Privacy

Effective Data: April 2025

1. Introduction

This Privacy Policy explains how BnkPay collects, uses, shares, and protects your personal data, in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

By using BnkPay, you agree to the collection and processing of your personal data as outlined below. If you do not agree with any part of this policy, please discontinue use of our services.

2. Who We Are

BnkPay is a technology platform developed and operated by Nexicode Ltd (Company No. 15555102), based in the United Kingdom.

BnkPay facilitates secure bank payment requests between businesses and their customers using Open Banking. We do not process, hold, or transmit funds. All payment services are provided by a regulated third party (our “Payment Partner”).

3. Joint Data Controller Statement

For certain transactions, BnkPay and its regulated Payment Partner act as joint data controllers, solely for the purpose of enabling payment initiation and ensuring regulatory compliance. Each party determines the means and purposes of processing relevant personal data independently, as required under Article 26 of the UK GDPR.

Our Payment Partner is an FCA-authorised Payment Initiation Service Provider (PISP). End-user payment interactions are subject to both BnkPay's and the Payment Partner’s privacy and terms.

4. What Data We Collect

We only collect the minimum data necessary to operate BnkPay and provide our services:

  • Identity Data: Full name, business name

  • Contact Data: Email address, phone number

  • Financial Data: IBAN, sort code, and account number (for initiating a payment only)

  • Transaction Data: Payment reference, timestamp, and status

  • Technical Data: IP address, browser, device type, and usage logs

  • Consent Logs: Records of legal agreement, terms acceptance, and action timestamps

We do not collect sensitive data (e.g. ethnicity, religious beliefs, biometric data).

5. Why We Collect Your Data

We process your data strictly for the following purposes:

  • To enable secure payment initiation via our regulated partner

  • To onboard businesses and allow them to generate payment requests

  • To prevent fraud and misuse of the platform

  • To fulfil legal and regulatory obligations

  • To provide customer support

  • To improve our product through aggregated, anonymised analytics

We do not use personal data for profiling, behavioural advertising, or unsolicited marketing.

6. Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

  • Contractual necessity: to provide our payment facilitation service

  • Legal obligation: to comply with applicable laws (e.g. AML, FCA perimeter rules)

  • Legitimate interests: to monitor usage, prevent abuse, and improve service

  • Consent: where required (e.g. cookies)

7. How We Protect Your Data

We take security seriously. Measures include:

  • TLS/SSL encryption in transit

  • Encrypted storage of sensitive metadata

  • Access limited to authorised personnel only

  • Routine security audits and system logging

  • API key restrictions and sandbox environments

8. Who We Share Data With

We do not sell or rent your data. We only share with:

  • Our regulated payment partner (for payment initiation and verification)

  • Service providers (hosting, analytics, security)

  • Regulatory authorities where required by law or court order

All processors are contractually bound to maintain data confidentiality and comply with UK GDPR.

9. International Data Transfers

All data is processed within the UK and/or EEA. If data is transferred outside these regions, we ensure safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions are in place.

10. Your Rights

You have the right to:

  • Access a copy of your personal data

  • Request rectification of inaccurate data

  • Request deletion of your data (“Right to be Forgotten”)

  • Restrict or object to processing in specific circumstances

  • Request data portability (in structured, machine-readable format)

  • Lodge a complaint with the ICO (www.ico.org.uk)

To exercise your rights, email: privacy@bnkpay.co.uk. We will respond within 30 days.

11. Data Retention

We retain personal data only as long as necessary for the purposes outlined above, including regulatory retention periods. Transactional records may be kept for up to 5 years in accordance with financial services compliance obligations.

12. Cookies and Tracking

We use essential and performance-related cookies only. You may control cookie preferences via your browser.

13. Links to Other Services

Where our platform links to other websites (e.g. regulated payment partner), please review their privacy policies separately. We do not control or accept responsibility for third-party privacy practices.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in regulation or platform functionality. All changes will be published on our website. Material changes will be communicated via email.

15. Contact Details

If you have questions or wish to exercise your rights, contact:

Email: privacy@bnkpay.co.uk

Logo Image

Enabling secure, fee-free payments and helping businesses keep more of what they earn

Need some help?

hello@bnkpay.co.uk

BnkPay enables secure bank payments via Open Banking technology. All payments are processed through a regulated Payment Initiation Service Provider (PISP) authorised by the FCA. BnkPay does not process or hold funds and is not a regulated entity.

BnkPay is a trading name of Nexicode Ltd. Company Number: 15555102.

© 2025 BnkPay. All Rights Reserved.

Terms

Privacy

Logo Image

Enabling secure, fee-free payments and helping businesses keep more of what they earn

Need some help?

hello@bnkpay.co.uk

BnkPay enables secure bank payments via Open Banking technology. All payments are processed through a regulated Payment Initiation Service Provider (PISP) authorised by the FCA. BnkPay does not process or hold funds and is not a regulated entity.

BnkPay is a trading name of Nexicode Ltd. Company Number: 15555102.

© 2025 BnkPay. All Rights Reserved.

Terms

Privacy