Privacy Notice

About this Notice

This Privacy Notice describes the information we collect about you, how we use it and why.

Children and young people

When we open an account, we ask you for some information about you. We do that so that we can open and run your account. It’s important that we tell why we need it and what we do with it. You can read our Privacy Notices below, or if you need some help ask your parent or the person who looks after you to read it with you.

Privacy Notice for ages 7-11

Privacy Notice for ages 12-17

Good to know
We never send information about new mortgages or savings products and services we’ve developed to anyone under age 18.

What's in this Notice?

Your right to privacy is important to us. When you share your details with us, we want you to be confident that we look after the information securely and we only use or share it in the ways we set out in this Notice.

There are also several things that, by law, we have to explain to you.

If there’s anything you’re not sure about or you have more questions, get in touch with us.

We’re Coventry Building Society Group

The Group is:

Coventry Building Society

Godiva Mortgages Limited

ITL Mortgages Limited

When we use the terms weusour and the Group in this Notice, we mean Coventry Building Society Group.

Who is the data controller?

The ‘data controller’ is the organisation responsible for making sure your information is processed fairly and lawfully. For the personal data you give us, either Coventry Building Society, Godiva Mortgages Limited or ITL Mortgages Limited will be the data controller. It depends on which organisation you apply to, account you hold or service you use. 

As part of looking after accounts, we work together as a Group so any of the three companies can be the one ‘processing’ your information.

Information we hold about you

Why we need to collect information

To set up and run accounts and services for you, we need specific details. For the purposes of promotional and marketing activities, including running competitions, prize draws and ticket giveaways, we may ask for information for you to be able to participate or opt in to receive information from us. 

If you don’t give us the information we need, or if you don’t allow us to ‘process’ your information, we can’t open an account or set up a service for you. For what we mean by ‘process’, see ‘How we use your information’ further down this page.

We’ll ask you directly for most of the information we need. Sometimes we also collect more data about you from external sources, such as credit reference agencies.

If you give us information about someone else 

You might give us information about another person, for example, if you’re applying for a joint account or for an account on behalf of a child.

We expect that:

  • you have their permission to give us this information.
  • the other person understands how we’ll use their information.
  • the other person has no objection to us holding and using their information.

What information we hold about you

The type of personal information you can expect us to hold about you includes:

Your personal details

  • for example, your name, date of birth, address, telephone number, email address. To have an ISA with us, we must hold your National Insurance number – it’s required by law.

Account details

  • information about the accounts you hold or held with us, and details about the money going in and out.

Records of our contact with you

  • for example, notes on our systems, emails, letters, texts, social media and information relating to your marketing and communication preferences. We also record telephone calls and use CCTV in our premises and in certain circumstances may record your IP address.


  • these track your activity on our website.

For more information about this, see our Cookie Policy.

Sometimes we'll also hold sensitive personal information, for example about your health. We'll usually ask for consent to do this.

In limited circumstances, this might be needed where we administer an insurance policy linked or formerly linked to your mortgage. Depending on the accounts you hold with us or services you use, we may also record more personal information such as:

  • your income
  • your employment
  • your financial commitments
  • details of a credit search.

We’ll keep your personal data if you...

  • have an open account with us,
  • have enquired or applied for products with us, or
  • have made a complaint

…so we can provide a service to you.

We’ll keep your data for added time...

  • after you close your account,
  • after your product application date, or
  • after the closure of your complaint

…in order to meet our legal and regulatory obligations.

While we hold your data...

we’ll keep it safe and secure, and we’ll regularly review the rules around how long we keep it for.

When we no longer need your data...

we’ll destroy it safely and securely, consistent with our rules on how long we keep your data.

