You're in safe hands
Most banks only guarantee your savings up to £85k. We’re the only provider that secures 100% of your savings, however much you invest.
Trusted by 25 million people
We're backed by HM Treasury and we've been helping people save for over 160 years. Today, over a third of UK savers trust us with their money.
The home of Premium Bonds
We created Premium Bonds and you can only get them from us. Open an account and you could win big in our monthly prize draw.
Pay by bank account privacy notice
Last updated 23 May 2023
Pay by bank account lets you make deposits through our website without needing to enter your card details or any reference numbers. You’ll be securely transferred to your bank’s app or online banking website to approve the payment, then you’ll return to our website.
We use an FCA-regulated provider called Ecospend to securely connect you to your bank.
This privacy notice explains:
- Which data we are sharing
- Who Ecospend are
- How we will keep your data secure
- How long we will keep your data
- What ‘lawful bases’ we use to process your data
- Your rights
Please also read the NS&I privacy notice and the Ecospend privacy notice.
Which data we are sharing
When you use Pay by bank account, we’ll share the following information with our trusted payment provider Ecospend:
- the amount you want to deposit
- your NS&I account number or holder’s number
If you do not want to share your data in this way
You do not have to use Pay by bank account. You can choose another way to top up your NS&I account such as bank transfer or standing order.
Who Ecospend are
We use a trusted payment services provider called Ecospend to securely connect with all the major banks in the UK, and most of the smaller banks too. Ecospend is an authorised payment institution regulated by the FCA.
You can find out more about Ecospend, including their FCA registration number, here:
How we will keep your data secure
When you use Pay by bank account, we share your data with Ecospend using an industry-standard Open Banking API (application programming interface). Encryption keeps your data secure while it’s being transmitted. This makes sure your information won’t be revealed to anyone other than NS&I, Ecospend and your bank.
Rest assured we do not share your NS&I log in details with anyone else. Similarly, your bank doesn’t share your bank log in details with us or anyone else.
Ecospend, as with all our service providers, are required to use appropriate security measures to protect your personal information in line with our policies.
How long we will keep your data
Ecospend keeps payment transaction data for five years in accordance with payment legislation, including The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. NS&I keeps data relating to transactions for 7 years, in accordance with the Limitation Act 1980.
What ‘lawful bases’ we use to process your data
Under the UK General Data Protection Regulations (UK GDPR), we need to have specific legal reasons to collect, process and share your data. These are called ‘lawful bases’.
We’re using these lawful bases for our Pay by bank account service:
By pressing ‘Continue’ on the ‘Buy more Bonds’ or ‘Pay money in’ screens, you are giving consent for us to share relevant data of yours with Ecospend on a one-time basis for a specific purpose, ie to process a payment you’ve requested to be made from your bank account into your chosen NS&I account.
In your customer agreement (terms and conditions) we set out the ways you can make payments to your NS&I accounts, one of which is by electronic transfer.
Ecospend are legally bound by the ‘purpose limitation’ principle of the UK GDPR to only use your personal data for the purpose set out by NS&I (ie to facilitate a payment from your bank account into your NS&I account). They may, however, be legally obliged to retain some of your personal data to satisfy money laundering and financial crime laws.
You can read about your rights under the UK GDPR, and how you can exercise them, in the NS&I privacy notice. These rights are not affected by you choosing to use our Pay by bank account service.
Contact NS&I or make a complaint
You can contact us if you have questions about this privacy notice or want to make a complaint.
Changes to this privacy notice
We keep our privacy notices under regular review.
If we make changes to this notice, we’ll update the date at the top of this page. Changes will apply to you and your data from that date.