Page
1/4
INTERMEDIARY PORTAL: USER ACCESS REQUEST
Please complete this form in BLOCK CAPITALS and black ink and return it in the pre-paid envelope provided to: Cater Allen Private Bank,
9 Nelson Street, Bradford, BD1 5AN. If you need any help completing this form, please call us on 0800 092 5500.
If you’re requesting access for more than one user on this form, please print page 1 and fill in for each request. Please ensure each user has read
the Data Protection Statement in section 2 before the authorised signatory(ies) sign section 3 to approve the user requests.
All sections of this form are mandatory. We will not be able to grant a user access if fields are left blank.
1: Personal details of the user requesting access
Master Account number
I am requesting the following access:
Telephony
Telephony and view only online access
Full access authorised signer – please remember to submit 2 types
of certified ID along with this form
Mr
Mrs
Ms
Miss
Other
If ‘Other‘ please state
Forename(s)
Middle name(s)
Surname
Date of birth
D D M M Y Y Y Y
Male
Female
Nationality
Dual Nationality
Current home address (permanent residential address). C/O and PO Box
addresses are not acceptable.
Postcode
Country of residence
How long have you been at your current home address?
Years
Months
Mobile
Email
Previous home address if less than three years at address shown within
‘Current home address’ field. (If more than one address in the last three
years, please provide details of all other addresses on a separate sheet.)
Postcode
How long did you live at this address?
Years
Months
Occupation
Country of birth
The boxes I have ticked below indicate the channels I WOULD NOT like
you to use to contact me, as explained in the Data Protection Statement
in section 2 of this form:
Email
SMS
Phone
Post
Market research, including customer satisfaction surveys
All of the above
I understand that I may receive details of products and services from
other Santander group companies if I have agreed with them to receive
such information.
By signing this form I agree that:
¡
I have read the Data Protection Statement, and agree that you can use
my/our information as stated in the Data Protection Statement.
¡
I hereby certify that the information provided in this application form
is, to the best of my knowledge and belief, accurate and complete in all
respects.
¡
I have received and accept the Terms and Conditions of the account(s)
I will be operating and agree to also be bound by any subsequent
amendments advised to me/us by the Bank from time to time.
Signature of user requesting access
Date
D D M M Y Y Y Y
Page
2/4
Introduction
My personal data is data which by itself or with other data available to
you can be used to identify me. You are Cater Allen Private Bank, the data
controller. This data protection statement sets out how you’ll use my
personal data. I can contact your Data Protection Officer (DPO) at 201 Grafton
Gate East, Milton Keynes, MK9 1AN if I have any questions.
For the purposes of this application form, the definition of ‘I’ and ‘we’ within
this Data Protection Statement relates to ‘the Intermediary Firm’ Where
there are two or more people named on this form, this data protection
statement applies to each person separately.
The types of personal data you collect and use
Whether or not my application to be an intermediary is accepted, you’ll
use my personal data for the reasons set out below and if I become an
intermediary you’ll use it to register me as an intermediary for the ongoing
administration of the registration. I understand you may reject registrations
at your discretion without any explanation. You’ll collect most of my personal
data directly during the application journey. The sources of personal data
collected indirectly are mentioned in this statement. The personal data you
use about me as a personal or business customer may include:
¡
Full name and personal details including contact information (e.g. home
and business address and address history, email address, home, business
and mobile telephone numbers);
¡
Date of birth and/or age (e.g. to make sure that I’m eligible to apply);
¡
Financial details (e.g. salary and details of other income, and details of
accounts held with other providers);
¡
Records of products and services I’ve obtained or applied for, how I use
them and the relevant technology used to access or manage them (e.g.
mobile phone location data, IP address, MAC address);
¡
Biometric data (e.g. fingerprints and voice recordings for TouchID and
voice recognition);
¡
Information from credit reference or fraud prevention agencies,
electoral roll, court records of debt judgements and bankruptcies and
other publicly available sources as well as information on any financial
associates I may have;
¡
Family, lifestyle or social circumstances if relevant to the product or
service (e.g. the number of dependants I have);
¡
Education and employment details/employment status for credit and
fraud prevention purposes; and
¡
Personal data about other named applicants. I must have their authority
to provide their personal data to you and share this data protection
statement with them beforehand together with details of what I’ve
agreed on their behalf.
Providing my personal data
You’ll tell me if providing some personal data is optional, including if you ask
for my consent to process it. In all other cases I must provide my personal
data so you can process my application (unless I’m a customer and you
already hold my details).
Monitoring of communications
Subject to applicable laws, you’ll monitor and record my calls, emails, text
messages, social media messages and other communications in relation
to my dealings with you. You’ll do this for regulatory compliance, self-
regulatory practices, crime prevention and detection, to protect the security
of your communications systems and procedures, to check for obscene or
profane content, for quality control and staff training, and when you need
to see a record of what’s been said. You may also monitor activities on my
account where necessary for these reasons and this is justified by your
legitimate interests or your legal obligations.
