Our Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
The Fair Processing Notice will become effective from 9 May 2018.
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
1.2 Our Data Protection Officer (DPO) provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email at CYBG.firstname.lastname@example.org or by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow G2 2JJ if you have any questions about how we use your personal information.
See section 3 Your Privacy Rights for more information about your rights and how our DPO can help you.
1.3 This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this Privacy Notice if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
Please note that we have updated our FPN recently. We have made this update to inform our customers of additional Fraud Prevention Agencies we use and share your data with. You can read how this update affects your data at Section 6.3 and view all Fraud Prevention Agencies we use in Appendix 1 of the downloadable FPN
We are what is known as the 'controller' of personal information we gather and use. When we say 'we' or 'us' in this Privacy Notice, we mean Clydesdale Bank PLC trading under the brands Clydesdale Bank, Yorkshire Bank and 'B'. Clydesdale Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register No. 121873. Credit facilities other than regulated mortgages and regulated credit agreements are not regulated by the Financial Conduct Authority.
If you are a customer of Yorkshire Bank Home Loans Limited, when we say 'we' or 'us' we also mean Yorkshire Bank Home Loans Limited.
When we say 'Group' in this Privacy Notice, we mean other members of our group of companies, including holding and subsidiary companies.
3.1 You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us by finding the best way to be in touch via the details on our websites:
You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this Privacy Notice please contact our DPO by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow G2 2JJ or by email on CYBG.email@example.com.
You can contact us at a local branch or via the website details supplied above to exercise any of the following privacy rights:
3.2 Right to object:
You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.
3.3 Access to your personal information:
You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting a local branch or our Data Subject Access Request team at 'DSAR Team, 3rd Floor Granite House, 31 Stockwell Street, Glasgow, G1 4RZ'. Please make all requests for access in writing, and provide us with evidence of your identity.
3.4 Right to withdraw consent:
If you have given us your consent to use personal information, you can withdraw your consent at any time and, update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
3.9 Make a complaint:
You can make a complaint about how we have used your personal information to us, by visiting your local branch, by contacting us via the details on our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers or to a supervisory authority - for the UK this is the Information Commissioner's Office at ico.org.uk (Link opens in a new window).
We will not make any charge for responding to any request from you to exercise your privacy rights, and we will respond to your requests in accordance with our obligations under data protection law.
4.1 We use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, date of birth, contact details, information to allow us to check your identity and information about your credit history. For some products and services we might need additional information, for example:
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
For some products and services we need to use additional personal information which we will gather about you, or we will not be able to provide any of these products and services to you. See section 5 How we gather your personal information for further details.
We obtain personal information:
We also may obtain some personal information from monitoring or recording calls and when we use CCTV. We will record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We also use CCTV on our premises to ensure the safety and security of our staff and customers.
To provide you with any products and services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
We might share all of the information we use for this purpose with third parties who help us to verify your contact details and deliver our products and services, such as our subcontractors and our own service providers for ATMs and cash management, payment processing, other banks and regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.
We may give this information to our third party payment providers to process the payment to you.
For this purpose, we share information with credit reference and fraud prevention agencies. Download a list of the credit reference agencies and fraud prevention agencies we use. The information could then be used as follows:
We use your information in this way because it is necessary to perform our contract to deliver credit related products and services to you, and to meet our legal obligations. We also undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
When credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other banks and credit providers).
Further information on how your information is used by credit reference agencies and fraud prevention agencies can be found at Equifax(Link opens in a new tab) and here at CIFAS(Link opens in a new tab)
information about how you have used other products and services offered by us or other members of our Group including previous claims under existing policies you have with us as well as with other providers.
We might share all of the information we use for this purpose with third parties who help us to deliver the advice. These third parties include credit checking and fraud prevention agencies and our insurance provider partners. See Appendix 1 (PDF. Opens in a new window) for a list of the credit reference and fraud prevention companies we use and Appendix 2 (PDF. Opens in a new window) for a list of our insurance provider partners. We use your information in this way because it is in our interests and your interests for you to receive advice about the right products and services for you.
We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators. Fraud prevention agencies may use your information as set out in clause 6.3 above.
We will give information to and receive information about a vulnerability from third parties where that is necessary to meet our legal obligations, for example from police, social services or someone acting on your behalf.
We will give information to and receive information from third parties where that is necessary to recover debts due by you to us, for example, other banks, debt recovery agents, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.
We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.
We use your information in this way because it is in our interests to do so to provide you with the products and services that best suit you.
We will give information to and receive information from third party independent financial advisers and mortgage brokers who have introduced you to us.
We may pass your personal information to market research companies and other service providers as required.
We will pass your personal information to our service providers who help us with these marketing activities.
