Data Protection Notice – Additional information

 

Please check out this additional information section regularly, as these details will be updated on a regular basis.

  • What is GDPR?

    GDPR is the EU General Data Protection Regulation which comes into effect from 25 May 2018. It sets out a series of new EU laws concerning how data is processed and used. The objective of the regulation is to strengthen and standardise data protection laws for all EU citizens. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals. Those responsible for adhering to these regulations include employees of the organisation, contractors, consultants, agents and third parties who have access to data either directly or indirectly.

  • What does this mean for AIB Group (UK) p.l.c.?

    We have always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to

    • develop on our strong risk culture by acting responsibly and putting your security at the front of our priorities;
    • manage our controls, processes and systems to improve our level of customer service while providing you with the assurance that your information is safe and secure; and
    • conduct our business in a fair and transparent way and ensure we minimise the risk of unfair outcomes for our customers and the effect on their data rights and freedoms.

    Our Data Protection Notice and the additional information on our website, explains how we collect personal information about you, how we use it and how you can interact with us about it.

  • Who we are

    When we talk about ‘AIB’, ‘we’, ‘us’ and ‘our’ we are referring to AIB Group (UK) p.l.c. which includes First Trust Bank, Allied Irish Bank (GB) and Allied Irish Bank (GB) Savings Direct, and AIB Group which refers to Allied Irish Banks, p.l.c., its subsidiaries, affiliates and their respective parent and subsidiary companies. For more information about our group of companies, please visit www.aibgroup.com.

     

    We share your information within AIB Group to help us provide our services, comply with regulatory and legal requirements, and improve our products.

  • Data Protection Officer

    Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled. You can contact our Data Protection Officer at UKDPO@aib.ie or by writing to them at: Data Protection Officer, AIB Group (UK) p.l.c., First Trust Centre, 92 Ann Street, Belfast, BT1 3HH.

  • How we collect information about you

    We collect personal information from you, for example when you:

     

    • open an account;
    • make a deposit;
    • apply for products and services;
    • use your credit or debit card;
    • complete transactions; or 
    • look for advice.

     

    We also collect information through our website, apps, social media, discussion forums, market research and our CCTV footage.

     

    Q: How do AIB use social media information?

    Our use of social media information is designed to deliver a better service for our customers.


    At no point is your personal information used to track or follow you on social media.


    We do not use personal information available on social media to make individual credit decisions.


    Social media information is collected and used in three ways.


    Customer Service: As our customers’ adoption of social media channels continues to grow we aim to service customers where they choose to engage with us. You can choose to talk to us about customer service on Facebook, Twitter, LinkedIn, Instagram, etc.. We sometimes ask you for your telephone number to help resolve your issues or log a complaint. We keep our online conversations with you to ensure that we can better service you in the future by understanding your previous needs. We do not use information collected from social media channels to identify you as our customer.


    Content Advertising: AIB uses the advertising platforms offered by various social networks to understand and reach out to broad groups of customers and potential customers with content advertising. No personal information is shared with or received from social networks as part of this process.


    Social Listening: Social listening involves using specific search tools on the internet to identify what people are saying about our industry and brand. This information is used to help us to better understand how we can improve our products and services. If your social media profile is private, your content cannot be searched. We do not use information collected from social media channels to identify you as our customer.

     

    Further information on how we collect information online is detailed on our websites Privacy Statement and our Social Media Privacy Statement.

     

    We will sometimes record phone conversations and we will always let you know when we do this.


    Depending on your product or service, we may collect information to identify you through voice, facial or fingerprint (biometric data) recognition technology. We always ask for your explicit consent to do this.


    Our websites use ‘cookie’ technology. A cookie is a little piece of text that our server places on your device when you visit any of our websites or apps. They help us make the sites work better for you. Further information is available on our Cookie Policy.

     

    When you apply to us for products and services, and during the time you use these, we carry out information searches and verify your identity. We do this by sending and receiving information about you to and from third parties including credit reference agencies, and fraud prevention agencies. We and these agencies registers may keep records of our searches whether or not the product or service goes ahead.

  • What information do we collect about you?