Using my personal data: the legal basis and purposes
You’ll process my personal data:
1. As necessary to perform your contract with me for the relevant
account, policy or service:
a) To take steps at my request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract; and
d) To update your records
2. As necessary for your own legitimate interests or those of other
persons and organisations, e.g.:
a) For good governance, accounting, and managing and auditing your
business operations;
b) To monitor emails, calls, other communications, and activities in
relation to my intermediary relationship with you;
c) For market research, analysis and developing statistics; and
d) To send me marketing communications, including automated decision
making relating to this.
3. As necessary to comply with a legal obligation, e.g.:
a) When I exercise my rights under data protection law and make
requests;
b) For compliance with legal and regulatory requirements and related
disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of
crime;
e) To verify my identity, make credit, fraud prevention and anti-money
laundering checks; and
f) To monitor emails, calls, other communications, and activities in
relation to my intermediary relationship with you.
4. Based on my consent, e.g.:
a) When I request you to disclose my personal data to other people or
organisations such as a company handling a claim on my behalf, or
otherwise agree to disclosures;
b) When you process any special categories of personal data about
me at my request (e.g. my racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade union membership, genetic
data, biometric data, data concerning my health, sex life or sexual
orientation); and
c) To send me marketing communications where you’ve asked for my
consent to do so.
I’m free at any time to change my mind and withdraw my consent. The
consequence might be that you can’t do certain things for me.
Sharing of my personal data
Subject to applicable data protection law you may share my personal
data with:
¡
The Santander group of companies* and associated companies in which
you have shareholdings;
¡
Sub-contractors and other persons who help you provide your products
and services;
¡
Companies and other persons providing services to you;
¡
Your legal and other professional advisors, including your auditors;
¡
Fraud prevention agencies, credit reference agencies, and debt collection
agencies when you register me as an intermediary and periodically
during my intermediary relationship with you;
¡
Other organisations who use shared databases for income verification
and affordability checks and to manage/collect arrears;
¡
Government bodies and agencies in the UK and overseas (e.g. HMRC
who may in turn share it with relevant overseas tax authorities and with
regulators e.g. the Prudential Regulation Authority, the Financial Conduct
Authority, the Information Commissioner’s Office);
¡
Courts, to comply with legal requirements, and for the administration of
justice;
¡
In an emergency or to otherwise protect my vital interests;
2: Data Protection Statement
Each user requesting access must read this section
Page
3/4
¡
To protect the security or integrity of your business operations;
¡
To other parties connected with me e.g. other people named on the
application including joint account holders who will see my transactions;
¡
When you restructure or sell your business or its assets or have a merger
or re-organisation;
¡
Market research organisations who help to improve your products or
services; and
¡
Anyone else where you have my consent or as required by law.
International transfers
My personal data may be transferred outside the UK and the European
Economic Area. While some countries have adequate protections for
personal data under applicable laws, in other countries steps will be
necessary to ensure appropriate safeguards apply to it. These include
imposing contractual obligations of adequacy or requiring the recipient to
subscribe or be certified with an ‘international framework’ of protection.
Further details can be found in the ‘Using My Personal Data’ booklet.
Identity verification and fraud prevention checks
The personal data you’ve collected from me at application or at any stage
will be shared with fraud prevention agencies who will use it to prevent
fraud and money-laundering and to verify my identity. If fraud is detected, I
could be refused certain services, finance or employment in future. You may
also search and use your internal records for these purposes. Further details
on how my personal data will be used by you and these fraud prevention
agencies, and my data protection rights, can be found in the ‘Using My
Personal Data’ booklet.
Credit reference checks
In order to consider my registration (including as part of an annual review of
my business) you’ll perform credit and identity checks on me at our home
and business addresses with one or more credit reference agencies. To do
this you’ll supply my personal data to the credit reference agencies and
they’ll give you information about me. When you carry out a search at the
credit reference agencies they’ll place a footprint on my credit file. A credit
search may either be: a) a quotation search where a soft footprint is left.
This has no effect on my credit score, and lenders are unable to see this; or
b) a hard footprint where I’ve agreed/requested Cater Allen to proceed with
my application for credit. This footprint will be viewable by other lenders
and may affect my ability to get credit elsewhere. You’ll also continue to
exchange information about me with credit reference agencies while I have
a relationship with you. The credit reference agencies may in turn share my
personal information with other organisations. The personal data shared
with the credit reference agencies will relate to me and my business. Details
about my application (whether or not it’s successful) will be recorded and
you’ll give details of me, the business and my accounts and how I manage
them to credit reference agencies. If I do not repay any debt in full or on time,
they’ll record the outstanding debt and supply this information to others
performing similar checks, to trace my whereabouts and to recover debts
that I owe. Records remain on file for 6 years after they are closed, whether
settled by me or defaulted. A financial association link between joint
applicants will be created at the credit reference agencies. This will link our
financial records and be taken into account in all future applications by either
or both of us until either of us apply for a notice of disassociation with the
credit reference agencies.
The identities of the credit reference agencies, and the ways in which they use
and share personal information is explained in more detail in the ‘Using My
Personal Data’ booklet, or via the Credit Reference Agency Information Notice
(CRAIN) document which can be accessed via any of the following links:
¡
experian.co.uk/crain
¡
equifax.co.uk/crain
¡
transunion.co.uk/crain
My marketing preferences and related searches
Any information or data supplied by me (or my customers, providing
their permission has been given) may be used for the purposes of
conducting market research, preparing strategic or other marketing
plans or gauging product sales.
