We will provide your information to our service providers to allow them to assist us with delivering the products or services that you have requested, under the following categories:
- credit reference agencies;
- information technology and information security providers;
- market research and analytics companies;
- payment service providers; and
- ID verification providers.
We share your personal information with these service providers for the purposes of:
- providing our services to you;
- market research;
- analytical and statistical purposes; and
- maintaining a record of our relationship.
If you would like further information regarding the specific named recipients that we share data with, please contact us by writing to the Data Protection Officer.
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain. CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit www.callcredit.co.uk/crain; Equifax www.equifax.co.uk/crain; Experian www.experian.co.uk/crain.
Fraud prevention, law enforcement agencies and other non-marketing users
We may share your personal information, or any suspected fraud relating to you, with law enforcement agencies and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime or to protect the rights, property, or our safety, our customers or others.
The personal information you provide (including your email and internet protocol (IP) addresses) may also be copied, stored, used and licensed to assist with identity verification, prevention of fraud and money laundering, service delivery and process implementation.
We may share your information if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC), who may transfer it to the government or the tax authorities in another country where you may be subject to tax.
We may also share your personal information with any other third parties where we are required to do so by law.
The results of your identity check may also be disclosed to authorised third parties through credit referencing, fraud prevention, risk assessment and identification products.
We transfer, use and/or store your personal information outside of the European Economic Area (“EEA”) and the laws of some of these destination countries may not offer the same standard of protection for personal information as in the UK.
We currently transfer data outside of the EEA, to India for the purposes of managing the software used to administer our products.
We may update this list from time to time and any changes will be communicated to you via an update to this privacy notice.
Transfers to our third-party service providers are to enable them use and store your personal information on our behalf. We will, however, put in place appropriate security procedures in order to protect your personal information. We also ensure that, where your information is transferred to any country outside the EEA this is done using specific legally-approved safeguards. You can request further details and a copy of these by contacting the Data Protection Officer (see section 9).