Cambridge & Counties Bank Limited is incorporated and registered in England & Wales with company number 07972522 and our registered office is at Charnwood Court, 5B New Walk, Leicester, LE1 6TE.
We are registered with the Information Commissioner Office (ICO) (registration no Z3170362) and we have an appointed Data Protection Officer who can be contacted on any matter relating to your personal information and what we do with it. Their contact details are shown below.
Cambridge & Counties Bank respects the privacy of every individual. Your privacy is important to us and we are committed to keeping your information secure and managing it in accordance with Data Protection laws. This Privacy Notice explains how we do this and tells you about privacy rights and how the law protects you.
For further information on how your information is used, please contact our Data Protection Officer by email to [email protected], by phone on 0344 225 3939 or in writing to:
Data Protection Officer, Cambridge & Counties Bank, Charnwood Court, 5B New Walk, Leicester, LE1 6TE
To see a printable version of our privacy notice please click here.
Under Data Protection laws, we can only process your personal information or information about individuals connected to you if we have a legal reason to do so.
We only use your personal information and information about individuals connected to you for these reasons:
In simple terms, this means that in order for us to open an account, provide products & services and administer those products under the terms of the agreement, or process a job application, we must have your consent or have contractual/legal reasons.
When we have a business or commercial reason of our own to use your information, this is known as a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests, on the next page we detail our legitimate interests for processing personal data.
Special Category data
The law and other regulations treat some types of personal information as special category data. We will not collect or use these types of data without your specific consent; unless the law allows us to do so. If we do, it will only be when it is necessary:
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so:
|What we use personal information about you and connected individuals for||Our legitimate interests for using your personal information|
|• To manage our relationship with you or your business|
• To be efficient about how we fulfil our legal and/or contractual duties
• To develop, manage and deliver our brand, products and services
• To manage how we work with other companies that provide services to us and our customers
• To make and manage payments
• To manage fees, charges, and interest due on accounts
• To collect and recover money that is owed to us
• To detect and prevent financial crime e.g. money laundering, fraud & terrorist financing
• To manage risk for us and our customers
• To obey laws and regulations that apply to us
• To respond to complaints and seek to resolve them
• To exercise our rights set out in our agreements or contracts with you
• To provide online banking services
• To carry out your instructions
|• Keeping our records up to date, working out which products and services may interest you and telling you about them
• Developing products and services, and what we charge for them
• Defining types of customers for new products or services
• Seeking your consent when we need it to contact you
• Developing new ways to meet customer needs and to grow our business
• Making improvements to our customer journey
• Improving our processes to detect financial crime and unusual activities
• Studying how our customers use our products and services and test new products
We use different types of personal information, and group them together like this:
|Types of personal information||Description|
|Financial||• Your current and historic financial position and status|
|Contact||• How to contact you and your contact preferences|
|Socio-Demographic||• Details about your work or profession, education and where you fit into general social groupings|
|Transactional||• Details about payments to and from your accounts with us.|
|Contractual||• Details about the products or services we provide to you.|
|Locational||• Information we get about you that may come from your phone or the address where you connect a computer to the internet|
|Behavioural||• Details about how you use our products and services.|
|Technical||• Details on the devices and technology you use.|
|Communications||• What we learn about you or you tell us from letters, emails and conversations between us.|
|Relationships||• Information about people (joint parties) associated with your accounts.|
|Open Data and Public Records||• Details about you that are in public records, such as the Electoral Register, and information about you that is openly available in public records.|
|Documentary Data||• Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.|
|Consents||• Any permissions, consents or preferences that you give us e.g. Marketing|
|National Identifier||• A number or code given to you by a government to identify who you are, such as a national insurance number or tax identification number|
|Special Category Data||• Racial or ethnic origin;
• Religious, political or philosophical beliefs;
• Trade union membership;
• Genetic and bio-metric data;
• Health data;
• Lifestyle information, including data related to sex life or sexual orientation;
• Criminal records of convictions and offences; and
• Allegations of criminal offences.
We may collect personal information about you, or individuals connected with you from these sources:
Information you give to us or which others provide to us on your behalf:
Information we collect when you use our services:
This includes the amount, frequency, type, location, origin and recipients:
Information from third parties we work with:
We do not sell or trade your information to third party organisations. We may share your personal information with organisations who assist us in conducting our business or servicing you or your business or in identifying potential financial crime, for example:
We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.
Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.
Credit Reference Agencies
If you apply for a new product or service from us, we may perform credit and identity checks on you and certain individuals connected to you or your business with one or more credit reference agencies (“CRAs”) or data aggregators. We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.
To do this, we will supply your personal information to CRAs and they will give us information about you. This may include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We may continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations. The type of footprint left is dependent upon the search that is conducted.
If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.
We need to confirm your identity before we provide products or services to you or your business.
Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.
We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
CRAs can keep personal information for different lengths of time. For example, they can keep your information for up to six years if they find a risk of fraud or money-laundering.
The information we can use
The information we have for you or your business is made up of what you tell us, and information we collect when you use our services, or from third parties we work with.
We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
How this can affect you
If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the EEA
CRAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail at http://www.experian.co.uk/crain and https://www.equifax.co.uk/crain
We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years. We may do this for the following reasons:
We may keep your information for longer than seven years in certain circumstances, such as:
If we do keep your information for longer than seven years we will make sure that your privacy is protected and only use it for these purposes.
You have specific rights in relation to the personal information that we process. Put simply, this means that you have the right to be informed how we process your personal information, to have access to this personal information, to correct information where it is inaccurate, move certain information to other organisations (where appropriate) and in some circumstances object to and restrict the processing of personal information. You also have a right to request us to erase personal information held about you in certain circumstances. If you want to access, correct, stop or restrict how we use your personal information, please contact our Data Protection Officer as detailed in Section 8.
Accessing and correcting personal information
You can request a copy of the personal information we hold about you. You also have the right to get certain personal information from us as a digital file, so you can keep and use it yourself, or give it to other organisations if you choose to. If you wish, we will provide it to you in an electronic format that can be easily re-used, or you can ask us to pass it on to other organisations for you.
You also have the right to question any information we have about you that you think is wrong or incomplete. If you do, we will check its accuracy and correct it where required.
Stopping us from using your personal information
You have a right to object to our use of your personal information, or to ask us to delete, remove, or stop using it. There may be legal or official reasons for why we need to keep or use your information. If this is the case we will explain the reasons to you.
If you choose not to give personal information
We may need to collect information by law, or to enter into or fulfil a contract we have with you or your business.
If you choose not to give us this information, it may delay or prevent us from fulfilling our contract with you or your business, or doing what we must do by law. It could also mean that we cancel a product or service you or your business has with us.
We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won’t affect the products or services your business has with us.
Restricting the use of your personal information
We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
How to withdraw your consent to receiving Marketing
You can review or withdraw your consent to receiving marketing at any time. Please contact [email protected] if you want to do so or use the unsubscribe link on any email marketing we send you.
This section tells you about the safeguards that keep your personal information safe and private, if it is sent outside the UK and EEA.
We will only send your data outside of the European Economic Area (‘EEA’) to:
• Follow your instructions;
• Comply with a legal duty;
• Work with our suppliers who help us to run your accounts and services.
If we do transfer your personal information outside the UK and EEA to our suppliers, we’ll make sure that it is protected to the same extent as in the UK and EEA. We’ll use one of these safeguards:
• Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
• Put in place a contract with the recipient that means they must protect it to the same standards as the UK and EEA.
• Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the UK and EEA.
Learn more about the above on the European Commission Justice website.
If you are in any way dissatisfied about the protection of your personal information or how we have processed it, you can contact our Data Protection Officer, whose details can be found below. You also have the right to complain directly to the Information Commissioner’s Office (ICO). For more information go to their website at www.ico.org.uk.
For further information on how your information is used, please contact our Data Protection Officer using the contact details below
By email at [email protected]
By phone on 0344 225 3939
By writing to Data Protection Officer:
Cambridge & Counties Bank, Charnwood Court, 5B New Walk, Leicester LE1 6TE
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information.
For information please see the Cookies Policy section.
If you are using our online account access service View My Accounts, please see the terms and conditions of this service.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. This includes the adoption of the UK Governments recommended Cyber Essentials security framework in which we have achieved the Cyber Essentials Plus accreditation certifying that we have robust controls in place to meet regulatory requirements and mitigate the risk posed by cyber criminals.
If we decide to change our privacy notice, we will post those changes on this page.
This notice was last modified on 18 November 2019.