Our privacy practices for people who make payments using GoCardless
Who is GoCardless?
GoCardless provides the technology and other services that help merchants around the world process payments for their goods or services.
If you have a question about how we handle your personal data, you can reach us at:
GoCardless Ltd., Sutton Yard, 65 Goswell Road, London EC1V 7EN, United Kingdom
Contact the Data Protection Officer
If you have questions about how a merchant handles your personal data, or if you wish to exercise your rights for the personal data they hold, you will need to contact them directly. If you don’t recognise a payment on your statement, find out who your merchant is here.
How does GoCardless use personal data?
We use identification, contact, financial, transaction and connection data to provide our services.
What do we do with the data?
We provide payment services and deliver key features of our service to the merchants you pay using GoCardless, such as displaying transaction history and payment status.
We use identification, contact, financial, transaction, usage and connection data to prevent fraud.
What do we do with the data?
We check that you own the bank account you enter for our services and that you have the funds to cover the transaction. We assess whether your activities match patterns of previous fraudulent behaviour. We may block transactions we believe to be fraudulent or unauthorised, or that violate our terms.Â
When you set up a payment, we may ask you to grant us access to personal data directly from your bank account so that we can verify that you are the owner of the account. This data is limited to your bank account number, name, address, and we access it only with your consent. (You’ll also see your account balance on the screen. Read more about why it’s there and what happens to it.)
If our fraud alerts or those of our banking partner flag a potentially fraudulent account, payment or refund, we may need to confirm your identity. We use financial, transaction information and publicly available data or identity verification services from agencies like Onfido or Lexis Nexis. After this, we will either clear the alert or stop the payment or refund.
We use identification, contact, financial, transaction and connection data to increase payment speed and success.
What do we do with the data?
We calculate whether a payment is likely to clear and use that calculation to make decisions about how we provide our services. For example, we might ask for a different payment method or change the date we withdraw the payment from your bank, or we might advance payments to your merchant to process their transactions more quickly.Technology helps us make automatic decisions about how and when to process transactions.
We use identification, usage, contact and transaction data to communicate with you.
What do we do with the data?
We send you messages that are necessary for our services, like payment notification emails. If you need help, we communicate with you to provide customer support. We also track open rates and measure the effectiveness of our communications.We don’t market to consumers who make payments using our services, and we don’t sell personal data.
We use identification, contact, financial, usage, transaction and connection data to improve our services.
What do we do with the data?
We analyse how people engage with our site and services so that we can improve our services and develop new products or features. For example, we might use personal data and other observations to make our payment pages easier to use or our machine learning models more accurate.
We use identification, contact, financial, transaction and connection data to protect our legal rights and interests.
What do we do with the data?
Where we believe it is necessary to protect our legal rights and interests and the interests of others, we use personal data in connection with legal claims, compliance, regulatory and audit functions, and in connection with the acquisition, merger or sale of a business.Under exceptional circumstances, we may be required by law to provide personal data to law enforcement agencies, courts or others in connection with claims and other litigation.
What personal data do we use?
Identification information, such as your name and organisation. In some countries, we may be required by law or by financial institutions to collect a government identifier from you (for example, a social security number or tax ID).
Contact information, such as your mailing address and email address.Â
Financial information, such as your bank account number, sort code, account holder name, and other information you provide to us or give us consent to access from your bank.
Transaction information, such as the name of the merchant you pay using our services, a description of the transaction, and the payment amount.
Usage information, such as how you enter data using our sites and services and how long it takes, and whether you opened an email or clicked a link. To collect this data we use cookies and other tracking technologies
Connection information, such as the type of device you use to access our services, operating system and version, device identifiers, network information, IP address and location derived from your IP address. To collect this data, we may use cookies and other tracking technologies
If you have a question or a problem
You can contact our privacy team to ask a question or exercise your rights or choices about our privacy practices. If we can’t resolve your concerns, you may have the right to complain to a data protection authority or other regulator where you live or work, or where you believe a breach may have occurred.
