Welcome to Al Rayan Bank’s Privacy Notice.

Al Rayan Bank respects your privacy and is committed to protecting your personal data. This Privacy Notice informs you about how we use and look after your personal data, including any data you may provide through this website, or when you request information about other products or services from Al Rayan Bank or otherwise communicate with us, when we provide our products and services to you and when information and personal data is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law protects you.

This Notice applies to any individual whose personal information we hold or use, whether you are a current or prospective customer or supplier or anyone else. Employees of Al Rayan Bank should however refer to the Al Rayan Bank Staff Privacy Notice which contains specific information for them.

You can click through to the specific areas listed below. Alternatively, you can download a PDF version of the Notice here.

Related documents

Privacy summary | Who we share your data with

Who we are

Al Rayan Bank PLC is the controller and responsible for your personal data (referred to as "Al Rayan Bank", the “Bank”, "we", "us" or "our" in this Privacy Notice). Al Rayan Bank PLC is also responsible for this website.

Our Data Protection Officer is responsible for overseeing questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights (including any opt-out mentioned in this Privacy Notice), please contact the Data Protection Officer using the details set out below.

Contact details

Our full details are:

  • Name of legal entity: Al Rayan Bank PLC (No. 4483430) registered in England and Wales and authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.
  • Email address of the Data Protection Officer: 
  • Postal address of the Bank and the Data Protection Officer: PO Box 12461, Birmingham, B16 6AQ.
  • Telephone number: 0800 408 6407

If you have a complaint relating to such data, please contact the Data Protection Officer by email, telephone or post at the above address. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, prefer to deal with your concerns before you approach the ICO so please contact us in the first instance.

In this Privacy Notice, the terms “personal data”, “processing”, “data controller” and “data processor” shall have the meaning ascribed to them in the General Data Protection Regulation ((EU) 2016/679).

1. Personal data we collect

1 Personal data we collect 

We may obtain information from you directly (for example when you apply for a product).

This will include the following:

  • personal details (e.g. name, date of birth, passport information or other identification information);
  • contact details (e.g. phone number, email address, postal address or mobile number);
  • transactional details (e.g. payments you make and receive);
  • financial information (e.g. bank account number, credit or debit card numbers, financial history);
  • details about your health (e.g. to meet our regulatory obligations, including responsible financing);
  • religious beliefs (e.g. we may ask for information about these from you to help us decide whether to recommend Sharia compliant products that meet your financial needs (such as Home Purchase Plan) to you);
  • information about criminal convictions and offences (e.g. for Home Purchase Plan applications); an
  • information about any other Al Rayan Bank products and services you currently have, you have applied for, or you have previously held.

If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all of our obligations under our agreement with you.

We will also hold information we collect about you from other sources. This could include:

  • the way you are using our branches, telephone services, websites or mobile applications;
  • your interactions with us, for example through our branches, telephone services, websites, mobile applications, social media or other channels;
  • the way you use your accounts, including information about payments you make or receive, including the details of the payee or payer (for example, retailers or other individuals);
  • our parent company which is based in Qatar, for example if they refer you to us;
  • our own records about any other accounts or products you have with us or other providers;
  • information from credit reference agencies and fraud prevention agencies;
  • publicly available information about you which is available online or otherwise;
  • organisations that provide their own data, or data from other third parties, to enable us to enhance the personal data we hold, and then provide more relevant and interesting products and services to you;
  • criminal record checks and information;
  • employers;
  • joint account holders;
  • people appointed to act on your behalf (such as independent financial advisers, accountants etc).

We also collect personal data automatically when you use the website and when you navigate through the website. Data collected automatically may include usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies. For more information on our use of these technologies, see our Cookie Notice /cookies-policy.

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.

If you give us personal data about other people then you confirm that they are aware of the information in this Notice about how we will use their personal data. This may happen if you supply us information about your dependents or joint account holders.

If we collect personal information relating to children (under 13 years old) as part of their application for a savings account for example, or as a dependant of an applicant for a Home Purchase Plan, we ensure a parent or guardian is aware of the information being provided.

2. How we use personal data and the legal basis for doing so

2. How we use your personal data and the legal basis for doing so

We are can only process your personal data on a basis permitted by law. The legal basis will usually one of the following:

  • to allow us to take actions that are necessary in order to provide you with the product/service (to perform our contract with you); for example, to make and receive payments;
  • necessary to allow us to comply with our legal obligations; for example, obtaining proof of identity for anti-money laundering obligations;
  • necessary for our or your legitimate interests; for example, to help us develop and improve our services;
  • where we have your consent to do so; or
  • in the case of special categories of personal data, that it is in the substantial public interest.

