Fair Processing Notice
This is where we tell you a few things about using the B website, how we collect, use, manage and share your information and some of the legal stuff behind B. We’ll be honest; it’s not an especially fun read. But it’s here to help you be clear on our policies from the get-go, so we all know where we stand.
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
1.2 Our Data Protection Officer (DPO) provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email at CYBG.email@example.com or by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow G2 2JJ if you have any questions about how we use your personal information.
See section 3 Your Privacy Rights for more information about your rights and how our DPO can help you.
1.3 This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this Privacy Notice if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
Please note that we have updated our FPN recently. We have made this update to inform our customers of additional Fraud Prevention Agencies we use and share your data with. You can read how this update affects your data at Section 6.3 and view all Fraud Prevention Agencies we use in Appendix 1 of the downloadable FPN
2. About us
We are what is known as the 'controller' of personal information we gather and use. When we say 'we' or 'us' in this Privacy Notice, we mean Clydesdale Bank PLC trading under the brands Clydesdale Bank, Yorkshire Bank and 'B'. Clydesdale Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Financial Services Register No. 121873. Credit facilities other than regulated mortgages and regulated credit agreements are not regulated by the Financial Conduct Authority.
If you are a customer of Yorkshire Bank Home Loans Limited, when we say 'we' or 'us' we also mean Yorkshire Bank Home Loans Limited.
When we say 'Group' in this Privacy Notice, we mean other members of our group of companies, including holding and subsidiary companies.
View our group of companies
- Clydesdale Bank PLC;
- CYB Intermediaries Limited;
- CGF No 9 Limited;
- Clydesdale Bank Asset Finance Limited;
- Clydesdale Covered Bonds No 2 LLP;
- CYBG PLC;
- CYB Investments Limited; and
- Yorkshire Bank Home Loans Limited.
3. Your privacy rights
3.1 You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us by finding the best way to be in touch via the details on our websites:
You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this Privacy Notice please contact our DPO by post at Group Data Protection Officer, Group Risk, Level 3, 51 West George Street, Glasgow G2 2JJ or by email on CYBG.firstname.lastname@example.org.
Read more about your Privacy Rights
You can contact us at a local branch or via the website details supplied above to exercise any of the following privacy rights:
3.2 Right to object:
You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.
3.3 Access to your personal information:
You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting a local branch or our Data Subject Access Request team at 'DSAR Team, 3rd Floor Granite House, 31 Stockwell Street, Glasgow, G1 4RZ'. Please make all requests for access in writing, and provide us with evidence of your identity.
3.4 Right to withdraw consent:
If you have given us your consent to use personal information, you can withdraw your consent at any time and, update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
3.9 Make a complaint:
You can make a complaint about how we have used your personal information to us, by visiting your local branch, by contacting us via the details on our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers or to a supervisory authority - for the UK this is the Information Commissioner's Office at ico.org.uk (Link opens in a new window).
We will not make any charge for responding to any request from you to exercise your privacy rights, and we will respond to your requests in accordance with our obligations under data protection law.
4. What kinds of personal information we use
4.1 We use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, date of birth, contact details, information to allow us to check your identity and information about your credit history. For some products and services we might need additional information, for example:
- health details for certain insurance products or to support vulnerable customers; and
- convictions information for lending decisions, fraud prevention, anti-money laundering and to meet legal obligations.
Find out more information about the kinds of personal information we use for different products and services
- We offer current accounts, savings accounts, credit card accounts, mortgage products, loan products, insurance products, payment services and financial management services.
- To provide any of these products and services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
Find out more about additional personal information we gather
For some products and services we need to use additional personal information which we will gather about you, or we will not be able to provide any of these products and services to you. See section 5 ‘How we gather your personal information’ for further details.
- For Credit Card Accounts, Loan Products and Mortgage Products we need financial information (including your income, expenditure, assets and liabilities, credit history and credit scoring); employment details; details of any criminal prosecutions and details of bankruptcy or any County Court Judgements.
- For products that include Travel Insurance and to provide Financial Management Services we need to use health information, which we will request you to provide.
5. How we gather your personal information
We obtain personal information:
- directly from you, for example when you fill out an application;
- by observing how you use our products and services, or those of other members of our Group, for example from the transactions and operation of your accounts and services;
- from other organisations such as credit reference and fraud prevention agencies;
- from other people who know you including joint account holders and people you are linked to financially.
We also may obtain some personal information from monitoring or recording calls and when we use CCTV. We will record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We also use CCTV on our premises to ensure the safety and security of our staff and customers.
6. How we use your personal information
To provide you with any products and services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
6.1 To operate and administer our products and services, including dealing with your complaints and fixing our mistakes, we will use:
- your contact details;
- your location data for fraud prevention and, if you have consented to it, mobile location services; and
- your IP address to identify you for security reasons.
We might share all of the information we use for this purpose with third parties who help us to verify your contact details and deliver our products and services, such as our subcontractors and our own service providers for ATMs and cash management, payment processing, other banks and regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.
6.2 To administer payments to and from you, we will use:
- your contact details and the payment details that you have provided to us; and
- your location data to enable us to verify locations at which payments are made for fraud prevention purposes.
We may give this information to our third party payment providers to process the payment to you.
6.3 To make credit decisions about you (including new applications for credit or requests to increase credit limits) we will use:
- information you give to us about your credit history;
- information about those you are financially linked to (such as your partner);
- information about how you have used other products and services offered by us or other members of our Group (a full list of our group of companies can be found in Section 2 ‘About us’);
- information we receive from third party credit reference agencies; and
- information we receive about you directly from other third parties, including when you authorise us to access accounts you hold with other banks, as an account information service provider.
