This is the privacy notice of Post Office Limited ("us" or "we"), which applies to all personal data we process for retailers. Clients and customers, This includes any personal data you may provide as part of any contract you enter into with us, any personal data you provide (or is available to us) through your use of Post Office Limited website and which we may obtain from other sources.
We are committed to protecting and respecting your privacy. This privacy notice explains the types of personal information we collect, how we use that information, who we share it with, how we protect that information, and your legal rights in relation to your information.
It is important that you read this privacy notice together with any other privacy notice (or ‘fair processing’ notice) we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy notice supplements any such other notices and is not intended to override them.
This version of the privacy notice is effective as of 1st May 2024.
Post Office Limited provide bill payment services that allows customers to easily pay their bills via a network of retailers throughout the UK.
Post Office Limited is registered in England and Wales. Registered Number 08459718. Registered Office: 100 Wood Street, London, EC2V 7ER (“Post Office Limited”).
If you have any questions about this privacy notice or the way in which your personal data is processed, we have a Data Protection Officer who can be contacted at the address above or by sending an email to data.protection@postoffice.co.uk.
The different types of personal data we process are:
We collect personal data about you from different sources:
The information you provide to us includes your name, postal address, email address, landline and/or mobile telephone number, bank account information, identification documents, employment details, as well as other personal information as detailed in the section above.
With regard to each of your visits to our website, we may also use cookies and other technologies to automatically.
We work closely with third parties, such as providers of merchant acquiring services and providers of other services and we may receive information about you from them. We also work with companies which provide us with your contact details so that we can contact you about our products and services. We may also be provided with information about you from your employer or another third party which engages your services. We may also collect information about you from publicly available sources, including Companies House.
The personal data about you which we collect and process from third parties includes:
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Such aggregated data may be derived from your personal data but is not considered personal data in law (as this data does not directly or indirectly reveal your identity). For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect any such aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We will only use your personal data where we have a lawful basis to do so.
The purposes for which we may use your personal data and the legal basis that we rely on are set out in the table below. Note that we may process your personal data for more than one legal basis depending on the specific purpose for which we are using your data (as shown in the table). Where more than one is shown, please contact us if you would like more information.
Purpose/Activity |
Type of data |
Legal basis and processing purpose |
To register you as a new customer |
(a) Identity Data (b) Contact Data |
Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. |
To process and deliver any products and services you have ordered, including to: (a) manage payments, fees and charges (b) collect and recover money owed to us |
(a) Identity Data (b) Contact Data (c) Contractual Data (d) Financial Data (e) Transaction Data |
(a) Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. (b) Necessary for our legitimate interests (to recover debts due to us). |
To make checks about to verify your identity |
(a) Identity Data (b) Contact Data
|
(a) Necessary for our legitimate interests (to ensure we can be satisfied of your identity). |
To make financial checks about you (including checking your credit history and making searches with licensed credit reference agencies) and seeking bank and/or trade references |
(a) Identity Data (b) Contact Data (c) Contractual Data (d) Financial Data (e) Transaction Data |
(a) Processing undertaken with your consent (b) Necessary for our legitimate interests (to ensure that you do not represent an unacceptable credit risk) |
To manage our relationship with you, which will include administration of your contract and notifying you about changes to our terms or privacy notice |
(a) Identity Data (b) Contact Data (c) Contractual Data (d) Financial Data (e) Transaction Data |
(a) Necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract. (b) Necessary to comply with a legal obligation ( to keep personal data accurate). (c) Necessary for our legitimate interests (to keep your data safe and secure, to enhance or improve our customer’s experience of our products/services). |
To enable you to partake in a prize draw, competition or complete a survey. |
(a) Identity Data (b) Contact Data (c) Profile Data (d) Usage Data (e) Marketing Data |
(a) Necessary for our legitimate interests (to enhance or improve our customer’s experience of our products/services). |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). |
(a) Identity Data (b) Contact Data (c) Technical Data (e) Transaction Data |
(a) Necessary for our legitimate interests (for running our business, including our dealings with third party providers of merchant acquiring services, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise). (b) Processing undertaken with your consent (to optimise our website performance and provide you with a personalised experience) |
