Privacy summary

We take your privacy very seriously. This privacy notice sets out what information we collect, who we share it with, why we collect it and how we will safeguard it. For the purpose of this privacy notice Al Rayan Bank PLC is the Data Controller – this means we determine the use and the means of processing your information.

For some information we do not need to seek your consent to process it as it is part of the performance of a contract – when you open an account with the Bank, you enter a legal relationship with us. Data collected as part of this falls under Article 6 (1) (b) which is classified as legal obligation. Other information is processed as part of our due diligence checks, see Article 6 (1) (f) which explains the legitimate interest principle relating to processing.

Please read this information carefully and contact the Data Protection Officer should you have any questions or queries. Our full privacy notice can be found at alrayanbank.co.uk/privacy.

What information we collect, why we collect it, the legal basis for doing so and how long for

What we collect Why we collect it and how do we use it Basis for collection Retention

Name

We collect this information in order to establish your identity, your suitability for our products and in order to satisfy the statutory and regulatory requirements such as compliance with Prevention of Money Laundering legislation and as part of our due diligence.

We also use your data to manage your account, and communicate with you to offer advise you of new products that we feel may be of interest.

Legal obligation and legitimate interest Data is retained for the life of the account and will be deleted 6 years following closure of that account.

Current and previous address

As above

As above As above

Contact details – including mobile and email addresses

As above

As above As above

Date of Birth

As above

As above As above

Gender

As above

As above As above

Country of birth

As above

As above As above

Nationality

As above

As above As above

National insurance numbers (ISA accounts only)

As above

As above As above

Other information required to establish your identity

As above

As above As above

Employment information 

As above

As above As above

Financial information including your credit score

As above

As above As above

Photographic images 

As above

As above As above

Voice recordings

As above

As above As above

Who we share your data with?

We treat your data with the utmost confidentiality and keep it within our secure computer systems. However, we do share your information with third parties where we are unable to provide a service ourselves or to assist the Bank in its decision making. We may also share data with regulatory and law enforcement bodies. Where we share data, we do so only with companies we have a written agreement with, and once we have carried out robust due diligence. Any data shared is done so via secure means. A list of the types of organisations we may share your data with can be found here.

How we collect your data

Most of our data comes directly from you, our customer. However, we may also collect data from our website when you enquire about our products or services, where you have completed a survey or provided feedback on any of our message boards, or via our browsers’ cookies, when you view our website.

How we keep your data safe

The Bank securely stores your data at its Head Office location, the address of which is given below, or within its secure IT systems. Some data may also be held at within our branch network. Unauthorised access to our system is prevented via a robust cyber security regime, which enables us to monitor access to information at a user level. Where data is transferred outside of the Banks IT network, it is done so in a secure manner, using encryption and other methods of security.

Your rights

Under the General Data Protection Regulations (GDPR) you have the right to be informed about how we use any data you provide, what data we collect, why, who has access to it, how long it’s kept and the legal basis we have for doing so. In certain circumstances we may need to request your consent to collect and use your data, but in those cases, you have the right to object and withdraw that consent just as easily as it is given. Should you not wish to provide your consent, any services directly related to this data may not be provided.

You have the right to have your personal data removed where there is no legal basis for us to hold it, as well as the right to request your data is transferred to a third party (data portability). Any automated decision making, based on your data, can be challenged and a human decision made. Additionally, you have a right of access and can request a copy of any personal data provided, and subsequently the right of rectification of any incorrect data identified. To exercise any of these rights and submit a Data Subject Access Request (DSAR) please contact the Data Protection Officer at Al Rayan Bank Ltd, 24a Calthorpe Road, Birmingham B15 1RP or data.protection@alrayanbank.co.uk. Overall responsibility for management of your data resides with Al Rayan Banks’ data controller at 24a Calthorpe Road, Birmingham B15 1RP.