We’ll only share your information with other organisations for the reasons detailed in this Notice.
When you log in to Online Services, we share some of your information in a secure, encrypted format with a third party. We need to do this so we can identify you and help prevent fraud.
To spell out what we don’t do with your information:
- we’ll never sell your data to anyone else.
- we’ll never use your data to send you marketing information selling products or services by other organisations.
Confirming your identity
Under money laundering law, all financial organisations have to confirm a customer’s identity. To do this, we send your details to a specialist external agency. It’s a quick and secure process commonly used by banks and building societies. If your details change, we’ll ask you to re-confirm your identity. For example, you apply for another account with us or you change your name.
If you apply for a mortgage, we contact a credit reference agency for details of your credit history. The agency keeps a record of our enquiry (‘search’) and your application, and whether or not you've taken out the mortgage.
When your mortgage is set up, we give the agencies more information about you. For example, if you pay your mortgage on time. If you apply to another company for credit, they'll then be able to see this information.
Remember: if you apply for a joint mortgage account, your financial information will be ‘linked’ to the other applicant(s) by the credit reference agency, which creates an association between you. We, or other financial organisations, might take this into account when you or any of the other applicants are credit-checked again in future. To prevent this, you must ask the agency to unlink your financial records.
The credit reference agencies we normally use are below, along with how to find their ‘Credit Reference Agency Information Notice’ (CRAIN).
You can see the information these agencies hold about you, and read their Privacy Notices, on the websites above. Contact them directly and they’ll explain how to make a request and how much it costs.
Fraud prevention and reporting
Under money laundering law, all financial organisations have to report any suspicious transactions to help detect and prevent crime. We report to the National Crime Agency, the police and other law enforcement agencies.
If you're considered a fraud or money laundering risk, fraud prevention agencies can hold your data for up to six years.
When people give us false or inaccurate information and we identify it as fraud, we pass the details to fraud prevention agencies, such as Cifas, National Hunter, Synectics Solutions, as well as law enforcement agencies who may view and use this information.
We and other organisations may also use this information to:
- detect, investigate and prevent crime, including fraud and money laundering
- check details on applications for accounts with credit facilities
- manage credit facilities
- recover debt
- check details on claims for all types of insurance.
We also use information recorded by fraud prevention agencies in other countries.
If we determine, based on our information or that of a fraud prevention agency, that you pose a fraud or money laundering risk, we may refuse you the services or financing you've asked for, stop any existing services or refuse to employ you.
The fraud prevention agencies will keep a record of any fraud or money laundering risk, and you may be refused services, financing or work.
For the details of the relevant fraud prevention agencies, ask us. To see the information these agencies hold about you, you’ll need to contact them directly.
We have to give information about you and your savings accounts to HM Revenue & Customs. For example, to verify that our customers aren’t saving more than the annual allowance in ISAs, and to make sure people with tax residency in other countries are complying with the law.
Examples of suppliers or other organisations we use are:
- third party financial services suppliers, for example, to manage payments (including use of our clearing bank and the use of payment services involving the transfer of electronic payments into or out of your account) or insurance providers or administrators of insurance services. They need access to your personal information to process it, so they can carry out services such as creating quotes, renewing policies and handling claims.
- mailing, data management and IT suppliers.
- marketing agencies or third party suppliers in relation to running competitions, prize draws and ticket giveaways and other promotions, your data will be used for these purposes and will not be sold to them.
- market research suppliers for example, to carry out surveys, focus groups or other research for us.
We can change the companies we use or appoint to provide services.
When we appoint a company to provide a service on our behalf, they must meet our strict requirements about the security and privacy of our customers’ data.
Transferring data outside the EEA
Occasionally we or a supplier may need to transfer data to countries outside the European Economic Area (EEA). This could be, for example, for tax reporting purposes. Other countries may not have the same standard of data protection laws as we do here in the UK. In these circumstances, we use safeguards to make sure data is transferred securely and in line with UK data protection standards. For example, we’d always use encryption, where information is converted into a code and only readable by the organisation we send it to.
Where fraud prevention agencies transfer your personal data outside the European Economic Area they'll make sure the recipient's obligations to protect your data and share it securely are outlined in their contracts.
They may also need to sign up to 'international frameworks' which will give assurance that data will be shared securely.
Other occasions we need to share your information
If you apply for a mortgage or hold a mortgage with us, sometimes we share information with some or all of these people or groups:
- your employer to confirm your income and employment.
- your mortgage intermediary or broker (if you use one) so they can provide their services to you.
- a legal representative acting either for us or you.
- a valuer.
- debt counsellors or other specialist services, if for example you fall into payment difficulties or can’t repay your outstanding mortgage balance.
- a guarantor of your mortgage or their legal advisor.
We may share information with these groups at different times throughout the life of your mortgage.
If you apply for a savings account via a third party company, we may receive or share information to set up your account and for general account administration:
- where you make an application for the account via a third party partner through a Employee Benefits Scheme provided by your Employer.
- where you make an application via an investments Provider.
We may also share your information with:
- The Financial Ombudsman Service – for example, if you make a complaint.
- our regulators and trusted third parties including auditors and external lawyers acting on our behalf.
- asset managers – for example, as part of a corporate financial transaction such as issuing of a covered bond.
- another organisation if we ever sell or transfer our business.