If you’d like more information about how long we keep information, email:

How we use your information

We use your information:

  • to assess every application you make for an account or service (including when you use Online Services), making checks so we can prevent fraud and money laundering, and to confirm who you are . If you apply for a product via a third party they may make some of these checks on our behalf
  • to manage your accounts
  • to develop and improve our services
  • to manage your marketing and communication preferences
  • to engage with you when you enter a competition, prize draw or ticket giveaway
  • to make sure we comply with the law that governs our activities. 
  • for risk management, including credit and liquidity modelling to comply with regulatory requests, reporting requirements and for auditing purposes. This may include profiling in relation to your account. 

Data protection laws require us to explain what ‘legal grounds’ justify us processing your information, including sharing it with other organisations. The legal grounds are:

  • contracts
  • regulation
  • law
  • consent
  • legitimate interests.

This is a list of all the ways we use your information for each of these legal grounds:


  • to assess your application for an account or service - this depends on the type of account you apply for. For example, if you apply for credit (such as a mortgage), we have to make thorough checks. We assess your credit score, our risk of lending to you, and any risk that the application could be fraudulent.
  • to set up and manage your accounts and keep our records up-to-date.
  • to allow deposits and withdrawals to be made to and from your account both electronically and in cash.

Regulation and law

  • to confirm your identity when you apply for an account or service or use Online Services.
  • to meet our legal and regulatory obligations and for crime prevention/detection, fraud prevention, risk management including credit and liquidity modelling and money laundering.
  • to make sure you have notice of our general meetings and are able to vote if you’re eligible.
  • where it's necessary in the public interest, and the law allows us to.

With your consent

We'll keep you informed about relevant accounts, services, competitions, prize draws or ticket giveaways and other promotional activities.

We ask for your permission to do this when you apply for an account or service with us.

You can change your mind at any time. Contact us if you don’t want us to send you information about new mortgage or savings products or services we’ve developed. To remove your details from any marketing activity, get in touch with us.

Our legitimate interests

This means the purpose is essential or relevant to our business. For example, we use your information:

  • to confirm who you are, and make checks so we can prevent fraud and money laundering. We need to do this before we enter into a contract with you.
  • to carry out customer research to help us improve our accounts and services and to better understand our customers. To ask us not to include you in any customer research, please get in touch with us.
  • to test computer systems to make sure our systems stay secure and function properly.
  • for promotional and marketing purposes.
  • to check and improve our customer service and provide training for our employees. We record CCTV footage in our branches and offices to protect our employees and customers.
  • to perform credit modelling and risk management. Whilst some of this information is required for regulatory reasons, we may also use it to make commercial decisions and for service monitoring purposes.

Storing sensitive personal information

We might need to do this to, for example, support your insurance claim, or to help us deal more sensitively with your particular circumstances. If we process sensitive personal information, we'll do it because we need to for the purpose, or we have your explicit consent.

We use technology to carry out automated processing

We use technology to make some decisions about you without involving a person to make the decision – this is called ‘automated decision-making’.

Examples of this are:

  • to confirm your identity when you use Online Services.
  • assessing lending risks.
  • analysing transactions on your account.
  • deciding what happens when a bond matures.
  • choosing what information to send you about our accounts or services.

If you’re getting information about new mortgages and savings products and services we develop and want to opt out, just let us know.

For more about this, see ‘Your rights under data protection law’.

We’ll also use data to analyse statistics. When we do this, we make sure information can’t be traced back to individuals.

We can do this activity only when:

  • it’s essential for us to open or run your account, or
  • it’s authorised by law.

Not happy about an automated decision?

If you apply for an account and there’s something about it that means you’d prefer a human to assess it rather than a computer, please let us know before you submit the application. (For example, if you apply for a mortgage and you have a County Court Judgement registered against you.)

If we make a decision about you using automatic processing, you can ask us to have one of our team reconsider the decision.

Who we share your information with

We’ll only share your information with other organisations for the reasons detailed in this Notice.

When you log in to Online Services, we share some of your information in a secure, encrypted format with a third party. We need to do this so we can identify you and help prevent fraud.