    This is some of the information we collect and hold about you when applying for and using our products and services:

     

    Personal Descriptors Financial Information

    Full name/Signature
    Home/Business Address
    Email address
    Phone number
    Age
    Gender
    Marital status
    Date of birth
    Proof of identity and proof of address including; driving license, passport, utility bills, Bank statements etc.
    National Insurance Number
    Mother’s maiden name
    Educational details or history
    Call recordings
    Location data

    IP Address
    Profession/ Job
    CCTV images
    Partner and dependents

    Personal bank account details
    Statement of net worth
    Income and expenditure
    Transactions, purchasing and spending activity
    Credit card account
    Investment account
    Debit and credit card numbers

    Revenue documents e.g. P45 and P60
    Payment instructions
    Account positions and history
    Credit records, worthiness, standing or capacity
    Expected turnover
    Origin/source of funds
    Purpose of your account 

     

     

  • Special categories of data

    Under GDPR, there are special categories that require additional safeguards for processing. In some instances, we will require this information for processing or it may be volunteered by you. These data types and the reason we collect them are:

     

    Special categories of data Do AIB Group (UK) p.l.c. process this information?
    Biometric data – Fingerprints, Facial and voice recognition Yes - We may collect information to identify you through voice, facial or fingerprint recognition technology.

    We will always ask for your consent to do this.
    Health data Yes - We may collect health data from you when providing our products and services or to support you in times of financial difficulty or bereavement.

    If health data is requested by us, we will ask for your consent.
    Racial or ethnic origin No - We do not request you to provide details of racial or ethnic origin to provide our products and services.
    Political opinions No - We do not request you to provide political opinions to provide our products and services.
    Religious or philosophical beliefs No - We do not request you to provide religious or philosophical beliefs to provide our products and services.
    Trade union membership No - We do not request you to provide trade union membership to provide our products and services.
    Genetic data No - We do not request you to provide genetic data to provide our products and services.
    Sexual orientation No - We do not request you to provide sexual orientation to provide our products and services.

     

  • How we use your information

    We use information about you to:

     

    • provide relevant products and services;
    • identify ways we can improve our products and services;
    • maintain and monitor your products and services; 
    • protect your interests, and the interests of others; and
    • decide and recommend how our products and services might be suitable for you.

     

    To provide our products and services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal information, we may not be able to provide you with our products and services.


    We analyse the information that we collect on you through your use of our products and services and on our social media, apps and websites. This helps us understand your financial behaviour, how we interact with you and our position in a market place. Examples of how we use this information include helping protect you from financial crime, offering you products and services and personalising your experience.


    We may report trends we see to third parties. These trend reports may include information about activity on devices, for example mobile phones, ATMs and self-service kiosks, or card spend in particular regions or industries. When we prepare these reports, we group customers’ information and remove any names. We do not share information in these reports that can identify you as a customer, such as your name, or account details.


    We sometimes use technology to help us make decisions automatically. For example, when you apply for a loan online. Before we make a decision, we automatically score the information you give us, any information we already hold about you, and any information we may get from other sources.  See 'Automated Decision Making' section for further information.


    All of our processing must be supported by a lawful basis, as discussed in our 'Meeting our legal and regulatory obligations' section. 

  • Lawful basis for processing

    To use your information lawfully, we rely on one or more of the following legal bases:

     

     

    • performance of a contract;
    • legal obligation;
    • our legitimate interests;
    • your consent;.
    • protecting the vital interests of you or others; and
    • public interest.

     

    To help you better understand where these lawful bases may apply, these are some examples for each lawful basis. In some cases, the same information is processed under more than one lawful basis:

     

    Lawful basis Examples of what we use your information for 
    Performance of a contract – Processing your information is necessary for us to provide your products and services. Providing relevant products and services

    We provide our customers with products such as; current accounts, deposit accounts, credit products including mortgages, loans and credit cards.

    Our services include mobile banking, our apps, branch banking and self-service kiosks.

    We process your information to identify and authenticate you to use our products and services.

    Maintaining and monitoring your products and services
    We must continually monitor and update information to ensure your data is safe, accurate and up to date. This ensures we keep your personal details and financial products secure, and give you the best customer service. To do this we may share information with third parties such as credit reference agencies, fraud prevention agencies and market research entities.