We have set out below, in a table format, a description of all the ways we use the various types of personal information and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data on more than one lawful basis depending on the specific purpose for which we are using your data. Where we are relying on a legitimate interest, these are also set out below:

Purpose/Activity Lawful basis for processing including basis of legitimate interest

To register you as a new customer

Performance of a contract with you

To provide, manage and personalise our services to you (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to maintain standards of service, protect our business interests, provide an efficient service)
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or Privacy Notice
(b) Communicating with you about the product or service
(c) To manage complaints, rectify problems and to resolve queries
(d) Recording telephone calls
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated, provide a high standard of service, to study how customers use our products/services, avoid complaints in future)
To develop and improve products and services through assessment and analysis of the information, including credit or behavioural scoring (or both), market and product analysis, and market research (a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To manage our relationships with suppliers (using personal contact information they have provided); for example to arrange servicing agreements; contacts and correspondence with suppliers; and to follow up invoice queries, issue escalations and resolutions in line with the agreed contractual terms and conditions. From time to time this supplier information may be used to invite supplier staff to meetings and events a) Performance of a contract with you (the supplier)
(b) Necessary for our legitimate interests (to maintain standards of service, run our business efficiently, protect our business interests)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To undertake checks for the purposes of security and for detecting and preventing fraud and money laundering, and to verify your identity before we provide services to you. (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to protect our business, prevent fraud, money-laundering and other crimes)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences Necessary for our legitimate interests (to define types of customers/subscribers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To recover any outstanding amounts that are due to us, but unpaid, and enforce other obligations we are entitled to under our agreement(s) with you, and protect our business against harm to our rights and interests (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to ensure that our business is run prudently and we can recover any outstanding amounts that are due to us, but unpaid, as well as protecting our assets).
To verify your identity and the identity of joint account holders, for example by using caller line identification technology to check we are speaking to the correct person (a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to protect our business and comply with legal and regulatory obligations)
To comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies (a) Necessary to comply with a legal obligation
(b) Necessary for our legitimate interests (to protect our business)
(c) For the use of sensitive data, where it is in the substantial public interest
To make suggestions and recommendations to you about products or services that may be of interest to you (unless you have opted out of marketing), including personalising marketing messages (a) Necessary for our and your legitimate interests (to develop our products/services, provide products of interest to you and grow our business)
(b) Where you are a personal customer, in relation to electronic marketing, where we have your consent to do so

Special categories of data

Some of the information we collect are special categories of personal data (also known as sensitive personal data).

In particular, we may process personal data that relates to your health (such as medical history) (for example to determine if you are a vulnerable customer) and any criminal convictions and offences (for due diligence reasons). We may also obtain information about religious beliefs (we may ask for information about these from you to help us decide whether to recommend to you Sharia compliant products that meet your financial needs, such as Home Purchase Plan). We may use biometric information (fingerprint, palmprint, voice and/or face recognition) as a way of enhancing the security of, for example, safe deposit boxes.

Where we process such sensitive personal data or criminal records, we will usually do so on the basis that it is necessary for reasons of substantial public interest, to establish, exercise or defend any legal claims, or in some cases, with explicit consent. In any case, we will carry out the processing in accordance with applicable laws.

We collect certain special categories of personal data about employees and prospective employees who should refer to the Al Rayan Bank Staff Privacy Notice.

What we use your special category data for Lawful basis for processing
If you are a personal customer, for due diligence checks (e.g. criminal convictions) Substantial public interest
We may use medical information to help provide, manage and personalise our services, to resolve complaints and queries and help you apply for suitable products and services (a) Substantial public interest (b) Where we have your consent
We may ask you for information which might allow us to know your religious beliefs, so as to help us decide whether to recommend to you Sharia compliant products that meet your financial needs (such as Home Purchase Plan) Where we have your consent
Although we do not currently do so, we may in future use biometric information to enhance the security of safe deposit boxes, for example Where we have your consent
We may use medical information and criminal convictions data to temporarily postpone payments due to us and help us consider suitable payment plans Substantial public interest
To comply with regulatory and legal obligations to which we are subject and cooperate with regulators and law enforcement bodies Substantial public interest

Automated Decision Making

The way we analyse personal data in relation to our services may involve profiling, which is processing your personal data using software that is able to evaluate your personal aspects and predict risks or outcomes. We may also use profiling, or otherwise employ solely automated means, to make decisions about you that relate to:

  • credit limit decisions;
  • credit and affordability assessment checks to determine whether your application will be accepted;
  • identify and verification checks;
  • anti-money laundering and sanctions checks;
  • transaction monitoring for fraud and other financial crime, to prevent you committing fraud, or becoming a victim of fraud; and
  • screening of individuals who may be classed as “politically exposed”.

