Privacy Notice

Cambridge & Counties Bank Limited is incorporated and registered in England with company number 07972522 and its registered office is at Charnwood Court 5B New Walk Leicester LE1 6TE.

We are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority (Financial Services Register No: 579415).  We are registered with the Information Commissioner Office (ICO) (registration no Z3170362) and we are the “controller” for the purposes of data protection laws in relation to any personal information we hold about you.

Cambridge & Counties Bank respects the privacy of every individual. Your privacy is important to us, and we are committed to keeping your information secure and managing it in accordance with Data Protection laws.  This privacy notice explains how we do this and tells you about privacy rights and how the law protects you.

We have an appointed Data Protection Officer who can be contacted on any matter relating to your personal information and what we do with it. Their contact details are shown below.

To see a printable version of our privacy notice please click here.

Personal information that you provide to us may be used in a number of ways, including:

  • To open an account
  • Administering products and services
  • To verify your identity
  • To make responsible lending decisions
  • To communicate effectively with you
  • Applying for a job with us


Under Data Protection laws, we can only process your personal information if we have a legal reason to do so. We only use your personal information for these reasons:

  • To fulfil a contract we have with you (or to take steps at your request in anticipation of entering into a contract with you)
  • When it is our legal duty
  • When you consent to it

In simple terms, this means in order for us to open your account, provide products and services and administer those products under the terms of the agreement, or process your job application, we must have your consent or for contractual or legal reasons.

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so:

What we use your personal information forThe reason we use your personal information.
• To manage our relationship with you or your business
• To develop new ways to meet customer needs and to grow our business
• To keep you updated with information that may be of interest, including information about our products and services
• To study how our customers use our products and services and test new products
• To develop, manage and deliver our brand, products and services
• To manage how we work with other companies that provide services to us and our customers
• To make and manage payments
• To manage fees, charges and interest due on accounts
• To collect and recover money that is owed to us
• Activities in relation to anti-money laundering and financial crime prevention
• To manage risk for us and our customers
• To obey laws and regulations that apply to us
• To respond to complaints and seek to resolve them
• To exercise our rights set out in our agreements or contracts with you
• Keeping our records up to date, working out which products and services may interest you and telling you about them
• Developing products and services, and what we charge for them
• Defining types of customers for new products or services
• Seeking your consent when we need it (for marketing) to contact you
• Being efficient about how we fulfil our legal and/or contractual duties
• Complying with regulations that apply to us

We use different types of personal information, and group them together like this:

Type/sources of personal informationDescription
Financial• Your financial position, status and history.
Contact• Where you live and how to contact you.
Socio-Demographic• This includes details about your work or profession, nationality, education and where you fit into general social groupings.
Transactional• Details about payments to and from your accounts with us.
Contractual• Details about the products or services we provide to you.
Locational• Information we get about you that may come from your phone or the address where you connect a computer to the internet.
Behavioural• Details about how you use our products and services.
Technical• Details on the devices and technology you use.
Communications• What we learn about you or you tell us from letters, emails and conversations between us.
Relationships• Information about people (joint parties) associated with your accounts.
Open Data and Public Records• Details about you that are in public records, such as the Electoral Register, and information about you that is openly available in public records.
Documentary Data• Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.
Consents• Any permissions, consents or preferences that you give us.
National Identifier• A number or code given to you by a government to identify who you are, such as a national insurance number, tax identification number, or passport number.

Special types of data

Some personal information is of a more ‘sensitive’ nature and is referred to as ‘Special Category’ Personal Data (“SCPD”).  Where it is necessary for us to process this kind of information, we will ask for your explicit consent to do so.  This type of information includes:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade Union Membership
  • Genetics and data about your identifiable physical, physiological or behavioural characteristics
  • Health, sex life or sexual orientation
  • Criminal convictions and offences


Please note, in most cases, the reason for processing your “SCPD” is to ensure that we provide an appropriate and tailored service and to deliver a positive experience for our customers and job applicants.  Therefore it is important that you consider the reason that we are processing the information before you decide whether or not to give consent. We will keep the collection and use of “SCPD” to a minimum.

We may collect personal information about you (or your business) from these sources:

 Information you give to us:

  • When you apply for our products and services
  • When you talk to us on the phone or in person
  • When you use our website, including secure messages online
  • In emails and letters
  • In financial reviews and interviews
  • In customer surveys
  • If you take part in a competition or promotions

Information we collect when you use our services:

This includes the amount, frequency, type, location, origin and recipients:

  • Payment and transaction information
  • Profile and usage information. This includes the profile you create to identify yourself when you connect to our online and telephone services. It also includes other information about how you use those services. We gather this information from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software.