    Collecting money owed to us
    As part of our credit product agreements, we have the right to collect money owed to us.

    In some instances, we will use third parties to help us obtain additional information and collect the debts owed to us.
     
    Legal obligation – We must process this information to comply with our legal obligations. Identify and authenticate our customers
    We process your personal information to identify and authenticate our customers by carrying out Anti-Money Laundering and Fraud Prevention checks.

    We share your information with third parties when performing these checks. 

    Our legitimate interests –Legitimate interest means the interests of AIB Group (UK) p.l.c. in conducting and managing our business when providing products and services. The core legitimate interests of AIB Group (UK) p.l.c. are to provide the best customer service, introduce innovative products and services, and to protect our customers, employees and shareholders.

    We will always assess whether the legitimate interest of AIB Group (UK) p.l.c. will adversely impact the rights and freedoms of the data subject prior to processing. We implement safeguards to ensure that the processing remains fair and balanced.

    Our risk assessments help us understand what information we need, our business requirements, the impact on our customers and employees, alternative options for processing and how long we hold the information for.  
    Manage and understand risk
    As a regulated financial institution, we must manage and understand our risk exposure to ensure our customers are protected and maintain a stable financial infrastructure.

    We produce internal management information and models to understand risk across the bank, ensure necessary safeguards are in place and assess the design and effectiveness of these safeguards. We report this on an ongoing basis to regulatory agencies.

    Perform Credit checks
    To ensure responsible lending and offer you overdrafts, loans, credit cards and mortgage products, we must perform a check to authenticate you and assess your suitability for lending.

    We may share information with credit reference agencies and fraud prevention agencies for these checks.

    Manage our relationship with you
    We keep our records up to date to ensure your personal information is safe, to contact you when required, and provide the best customer service.

    Analyse information and research your experiences dealing with us
    We want to continually improve and better understand our customers. By collecting and analysing data from multiple sources, we can better understand the requirements of our customers and how we can improve products and service offerings.

    This analysis also helps us run our business more efficiently and effectively.

    We may report trends we see to third parties. These trend reports may include information about activity on devices, for example mobile phones, ATMs and self-service kiosks, or card spend in particular regions or industries. When we prepare these reports, we group customers’ information and remove any names. We do not share information in these reports that can identify you as a customer, such as your name, or account details.

    Identify ways we can improve our products and services
    We are always working to develop new products and innovative ways of bringing these to you.

    We analyse the market and our customer base to better understand what people like and what people want from their Bank. We do this by collecting data on your purchases, transactions, interactions with our website, apps, ATMs, self-service kiosks, and using customer surveys. We use this information to provide a more personalised service to our customers and improve their experience using our products.

    Prevent financial crime and cyber attacks
    We continually monitor and analyse transactions, financial behaviour and electronic devices to detect and prevent fraud and cyber-attacks. This enables us to protect and secure our customers information, our networks and our financial interests.

    We share information with third parties to prevent financial crime, report fraud, manage our risks and protect both our interests.

    Sell whole or part of our business
    On sale of loan books, subsidiaries or parts of our business, we will share the necessary information required by the purchaser to assess valuations, perform due diligence and continue processing of the data.

    This may include transferring your personal information to the purchaser.

    Internal management information
    We produce internal management information to run our business and better understand customer needs. This information enables us to make informed decisions and develop our strategy. 

    Your consent – We require your consent for processing certain information such as special category data.

    We ensure your consent is obtained under the following principles

    • Positive Action - Clear affirmative action is required. We do not use pre-ticked boxes, or imply or assume consent in the event of no positive action from you.
    • Free will – Your consent must be freely given and not influenced by external factors.
    • Specific – We will be clear on what exactly we are asking your consent for. 
    • Recorded – We will keep a record of your consent and how we got it. 
    • Can be withdrawn at any time – We will stop data processing that requires your consent at any time you make a valid request. You can withdraw your consent at any time.


