Archives: FAQ - Savings

20. What are your rights under data protection laws?

Your right to privacy is important to us. When you share your details with us, we want you to be confident that we will take reasonable steps to keep your data secure, and we will only use or share it in ways that we have set out in this notice.

Below is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them we will explain at that time if they are engaged or not.

  • The right to be informed about the processing of your personal information;
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed (the ‘right to rectification‘);
  • The right to object to the processing of your personal information;
  • The right to restrict processing of your personal information;
  • The right to have your personal information erased (the ‘right to be forgotten’);
  • The right to request access to your personal information and to obtain information about how we process it;
  • The right to move, copy or transfer your personal information (‘data portability’); and
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: ico.org.uk. For more details on all of the above rights, you can contact our Data Protection Officer

If you wish to exercise any of these rights against the Credit Reference Agencies, the Fraud Prevention Agencies, or a broker or other intermediary who is data controller in its own right, you should contact them separately.

19. For how long is your personal information retained by us?

While we hold your data we will take reasonable steps to keep it safe and secure, and we will regularly review the rules around how long we keep it for.

Unless we explain otherwise to you, we will hold your personal information for the following periods:

  • Retention in case of queries. We will retain the personal information that we need to keep in case of queries from you (for instance, if you apply unsuccessfully for a product or service) for six months unless we have to keep it for a longer period (see directly below);
  • Retention in case of claims. We will retain the personal information that we need to keep for the period in which you might legally bring claims against us, which in practice means a maximum of six years from the date a savings account is closed and a maximum of 15 years from the date a mortgage is redeemed; and
  • Retention in accordance with legal and regulatory requirements. We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end for a maximum of six years from the date a savings account is closed, a maximum of 15 years from the date a mortgage is redeemed and a maximum of six years from the date core capital deferred shares are transferred, and this will be to satisfy our legal and regulatory requirements.

 

If you would like further information about our data retention practices, please contact our Data Protection Officer.

18. Do we do any monitoring involving the processing of your personal information?

In this section ‘monitoring’ means any listening to, recording of, viewing of, intercepting of, or taking and keeping records of calls, post, email, social media messages, in person face-to-face meetings and any other communications.

Telephone calls between us and you in connection with your application and the mortgage, savings account or core capital deferred shares will be recorded to make sure that we have a record of what has been discussed and what your instructions are. Certain in person meetings will also be recorded for the same purposes. We may monitor calls for quality control and staff training purposes.

We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone lines or certain in person meetings we will do so.

Some of our monitoring may be to comply with regulatory rules, self regulatory practices or procedures relevant to our business; to prevent or detect crime; be in the interests of protecting the security of our communications systems and procedures; to have a record of what we have discussed with you and actions agreed with you; to protect you and to provide security for you (such as in relation to fraud risks on your account); and for quality control and staff training purposes.

Some of our monitoring may check for obscene or profane content in communications.

We may conduct short term carefully controlled monitoring of your activities on your mortgage, savings account or core capital deferred shares where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, where we suspect fraud, money laundering or other crimes.

17. What should you do if your personal information changes?

We need to ensure your personal data is accurate and up to date. You should tell us without delay if your details change (for example, if you move address) so that we can update our records. If you were introduced to us by a broker or other intermediary that is a data controller in its own right, you should contact them separately.

16. How do we share your information with fraud prevention agencies?

We are required by Money Laundering Regulations to collect and record personal data to confirm a customer’s identity.

To protect us against any fraudulent or other criminal activity we will check your details against, and share information with, fraud prevention agencies who maintain and share information on known and suspected fraudulent activity, such as Action Fraud.

We are required by law to report any suspicious transactions to the National Crime Agency, the police and other law enforcement agencies for crime detection and prevention purposes.

15. How do we share your information with credit reference agencies?

In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files with the CRAs for a disassociation to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained within this privacy notice.

14. Sending data outside of the EEA

We will only send your data outside of the EEA to:

  • Follow your instructions;
  • Comply with a legal duty; or
  • Work with other organisations for the purpose of providing a service on our behalf in connection with the operation of your account or membership.

If we do transfer information to a company outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We will use one of these safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this on the European Commission Justice website.
  • Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.

13. Is your personal information transferred outside the UK or the EEA?

We are based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA). When we do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.