Cambridge & Counties Bank Limited is incorporated and registered in England & Wales with company number 07972522 and our registered office is Charnwood Court, 5B New Walk, Leicester, LE1 6TE.
We are registered with the Information Commissioner Office (ICO) (registration no Z3170362) and we have an appointed Data Protection Officer who can be contacted on any matter relating to your personal information and what we do with it. Their contact details are shown below.
Cambridge & Counties Bank respects the privacy of every individual. Your privacy is important to us and we are committed to keeping your information secure and managing it in accordance with Data Protection laws. This Privacy Notice explains how we do this and tells you about privacy rights and how the law protects you.
For further information on how your information is used, please contact our Data Protection Officer by email to [email protected], by phone on 0344 225 3939 or in writing to Data Protection Officer, Cambridge & Counties Bank, Charnwood Court, 5B New Walk, Leicester, LE1 6TE.
Under Data Protection laws, we can only process your personal information or information about individuals connected to you if we have a legal reason to do so.
We only use your personal information and information about individuals connected to you for these reasons:
- To fulfil a contract we have with you (or to take steps at your request in anticipation of entering into a contract with you);
- When it is our legal duty;
- When you consent to it; or
- If we have a legitimate interest.
In simple terms, this means that in order for us to open an account, provide products & services and administer those products under the terms of the agreement, or process a job application, we must have your consent or have contractual/legal reasons.
Where we process the personal data of a child, we will only use their data to fulfil a contract or where we have a legal requirement (e.g. anti-money laundering purposes). We will not use the personal data of a child for marketing purposes.
When we have a business or commercial reason of our own to use your information, this is known as a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests, on the next page we detail our legitimate interests for processing personal data.
Special category data
The law and other regulations treat some types of personal information as special category data. We will not collect or use these types of data without your specific consent; unless the law allows us to do so. If we do, it will only be when it is necessary:
- For reasons of substantial public interest, or
- To establish, exercise or defend legal claims
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so:
|What we use personal information about you and connected individuals for||Our legitimate interests for using your personal information|
Cambridge & Counties Bank obtains lots of different types of data about you. Below we group together the different types of data so you can see what types of data we may obtain about you and connected individuals.
|Types of personal information||Description|
|Financial||Your current and historic financial position and status|
|Contact||How to contact you and your contact preferences|
|Socio-demographic||Details about your work or profession, education and where you fit into general social groupings|
|Transactional||Details about payments to and from your accounts with us|
|Contractual||Details about the products or services we provide to you|
|Locational||Information we get about you that may come from your phone or the Internet Protocol (IP) address where you connect a computer to the internet|
|Behavioural||Details about how you use our products and services|
|Technical||Details on the devices and technology you use|
|Communications||What we learn about you or you tell us from letters, emails and conversations between us|
|Relationships||Information about people (joint parties) associated with your accounts|
|Open data and public records||Details about you that are in public records, such as the Electoral Register, and information about you that is openly available in public records|
|Documentary data||Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate|
|Consents||Any permissions, consents or preferences that you give us e.g. marketing|
|National identifier||A number or code given to you by a government to identify who you are, such as a national insurance number or tax identification number|
|Special category data||
|Criminal convictions and offences||
We may collect personal information about you, your business, or individuals connected with you or your business from these sources:
Information you give to us or which others provide to us on your behalf:
- When you apply for our products and services
- When you talk to us on the phone (including call recordings) or in person
- When you use our website, including secure messages online
- In emails and letters
- In financial reviews and interviews
- In customer surveys
- If you take part in a competition or promotion
Information we collect when you use our services:
This includes the amount, frequency, type, location, origin and recipients:
- Payment and transaction information. This includes the amount, frequency, type, location, origin, and recipients. If you borrow money, it also includes details of repayments and whether they are made on time and in full.
Information from third parties we work with:
- Financial advisers, brokers or introducers
- Credit reference agencies
- Data aggregators
- Comparison websites
- Social networks
- Solicitors, lawyers and valuers
- Public information sources such as Companies House
- Agents working on our behalf
- Independent market researcher organisations
- Government and law enforcement agencies
- Trade Associations
- Other Financial Institutions including Banks & Building Societies
We do not sell or trade your information to third party organisations. We may share your personal information with organisations who assist us in conducting our business or servicing you or your business or in identifying potential financial crime, for example:
- Credit reference agencies
- Data aggregators
- HM Revenue & Customs, regulators and other statutory bodies and authorities
- UK Financial Services Compensation Scheme and the Financial Ombudsman Service
- Any trustees, beneficiaries, administrators or executors associated with your account
- People who give guarantees or other security for any amounts you owe us
- Funding for Lending Scheme, British Business Bank and similar industry bodies
- Any party linked with you or your business’ product or service
- Companies we have a joint venture or agreement to co-operate with
- Our professional advisors and auditors
- Organisations that introduce you to us
- Companies that we introduce you to
- Independent market researcher organisations
- Financial advisors
- Price comparison websites and similar companies that offer ways to research and apply for financial products and services
- Companies you ask us to share your information with
- Direct Debit scheme, if you use direct debits
- Other lenders who also hold a charge on the property, if you have a secured loan or mortgage with us
We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.
Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.
Credit Reference Agencies
If you apply for a new product or service from us, we may perform credit and identity checks on you and certain individuals connected to you or your business with one or more credit reference agencies (“CRAs”) or data aggregators. We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.
To do this, we will supply your personal information to CRAs and they will give us information about you. This may include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take a product
- Verify the accuracy of the information you have provided to us
- Confirm identities
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Trace and recover debts
- Ensure any offers provided to you are appropriate to your circumstances
We may continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations. The type of footprint left is dependent upon the search that is conducted.
If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.
We need to confirm your identity before we provide products or services to you or your business.
Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.
We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
CRAs can keep personal information for different lengths of time. For example, they can keep your information for up to six years if they find a risk of fraud or money-laundering.
The information we can use
The information we have for you or your business is made up of what you tell us, and information we collect when you use our services, or from third parties we work with.
We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
How this can affect you
If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the EEA
CRAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail at http://www.experian.co.uk/crain and https://www.equifax.co.uk/crain
We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years. We may do this for the following reasons:
- To ensure good customer service, allowing former customers to access their personal information
- To be able to handle customer queries and complaints fairly and effectively; or
- To allow us to preserve, defend or enforce any relevant legal rights we may have.
We may keep your information for longer than seven years in certain circumstances, such as:
- To enable us to meet regulatory and legal obligations
- For research or statistical purposes; or
- If we cannot delete it for technical reasons.
If we do keep your information for longer than seven years we will make sure that your privacy is protected and only use it for these purposes.
You have specific rights in relation to the personal information that we process. Put simply, this means that you have the right to be informed how we process your personal information, to have access to this personal information, to correct information where it is inaccurate, move certain information to other organisations (where appropriate) and in some circumstances object to and restrict the processing of personal information. You also have a right to request us to erase personal information held about you in certain circumstances. If you want to access, correct, stop or restrict how we use your personal information, please contact our Data Protection Officer as detailed in Section 8.
Accessing and correcting personal information
You can request a copy of the personal information we hold about you. You also have the right to get certain personal information from us as a digital file, so you can keep and use it yourself, or give it to other organisations if you choose to. If you wish, we will provide it to you in an electronic format that can be easily re-used, or you can ask us to pass it on to other organisations for you.
You also have the right to question any information we have about you that you think is wrong or incomplete. If you do, we will check its accuracy and correct it where required.
Stopping us from using your personal information
You have a right to object to our use of your personal information, or to ask us to delete, remove, or stop using it. There may be legal or official reasons for why we need to keep or use your information. If this is the case we will explain the reasons to you.
If you choose not to give personal information
We may need to collect information by law, or to enter into or fulfil a contract we have with you or your business.
If you choose not to give us this information, it may delay or prevent us from fulfilling our contract with you or your business, or doing what we must do by law. It could also mean that we cancel a product or service you or your business has with us.
We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won’t affect the products or services your business has with us.
Restricting the use of your personal information
We may sometimes be able to restrict the use of your information. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
You can ask us to restrict the use of your personal information if:
- It is not accurate
- It has been used unlawfully but you do not want us to delete it
- It is not relevant any more, but you want us to keep it for use in legal claims
- You have already asked us to stop using your information but you are waiting for us to tell you if we are allowed to keep on using it
How to withdraw your consent to receiving marketing
You can review or withdraw your consent to receiving marketing at any time. Please contact [email protected] if you want to do so or use the unsubscribe link on any email marketing we send you.
This section tells you about the safeguards that keep your personal information safe and private, if it is sent outside the UK.
We will only send your data outside of the UK to:
• Follow your instructions;
• Comply with a legal duty;
• Work with our suppliers who help us to run your accounts and services.
If we do transfer your personal information outside the UK to our suppliers, we’ll make sure that it is protected to the same extent as in the UK. We’ll use one of these safeguards:
• Transfer it to a non-UK country with privacy laws that give the same protection as the UK;
• Put in place a contract with the recipient that means they must protect it to the same standards as the UK.
If you are in any way dissatisfied about the protection of your personal information or how we have processed it, you can contact our Data Protection Officer, whose details can be found below.
You also have the right to complain directly to the Information Commissioner’s Office (ICO) if you remain unhappy with the outcome of your complaint. For more information go to their website at www.ico.org.uk.
For further information on how your information is used, please contact our Data Protection Officer using the contact details below:
By email at [email protected]
By phone on 0344 225 3939
By writing to Data Protection Officer:
Cambridge & Counties Bank, Charnwood Court, 5B New Walk, Leicester LE1 6TE
Last reviewed on 09 August 2023
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information.
For information please see the Cookies Policy section.
If you are using our online savings service please see the terms and conditions of this service.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. This includes the adoption of the UK Governments recommended Cyber Essentials security framework in which we have achieved the Cyber Essentials Plus accreditation certifying that we have robust controls in place to meet regulatory requirements and mitigate the risk posed by cyber criminals.