    Special Categories of Personal Data is information relating to:

    a) Racial or ethical origin, political opinions or religious or philosophical beliefs

    b) Trade union membership
    c) Biometric data (we may collect voice, facial or fingerprint information to identify data subjects)
    d) Genetic data
    e) Physical or mental health
    f) Sexual orientation
    g) Commission or alleged commission of any offence by the data subject or
    h) Any proceedings for any offence committed or alleged
     

    Directly contact you about new products and services

    With your consent, we will let you know what products or services you might like. You can select how you prefer to be contacted on our application forms or by contacting us.

    You can withdraw your consent at any time.

    Processing special category data
    We require your consent when processing special category data, such as those listed.

    In some instances, customers may provide us with special categories of data, such as health data. Given that this is a special category of data, we may have to obtain your consent before accepting this information for processing.  
    Protecting the vital interests of you or others Sharing information to protect you
    In some instances where we are concerned about your health and safety, we may share information with third parties to protect you and others.

    This may include where we suspect that you, or others, may become a victim of financial crime.  
    Public interest Prevention of fraud
    We may share personal data under the public interest basis in relation to prevention of fraud. We may share information with third parties to reduce fraud risk and protect the public from financial loss.  

     

  • Meeting our legal and regulatory obligations

    To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer have to keep it. We may also gather information about you from third parties to help us meet our obligations.

  • Credit searches and credit reference agencies (CRAs)

    In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.

     

    To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

     

    We will use this information to:

     

    • Assess your creditworthiness and whether you can afford to take the product;
    • Verify the accuracy of the data you have provided to us;
    • Prevent criminal activity, fraud and money laundering;
    • Manage your account(s);
    • Trace and recover debts; and
    • Ensure any offers provided to you are appropriate to your circumstances.

     

    We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

     

    When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

     

    If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

     

    The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – clicking on any of these three links will take you to the same CRAIN document:

     

    Callcredit : http://www.callcredit.co.uk/crain
    Equifax : https://www.equifax.co.uk/crain
    Experian : http://www.experian.co.uk/crain

     

     

    Who are the Credit Reference Agencies and how can I contact them?


    There are three main credit reference agencies in the UK who deal with people’s personal data.


    Each is regulated by the Financial Conduct Authority (“FCA”) and authorised to conduct business as a credit reference agency.

     

    Credit Reference Agency Contact details
    Callcredit Limited  

    Post:
    Callcredit Information Group,
    One Park Lane,
    Leeds,
    West Yorkshire
    LS3 1EP.


    Web Address: http://www.callcredit.co.uk/consumer-solutions/contact-us
    Email: consumer@callcreditgroup.com
    Phone: 0330 024 7574

    Equifax Limited

    Post:
    Equifax Ltd,
    Customer Service Centre,
    PO Box 10036,
    Leicester, LE3 4FS.


    Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
    Email: www.equifax.co.uk/ask
    Phone: 0333 321 4043 or 0800 014 2955

    Experian Limited

    Post:
    Experian,
    PO BOX 9000,
    Nottingham,
    NG80 7WF


    Web Address: http://www.experian.co.uk/consumer/contact-us/index.html
    Email: consumer.helpservice@uk.experian.com
    Phone: 0344 481 0800 or 0800 013 8888  

     

  • Fraud Prevention Agencies

    Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

     

    Our contact details can be found in the ‘Contact us’ section of our website.

     

    What we process and share


    The personal data you have provided, we have collected from you, or we have received from third parties may include your:

     

    • name
    • date of birth
    • residential address and address history
    • contact details such as email address and telephone numbers 
    • financial information
    • employment details 
    • identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
    • vehicle details

    When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.


    We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.


    Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.


    Automated decisions


    As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:

     

    • our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
    • you appear to have deliberately hidden your true identity.


    You have rights in relation to automated decision making: if you want to know more please contact us using the details above.


    Consequences of processing


    If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.


    A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.


    Data transfers


    Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.


    Your rights


    Your personal data is protected by legal rights, which include your rights to:

     

    • object to our processing of your personal data;
    • request that your personal data is erased or corrected;
    • request access to your personal data.


    For more information or to exercise your data protection rights please, please contact us using the contact details above.


    If you are unhappy about how your personal data has been used please refer to our complaints policy.


    You also have a right to complain to the Information Commissioner's Office at www.ico.org.uk which regulates the processing of personal data.

