Security & Privacy Statement
B&C Privacy Notice – 25 May 2018
We are Bank and Clients Plc (an English company registered in England & Wales). Our Company Number is 980698. Our registered office is at 30 King Street, London EC2V 8EH.
Our DATA PROTECTION OFFICER who is responsible for how we deal with data is Georgina Behrens who can be contacted on firstname.lastname@example.org.
A. How we deal with information relating to customers
B. Identity Checks
C. How long we keep information relating to you
D. Your rights
E. Your right to lodge a complaint with the ICO
A. How we deal with information relating to customers
This is how we deal with information relating to our customers:
i) We deal with information relating to our customers in order to provide products and services to our customers in accordance with the terms of our contract with them. We process personal data, which includes but is not limited to, as names; addresses; date of birth; occupation; various financial data; telephone and email details; place and country of birth; passport, NI, tax reference and other ID numbers and details; and transactional and bank details. We keep this information for 7 years after our relationship with a customer ends so we have a record of what happened during that contract.
ii) We also use much of the information referenced above to run identity checks in line with our Identity Checks section below. In running those checks, we may provide relevant pieces of information to third parties who assist us with those checks (such as Experian). We have written contracts with those third parties and we ensure your information is dealt with according to our direction only.
iii) When potential customers apply to become customers, we also collect the same type of information as in (i) in order to run through our on-boarding procedures so they can become customers. In other words, we collect and use this information because it is preparatory to making a contract with us at the request of the person concerned. If these potential customers become customers, we deal with this information as in (i) above. If these potential customers do not become customers, then we delete this information after 7 years. (We keep it this long so we have records of who has applied unsuccessfully to be a customer.) We also use much of the same information to run identity checks in line with our Identity Checks section below. In running those checks, we may provide relevant pieces of information to third parties who assist us with those checks (such as Experian). We have written contracts with those third parties and we ensure your information is dealt with according to our direction only.
iv) We may share your information from time to time with third parties such as any individuals you authorise to act on your behalf and regulatory authorities and crime prevention agencies whether in the UK or overseas, in connection with crime prevention, anti-terrorism, anti-money laundering or fraud prevention. We will hold and process this personal information in accordance with applicable data protection laws in force from time to time and may, where so required, share it with third parties for the purposes of considering applications you make for additional banking products; complying with a court order; complying with regulatory requirements; complying with applicable legislation; credit checking; preventing crime, fraud and money laundering; and verifying your identity.
v) An example of when we may be required to share personal information with third parties outside the UK is if you have or may have tax obligations in other countries outside the UK. In these circumstances we may be required to disclose information about you directly to the tax authorities in those countries, to HM Revenue & Customs or to any other relevant tax authority or authorities.
vi) Other than as set out above we will not share your information or divulge it to third parties unless we specifically seek your consent to do so and we obtain that consent in writing.
vii) Please note that if false or inaccurate information is provided by you to us during your application process and any fraud is subsequently identified we reserve the right (and may be required) to pass details to fraud and crime preventions agencies. In addition, law enforcement agencies may also request, access and process this information.
viii) As a customer of the Bank we may use your data to provide you with relevant information about our products and services. Should you wish us to stop sending you information about products and services you can contact our DATA PROTECTION OFFICER at email@example.com, or if you receive this information electronically, by clicking the unsubscribe link in our communications.
ix) We collect and use information submitted by visitors to our websites in order to market products and services to those people. We process personal data, which includes but is not limited to, name, age, electronic and real world contact details, various ID information and IP addresses. However, we only do this because we have received in advance your specific, informed unambiguous consent to collect and use this data to market to you. You can withdraw that consent at any time by contacting our DATA PROTECTION OFFICER at firstname.lastname@example.org.
B. Identity Checks
CRAs: In order to process a credit application, we will perform credit and identity checks on you with one or more credit reference agencies (known as “CRAs”). Where you take banking services from us we will also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public information (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by Agencies. When CRAs receive a credit search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRA to break that link. The identities of the CRA, its role also as a fraud prevention agency, the data it holds, the ways in which it uses and shares personal information, data retention periods and your data protection rights with the CRA are explained in more detail at www.experian.co.uk/crain.
C. Transfer of information outside of the EEA
We do not transfer any of your information to any country outside the European Economic Area in our ordinary course of business. We may be required to do so to comply with ordinary course legal or regulatory reportingobligations such as FATCA where we have already notified you of such.
D. How long we keep information relating to you
We keep your data for 7 years after our relationship with you ends.
E. Your rights
Under certain circumstances, you have rights under data protection laws in relation to information relating about you that B&C has, as summarised below.
You have the right to:
1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Request erasure of your personal information.This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
5. Request the transfer of your personal information to you or to a third party.We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
If you wish to exercise any of the rights set out above, please contact your usual business contact or contact our DATA PROTECTION OFFICER. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive - alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
F. Your right to lodge a complaint with the ICO
If you feel that we have not handled information relating to you properly, or if you have contacted us about how we use that information and are unhappy with our response, you have the right to lodge a complaint with the Information Commissioner’s Office by phone on 0303 123 1113 or online at ico.org.uk/concerns.
Last updated 25 May 2018