This is known as “automated decision-making” and is only permitted when we have a legal basis for this type of decision-making. We may make automated decisions about you:

  • where such decisions are necessary for entering into a contract. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products based on your credit history and other financial information we have collected about you;
  • where such decisions are required or authorised by law, for example for fraud prevention purposes; or
  • where it is a reasonable way of complying with government regulation or guidance, such as our high-level obligation to treat customers fairly.

You have rights in relation to automated decision making, for example you can request that an automated decision is reviewed by a human being: if you want to know more please contact us using the details set out in the Contact Us section at the beginning of this Privacy Notice.

3. Messages to you (including marketing)

Messages to you (including marketing)

We may send you messages (by telephone, post, text and email and other digital means) to help you manage your account, to comply with regulatory obligations (such as contract changes) and to keep you informed about features of the products and services you use.

We may also send you marketing messages, to inform you about products and services (including those of others) that may be of interest to you. You can ask us to stop or start sending you marketing messages at any time by contacting us (see Contact Us at the beginning of this Privacy Notice) or by following the unsubscribe instructions in our marketing messages.


We may obtain consent to collect and use certain types of personal data when we are required to do so by law (for example, sometimes when we process sensitive personal data or when we place cookies or similar technologies on devices or browsers). If we ask for your consent to process your personal data, you may withdraw your consent at any time by following the unsubscribe instructions in our communications with you or by contacting us using the details set out in the Contact Us section at the beginning of this Privacy Notice or, if in relation to cookies or similar, via the cookies notice.

4. Disclosure of personal data

4. Disclosure of personal data

We will treat all your personal information as private and confidential (even when you are no longer a customer). We will not reveal your name, address or any details of your relationship with us to anyone including other companies in our own group, other than in the following cases:

  • Our parent company in Qatar when it has referred you to us, to let them know the services we are providing. Where we do this, your personal information will not be used by them for the purpose of marketing without your express consent;
  • Our third party service providers. These may include for example:
    • those we engage to host and maintain the website and IT systems 
    • analytics and search engine service providers that assist us in the improvement and optimisation of this website 
    • payment processing service providers
    • those who print statements and marketing materials, and who make credit and debit cards
    • those who assist us with or partner with us in marketing campaigns
    • standby servicer for credit refinancing
    • SMS/Telephony provider
    • Surveyors and similar professional services firms we use for example in connection with our Home Purchase Plans.
    • Companies you have paid from your account if they request our help with a payment;
  • Introducers of business to us (such as independent financial advisers and home finance brokers);
  • Potential guarantors;
  • Credit reference agencies (see below at section 5);
  • Your advisers (such as lawyers, accountants and other professional advisers) if you have asked them to represent you or have for example given them a power of attorney;
  • Other financial institutions you ask us to contact (such as a bank you are switching from);
  • Fraud prevention agencies (for example if you give us false information) to help them detect and prevent fraud and other crimes;
  • HMRC and other government agencies (for example to validate the income and other financial information you provide to us for Home Purchase Plan and other applications);
  • Law enforcement bodies, Courts of law or as otherwise required or authorised by law; and
  • Regulators, trade associations or government bodies for the purposes of resolving complaints or disputes both internally and externally or to comply with any investigation by one of those bodies.

Details (consistent with what is said in this Privacy Notice) of how we use your personal information are also summarised in our Terms and Conditions for Consumer Banking (para 12) and in our Terms and Conditions for Business Banking (clause 14).

We may also disclose personal data to third parties if we are under a duty to disclose or share personal data relating to you in order to comply with any legal obligation, or in order to enforce or apply our website Terms of Use and other agreements; or to protect the rights, property, or safety of us, our clients, or others. For example, we may be required by law or regulation to share information about your accounts with the UK or relevant tax authorities, either directly or via the local tax authority. The tax authority we share the information with could then share that information with other appropriate tax authorities.

Before we disclose personal data to a third party, we take steps to ensure that the third party will protect personal data in accordance with applicable privacy laws and in a manner consistent with this Notice. Third parties are required to restrict their use of this personal data to the purpose for which the data was provided.

Sometimes the third party will be outside the EEA, in which case see section 7 for more information.

5. Credit reference agencies

5. Credit reference agencies

We perform credit and identity checks on you with one or more credit reference agencies and fraud prevention agencies. We will supply your personal data to the credit reference agencies and fraud prevention agencies and they will provide us with information about you.

