General Data Protection Regulation (GDPR)

We will use the personal information that you provide to us to verify your identity, age and residence, in order to prevent and detect financial crime and money laundering. We have a legal obligation under Anti-Money Laundering legislation to seek verification of your identity both when you initially apply for a banking service and also on an ongoing basis. We use a commercial third party that provides electronic verification to do this.

We will use your information to assess whether our products and services are suitable for you, including making credit decisions about you. This will involve credit scoring and regular statistical analysis to produce management information relating to risk.

If you are financially linked to another account holder within the Group, we will look at your information when deciding whether to approve an application for credit by the person you are linked to, including when that person applies on behalf of a business that he or she owns. For a full list of companies in the Group, please contact your branch or write to the Data Protection Officer:

We will link information about your accounts with us to information about other products and services we provide you. We will also link your information to the information relating to other people you are financially linked to, if you make a joint application or if you tell us that you have a husband, wife, civil partner or partner. You should make sure you have shared the relevant information from this notice with them.

We will use your information to prevent fraud and recover debts. We will use credit reference and fraud prevention agencies to help us make decisions when you apply for a loan or for a product which allows you to get credit.

If you provide false or inaccurate information and we find that you have committed fraud, we will pass your details to fraud prevention agencies. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn.

Law enforcement agencies will also access and use this information. We and other organisations will also access and use this information to prevent fraud, for example, when:

• Checking details on applications for credit and credit related accounts or other facilities;
• Managing credit and credit related accounts or facilities;
• Recovering debt;
• Checking details on proposals and claims for all types of insurance; and
• Checking details of job applicants and employees.

If you want to receive details of the relevant fraud prevention agencies, please contact your branch or use the contact details at the end of this notice.

We and other organisations also access and use information recorded by the fraud prevention agencies in other countries.

Before we provide you with credit, we will carry out credit searches using credit reference agencies. These checks are necessary before we enter into a contract for credit related products or services with you. During our business relationship with you, we will also share your information with credit reference agencies as part of our legitimate interests to promote responsible lending and prudent account management. To learn more about what credit reference agencies do, what information they hold and what your rights are, go to the Experian - Credit Reference Agency Information Notice (CRAIN) website.

We will provide you with further information when you ask us for credit.

We use your information to protect you in the following ways:

• We record or monitor phone calls to confirm details of our conversations, for your protection, to train our staff and to maintain the quality of our service
• We use CCTV to record images in and around our premises to prevent and detect crime
• We will analyse transactions on customer accounts using behavioural biometrics to prevent and protect fraud and financial crime

Using your personal information in this way allows us to comply with our legal obligations and meet our legitimate interests.

We will also use your information for research purposes and undertake automated decision making including profiling to understand your buying preferences.

Using your personal information in this way allows us to develop, improve and market our products and services to meet our legitimate interests.

There are other circumstances where we need to provide information to other people to help us and you to run your accounts. We do so when it is in your interests as well as ours. We have set out these circumstances below.

• We may provide information about you to someone you nominate or authorise to act on your behalf
• If we refer you to third parties that provide you with products and services, we must pass your details to these parties. They will keep a record of information we provide.
• We may exchange information about you with other companies in the Group to assess credit risk, to prevent fraud or manage risk, or to help us run your accounts. We may also share your information within the Group to prepare research and analyse statistics (including analysing risk and credit) so that we can improve our services.
• We will sometimes arrange for service providers, agents and subcontractors, including from outside the EEA, to provide services and process your information on our behalf. We will make sure that these service providers, agents and subcontractors have a duty to keep your information confidential and secure, and that they only process your information as set out in a written contract.
• To meet our duties to regulators, we will allow authorised people to see our records (which will include information about you) for reporting, compliance and auditing purposes.
• To meet our legal obligations under the Payment Services Regulations, if we have received a request to return a payment that has been made into your account where the Payer has told his/her bank that the payment was made by mistake, we must, on receipt of a written request, provide to the payer all relevant information in order for the payer to claim repayment of the funds from you. This means that we can provide your name and address to the payer’s bank. The payee’s bank should inform you before disclosing your name and address to the payee.
• We may also share information with certain statutory bodies, e.g. the Financial Services Compensation Scheme (FSCS) if required by law.