Cambridge & Counties Bank Limited is incorporated and registered in England with company number 07972522 and its registered office is at Charnwood Court 5B New Walk Leicester LE1 6TE.
We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (Financial Services Register No: 579415). We are registered with the Information Commissioner Office (ICO) (registration no Z3170362) and we are the “controller” for the purposes of data protection laws in relation to any personal information we hold about you.
Cambridge & Counties Bank respects the privacy of every individual. Your privacy is important to us, and we are committed to keeping your information secure and managing it in accordance with Data Protection laws. This privacy notice explains how we do this and tells you about privacy rights and how the law protects you.
We have an appointed Data Protection Officer who can be contacted on any matter relating to your personal information and what we do with it. Their contact details are shown below.
To see a printable version of our privacy notice please click here.
1. What information do we collect and how do we use it?
Personal information that you provide to us may be used in a number of ways, including:
To open an account
Administering products and services
To verify your identity
To make responsible lending decisions
To communicate effectively with you
Applying for a job with us
Under Data Protection laws, we can only process your personal information if we have a legal reason to do so. We only use your personal information for these reasons:
To fulfil a contract we have with you (or to take steps at your request in anticipation of entering into a contract with you)
When it is our legal duty
When you consent to it
In simple terms, this means in order for us to open your account, provide products and services and administer those products under the terms of the agreement, or process your job application, we must have your consent or for contractual or legal reasons.
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so:
What we use your personal information for
The reason we use your personal information.
• To manage our relationship with you or your business
• To develop new ways to meet customer needs and to grow our business
• To keep you updated with information that may be of interest, including information about our products and services
• To study how our customers use our products and services and test new products
• To develop, manage and deliver our brand, products and services
• To manage how we work with other companies that provide services to us and our customers
• To make and manage payments
• To manage fees, charges and interest due on accounts
• To collect and recover money that is owed to us
• Activities in relation to anti-money laundering and financial crime prevention
• To manage risk for us and our customers
• To obey laws and regulations that apply to us
• To respond to complaints and seek to resolve them
• To exercise our rights set out in our agreements or contracts with you
• Keeping our records up to date, working out which products and services may interest you and telling you about them
• Developing products and services, and what we charge for them
• Defining types of customers for new products or services
• Seeking your consent when we need it (for marketing) to contact you
• Being efficient about how we fulfil our legal and/or contractual duties
• Complying with regulations that apply to us
We use different types of personal information, and group them together like this:
Type/sources of personal information
• Your financial position, status and history.
• Where you live and how to contact you.
• This includes details about your work or profession, nationality, education and where you fit into general social groupings.
• Details about payments to and from your accounts with us.
• Details about the products or services we provide to you.
• Information we get about you that may come from your phone or the address where you connect a computer to the internet.
• Details about how you use our products and services.
• Details on the devices and technology you use.
• What we learn about you or you tell us from letters, emails and conversations between us.
• Information about people (joint parties) associated with your accounts.
Open Data and Public Records
• Details about you that are in public records, such as the Electoral Register, and information about you that is openly available in public records.
• Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.
• Any permissions, consents or preferences that you give us.
• A number or code given to you by a government to identify who you are, such as a national insurance number, tax identification number, or passport number.
Special types of data
Some personal information is of a more ‘sensitive’ nature and is referred to as ‘Special Category’ Personal Data (“SCPD”). Where it is necessary for us to process this kind of information, we will ask for your explicit consent to do so. This type of information includes:
Racial or ethnic origin
Religious or philosophical beliefs
Trade Union Membership
Genetics and data about your identifiable physical, physiological or behavioural characteristics
Health, sex life or sexual orientation
Criminal convictions and offences
Please note, in most cases, the reason for processing your “SCPD” is to ensure that we provide an appropriate and tailored service and to deliver a positive experience for our customers and job applicants. Therefore it is important that you consider the reason that we are processing the information before you decide whether or not to give consent. We will keep the collection and use of “SCPD” to a minimum.
2. Where do we collect your personal information from?
We may collect personal information about you (or your business) from these sources:
Information you give to us:
When you apply for our products and services
When you talk to us on the phone or in person
When you use our website, including secure messages online
In emails and letters
In financial reviews and interviews
In customer surveys
If you take part in a competition or promotions
Information we collect when you use our services:
This includes the amount, frequency, type, location, origin and recipients:
Payment and transaction information
Profile and usage information. This includes the profile you create to identify yourself when you connect to our online and telephone services. It also includes other information about how you use those services. We gather this information from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software.