To spell out what we don’t do with your information:

  • we’ll never sell your data to anyone else.
  • we’ll never use your data to send you marketing information selling products or services by other organisations.

Confirming your identity

Under money laundering law, all financial organisations have to confirm a customer’s identity. To do this, we send your details to a specialist external agency. It’s a quick and secure process commonly used by banks and building societies. If your details change, we’ll ask you to re-confirm your identity. For example, you apply for another account with us or you change your name.

Credit checking

If you apply for a mortgage, we contact a credit reference agency for details of your credit history. The agency keeps a record of our enquiry (‘search’) and your application, and whether or not you've taken out the mortgage.

When your mortgage is set up, we give the agencies more information about you. For example, if you pay your mortgage on time. If you apply to another company for credit, they'll then be able to see this information.

Remember: if you apply for a joint mortgage account, your financial information will be ‘linked’ to the other applicant(s) by the credit reference agency, which creates an association between you. We, or other financial organisations, might take this into account when you or any of the other applicants are credit-checked again in future. To prevent this, you must ask the agency to unlink your financial records.

The credit reference agencies we normally use are below, along with how to find their ‘Credit Reference Agency Information Notice’ (CRAIN).

You can see the information these agencies hold about you, and read their Privacy Notices, on the websites above. Contact them directly and they’ll explain how to make a request and how much it costs.

Fraud prevention and reporting

Under money laundering law, all financial organisations have to report any suspicious transactions to help detect and prevent crime. We report to the National Crime Agency, the police and other law enforcement agencies.

If you're considered a fraud or money laundering risk, fraud prevention agencies can hold your data for up to six years.

When people give us false or inaccurate information and we identify it as fraud, we pass the details to fraud prevention agencies, such as Cifas, National Hunter, Synectics Solutions, as well as law enforcement agencies who may view and use this information.

We and other organisations may also use this information to:

  • detect, investigate and prevent crime, including fraud and money laundering
  • check details on applications for accounts with credit facilities
  • manage credit facilities
  • recover debt
  • check details on claims for all types of insurance.

We also use information recorded by fraud prevention agencies in other countries.

If we determine, based on our information or that of a fraud prevention agency, that you pose a fraud or money laundering risk, we may refuse you the services or financing you've asked for, stop any existing services or refuse to employ you.

The fraud prevention agencies will keep a record of any fraud or money laundering risk, and you may be refused services, financing or work.

For the details of the relevant fraud prevention agencies, ask us. To see the information these agencies hold about you, you’ll need to contact them directly.

Tax reporting

We have to give information about you and your savings accounts to HM Revenue & Customs. For example, to verify that our customers aren’t saving more than the annual allowance in ISAs, and to make sure people with tax residency in other countries are complying with the law.

Our suppliers

Examples of suppliers or other organisations we use are: 

  • third party financial services suppliers, for example, to manage payments (including use of our clearing bank and the use of payment services involving the transfer of electronic payments into or out of your account) or insurance providers or administrators of insurance services. They need access to your personal information to process it, so they can carry out services such as creating quotes, renewing policies and handling claims.
  • mailing, data management and IT suppliers.
  • marketing agencies or third party suppliers in relation to running competitions, prize draws and ticket giveaways and other promotions, your data will be used for these purposes and will not be sold to them.
  • market research suppliers for example, to carry out surveys, focus groups or other research for us.

We can change the companies we use or appoint to provide services.

When we appoint a company to provide a service on our behalf, they must meet our strict requirements about the security and privacy of our customers’ data.

Transferring data outside the EEA

Occasionally we or a supplier may need to transfer data to countries outside the European Economic Area (EEA). This could be, for example, for tax reporting purposes. Other countries may not have the same standard of data protection laws as we do here in the UK. In these circumstances, we use safeguards to make sure data is transferred securely and in line with UK data protection standards. For example, we’d always use encryption, where information is converted into a code and only readable by the organisation we send it to.