  • US Foreign Account Tax Compliance Act (FATCA) and Common Reporting Standard (CRS)

    Financial institutions in the UK are required under legislation which incorporates the US Foreign Account Tax Compliance Act (FATCA) and the Organisation for Economic Cooperation and Development (OECD) Common Reporting Standard (CRS) into UK law to seek answers to certain questions for purposes of identifying accounts that are reportable to HMRC for onward transmission to tax authorities in relevant jurisdiction(s).


    Financial institutions in UK are required to seek answers to questions regarding tax residency. If customers do not provide all of the information requested, we may not be able to proceed with opening the new account until the relevant information is provided and we may be obliged to include the account(s) detail in the annual FATCA return and CRS return to HMRC.


    Please note that First Trust Bank / Allied Irish Bank (GB) is unable to offer taxation advice. For tax related questions and/or further information please contact your professional tax advisor or HMRC on https://www.gov.uk/government/collections/automatic-exchange-of-information-agreements

  • Consent

  • Direct Marketing

    For direct marketing, we need your consent to make you aware of products and services which may be of interest to you. We may make you aware of these by phone, post, email, text or through other digital media.

     

    You can decide how you would like to be contacted and if you are happy to accept this marketing, by opting in or out when you apply for new products and services. You can also change your options at any time by contacting us.

     

    As part of our direct marketing, we analyse the information that we collect on you through your use of our products and services and on our social media, apps and websites. This helps us understand your financial behaviour, how we interact with you and our position in a market place. This enables us to personalise your experience and provide you with the most suitable products and services.

     

    If we ever contact you to get your feedback on ways to improve our products and services, you also have the choice to opt out. 

  • How we keep your information safe

    We protect your information with security measures under the laws that apply and we meet international standards. We keep our computers, files and buildings secure.


    Please visit the Online Banking Security Centre, where you can read more information on how we protect your privacy and your personal data.

     

    In addition to our technical controls, our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are protected and fulfilled. Our Data Protection Officer advises on how we can best understand risks to your data rights and freedoms, implements processes to protect these and has responsibility to report to the Data Protection Authorities if we are not meeting our obligations.


    When you contact us to ask about your information, we may ask you to identify yourself. This is to help us protect your information.

  • How long we keep your personal information for

    To meet our legal, regulatory and business requirements, we hold your information while you are a customer and for a period of time after that. To help you understand how long we hold some of your data for, we have summarised some of our key retention schedules below.


    Please note that these retention periods are our policy but are also subject to external considerations, which may require us to hold the information for a longer period. For example, we must meet minimum retention standards for our legal obligations. Our regulators, can also request we retain data for longer than our internal schedules. We must do this to protect both of our interests.


    We continuously assess and delete data to ensure it is not held for longer than necessary.

     

    Document type Example documents Retention Period
    Account and service information
    • Account Opening documents
    • Account Records
    • Signed agreements
    • Customer Information
    • Adherence to Law/Regulation documents
    • Customer Complaints
    • Customer Instructions & Communications
    • Deceased Accounts
    • Security information
    • Tax information
    • Treasury Customer Deal Confirmations
    • Treasury Customers Master Agreements
    • Treasury Customer Authorisation Forms
    7 years after the account closes
    Transactional information – Once off
    • Customer Orders/Instructions
    • Dockets & Vouchers,
    • MiFID Regulated Transaction documents
    • Cheques & Demand Drafts
    7 years after the transaction
    Transactional information – Recurring
    • Standing Order & Direct Debit Mandates
    • Continuing Transactions
    7 years after the cancellation or closure of account
    Revenue/Tax documentation
    • Tax Returns
    • Individual Savings Accounts
    • VAT correspondence dealing with VAT queries including VAT Audit files and information provided to Revenue
    • VAT recovery calculations, back up schedules and reconciliation files.
    11 years after the date of the document
    Confidential documents under seal
    • MiFID regulated investment firm records
    • Agreements executed on behalf of customer
    • MiFID Regulated – Terms of Business/Engagement or Agreements
    13 years after the date of the document
    Reportable Accidents and Health and Safety reports
    • Health and safety reports
    10 years after the incident
    Long term financial products
    • Life Policies
    • Investments
    • Bonds
    7 Years post maturity of product (excluding pensions)
    Pensions
    • Pension transfers
    • Pension Conversions
    • Pension opt-outs
    • FSAVCs
    Indefinitely 
  • Your information and third parties

    Sometimes we share your information with third parties.