You’ll use my home address, phone numbers, and email address and social
media (e.g. Facebook, Google and message facilities in other platforms)
to contact me according to my preferences. I can change my preferences
or unsubscribe at any time by contacting you. In the case of social media
messages I can manage my social media preferences via that social media
platform. If I’m over 18, you may search the files at credit reference agencies
before sending marketing communications to me about credit. The credit
reference agencies don’t record this particular search or show it to other
lenders and it won’t affect my credit rating. You do this as part of your
responsible lending obligations which is within your legitimate interests.
From time to time you’d like to contact me about products, services and
offers that may interest me or to get my opinion on how you are doing.
I understand you won’t bombard me and I can choose to stop receiving
information at any time by contacting you.
Each applicant can choose how they would like to be contacted within
section 1 of this form.
Automated decision making and processing
Automated decision making involves processing my personal data without
human intervention to evaluate my personal situation such as my economic
position, personal preferences, interests or behaviour, for instance in relation
to transactions on my accounts, my payments to other providers, and triggers
and events such as account opening anniversaries and maturity dates. You
may do this to decide what marketing communications are suitable for me, to
analyse statistics and assess lending risks. All this activity is on the basis of your
legitimate interests, to protect your business, and to develop and improve your
products and services, except as follows; when you do automated decision
making including profiling activity to assess lending and insurance risks, this
will be performed on the basis of it being necessary to perform the contract
with me or to take steps to enter into that contract. Further details can be
found in the ‘Using My Personal Data’ booklet.
Other information about me as an intermediary
You may also hold all the information I give to you (i.e. name, address, date
of birth, nationality) in order to undertake periodic due diligence checks
which banks are required to undertake to comply with UK legislation.
Criteria used to determine retention periods (whether or not I
become a customer)
The following criteria are used to determine data retention periods for my
personal data:
¡
Retention in case of queries. You’ll retain my personal data as long as
necessary to deal with my queries (e.g. if my application is unsuccessful);
¡
Retention in case of claims. You’ll retain my personal data for as long as
I might legally bring claims against you; and
¡
Retention in accordance with legal and regulatory requirements. You’ll
retain my personal data after my account has been closed or has otherwise
come to an end based on your legal and regulatory requirements.
My rights under applicable data protection law
My rights are as follows (noting that these rights don’t apply in all
circumstances and that data portability is only relevant from May 2018):
¡
The right to be informed about your processing of my personal data;
¡
The right to have my personal data corrected if it’s inaccurate and to
have incomplete personal data completed;
¡
The right to object to processing of my personal data;
¡
The right to restrict processing of my personal data;
¡
The right to have my personal data erased (the “right to be forgotten”);
¡
The right to request access to my personal data and information about
how you process it;
¡
The right to move, copy or transfer my personal data (“data
portability”); and
¡
Rights in relation to automated decision making including profiling.
I have the right to complain to the Information Commissioner’s Office. It has
enforcement powers and can investigate compliance with data protection
law: ico.org.uk.
2: Data Protection Statement (continued)
Page
4/4
Cater Allen Private Bank is able to provide literature in alternative formats. The formats available are: Large Print,
Braille and Audio CD. If you would like to register to receive correspondence in an alternative format please contact us on
0800 092 3300. For the hard of hearing and/or speech impaired please use the Text Relay service. Further details can be
found at http://ngts.org.uk/
Cater Allen Private Bank is the name used for banking services provided by Cater Allen Limited. Registered Office: 2 Triton Square, Regent’s Place, London, NW1 3AN. Registered
in England and Wales number 383032. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation
Authority. Our Financial Services Register number is 178737. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register.
Cater Allen Limited is part of the Santander group. Cater Allen and the flame logo are registered trademarks. Calls may be recorded or monitored. Telephone 0800 092 3300.
www.caterallen.co.uk
CAPB 1289 FEB 20 H
CATER ALLEN, PART OF THE SANTANDER GROUP
For more details on all the above I can contact your DPO or request the
‘Using My Personal Data’ booklet by calling 0800 092 3300 or I can view it
online at caterallen.co.uk.
Data anonymisation and aggregation
My personal data may be converted into statistical or aggregated data
which can’t be used to identify me, then used to produce statistical research
and reports. This aggregated data may be shared and used in all the ways
described above.
*Group companies
For more information on the Santander group companies, please see the
‘Using My Personal Data’ booklet.
2: Data Protection Statement (continued)
Please confirm how many users you are approving
access for with this request
Full name
Position
Full name
Position
To approve the access request for this user/these users, the form must be signed in accordance with your master account mandate by the
authorised signatory(ies). For example, if your mandate requires two to sign, please ensure both authorised signatories have signed below.
If you are adding an authorised signatory to sign on behalf of a corporate trustee company, please also provide an updated list of authorised
signatories.
Signature
Date
D D M M Y Y Y Y
3: Approval
Signature
Date
D D M M Y Y Y Y