal details

Read more about our data protection compliance and the further legal details required in some countries, such as:

What makes our processing lawful?
Who do we share personal data with?
How do we protect data that crosses borders?
How do we make automatic decisions about people?
How long do we keep the data?
What rights do you have and how do you exercise them?

Got a question? Raise a ticket with our Support team