 Information from third parties we work with:

  • Companies that introduce you to us
  • Financial advisers, brokers or introducers
  • Credit reference agencies
  • Comparison websites
  • Social networks
  • Solicitors, lawyers and valuers
  • Public information sources such as Companies House
  • Agents working on our behalf
  • Independent market researcher organisations
  • Government and law enforcement agencies

We do not sell or trade your information to third party organisations.  We may share your personal information with organisations who assist us in conducting our business or servicing you or your business or in identifying potential financial crime, for example:

  • Credit reference agencies
  • HM Revenue & Customs, regulators and other statutory bodies and authorities
  • UK Financial Services Compensation Scheme and Financial Ombudsman Service
  • Funding for Lending Scheme, British Business Bank and similar industry bodies
  • Any party linked with you or your business’ product or service
  • Companies we have a joint venture or agreement to co-operate with
  • Our professional advisors and auditors
  • Organisations that introduce you to us
  • Companies that we introduce you to
  • Independent market researcher organisations
  • Financial advisors
  • Price comparison websites and similar companies that offer ways to research and apply for financial products and services
  • Companies you ask us to share your information with
  • Direct Debit scheme, if you use direct debits
  • Other lenders who also hold a charge on the property, if you have a secured loan or mortgage with us

We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.

Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.

Credit Reference Agencies

In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”).  We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.

To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product
  • Verify the accuracy of the information you have provided to us
  • Prevent criminal activity, fraud and money laundering
  • Manage your account(s)
  • Trace and recover debts
  • Ensure any offers provided to you are appropriate to your circumstances

We will continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations.

If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.

We need to confirm your identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.

Both we and CRAs can only use your personal information if we have a proper reason to do so.

We will use the information to:

  • Confirm identities
  • Help prevent fraud and money-laundering
  • Fulfil any contracts you or your business has with us

We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.

CRAs can keep personal information for different lengths of time. They can keep your information for up to six years if they find a risk of fraud or money-laundering.

The information we use

The information we have for you or your business is made up of what you tell us, and information we collect when you use our services, or from third parties we work with.

We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.

 How this can affect you

If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.

This may result in other organisations refusing to provide you with products or services, or to employ you.

Data transfers out of the EEA

CRAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.

The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail at and


We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us.  This means that we may hold your personal information after your relationship with us ends for up to seven years. We may do this for the following reasons:

  • To ensure good customer service, allowing former customers to access their personal information
  • To be able to handle customer queries and complaints fairly and effectively
  • To allow us to preserve, defend or enforce any relevant legal rights we may have.

We may keep your information for longer than seven years in certain circumstances, such as:

  • To enable us to meet regulatory and legal obligations.
  • For research or statistical purposes.

If we do keep your information for longer than seven years we will make sure that your privacy is protected and only use it for these purposes.

You have specific rights in relation to the personal information that we process. Put simply, this means that you have the right to be informed how we process your personal information, to have access to this personal information, to correct information where it is inaccurate, move certain information to other organisations (where appropriate) and in some circumstances object to and restrict the processing of personal information.  You have a right to request us to erase personal information held about you in certain circumstances.

 Accessing and correcting personal information

If you would like a copy of the information we hold about you, please contact our Data Protection Officer, whose details can be found in Section 7.  You have the right to question any information we have about you that you think is wrong or incomplete.  If you do, we will check its accuracy and correct it.

 Stopping us from using your personal information

You have a right to object to our use of your personal information, or to ask us to delete, remove, or stop using it.  There may be legal or official reasons for why we need to keep or use your information.  If this is the case we will explain the reasons to you.

Restricting the use of your personal information

We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.

You can ask us to restrict the use of your personal information if:

  • It is not accurate
  • It has been used unlawfully but you do not want us to delete it
  • It is not relevant any more, but you want us to keep it for use in legal claims
  • You have already asked us to stop using your information but you are waiting for us to tell you if we are allowed to keep on using it

If you want to access, correct, stop or restrict how we use your personal information, please contact our Data Protection Officer.

 How to withdraw your consent to receiving Marketing

You can review or withdraw your consent to receiving marketing at any time. Please contact [email protected] if you want to do so.

If you are in any way dissatisfied about the protection of your personal information or how we have processed it, you can contact our Data Protection Officer, whose details can be found below. You also have the right to complain directly to the Information Commissioner’s Office (ICO).  For more information go to their website at

For further information on how your information is used, please contact our Data Protection Officer by email to [email protected] or in writing to:

Data Protection Officer

Cambridge & Counties Bank

Charnwood Court

5B New Walk



Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information.

We use cookies to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

For information please see the Cookies Policy section.


Website Terms of Use

Please also visit our terms of use section establishing the use, disclaimers, and limitations of liability governing the use of our website.

If you are using our online account access service View My Accounts, please see the terms and conditions of this service.


How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. This includes the adoption of the UK Governments recommended Cyber Essentials security framework in which we have achieved the Cyber Essentials Plus accreditation certifying that we have robust controls in place to meet regulatory requirements and mitigate the risk posed by cyber criminals.

If we decide to change our privacy policy, we will post those changes on this page.

This policy was last modified on 30th April 2018.