Privacy notice: Payers and payees

Who you are

This information is relevant to you if you’re a party being requested to make a payment to us (a payer) or you’re a party receiving a party from us (a payee). You can find out more information if this the case on our FAQs for Payers and Payees page.

Who we are

For the purposes of data protection law, the ‘controller’ of your personal data will be one of the following companies:

Shieldpay Ltd, a company registered in England and Wales under number 10061792 and registered as a controller with the ICO under number ZA197669
Shieldpay Trustee Services Limited, a company registered in England and Wales under number 13147948 and registered as a controller with the ICO under number ZA853165

What personal data we collect about you

Biographical and contact data includes full name, address, email address, date of birth and any communications we have with you or about you

Complaints data includes name and contact information of a complainant and correspondence relating to their complaint

Compliance data includes identity verification documents and check results, the results of any politically exposed persons, sanctions and adverse media checks, and copies of any documents relating to the related project or transaction from which you may be identified

Customer support data includes correspondence relating to a payment transaction and records relating to the resolution of any related incident

Open banking data includes full name, account number and sort code and the result provided by our open banking partner upon completion of a bank verification check

Payments data includes details of payments made from a payer or to a payee including the nature and purpose of the payment, where applicable

Vulnerable customer data includes any information relating to a payer or payee implying that they may be susceptible to harm and therefore have additional or different needs that may affect their ability to make decisions or represent their interests

Where we get your personal data from

We'll generally get your personal data directly from you, for example, through our online portal for collecting bank verification details or by email. However, we may also get your personal data from third parties such as law firms, conveyancing firms, claims administrators and other professional service providers.

If we’re provided with any confidential information about you or a matter involving you (which may include personal data) from a law firm, they have a duty to notify you about this and ask for your consent unless they are prevented from doing so by law, for example, where we’ve notified them that we require additional information to prevent financial crime.

What we use your personal data for

We'll use your personal data for the purposes listed below. Against each of these purposes, we've identified which categories of personal data listed above are required and the legal ground relied on by us in line with data protection law.

Purpose	Categories of personal data	Legal ground
Communicating with payers and payees about payments		If we’re contracting directly with you, contractual necessity; if we’re contracting with someone else but receiving a payment from or making a payment to you, our legitimate interests in communicating with you to provide our services
Providing customer support		Our legitimate interests in providing a positive customer experience and dealing with any questions relating to payments
Verifying the identity of payers and payees and taking steps to prevent financial crime		Complying with our legal obligations under anti-money laundering, terrorist financing, sanctions, and other financial crime laws
Verifying bank details		Complying with our legal obligations to ensure that payment amounts are sent to the correct payees and to avoid erroneous and misdirected payments
Processing payments		If we’re contracting directly with you, contractual necessity; if we’re contracting with someone else but receiving a payment from or making a payment to you, our legitimate interests in providing our services in accordance with the terms of such contracts
Receiving, investigating and responding to complaints		Our legitimate interests in responding to and taking steps to resolve any complaints. If a complaint is escalated to the Financial Ombudsman Service, then we may be subject to a legal obligation to share certain personal data concerning a complaint with them

We may also use your personal data for purposes that are compatible with the above purposes. In doing so, we'll take into account various factors including the link between the original purpose and the purposes of the intended further processing, the nature of our relationship, the nature of the personal data, the potential consequences for you and any additional safeguards that we can put in place.

Who we share your personal data with

Depending on which of the purposes listed above applies, we may share your personal data with:

Banking partners as necessary for us to process payments
Technical service providers as necessary for us to operate our platform, verify bank details and effectively conduct our business operations
Regulatory bodies such as the Financial Conduct Authority and Financial Ombudsman Service
Law enforcement agencies such as the police, National Crime Agency and Action Fraud
Data service providers such as identify verification, politically exposed persons, sanctions and adverse media screening providers

How long we keep your personal data for

We'll only keep your personal data for as long as necessary in connection with the purposes for which we collected it. We maintain a data retention schedule for each category of personal data we hold.

Generally, we'll retain all personal data relating to payments for a period of 5 years from the date the relevant record was created. This is in line with the Payment Service Regulations 2017 and guidance from the Financial Conduct Authority.

Privacy notice:
Payers and payees

Last updated: 2 December 2024

TABLE OF CONTENTS