Some background information
We are Bank North Limited (“we”, “our”, “us” or “Bank North”) and are a company registered in England and Wales under company number 11030672 and you can contact us at our registered address - Suite 20A, Manchester One, 53 Portland Street, Manchester, M1 3LD.
We want to be as plain and transparent with you as possible. This notice describes how we will collect and use your information and personal data and outlines some of the measures we have taken to protect your privacy in accordance with data protection laws.
When we refer to “data protection laws” we mean the General Data Protection Regulation (EU 2016/679) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, the Data Protection Act 2018, Electronic Communications Act 2000, Privacy and Electronic Communications (EC Directive) Regulations 2003, and regulations and guidance made under this legislation, any restatement or re-enactment of this legislation or any substantially equivalent law enacted in the UK, as applicable.
Under the data protection laws, we are what is known as the “data controller” of your personal data. When we use the term “personal data”, we mean any information that relates to you and identifies you. This includes your name, email address, telephone number and any other personal information which relates to you as an individual.
We provide a non-advised service – what does this mean?
We will provide you with information about our products, but we will not recommend a product to you. It is up to you to decide whether the products we offer are right for you, meet your needs and if you want to take our products.
What information do we collect about you?
We will collect personal data from you through your use of our website, if you correspond with us, if you apply online, by post or in person for products or services from us, if you apply for a job vacancy with us, or for any such application through one of our affiliated intermediaries. The following table gives more details on the information we collect in each situation:
Your engagement with us
Information Processed by Us
Our use of this information
Use of our website to view our services or for any purpose described here
Technical information, including the internet protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version using analytic tools
Maintenance of our website and a better understanding of who is interacting with our website and what they are looking for
General communication with us
Any information you give us during such communication including your contact details and other relevant information
To resolve the issue that you have contacted us about and to manage any agreement you have with us
An application to us for a loan or other service whether directly or via an intermediary
Information provided with your application and other information we obtain from third parties in connection with the loan or other services, which we may share with other relevant third parties
To assess your creditworthiness and whether you can afford to take the product;
Verify the accuracy of information you have provided to us;
Prevent criminal activity;
Complete any transaction(s) with you;
Manage your account(s);
Trace and recover any debts; and
Ensure any offers provided to you are appropriate to your circumstances.
An application for a job with us
Information provided with your job application and other information we obtain from third parties in connection with your application
To make a decision on whether to offer you a job role
We will not normally collect or process what the data protection laws define as special category data to provide our services to you (for example personal data relating to your health, criminal offences, or ethnic origin). However, we may need to collect and process special category data relating to health and criminal offences in relation to some loan applications. If we do so we will process this data in accordance with our Data Protection Policy.
In circumstances where you provide us with personal data about someone other than yourself, you agree that you will not provide this data to us unless you have ensured that you have obtained all necessary consents and provided any required notices, or that you are otherwise permitted to provide such information to us, so that such information you provide to us can be lawfully used or disclosed in the manner and for the purposes set out in this notice. You will also ensure that any such information you do provide to us is relevant for our purposes, is reliable for this use, accurate, complete, and current.
How do we use your personal data and what is our legal basis for doing so?
We use your personal data in order:
· to carry out our operation as a bank;
· to provide you with banking and financial products and services;
· to make sure we do not breach any contracts;
· to keep Bank North and you secure;
· to give people information about products and services, and;
· to comply with the law.
We will also use your personal data to communicate with you about your account and to provide service-related updates and notifications.
We may use your information to market other products and services which we provide which we reasonably consider to be of use to you.
We must have a legitimate legal basis for processing your data. This will be one of the following:
Keeping to our contracts and agreements with you – Where we have agreed to provide you with services then we can process information in order to provide those services to you.
Legal obligations - In some cases, we have a legal responsibility to collect and store your personal data and to provide it to some third parties. For example, under money laundering regulations we must hold certain information about our customers and provide it to the appropriate authorities in certain circumstances.
Legitimate interests - We will use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy. For example, we may use your personal data to tell you about other services that we provide that we think may be of use to you. We may also carry out checks on you to confirm that you are a suitable candidate for a loan or other service and to check that it is appropriate to allow you to continue to use our services.
Consent – In some cases we will use your personal data because you have agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
Who might we share your personal data with?
We also work with third parties (including, for example, subcontractors in technical, payment and delivery services, credit reference agencies) and may pass information to and receive information from them about you.
Sometimes we will share your personal data, including with the following:
Introducers and intermediaries -Third parties who introduce your business to us to keep them informed about the progress of business they have introduced to us.
Credit Reference Agencies - In order to process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). We may also carry out further periodic searches at CRAs to allow us to manage your account with us.
