Privacy statement
Last updated: September 2023
Bacs Payment Schemes Limited (Bacs) understands the importance of protecting your personal information.
This privacy policy sets out how and why we collect and use your personal information and your rights in relation to your personal information, when you interact with us via the Bacs website only.
If you need any further details, have a query or complaint about our use of your personal information, please contact our Data Protection Officer:
- by email at DPO@wearepay.uk or
- by post at 2 Thomas More Square, London, E1W 1YN.
We review our privacy policy regularly. Where the policy has been updated this will be clearly identified by reference to the date of the policy above.
Where we provide links to third party websites, we accept no liability for the privacy practices or content of those websites.
Where your personal information is collected by us (e.g. by completing the online registration form) it will be stored on our servers located in the UK.
Visiting our website
When you visit our website, we place cookies on your device (e.g. computer hard drive, mobile phone) which collect unique identifiers relating to your device automatically. We do this so that we can improve our website’s functionality and performance. For example, enabling the site to load quickly, making it easier to move between different pages in the password protected area and remembering you have been shown a one off message.
Our cookie policy has more detail.
Registration with bacs.co.uk and subsequent log in
If you are a Bacs service user, Bacs participant, payment service provider, Bacs approved software supplier, Bacs approved bureau (each a Stakeholder), you can register with us online so that we can send you a unique log in enabling you to access certain sections of our website that contain Stakeholder relevant information only. Registration requires you to provide your name, your organisation’s name, email address and employer organisation. Logging into your account requires your email address, password and a onetime security code generated every time you log in. You can also subscribe to receive email communications, using the registration form, this is optional. We may also use your registration information to send you surveys. For more details on subscribing and unsubscribing and surveys see the sections below.
Subscribing and unsubscribing for email communications
We issue email communications about changes to our guide and rules, service updates, operational and product information, and payments industry news. To receive these email communications you need to subscribe via our website choosing which communications you would like to receive as part of that process. Subscription requires you to provide as a minimum, your name, your organisation’s name, email address and Stakeholder type. We will only send you the email communications you have registered for.
If you wish to unsubscribe at any time you can do so via the unsubscribe form on our website or using the unsubscribe link at the bottom of each email communication. You can either unsubscribe from all email communications or individual email communications that you no longer wish to receive.
Marketing help
We support organisations wishing to increase the take up of its Direct Debit and Bacs Direct Credit services by providing email access to our marketing specialists. There is an online form so you can provide your contact details and a brief description of the support you need. Once submitted the form is received by our marketing team. This enables them to contact you directly to provide guidance.
Contact us
Any individual can contact us by using our contact us form. If you wish to get in touch with us in this way, we ask you to provide as a minimum, your name, email address and information about your enquiry so that we can help you.
Event registration
From time to time we hold events relevant to specific audiences. The registration form captures your name and personal information, which is stored on our website server. We use event registration information to secure a place, send information relating to the event and to survey attendees to obtain feedback to improve future events.
Surveys
From time to time we survey different groups of individuals to help develop new products and services as well as improve delivery of our existing products and services, and our website. We do this in different ways: if you are a Stakeholder, by using your personal information you provided when registering with us or requesting information using one of our online forms; and by publishing a link on our website which we encourage website visitors to click on. Completing the survey is optional. When we contact you in relation to a survey, we provide all the information you need to make a decision whether or not to complete the survey, including information about sharing your personal information with our third party survey provider and a link to their privacy policy which governs the collection and processing of your personal information collected through the survey.
So that we may offer all the services available via our website, we share your personal information with the following:
- Individual sponsoring PSP
- Our key infrastructure supplier
- Our third party service suppliers who support the delivery of these services in accordance with the contractual arrangements we have in place with them. These include:
- Our website hosting supplier
- Our website development and maintenance agency
- Consultants who provide website management support
- Agencies who support our communications and event activities
- Survey service providers.
Where required by law or competent authority we may also share your personal information with regulators, courts, government departments and law enforcement agencies. We will inform you of this before we share your personal information unless we are legally prevented from doing so.
We do not, nor do any of the third party service suppliers with whom your personal information is shared by us, transfer any of your personal information outside the European Economic Area.
Your personal information is kept in accordance with our data retention policy which categorises personal data and applies retention periods according to use. Retention periods are determined by reference to applicable data protection laws and the purpose for which the personal information was collected and is used. Legal and regulatory retention requirements, contractual obligations and limitation periods are also part of the retention period determination process.
We understand the importance of ensuring our systems are secure from unauthorised access, use or disclosure so that emails and forms that contain your personal information are safe. We have internal policies, procedures and controls in place to ensure this.
The law entitles you:
- To receive a copy of any of your personal information which we have collected
- To request that we correct and / or complete personal information we have collected
- To request that we permanently delete, stop using or storing any of your and / or restrict our use of your personal information when we no longer need it for the purpose you provided it to us
- To object to the processing of your personal information by us unless we can demonstrate that we need to continue processing it
- In some circumstances to request that we transfer your personal information to a third party.
If you would like to exercise any of these choices, please get in touch via our Data Protection Officer or use the contact us form on our website. Where we have shared your personal information with other companies, we will let them know if you exercise any of these choices.
If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner who can be contacted at www.ico.org.uk or by telephone on 0303 123 1113.