     

    For example to:

     

    • provide products, services and information;
    • analyse information;
    • research your experiences dealing with us;
    • collect debts;
    • sell your debts;
    • sell whole or part of our business;
    • prevent financial crime;
    • help trace, investigate and recover funds on your behalf;
    • trace information; and
    • protect both our interests.

     

    Third parties we may share information with can include:

     

    • Estate agencies
    • Credit reference agencies
    • Fraud prevention agencies
    • Company search databases
    • Regulatory bodies; including the Financial Conduct Authority, Prudential Regulation Authority, Competition and Markets Authority, Lending Standards Board, Financial Ombudsman Service, Information Commissioner’s Office and the Central Bank of Ireland.
    • Companies we have a joint venture or agreement to work with
    • Insurance companies
    • Government bodies including HM Revenue & Customs
    • Businesses that introduce you to us or we introduce you to
    • Cards/transaction processing
    • Market research companies
    • Financial advisors
    • Debt collection agencies
    • External consultancy firms including Legal, Accountancy, Compliance and other Professional Services
    • Any entity you request your data to be shared with

     

    We require that these third parties provided sufficient guarantees that the necessary safeguards and controls have been implemented to ensure there is no impact on your data rights and freedoms.

    We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside the UK.

  • International transfers of data

    We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. We expect the same standard of data protection to be applied outside of the EEA to these transfers and the use of the information, to ensure your rights are protected.

  • Your personal information rights

    Details on your information rights, how we can help ensure that you are aware of these rights, how you can exercise these rights and how we intend to deliver on your requests can be found here.

     

    These rights include:

    • Right of Access to information (Subject Access Request)
    • Updating and correcting your personal details
    • Right to restrict processing
    • Right to object to processing
    • Deleting your information (Right to be forgotten)
    • Moving your information (Right to Portability)
    • The right to lodge a complaint with a supervisory authority
  • Removing consent

    You can change your mind wherever you have given us your consent, and you can request that we no longer process data we require your consent for, such as for direct marketing or processing your sensitive information, such as medical or biometric data.

  • Automated decision making

    We sometimes use technology to help us make decisions automatically. We use information provided directly by you, any information we may hold about you, and information from third parties, to make decisions that are efficient, quick, and fair based on the information provided.


    You have the right to object to automated decision making. You can request that a person is involved in an automated decision that affects you directly. Please see ‘Your Rights ’ section for further details.

  • Credit Approval

    When you apply for loan products, we use multiple data sources to understand your ability to repay the loan. This ensures we lend responsibly.


    We use the information provided by you on the applications and information from third parties such as credit reference agencies.


    The information we process for automated decisions include:

     

    • Income
    • Financial position
    • Transaction history
    • Employment details
    • Discretionary spending
    • Credit rating
    • Your other loans, mortgages and products

    Analysis of this information helps us assess whether you can meet the loan payments. The initial affordability decision is completed by our automated decision engines. If you are declined based on the automated criteria, you can ask that your application is assessed manually by one of our staff. 

  • The right to lodge a complaint with a Supervisory Authority

    If you have a complaint about the use of your personal information, please let a member of staff in your branch know, giving them the opportunity to put things right as quickly as possible. If you wish to make a complaint you may do so in person, by phone, in writing and by email. We will fully investigate all the complaints we receive. You may complain through our contact centre, our branches, our website, by phone, by email or in person at your branch. We ask that you supply as much information as possible to help us resolve your complaint quickly.


    You can also contact the Information Commissioner’s Office (ICO) at the below details:

     

    • Visit their website at ico.org.uk 
    • Email at: casework@ico.org.uk
    • Phone on: 0303 123 1113 
    • Write to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Updates to our Data Protection Notice

    We will make changes to our Data Protection Notice from time to time, particularly when we change how we use your information, and change our technology and products. You can always find an up-to-date version of our Notice on this website, on display at your local branch, or you can ask us for a copy.