We will also continue to exchange information about you with credit reference agencies while you have a relationship with us. The credit reference agencies may in turn share your personal data with other organisations, which may be used by those organisations to make decisions about you. This may affect your ability to obtain credit.

We may also continue to collect information from credit reference agencies about you after your account is closed.

When you open any account with us, you provide us with your explicit permission to access, process and retain any information you make available to us for the purposes of providing payment services to you. This does not affect any rights and obligation you or we have under data protection legislation. You can withdraw this consent by closing your account. If you do this, we will stop using your data unless we have lawful grounds to do so. The agency that we approach will keep details of the type of search we request, even if your application with us does not proceed.

Other organisations may subsequently use the records and information held by the credit reference agency that we approach to carry out a credit search, including the details of a credit decision made about you or other persons associated with your application.

As well as using outside agencies to carry out credit and identity checks we will need to carry out our own credit checks to assess your applications for products or services with us or to check details relevant to your existing account with us. Where we do this, we may also use our own credit-scoring methods and carry out our own identity checks, including searching the Electoral Register.

We need to make these searches so that we obtain sufficient credit information to make a proper assessment of which of our products and services are most suited to your needs and to help verify your identity. Carrying out these searches enables us to open an account more quickly and helps to lessen the risk of fraud or other criminal activity taking place.

To help us form an accurate view of your existing financial commitments, searches made by us, or a credit reference agency, may “link” to the records of others that have entered into joint financial obligations with you (such as business partners and, if relevant, husbands, wives or other family members). Existing information held by credit reference agencies about you may be “linked” to other persons in this way. If so, you may be treated as financially “linked” for the purposes of any application you make to us, which means that you may be assessed in relation to joint obligations as well as those for which you are solely responsible.

If you apply for one of our products or services with another person or persons (for example in a joint account) you are declaring that you are entitled to disclose information about the other person or persons and authorise us to search, “link” or record information. Where we carry out a search through a credit reference agency a “link” will be created by the agency between you and the other person or persons. By making the application you and the other person or persons understand that each other’s information will be taken into account in future applications by any of you.

We may give details of the services and products that you have, and the way that you manage your account, to a credit reference agency. If you fail to comply with the conditions or the special conditions, we may tell a credit reference agency and this may affect your ability to obtain financial services elsewhere.

Any of the information that we gather from a credit reference agency or our own research may be used by us for the management of your account, identification purposes, debt tracing and the prevention of money laundering.

We will check your details with fraud prevention agency/agencies and if false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations also access and use this information to prevent fraud and money laundering.

Examples of circumstances when your information or information relating to your partner or other members of your household (or for business customers, their business partners) may be shared include:

  • checking details provided on applications for products and services;
  • making credit and affordability assessments and providing credit limits;
  • managing credit and credit-related accounts or facilities;
  • tracing your address so that we can continue to contact you about any existing or previous product(s) and account(s) you held with us, as well as recovering any outstanding amounts that are due to us, but unpaid;
  • checking your identity to comply with regulations and the law;
  • understanding your financial position through sharing and receiving information for example, about any financing (including financing outside Al Rayan Bank) and how you manage it. This includes the finance amount you obtain and your payment history; and
  • in order to update or add personal data that is not included or incorrect in our records in order to meet our legal or regulatory obligations.

Please contact us on 0800 408 6407 if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

You have a right to access records held by a credit reference or fraud prevention agency. If you ask, we will tell you how to get a copy of the information that credit reference agencies have about you, or their leaflets that explain how credit referencing works. You should contact them directly and there may be a small charge for this. We are happy to provide contact details for such agencies on request.

Sometimes we may be approached by another person requesting that we provide a financial reference about you. If this happens we will contact you and ask you to provide your written permission to do this.

We don’t give information about savings accounts to credit reference agencies.

The Credit Reference Agency Information Notice (CRAIN) describes how the three main credit reference agencies in the UK each use and share personal data. The CRAIN is available on the credit reference agencies’ websites:

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

6. Fraud Prevention Agencies (FPAs)

The personal information we’ve collected from you will be shared with fraud prevention agencies who will use it to:

  • Prevent fraud
  • Prevent money-laundering
  • Verify your identity

If fraud is detected, you could be refused certain services, finance, or employment.

Further details on how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by following the links below:

We’ll continue to exchange information about you with FPAs while you have a relationship with us.

We’ll use this information to:

  • Check the accuracy of the data you have provided to us
  • Prevent criminal activity, fraud and money laundering
  • Manage your account(s)

7. External links and social media sites

7. External links and social media sites

Although the website only looks to include safe and relevant external links, users should always adopt a note of caution before clicking any external web links mentioned throughout the website.

