page
9/14
Introduction
My personal data is data which by itself or with other data available to
you can be used to identify me. You are Cater Allen Private Bank, the data
controller. This data protection statement sets out how you’ll use my
personal data. I can contact your Data Protection Officer (DPO) at 201
Grafton Gate East, Milton Keynes, MK9 1AN if I have any questions.
Where there are two or more people named on this form, this data
protection statement applies to each person separately.
The types of personal data you collect and use
Whether or not I become a customer, you’ll use my personal data for
the reasons set out below and if I become a customer you’ll use it to
manage the account, policy or service I’ve applied for. You’ll collect most
of this directly during the application journey either from me or from
my Financial Adviser if I have one. The sources of personal data collected
indirectly are mentioned in this statement. The personal data you use
about me as a personal or business customer (if I am one) may include:
¡
Full name and personal details including contact information (e.g.
home and/or business address and address history, email address,
home, business and mobile telephone numbers);
¡
Date of birth and/or age (e.g. to make sure that I’m eligible to apply);
¡
Financial details (e.g. salary and details of other income, and details
of accounts held with other providers);
¡
Records of products and services I’ve obtained or applied for, how
I use them and the relevant technology used to access or manage
them (e.g. mobile phone location data, IP address, MAC address);
¡
Biometric data (e.g. fingerprints and voice recordings for TouchID and
voice recognition);
¡
Information from credit reference or fraud prevention agencies,
electoral roll, court records of debt judgements and bankruptcies
and other publicly available sources as well as information on any
financial associates I may have;
¡
Family, lifestyle or social circumstances if relevant to the product or
service (e.g. the number of dependants I have);
¡
Education and employment details/employment status for credit and
fraud prevention purposes; and
¡
Personal data about other named applicants. I must have their
authority to provide their personal data to you and share this data
protection statement with them beforehand together with details of
what I’ve agreed on their behalf.
Providing my personal data
You’ll tell me if providing some personal data is optional, including if
you ask for my consent to process it. In all other cases I must provide my
personal data so you can process my application (unless I’m a customer
and you already hold my details).
Monitoring of communications
Subject to applicable laws, you’ll monitor and record my calls, emails,
text messages, social media messages and other communications in
relation to my dealings with you. You’ll do this for regulatory compliance,
self-regulatory practices, crime prevention and detection, to protect the
security of your communications systems and procedures, to check for
obscene or profane content, for quality control and staff training, and
when you need to see a record of what’s been said. You may also monitor
activities on my account where necessary for these reasons and this is
justified by your legitimate interests or your legal obligations.
Using my personal data: the legal basis and purposes
You’ll process my personal data:
1. As necessary to perform your contract with me for the relevant
account, policy or service:
a) To take steps at my request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract;
d) To update your records; and
e) To trace my whereabouts to contact me about my account and
recovering debt.
2. As necessary for your own legitimate interests or those of other
persons and organisations, e.g.:
a) For good governance, accounting, and managing and auditing
your business operations;
b) To search at credit reference agencies at my home and/or business
address (if I am a business customer) if I’m over 18 and apply for
credit;
c) To monitor emails, calls, other communications, and activities on
my account;
d) For market research, analysis and developing statistics; and
e) To send me marketing communications, including automated
decision making relating to this.
3. As necessary to comply with a legal obligation, e.g.:
a) When I exercise my rights under data protection law and make
requests;
b) For compliance with legal and regulatory requirements and
related disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and
investigation of crime;
e) To verify my identity, make credit, fraud prevention and anti-
money laundering checks; and
f) To monitor emails, calls, other communications, and activities on
my account.
4. Based on my consent, e.g.:
a) When I request you to disclose my personal data to other people
or organisations such as a company handling a claim on my
behalf, or otherwise agree to disclosures;
b) When you process any special categories of personal data about
me at my request (e.g. my racial or ethnic origin, political opinions,
religious or philosophical beliefs, trade union membership,
genetic data, biometric data, data concerning my health, sex life or
sexual orientation); and
c) To send me marketing communications where you’ve asked for
my consent to do so.
I’m free at any time to change my mind and withdraw my consent. The
consequence might be that you can’t do certain things for me.
Sharing of my personal data
Subject to applicable data protection law you may share my personal
data with:
¡
The Santander group of companies* and associated companies in
which you have shareholdings;
¡
Sub-contractors and other persons who help you provide your
products and services;
¡
Companies and other persons providing services to you;
¡
Your legal and other professional advisors, including your auditors;
¡
Fraud prevention agencies, credit reference agencies, and debt
collection agencies when you open my account and periodically
during my account or service management;
¡
Other organisations who use shared databases for income verification
and affordability checks and to manage/collect arrears;
¡
Government bodies and agencies in the UK and overseas (e.g. HMRC
who may in turn share it with relevant overseas tax authorities and
with regulators e.g. the Prudential Regulation Authority, the Financial
Conduct Authority, the Information Commissioner’s Office);
¡
Courts, to comply with legal requirements, and for the administration
of justice;
¡
In an emergency or to otherwise protect my vital interests;
¡
To protect the security or integrity of your business operations;
¡
To other parties connected with my account e.g. guarantors and other
people named on the application including joint account holders who
will see my transactions;
6 Data Protection Statement
Applicant(s) to complete