Information from third parties we work with:
Companies that introduce you to us
Financial advisers, brokers or introducers
Credit reference agencies
Solicitors, lawyers and valuers
Public information sources such as Companies House
Agents working on our behalf
Independent market researcher organisations
Government and law enforcement agencies
3. Who do we share your information with?
We do not sell or trade your information to third party organisations. We may share your personal information with organisations who assist us in conducting our business or servicing you or your business or in identifying potential financial crime, for example:
Credit reference agencies
HM Revenue & Customs, regulators and other statutory bodies and authorities
UK Financial Services Compensation Scheme and Financial Ombudsman Service
Funding for Lending Scheme, British Business Bank and similar industry bodies
Any party linked with you or your business’ product or service
Companies we have a joint venture or agreement to co-operate with
Our professional advisors and auditors
Organisations that introduce you to us
Companies that we introduce you to
Independent market researcher organisations
Price comparison websites and similar companies that offer ways to research and apply for financial products and services
Companies you ask us to share your information with
Direct Debit scheme, if you use direct debits
Other lenders who also hold a charge on the property, if you have a secured loan or mortgage with us
We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.
Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
Assess your creditworthiness and whether you can afford to take the product
Verify the accuracy of the information you have provided to us
Prevent criminal activity, fraud and money laundering
Manage your account(s)
Trace and recover debts
Ensure any offers provided to you are appropriate to your circumstances
We will continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations.
If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.
We need to confirm your identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.
Both we and CRAs can only use your personal information if we have a proper reason to do so.
We will use the information to:
Help prevent fraud and money-laundering
Fulfil any contracts you or your business has with us
We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
CRAs can keep personal information for different lengths of time. They can keep your information for up to six years if they find a risk of fraud or money-laundering.
The information we use
The information we have for you or your business is made up of what you tell us, and information we collect when you use our services, or from third parties we work with.
We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
How this can affect you
If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the EEA
CRAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail at http://www.experian.co.uk/crain and https://www.equifax.co.uk/crain
4. How long will we keep your information?
We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years. We may do this for the following reasons:
To ensure good customer service, allowing former customers to access their personal information
To be able to handle customer queries and complaints fairly and effectively
To allow us to preserve, defend or enforce any relevant legal rights we may have.
We may keep your information for longer than seven years in certain circumstances, such as:
To enable us to meet regulatory and legal obligations.
For research or statistical purposes.
If we do keep your information for longer than seven years we will make sure that your privacy is protected and only use it for these purposes.
5. How to access and correct your personal information:
You have specific rights in relation to the personal information that we process. Put simply, this means that you have the right to be informed how we process your personal information, to have access to this personal information, to correct information where it is inaccurate, move certain information to other organisations (where appropriate) and in some circumstances object to and restrict the processing of personal information. You have a right to request us to erase personal information held about you in certain circumstances.
Accessing and correcting personal information
If you would like a copy of the information we hold about you, please contact our Data Protection Officer, whose details can be found in Section 7. You have the right to question any information we have about you that you think is wrong or incomplete. If you do, we will check its accuracy and correct it.
Stopping us from using your personal information
You have a right to object to our use of your personal information, or to ask us to delete, remove, or stop using it. There may be legal or official reasons for why we need to keep or use your information. If this is the case we will explain the reasons to you.
Restricting the use of your personal information
We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
It is not accurate
It has been used unlawfully but you do not want us to delete it
It is not relevant any more, but you want us to keep it for use in legal claims
You have already asked us to stop using your information but you are waiting for us to tell you if we are allowed to keep on using it
If you want to access, correct, stop or restrict how we use your personal information, please contact our Data Protection Officer.
How to withdraw your consent to receiving Marketing
You can review or withdraw your consent to receiving marketing at any time. Please contact [email protected] if you want to do so.
6. Complaints about data protection
If you are in any way dissatisfied about the protection of your personal information or how we have processed it, you can contact our Data Protection Officer, whose details can be found below. You also have the right to complain directly to the Information Commissioner’s Office (ICO). For more information go to their website at www.ico.org.uk.
7. Who can you contact for more information
For further information on how your information is used, please contact our Data Protection Officer by email to [email protected] or in writing to:
Data Protection Officer
Cambridge & Counties Bank
5B New Walk
8. Online Privacy
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information.
If you are using our online account access service View My Accounts, please see the terms and conditions of this service.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. This includes the adoption of the UK Governments recommended Cyber Essentials security framework in which we have achieved the Cyber Essentials Plus accreditation certifying that we have robust controls in place to meet regulatory requirements and mitigate the risk posed by cyber criminals.
Changes to our Privacy Notice
GDPR (General Data Protection Regulation) is coming on 25th May 2018 and we have updated our Privacy Notice to help you understand what we do with your information.