Welcome to Bankzy Open Banking® general privacy notice. We respect your privacy and are committed to protecting your personal data.

This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you. It also describes your data protection rights, including a right to object to some of the processing which Bankzy Open Banking® carries out. More information about your rights, and how to exercise them, is set out in the “Your Legal Rights”’ section.

This notice applies to visitors to the Bankzy Open Banking® website, and our partners and merchants who enter into contracts with us to facilitate payments for goods and services. The data processing described in this notice may be limited as required by applicable law.



Bankzy Open Banking® “Bankzy Ltd” is the controller and responsible for your personal data (collectively referred to as “Bankzy Open Banking®”, “Bankzy”,“we”, “us” or “our” in this privacy notice).

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.



Our full details are:

Full name of legal entity: Bankzy Ltd

Email: [email protected]

Postal address: 30-34 North Street, Hailsham, East Sussex, BN27 1DW, UK.

You have the right to make a complaint at any time to the ICO, the UK’s independent authority for data protection issues (, if you believe a breach to have taken place. We would, however, appreciate the chance to deal with your concerns directly so please contact us in the first instance.



It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.



We may collect your data in different ways. In particular:

Direct interactions by you or your employer

When you, or your employer, applies for Bankzy Open Banking® products or services you may provide us with information about you by completing and submitting your application form, or providing your authentication details for our digital products. You or our employer may also provide us with information when you contact us, subscribe for marketing purposes or give us feedback.

Automated technologies or interactions

As you interact with our website or digital product, we automatically collect technical data about your equipment, browsing/usage and patterns. This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our section on cookies below for further details.



This privacy notice aims to give you information on how we collect and process your personal data when you use this website, when you contact us, and/or sign up to our services.

It is important that you read this privacy notice together with any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.




We will use your personal data in the following circumstances:

  • Where we need to take steps related to the contract we are about to enter into with you or have entered into with you. This includes:
    • managing payments, fees and charges;
    • collecting and recovering money owed to us;
    • communicating with you;
    • providing customer service; and
    • confirming your identity for the purposes of security and fraud prevention.
  • Where we need to comply with a legal or regulatory obligation. For example
    • to discharge our obligations as a regulated financial service provider including ‘know your customer’ checks, anti-money-laundering checks, politically exposed persons checks, sanctions checks; and
    • in response to requests by government or law enforcement authorities conducting an investigation.
  • Where we have obtained your consent, for example we may send you direct marketing communications and place cookies or use similar technologies to read information on your device for non-essential purposes. On other occasions, where we ask you for consent, we will use the data for the purposes we explain at that time.



Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You can ask us to stop sending you marketing messages, at any time by following the unsubscribe links on any marketing message sent to you; or by contacting us. Where you opt out of receiving these marketing messages, this will not affect our processing of data for other purposes.




We may have to share your personal data with the parties below for the purposes described above.

  • Third party service providers (e.g. providing, fraud prevention, IT and admin support services) acting as processors who process the data under our instructions.
  • Third party providers who provide us with ‘know your customer’ services, including anti-money-laundering checks;
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue & Customs, regulators and other authorities or law enforcement bodies based in the United Kingdom, the EU or elsewhere if required for the purposes above, or if mandated by law or if required for the legal protection of our or third-party legitimate interests in compliance with applicable laws.



Where we process information about you in connection with our contract with you, or your employer, and the transactions carried out through our services, we process this for five years after you cease being a customer for legal and regulatory purposes.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests).

We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data indefinitely so that we can respect your request in future.

Where we process your data for other purposes, such as complying with laws or defending our legal position, we process this data for as long as is necessary to fulfil that purpose.



You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format.

In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing).

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where it would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018.

We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, you can get in touch with us, or make a complaint, using the details set out above.

Where we process your data for the purpose of entering or performing a contract with you certain data is mandatory for that purpose. Any information provided to facilitate a payment you have requested is therefore mandatory. Where provision of data is mandatory, if relevant data is not provided, then we will not be able to fulfil your requests to register, make a purchase or otherwise engage with Bankzy Open Banking®. All other provision of your information is optional.