Sometimes we work with other companies to offer you the best products and services. We will sometimes share your personal information with our partners, and receive personal information about you from our partners, to make sure that we give you the best, most relevant offers when we market to you (if you have consented). Download a list of our partners and the categories of our suppliers. (PDF. Opens in a new window)
We might also receive personal information about you from a third party and use it to market our products and services to you, where you have given that third party your consent to share the personal information with us. We may collect your name and address from other service providers for the purpose of providing suitable marketing to you.
For business customers, we will use personal information about key individuals in the business, so we can operate and administer the products and services which we provide to the business – to do this we will use:
Personal information on key individuals is obtained directly from the key individual, from the business to which the key individual is linked with, from the key individual's dealings with any member of our Group, and from fraud prevention and credit reference agencies. Such information may include special categories of personal information, such as information relating to health or criminal convictions.
7.1 Sometimes we use your personal information in automated processes to make decisions about you, such as credit scoring. We might also use automated processes to create a profile of you. We do this to help ensure decisions are made accurately, fairly and efficiently and to offer you products and services tailored to you.
We use automated decision making using your personal information to create a profile of you for credit scoring – a method which predicts your credit worthiness based on your financial profile.
To carry out credit scoring we use information you give to us, information we obtain from credit reference agencies, and details about how you have used other products and services you have with us or the Group (for example how you are making repayments on other credit products). In some cases we will also use external data sources for credit scoring. Download a list of credit reference agencies (PDF. Opens in a new window). We analyse this information to identify a credit score based on how likely it is that debts will be re-paid.
We use credit scoring to make the following decisions about you: whether we enter into a contract to provide a product or service to you; whether to adjust products or services you have (such as an increasing or decreasing credit limits); to pre-approve future products or services for you; to authorise overdraft limits; to authorise payments from you; and in some cases where we need to recover a debt from you.
Profiling for marketing
We want you to get the most relevant information about products and services at the right time. The most effective way for us to do this is to use automated processes to create a profile of you for marketing.
To carry out marketing profiling we use information you give to us, details about how you have used other products and services you have with us or the Group and any feedback you have given us, information we have obtained from credit reference agencies and other external data sources and information from other companies we are partnering with. Download a list of credit reference agencies and a list of the companies we partner with (PDF. Opens in a new window).
We use processes to analyse this information to decide what products and services to offer to you and to prioritise the marketing messages you receive by; assessing your eligibility for those products and services; assessing how likely they are to be useful for you; and deciding how likely you are to respond.
We use an artificial intelligence programme which uses data that you have provided or that we have collected from you from use of your account. We use this information to create models based on the performance of previous promotional initiatives, so that we can predict the likely success of future promotions generally, but this information is not used to make any specific decisions about you as an individual.
The partners we pass your personal information to for marketing might also carry out marketing profiling using your personal information for these purposes. Download a list of our partners and the categories of our suppliers (PDF. Opens in a new window).
8.1 We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 12 Keeping you up to date, clause 12.2 for details about how to withdraw your consent to marketing.
8.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
Genetic / biometric identifiers
Racial / ethnic origin
9.1 We will share personal information within our Group and with others outside Clydesdale Bank PLC where we need to do that to make products and services available to you, market products and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. See section 6 How we use your personal information for more information about how we do this. We will only share your personal information to the extent needed for those purposes.
9.2 Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT Suppliers, with credit reference agencies and fraud prevention agencies. See section 6 How we use your personal information for more information on who we share your personal information with and why.
9.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing products and services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention or marketing purposes, for example so you can receive the best offers from us and our partners. See section 6 How we use your personal information for more information on who we get your personal information from and why.
10.1 We may need to transfer your information outside the UK to other Group companies, service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area, such as the USA.
We may need to transfer your personal information to territories that are outside the EEA. We will only transfer your personal information outside the EEA where either the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses. We also use the EU Commission approved EU-US Privacy Shield (Link opens in new window) when personal information is transferred to the US.
You can find out more information about standard contractual clauses as detailed by the ICO. Visit their website at ico.org.uk (Link opens in a new window) and search for ‘International transfers’.
11.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for.
We will not use your personal information for marketing purposes once you no longer have any active products or services with us. We keep the other personal information we use for seven years after closure of your account or from the date you last used one of our services. We may hold information relating to insurance accounts and pension accounts for up to 15 years from the date of expiry of the account. In some circumstances we will hold personal information for longer where necessary for active or potential legal proceedings, to resolve or defend claims, and for the purpose of making remediation payments.
12.1 We will communicate with you about products and services we are delivering using any contact details you have given us - for example by post, email, text message, social media, and notifications on our app or website.
12.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.
You can also update your contact preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.