PaymentsIE Privacy Notice

PaymentsIE is a secure payments service provided by the Office of the Government Chief Information Officer (OGCIO) to enable Public Service Bodies (PSBs) to collect payments as part of their digital services. PaymentsIE may be used on its own or as part of a wider service journey that includes other Building Blocks.

PaymentsIE facilitates the creation of payment requests and the processing of payment transactions on behalf of PSBs. It does not process credit or debit card details or online banking credentials directly; these are handled by authorised third‑party payment providers.

When you use a PaymentsIE service, the following personal information may be processed:

• contact information, such as an email address, used to associate you with a payment
• payment request details, such as the amount due and a payment reference
• transaction metadata, such as confirmation that a payment has been completed

The personal data processed through PaymentsIE is determined by the PSB providing the service.

For the purpose covered by this privacy notice, the data controllers are:

• the Public Service Bodies (PSBs) who provide services using the PaymentsIE service, and
• the Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation (DPER), in respect of authentication data processed through LogTo.

Each PSB is the Data Controller for any personal data processed as part of the public service it provides using PaymentsIE.

DPER is the Data Controller for the LogTo Broker (Database) and related authentication data processed within it. This includes the data in the LogTo Database, Profile database and the Personal Profile record in the Profile Data database, which collectively make up a data structure which hold user account information required by the PaymentsIE service.

The contact details for the relevant Data Protection Officers are provided below.

The purpose of the processing is to provide a secure, centrally managed payments capability that enables Public Service Bodies to collect payments as part of their digital public services.

PaymentsIE allows PSBs to create payment requests and receive payment confirmations in relation to services they provide, either as a standalone service or as part of a wider service journey that may include other Building Blocks.

PaymentsIE does not determine the purpose of the underlying public service. The purpose of processing personal data is defined by each PSB in the context of its statutory functions.

The legal basis for the processing of personal data collected through PaymentsIE is determined by each Public Service Body (PSB) acting as data controller. PSBs are responsible for ensuring that the personal data they collect is necessary, proportionate, and processed for lawful and clearly defined statutory purposes.

OGCIO acts as a data processor for the PaymentsIE platform and carries out processing operations on behalf of PSBs within the EEA. No international transfers of personal data are performed by the platform. OGCIO ensures that processing is conducted in a secure environment and that any sub‑processing used to support the platform is subject to appropriate controls.

Separately, DPER acts as the Data Controller for the LogTo identity broker and the authentication‑related personal data processed within it. This includes controllership over the LogTo database, the Profile database, and the personal Profile Data records in the Profile Data database, all of which are created, maintained, and governed by DPER/OGCIO as part of authentication and identity verification processes (including OTP authentication). These databases are accessible only by OGCIO. DPER determines the purposes and means of processing this authentication data, including the creation, linkage, synchronisation, and retention of user account and identity information within the LogTo ecosystem.

PaymentsIE processes a limited set of personal data, depending on the service being delivered by the PSB.

This may include:

• an email address, used for authentication via LogTo and for associating a user with a payment request
• payment request details, such as the amount due and a payment reference
• transaction metadata, such as confirmation that a payment has been initiated or completed

Payments does not process or store:

• credit card numbers
• online banking credentials
• payment authentication secrets

These are processed directly by authorised third‑party payment providers.

Personal data is collected:

• When you authenticate using a one‑time passcode (OTP) via LogTo,

PaymentsIE receives only the minimum personal data necessary to support payment processing and reconciliation.

Your personal data is used to:

• authenticate access to the PaymentsIE service
• associate a payment with a specific user and service
• facilitate the creation and execution of payment requests
• confirm the status of payments
• support audit, reconciliation, and service integrity

PaymentsIE does not use personal data for profiling or automated decision‑making.

None of your personal data is shared with any third parties

PaymentsIE retains:

• payment transaction records and related metadata for as long as required by the PSB providing the service.

PaymentsIE does not determine retention periods. Retention of payment‑related personal data is defined by each PSB in line with its statutory and operational requirements.

Authentication data processed via LogTo is retained in accordance with DPER’s authentication policies.

You have rights under the GDPR, including:

• the right to access your personal data
• the right to rectification
• the right to erasure, in certain circumstances
• the right to restriction of processing
• the right to object to processing

To exercise your rights in respect of service‑related or payment‑related data, you should contact the Public Service Body providing the service.

To exercise your rights in respect of authentication data processed via LogTo, you should contact DPER.

If you have concerns about how your personal data is processed, you can contact:

• the Data Protection Officer of the relevant Public Service Body, or
• the Data Protection Officer of the Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation at
  dataprotection@per.gov.ie

You may also lodge a complaint with the Data Protection Commission.

PaymentsIE may collect limited technical information, such as:

• IP address
• browser type and version
• date and time of access

This information is used solely for security, operational and statistical purposes and is not used to identify individual users.

Cookies may be used to support authentication, session management, and secure navigation of the PaymentsIE service. Cookies do not contain personal data unless you have authenticated.

Cookies may be used to:

• maintain login state
• manage secure redirects
• support language preferences

Disabling cookies may affect the functionality of the service.

Department of Public Expenditure, Infrastructure, Public Service Reform and Digitalisation
Email: dataprotection@per.gov.ie

Each Public Service Body providing a service using PaymentsIE will publish its own Data Protection Officer contact details.