Where fraud prevention agencies transfer your personal data outside the European Economic Area they'll make sure the recipient's obligations to protect your data and share it securely are outlined in their contracts.

They may also need to sign up to 'international frameworks' which will give assurance that data will be shared securely.

Other occasions we need to share your information

If you apply for a mortgage or hold a mortgage with us, sometimes we share information with some or all of these people or groups:

  • your employer to confirm your income and employment.
  • your mortgage intermediary or broker (if you use one) so they can provide their services to you.
  • a legal representative acting either for us or you.
  • a valuer.
  • debt counsellors or other specialist services, if for example you fall into payment difficulties or can’t repay your outstanding mortgage balance.
  • a guarantor of your mortgage or their legal advisor.

We may share information with these groups at different times throughout the life of your mortgage.

If you apply for a savings account via a third party company, we may receive or share information to set up your account and for general account administration:

  • where you make an application for the account via a third party partner through a Employee Benefits Scheme provided by your Employer.
  • where you make an application via an investments Provider.

We may also share your information with:

  • The Financial Ombudsman Service – for example, if you make a complaint.
  • our regulators and trusted third parties including auditors and external lawyers acting on our behalf. 
  • asset managers – for example, as part of a corporate financial transaction such as issuing of a covered bond.
  • another organisation if we ever sell or transfer our business.

Your rights under data protection law

By giving us your information, you become a ‘data subject’. Here are the rights you have as a data subject, under data protection laws:

  • to be informed about how we process your personal information.
  • to have your personal information corrected or updated if it’s inaccurate or incomplete.
  • to object to us processing your personal information.
  • to restrict how we process your personal information.
  • to have your personal information erased.
  • to request access to your personal information and details about how we process it.
  • to move, copy or transfer your personal information (this is called ‘data portability’).

Remember, often it’s essential that we hold or share your information. For example, if you’re applying for a mortgage and don’t want us to share your details with a credit reference agency, then we can’t go ahead with your application.

How to make a request under any of these rights

You can have a copy of the personal information we hold about you. This is your right under data protection regulations and it’s usually free of charge. To ask us about these rights or to make a formal request, get in touch using your preferred method below. 

Just to let you know, that for security, you must give us some details before we can disclose our records.  

Via our online portal 

Submit request

By post

Fill in the form:

Download Data Subject Rights Request form

Send it to us at


Write the address exactly like this - in capital letters and all on one line. 

By email

Or you can email the completed form to


Any questions?

Just contact us, we'll be happy to help.

By email 

By phone

0800 121 8899

At a branch

For details of our opening hours.

We’ll reply to you as soon as we can and within one month. If we can’t reply within one month, we’ll let you know.

To make a request to credit reference agencies, fraud prevention organisations, or brokers, you must contact them directly.

How to make a data protection complaint

If you have a complaint on how we collect or process your information, get in touch.

If the information we hold about you is incorrect, let us know and we’ll investigate and update our records.

You can also find out more about your rights under the Data Protection Act at the Information Commissioner’s Office website at or by writing to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

If you’re not happy...

If you’re not happy about something we’re doing, please let us know. We sort out most problems very quickly. We aim to resolve any concerns promptly and fairly.

If you have a complaint about data protection or how we use your data, contact our Data Protection Office at

Or you can complain at any time to the Information Commissioner’s Office, an independent government organisation.

Find out more at:

Or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

Changes to our Privacy Notice

This Notice is effective from May 2023.

We update our Privacy Notice when anything changes or there’s new information we need to tell you. You can view and download the current Privacy Notice here.

Want help?
Our help section is bursting with useful information. If you'd rather chat, just give us a call.


Call us on 0800 121 8899

Lines open
  • Mon-Fri 8am-7pm
  • Saturday 9am-2pm
  • Sunday & Bank holidays Closed
Call us

Want help?
Our help section is bursting with useful information. If you'd rather chat, just give us a call.


Call us on

0800 121 8899

Call us