To do this, we will supply your personal information to CRAs. This will include your name, date of birth and residential address. It may also include additional information such as your salary, previous residential addresses and other information you provide as part of your application to us.
The CRAs will match this information to the records they hold about you, and in return will provide us with, both public information (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRA’s about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse of a financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as your partner successfully files for a disassociation with the CRAs to break the link.
The identities of the CRA’s, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.equifax.co.uk/crain
Fraud prevention agencies – The Bank is a member of CIFAS (the UK’s fraud prevention community). Personal information that we collect from you prior to providing you with a product will be shared with fraud prevention agencies (FPAs) who will use it to detect and prevent fraud and money-laundering and to verify your identity. FPAs will also give us information about you. If we suspect or a FPA suspects that you pose a money laundering or fraud threat, or if fraud is detected, you could be refused certain services, finance, or employment, or we may decide not to proceed with your application and may also stop providing existing products to you. We may also provide CRAs and PRAs with this information, which they may retain and which may result in other financial services providers reviewing their position. More details of how your information will be used by us and these FPAs, and your data protection rights, can be found by reading the detailed CIFAS processing notice at https://www.cifas.org.uk/fpn
Third party organisations or processors - We may also use other companies to perform tasks on our behalf. For example, IT service providers.
Public bodies, law enforcement and regulators - The police and other law enforcement agencies, as well as public bodies like local authorities and our regulators, can sometimes ask us to supply them with personal data. This can be for various reasons, like preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax, or investigating complaints.
Where do we keep your personal data and will it go overseas?
We are based in the UK and our computer systems are also based in the UK. However, some organisations that help us to provide our services are based outside the UK. Occasionally, we may need to send your personal data outside the UK in order for us to provide our services, for example, when a third-party service provider of ours is based overseas or uses data servers that are based overseas. Where we do send personal data overseas, we will only send it to countries that the UK has approved as having appropriate data protection safeguards or where we have carried out a risk assessment and made sure there are suitable safeguards in place so that your personal data is protected.
How long will we keep your personal data for?
We will keep most of your personal data for as long as you’re using our services, and generally for six years after that to comply with the legal or regulatory requirements. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.
To work out how long we keep different categories of personal data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
Will we use your personal data in automated decision making or profiling?
We will not use automated systems to make decisions based on your data. However, we may sometimes use technology to help us make decisions. We may do this for deciding if:
· we can give` you a loan based on information we hold about you or your business, and information we receive from credit reference agencies (this includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court) and/or
· we need to take action, like freeze a transaction or an account, because we suspect fraud or money laundering against us or a customer. The technology we use may decide this based on patterns in our data like an account being used in a way that is unusual.
What are your rights?
You have rights in relation to our use of your data. These rights are summarised below but you can find much more information about these rights at https://ico.org.uk/your-data-matters
You have the right to be told about how we use your personal data. This privacy notice is intended to do this.
You can ask to see the personal data we hold about you (this is called making a ‘data subject access request’, or DSAR for short). You can also ask for information about what information we process and why.
You can ask us to correct your personal data if you think it's wrong. We must then assess your data and either correct it or justify its accuracy.
You can ask us to delete your personal data. We may refuse if we can show a good reason why we need to keep it.
You can object to us processing your personal data for marketing purposes or to satisfy our legitimate interests. We can refuse but we have to give good reasons for this.
You can ask us to restrict how we use your personal data. This is normally a temporary measure while we consider whether data we hold about you is accurate or whether we should stop processing it altogether.
You can ask us to transfer personal data to you.
You can withdraw your permission if we have relied on your consent to process your data.
Who do I contact to exercise my rights or if I have a complaint?
To exercise any of your rights set out above, you can contact us by sending an email to firstname.lastname@example.org or by writing to the Data Protection Officer, Bank North, Suite 20A, Manchester One, 53 Portland Street, Manchester M1 3LD.
If we are unsure of your identity when we receive your request, we will ask for you to provide proof of this prior to completing any actions.
If you have a complaint about how we use your personal data, please contact us in the first instance by sending an email to the above email address and we will do our best to fix the issue.
If you are still not happy, you can refer your complaint to the UK’s supervisory authority, the Information Commissioner’s Officer (ICO). For more details, you can visit their website at ico.org.uk or phone them on 0303 123 1113.
Changes to this notice
We may make changes to this privacy notice from time to time. Please check back to this page regularly to see any updates.
This notice was last updated on 6 October 2021.
Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.
How to control and delete cookies
If you want to restrict or block the cookies, you can do this through your browser settings. The ‘help’ function within your browser should tell you how. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.