Privacy Centre

Merchants

Our privacy practices for people who take payments for their goods and services using GoCardless

How does GoCardless use personal data?

Providing our payment services

We use identification, contact, financial, transaction and connection data to provide our services.

Preventing money laundering and financial crime

We use identification, contact and due diligence data to comply with anti-money laundering laws and due diligence obligations.

Communicating with you

We use identification, transaction and contact data to communicate with you.

Preventing fraud or unauthorised use

We use identification, contact, financial, transaction, connection and due diligence data to monitor and prevent fraud and unauthorised use of our services.

Measuring satisfaction

We use identification, contact, transaction and connection data to understand how merchants feel about our services.

Improving our services

We use identification, contact, financial, transaction and connection data to improve our services.

Investigating claims and other legal activities

We use identification, contact, financial, transaction, connection and due diligence data to protect our legal rights and interests.

What personal data do we use?

When you set up and use a GoCardless account, we collect personal data about you and your company’s employees, directors, trustees or beneficial owners. That includes:

  1. Identification information, such as name, job title, birthdate, nationality, government-issued identification (for example, a passport or driver’s license), and account username and password.
  2. Contact information, such as email address, phone number, work address, company or organisation name, country and language.  
  3. Financial information, such as sort code, bank account number and account holder name and address.
  4. Transaction information, such as the names of transacting parties, transaction description, payment amounts, and the devices and payment methods used to complete the transactions.
  5. Connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, log-in records, IP address and location derived from it.
  6. Due diligence information, such as identity verification, background check and credit references (for example, Onfido, LexisNexis or Creditsafe), from financial institutions (such as our banking partners), from social media such as LinkedIn, or from other public sources.

If you have a question or a problem

You can contact our privacy team to ask a question or exercise your rights or choices about our privacy practices.

If we can’t resolve your concerns, you may have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.

More legal details

Read more about our data protection compliance and the further legal details required in some countries, such as:

  • What makes our processing lawful?
  • Who do we share personal data with?
  • How do we protect data that crosses borders?
  • How do we make automatic decisions about people?
  • How long do we keep the data?
  • What rights do you have and how do you exercise them?

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom

GoCardless (company registration number 07495895) is authorised by the Financial Conduct Authority under the Payment Services Regulations 2017, registration number 597190, for the provision of payment services.