To deliver relevant website content and advertisements to you and understand or measure the effectiveness of our advertising |
(a) Identity Data (b) Contact Data (c) Profile Data (d) Usage Data (e) Marketing Data (f) Technical Data |
(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy). (b) Processing undertaken with your consent |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. |
(a) Technical Data (b) Usage Data |
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy). (b) Processing undertaken with your consent |
To make suggestions and recommendations to you about goods or services that may be of interest to you. |
(a) Identity Data (b) Contact Data (c) Technical Data (d) Usage Data (e) Profile Data (f) Marketing Data |
(a) Processing undertaken with your consent. (b) Necessary for our legitimate interests (to develop our products/services and grow our business). |
To comply with our legal obligations (including where you exercise any of your legal rights), to exercise our legal rights and to bring or defend legal claims. |
(a) Identity Data (b) Contact Data (c) Contractual Data (d) Financial Data (e) Transaction Data (f) Profile Data (g) Usage Data (i) Marketing Data |
(a) Necessary to comply with a legal obligation (including our obligations under UK domestic law, with law enforcement agencies, courts and other organisations). (b) Necessary for our legitimate interests to exercise our legal rights and to bring or defend legal claims. |
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We also do not collect any information about criminal convictions or offences.
Please note that in some circumstances we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may also disclose your personal information to third parties:
In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Our third-party service providers (to the extent they are acting as our data processors) are contractually bound to use personal information only to perform the services that we have engaged them to provide and they are only permitted to process your personal data in accordance with our instructions.
Please note that some of our external third-party service provides are based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.
Where we transfer the personal data we collect about you outside the UK, we ensure that the appropriate safeguards have been applied including the use the ICO’s international data transfer agreement or other suitable mechanism(s).
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements and the business’ legitimate interests.
We use administrative, technical, and physical measures to safeguard personal data against loss, theft and unauthorised uses, access or modifications. Our staff and our third-party service providers are under a duty to process your personal data only in accordance with our instructions and they are subject to a duty of confidentiality.
Certain areas of our websites may be password protected. Where we have provided you with (or where you have created) a password, you are responsible for keeping this password confidential. We ask you not to share your password(s) with anyone.
Payments made via our websites or processed by us whilst you are on the telephone are processed in a secure environment using software supplied by third party providers.
Our websites may contain links to and from third party websites and we may provide you with details of apps provided by third parties. Please note that if you follow a link to any of these websites or download an app, these websites and apps will have their own terms of use and privacy policies and that we do not accept any responsibility of liability for these policies.
Withdrawing Consent - Where we use your information on this basis, you have the right to withdraw that consent.
Access - You can request a copy of all the personal information we hold about you and other data relating to how we use your information by contacting Post Office at data.protection@postoffice.co.uk.
Correction (‘Right to Rectification’)- We always want to use the most up to date information about you so please get in touch either by contacting our Customer Services teams, or by contacting the Data Protection Officer using the contact details set out at the bottom of this policy if you think we don’t have that.
Deletion (‘Right to be Forgotten’)- In some circumstances, including where we are relying on your consent to use your data, you have a right to request us to delete your information.
‘Right to Portability’- If we have collected your data because you have given us consent, or because we need it in order to provide you with a product or service (under a contract), you have the right to receive the information you gave to us back in a ‘machine-readable’ format.
‘Right to Object’ and ‘Right to restriction of processing’- If we are using your data for activities under the ‘legitimate interest’ justification and in other circumstances, then you have a right to request restriction of processing and also a right to object to that processing.
Right to obtain human intervention where automated processing has taken place where consent has been given or under a contract and where the processing has a legal or similarly significant effect.
Complain- you have the right to lodge a complaint with the Information Commissioner’s Office if you think that our use of your information doesn’t comply with the law. See https://ico.org.uk/ or write to Information Commissioner’s Office, Wycliffe House, Water Ln, Wilmslow, SK9 5AF.
For further information about our privacy practices, to request previous versions of this privacy notice and to request any of these rights then please contact Post Office Limited at 100 Wood Street, London, EC2V 7ER.
You can also email us at data.protection@postoffice.co.uk.