Cambridge & Counties Bank Limited is incorporated and registered in England with company number 07972522 and its registered office is at Charnwood Court 5B New Walk Leicester LE1 6TE.
We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (Financial Services Register No: 579415). We are registered with the Information Commissioner Office (ICO) (registration no Z3170362) and we are the “controller” for the purposes of data protection laws in relation to any personal information we hold about you.
Cambridge & Counties Bank respects the privacy of every individual. Your privacy is important to us, and we are committed to keeping your information secure and managing it in accordance with Data Protection laws. This privacy notice explains how we do this and tells you about privacy rights and how the law protects you.
We have an appointed Data Protection Officer who can be contacted on any matter relating to your personal information and what we do with it. Their contact details are shown below.
To see a printable version of our privacy notice please click here.
Personal information that you provide to us may be used in a number of ways, including:
Under Data Protection laws, we can only process your personal information if we have a legal reason to do so. We only use your personal information for these reasons:
In simple terms, this means in order for us to open your account, provide products and services and administer those products under the terms of the agreement, or process your job application, we must have your consent or for contractual or legal reasons.
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so:
|What we use your personal information for||The reason we use your personal information.|
|• To manage our relationship with you or your business|
• To develop new ways to meet customer needs and to grow our business
• To keep you updated with information that may be of interest, including information about our products and services
• To study how our customers use our products and services and test new products
• To develop, manage and deliver our brand, products and services
• To manage how we work with other companies that provide services to us and our customers
• To make and manage payments
• To manage fees, charges and interest due on accounts
• To collect and recover money that is owed to us
• Activities in relation to anti-money laundering and financial crime prevention
• To manage risk for us and our customers
• To obey laws and regulations that apply to us
• To respond to complaints and seek to resolve them
• To exercise our rights set out in our agreements or contracts with you
|• Keeping our records up to date, working out which products and services may interest you and telling you about them
• Developing products and services, and what we charge for them
• Defining types of customers for new products or services
• Seeking your consent when we need it (for marketing) to contact you
• Being efficient about how we fulfil our legal and/or contractual duties
• Complying with regulations that apply to us
We use different types of personal information, and group them together like this:
|Type/sources of personal information||Description|
|Financial||• Your financial position, status and history.|
|Contact||• Where you live and how to contact you.|
|Socio-Demographic||• This includes details about your work or profession, nationality, education and where you fit into general social groupings.|
|Transactional||• Details about payments to and from your accounts with us.|
|Contractual||• Details about the products or services we provide to you.|
|Locational||• Information we get about you that may come from your phone or the address where you connect a computer to the internet.|
|Behavioural||• Details about how you use our products and services.|
|Technical||• Details on the devices and technology you use.|
|Communications||• What we learn about you or you tell us from letters, emails and conversations between us.|
|Relationships||• Information about people (joint parties) associated with your accounts.|
|Open Data and Public Records||• Details about you that are in public records, such as the Electoral Register, and information about you that is openly available in public records.|
|Documentary Data||• Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.|
|Consents||• Any permissions, consents or preferences that you give us.|
|National Identifier||• A number or code given to you by a government to identify who you are, such as a national insurance number, tax identification number, or passport number.|
Special types of data
Some personal information is of a more ‘sensitive’ nature and is referred to as ‘Special Category’ Personal Data (“SCPD”). Where it is necessary for us to process this kind of information, we will ask for your explicit consent to do so. This type of information includes:
Please note, in most cases, the reason for processing your “SCPD” is to ensure that we provide an appropriate and tailored service and to deliver a positive experience for our customers and job applicants. Therefore it is important that you consider the reason that we are processing the information before you decide whether or not to give consent. We will keep the collection and use of “SCPD” to a minimum.
We may collect personal information about you (or your business) from these sources:
Information you give to us:
Information we collect when you use our services:
This includes the amount, frequency, type, location, origin and recipients:
Information from third parties we work with:
We do not sell or trade your information to third party organisations. We may share your personal information with organisations who assist us in conducting our business or servicing you or your business or in identifying potential financial crime, for example:
We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.
Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations.
If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.
We need to confirm your identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.
Both we and CRAs can only use your personal information if we have a proper reason to do so.
We will use the information to:
We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
CRAs can keep personal information for different lengths of time. They can keep your information for up to six years if they find a risk of fraud or money-laundering.
The information we use
The information we have for you or your business is made up of what you tell us, and information we collect when you use our services, or from third parties we work with.
We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
How this can affect you
If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the EEA
CRAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail at http://www.experian.co.uk/crain and https://www.equifax.co.uk/crain
We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years. We may do this for the following reasons:
We may keep your information for longer than seven years in certain circumstances, such as:
If we do keep your information for longer than seven years we will make sure that your privacy is protected and only use it for these purposes.
You have specific rights in relation to the personal information that we process. Put simply, this means that you have the right to be informed how we process your personal information, to have access to this personal information, to correct information where it is inaccurate, move certain information to other organisations (where appropriate) and in some circumstances object to and restrict the processing of personal information. You have a right to request us to erase personal information held about you in certain circumstances.
Accessing and correcting personal information
If you would like a copy of the information we hold about you, please contact our Data Protection Officer, whose details can be found in Section 7. You have the right to question any information we have about you that you think is wrong or incomplete. If you do, we will check its accuracy and correct it.
Stopping us from using your personal information
You have a right to object to our use of your personal information, or to ask us to delete, remove, or stop using it. There may be legal or official reasons for why we need to keep or use your information. If this is the case we will explain the reasons to you.
Restricting the use of your personal information
We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
If you want to access, correct, stop or restrict how we use your personal information, please contact our Data Protection Officer.
How to withdraw your consent to receiving Marketing
You can review or withdraw your consent to receiving marketing at any time. Please contact [email protected] if you want to do so.
If you are in any way dissatisfied about the protection of your personal information or how we have processed it, you can contact our Data Protection Officer, whose details can be found below. You also have the right to complain directly to the Information Commissioner’s Office (ICO). For more information go to their website at www.ico.org.uk.
For further information on how your information is used, please contact our Data Protection Officer by email to [email protected] or in writing to:
Data Protection Officer
Cambridge & Counties Bank
5B New Walk
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information.
For information please see the Cookies Policy section.
If you are using our online account access service View My Accounts, please see the terms and conditions of this service.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. This includes the adoption of the UK Governments recommended Cyber Essentials security framework in which we have achieved the Cyber Essentials Plus accreditation certifying that we have robust controls in place to meet regulatory requirements and mitigate the risk posed by cyber criminals.
This policy was last modified on 30th April 2018.