If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices and that we do not accept any responsibility or liability for these policies. Please check these policies or notices before you submit any personal data to these websites.

Communication, engagement and actions taken through external social media platforms are subject to the terms and conditions as well as the privacy policies of those social media platforms.

This website may use social sharing buttons which help share web content directly from our web pages to the social media platform in question. Where you use such social sharing buttons you do so at your own discretion. You should note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Please note these social media platforms have their own privacy policies, and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these social media platforms.

8. Where we store personal data

8. Where we store personal data

If you live in the EU, the personal data relating to you that we collect may be transferred to, and stored at, locations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers.

As described in this Privacy Notice, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.

Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.

These measures include:

  • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data; 
  • We have obtained the consent of data subjects to the international transfer of their personal data;
  • Transfers within the Al Rayan Bank Group where we have entered into Standard Contractual Clauses or an intra-group agreement, both of which give specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the Group;
  • Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
  • if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.

You have the right to ask us for more information about our safeguards. Please contact the Data Protection Officer (see the Contact Us section at the beginning of this Privacy Notice).

9. Changes of Business Ownership and Control

9. Changes of Business Ownership and Control

We may, from time to time, expand, reduce or sell our business, and this may involve the transfer of certain divisions or the whole business to other parties. Personal data relating to you will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use personal data relating to you for the purposes for which it was supplied by you.

10. Security and data retention

10. Security

Unfortunately, the transmission of information and data via the internet is not completely secure. Although we will do our best to protect personal data relating to you, we cannot guarantee the security of such data transmitted to the website; any transmission is at your own risk. Once we have received personal data relating to you, we use strict procedures and security features to try to prevent unauthorised access.

The security of personal data regarding you is a high priority. We take such steps as are reasonable securely to store personal data regarding you so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. This includes both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms. Other features include:

  • storing information on secured networks consistent with industry standards, which are only accessible by those employees who have special access rights to such systems;
  • using industry-standard encryption technologies when transferring or receiving personal data, such as SSL technology;
  • restrictions are placed on the electronic transfer of files; 
  • our IT networks undergo regular necessary vulnerability testing to identify and remedy potential opportunities for unauthorised data access; and
  • robust management of boundary firewalls, access controls, malware protection and patch release processes towards protecting customer data.

Retaining your data

We will keep your personal data for as long as we have a relationship with you. Once our relationship with you has come to an end (e.g. following closure of your account or following a transaction), or your application for a product is declined or you decide not to go ahead with it, we will only retain your personal data for a period of time that is calculated depending on the type of personal data, and the purposes for which we hold that information.

We will only retain information that enables us to:

  • maintain business records for analysis and/or audit purposes;
  • comply with record retention requirements under the law (for example, as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing);
  • defend or bring any existing or potential legal claims;
  • maintain records of anyone who does not want to receive marketing from us;
  • deal with any future complaints regarding the services we have delivered;
  • assist with fraud monitoring; or
  • assess the effectiveness of marketing that we may have sent you.

We have a retention policy which helps us ensure information is only held for the correct period. We then delete or de-identify your data. The retention period is generally linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of your account or following a transaction. We will retain your personal data after this time if we are required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require your personal data to be retained, or for regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.

11. Your rights

11. Your rights

You have certain rights regarding your personal data. These include the rights to:

  • request a copy of the personal data we hold about you; 
  • request that we supply you (or a nominated third party) with an electronic copy of the personal data that you have provided us with; 
  • inform us of a correction to your personal data;
  • exercise your right to restrict our use of your personal data; 
  • exercise your right to erase your personal data; or 
  • object to particular ways in which we are using your personal data (such as automated decision making, or profiling (for example to help us decide what products and services would suit you best); or
  • understand the basis of international transfers of your data by us.

Where we rely on our legitimate interests to obtain and use your personal data then you have the right to object if you believe your fundamental rights and freedoms outweigh our legitimate interests. Where processing is carried out based upon your consent, you have the right to withdraw that consent.

Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right does not apply to the particular data we hold on you.

You should note that if you exercise certain of these rights we may be unable to continue to provide some or all of our services to you (for example where the personal data is required by us to comply with a statutory requirement, or is necessary in order for us to perform our contract with you).

We ask that you contact us to update or correct your information if it changes or if the personal data we hold about you is inaccurate.

Please contact the Data Protection Officer if you wish to exercise any of your rights.

If you have a concern about the way we are collecting or using personal data relating to you, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at

12. Changes to this Notice

12. Changes to this Notice

We review and amend our Privacy Notice from time to time. Any changes we make to this Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to this Notice. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the website.

Last updated: 9 October 2020