Skip to content
Go to GoCardless homepage
LoginSign up

Privacy Centre Updated

1 November 2021


Got a question? Raise a ticket with our Support team


Our privacy practices for people who make payments using GoCardless

Who is GoCardless?

GoCardless provides the technology and other services that help merchants around the world process payments for their goods or services.

If you have a question about how we handle your personal data, you can reach us at:

GoCardless Ltd., Sutton Yard, 65 Goswell Road, London EC1V 7EN, United Kingdom

Contact the Data Protection Officer

If you have questions about how a merchant handles your personal data, or if you wish to exercise your rights for the personal data they hold, you will need to contact them directly. If you don’t recognise a payment on your statement, find out who your merchant is here.

How does GoCardless use personal data?

We use identification, contact, financial, transaction and connection data to provide our services.

What do we do with the data?

We provide payment services and deliver key features of our service to the merchants you pay using GoCardless, such as displaying transaction history and payment status.

We use identification, contact, financial, transaction, usage and connection data to prevent fraud.

What do we do with the data?

We check that you own the bank account you enter for our services and that you have the funds to cover the transaction. We assess whether your activities match patterns of previous fraudulent behaviour. We may block transactions we believe to be fraudulent or unauthorised, or that violate our terms. When you set up a payment, we may ask you to grant us access to personal data directly from your bank account so that we can verify that you are the owner of the account. This data is limited to your bank account number, name and address, and we access it only with your consent. If our fraud alerts or those of our banking partner flag a potentially fraudulent account, payment or refund, we may need to confirm your identity. We use publicly available data or identity verification services from agencies like Onfido or Lexis Nexis. After this, we will either clear the alert or stop the payment or refund.

Technology helps us make automatic decisions about potential fraud using our services. Read more about our fraud prevention tools.

We use identification, contact, financial, transaction and connection data to increase payment speed and success.

What do we do with the data?

We calculate whether a payment is likely to clear and use that calculation to make decisions about how we provide our services. For example, we might ask for a different payment method or change the date we withdraw the payment from your bank, or we might advance payments to your merchant to process their transactions more quickly.Technology helps us make automatic decisions about how and when to process transactions.

We use identification, usage, contact and transaction data to communicate with you.

What do we do with the data?

We send you messages that are necessary for our services, like payment notification emails. If you need help, we communicate with you to provide customer support. We also track open rates and measure the effectiveness of our communications.We don’t market to consumers who make payments using our services, and we don’t sell personal data.

We use identification, contact, financial, usage, transaction and connection data to improve our services.

What do we do with the data?

We analyse how people engage with our site and services so that we can improve our services and develop new products or features. For example, we might use personal data and other observations to make our payment pages easier to use or our machine learning models more accurate.

We use identification, contact, financial, transaction and connection data to protect our legal rights and interests.

What do we do with the data?

Where we believe it is necessary to protect our legal rights and interests and the interests of others, we use personal data in connection with legal claims, compliance, regulatory and audit functions, and in connection with the acquisition, merger or sale of a business.Under exceptional circumstances, we may be required by law to provide personal data to law enforcement agencies, courts or others in connection with claims and other litigation.

What personal data do we use?

  1. Identification information, such as your name and organisation. In some countries, we may be required by law or by financial institutions to collect a government identifier from you (for example, a social security number or tax ID).

  2. Contact information, such as your mailing address and email address. 

  3. Financial information, such as your bank account number, sort code, account holder name, and other information you provide to us or give us consent to access from your bank.

  4. Transaction information, such as the name of the merchant you pay using our services, a description of the transaction, and the payment amount.

  5. Usage information, such as how you enter data using our sites and services and how long it takes, and whether you opened an email or clicked a link. To collect this data we use cookies and other tracking technologies

  6. Connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, IP address and location derived from your IP address. To collect this data, we may use cookies and other tracking technologies

If you have a question or a problem

You can contact our privacy team to ask a question or exercise your rights or choices about our privacy practices. If we can’t resolve your concerns, you may have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.

Learn more about our data protection compliance and the further legal details required in some countries, such as:

  • What makes our processing lawful?

  • Who do we share personal data with?

  • How do we protect data that crosses borders?

  • How do we make automatic decisions about people?

  • How long do we keep the data?

  • What rights do you have and how do you exercise them?

Got a question? Raise a ticket with our Support team