When you make a payment using a debit or credit card, we collect and process certain personal data to complete the transaction securely and efficiently. This notice explains how we handle your information.
What information we collect
We may collect the following data when you make a card payment:
- Cardholder name
- Card number (only partially stored or tokenised, never in full)
- Expiry date
- Billing address
- Transaction amount, date, and time
- IP address and device information (for fraud prevention)
Why we collect your data
We process your card payment data for the following purposes:
- To process and complete your payment
- To prevent fraud and ensure transaction security
- To comply with legal and regulatory obligations
- To provide customer support related to your transaction
Legal basis for processing
Our legal bases for processing your card payment data include:
- contractual necessity – to fulfil your purchase or service request
- legal obligation – to comply with financial regulations
- legitimate interests – to prevent fraud and ensure secure transactions
Who we share your data with
We may share your data with:
- payment processors and acquiring banks
- fraud prevention services
- regulatory authorities (if required by law)
We ensure that all third parties adhere to strict data protection standards.
How long we keep your data
We retain card transaction data only for as long as necessary to fulfil the purposes outlined above, and in accordance with legal and financial record-keeping requirements.
Your rights
You have rights under data protection law, including:
- the right to access your personal data
- the right to request correction or deletion
- the right to object to or restrict processing
- the right to lodge a complaint with the Information Commissioner’s Office (ICO)
Contact us
If you have any questions about how we handle your card payment data, please email bacs@enfield.gov.uk.