For this purpose, we share information with credit reference and fraud prevention agencies. Download a list of the credit reference agencies and fraud prevention agencies we use (opens in a new window). The information could then be used as follows:
- the credit reference or fraud prevention agency might add details of our search and your credit application to the records they hold about you, whether or not your application proceeds;
- we and the credit reference or fraud prevention agency might link your financial records to those of any person you are financially linked to – this means that each other's information (including information already held by us or the credit reference agency) will be taken into account in all future credit applications by either or both of you, until one of you successfully files a 'disassociation' at the credit reference agencies;
- we might add to the credit reference or fraud prevention agency's records details of how your agreements or accounts operate with us, including any default or failure to keep to the terms of your agreement, and any failure to advise us of a change of address where a payment is overdue;
- the credit reference or fraud prevention agency could pass on any of that information to other companies unrelated to us for the credit checking and fraud prevention purposes mentioned above; and
- the credit reference or fraud prevention agency will also use the information for statistical analysis about credit, insurance and fraud on an anonymous basis.
- if we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
We use your information in this way because it is necessary to perform our contract to deliver credit related products and services to you, and to meet our legal obligations. We also undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
When credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other banks and credit providers).
Further information on how your information is used by credit reference agencies and fraud prevention agencies can be found at Equifax(Link opens in a new tab) and here at CIFAS(Link opens in a new tab)
6.4 To advise on the suitability of our mortgage products and/or our life and critical illness cover for you, we will use:
- information you give to us about your needs and circumstances. For mortgages this will include details of income and expenditure, assets and liabilities, and details of intended retirement age. For life and critical illness this will include date of birth, smoker status and details of existing policies; and
- information about how you have used other products and services offered by us or other members of our Group including previous claims under existing policies you have with us as well as with other providers.
We might share all of the information we use for this purpose with third parties who help us to deliver the advice. These third parties include credit checking and fraud prevention agencies and our insurance provider partners. See Appendix 1 (opens in a new window) for a list of the credit reference and fraud prevention companies we use and Appendix 2 (opens in a new window) for a list of our insurance provider partners. We use your information in this way because it is in our interests and your interests for you to receive advice about the right products and services for you.
6.5 To comply with our legal obligations, to prevent financial crime including fraud and money laundering we will use:
- any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
- this information will include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, and information about any criminal convictions.
We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators. Fraud prevention agencies may use your information as set out in clause 6.3 above.
6.6 To comply with our legal obligations, to support our vulnerable customers:
- information you give to us which identifies a vulnerability (such as a health condition); and
- information we may receive from another Group company which identifies vulnerability.
We will give information to and receive information about a vulnerability from third parties where that is necessary to meet our legal obligations, for example from police, social services or someone acting on your behalf.
6.7 For financial management and debt recovery purposes, we will use:
- your contact details;
- information we obtain from looking at how you have used our services, including information about your location that we may find from reviewing your accounts; and
- information available within the Clydesdale Group about how you have used services provided by other members of the Clydesdale Group.
We will give information to and receive information from third parties where that is necessary to recover debts due by you to us, for example, other banks, debt recovery agents, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.
We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.
6.8 To enable payments to third parties who may have introduced you to us, we will use:
- information about the general nature of the products and services; and
- information about the value of those products and services.
We use your information in this way because it is in our interests to do so to provide you with the products and services that best suit you.
We will give information to and receive information from third party independent financial advisers and mortgage brokers who have introduced you to us.
6.9 To carry out market research and analysis to develop and improve our products and services we will use:
- information about how you have used our products and services such as your bank accounts and insurance claims.
We may pass your personal information to market research companies and other service providers as required.
6.10 To market products and services to you from us or our partners, we will use:
- the contact details you have provided to us; and
- information we have gathered from your use of our other products and services to form a profile of you which we will use to assess what other products and services would be most beneficial for you.
We will pass your personal information to our service providers who help us with these marketing activities.
Sometimes we work with other companies to offer you the best products and services. We will sometimes share your personal information with our partners, and receive personal information about you from our partners, to make sure that we give you the best, most relevant offers when we market to you (if you have consented). Download a list of our partners and the categories of our suppliers (opens in a new window).
We might also receive personal information about you from a third party and use it to market our products and services to you, where you have given that third party your consent to share the personal information with us. We may collect your name and address from other service providers for the purpose of providing suitable marketing to you.
6.11 Personal information requirements for Business customers
For business customers, we will use personal information about key individuals in the business, so we can operate and administer the products and services which we provide to the business – to do this we will use:
- personal information about key individuals who are either a sole trader of the business or are a proprietor, director, company secretary, shareholder, partner, member, committee member, trustee, controller, beneficial owner or authorised signatory to the account of the business.
- the personal information we use about key individuals is as set out in Section 6, and we may use it for any of the purposes described in Section 6. We may hold personal information on key individuals for the purposes of operating and administering products and services which we provide to the business, as well as for the purposes of fraud and money laundering, for debt recovery purposes, and to make credit decisions about the business.
Personal information on key individuals is obtained directly from the key individual, from the business to which the key individual is linked with, from the key individual's dealings with any member of our Group, and from fraud prevention and credit reference agencies. Such information may include special categories of personal information, such as information relating to health or criminal convictions.
7. Automated decision making
7.1 Sometimes we use your personal information in automated processes to make decisions about you, such as credit scoring. We might also use automated processes to create a profile of you. We do this to help ensure decisions are made accurately, fairly and efficiently and to offer you products and services tailored to you.
Find out more about when we use automated processes and the logic, significance and consequences of these processes for you.
We use automated decision making using your personal information to create a profile of you for credit scoring – a method which predicts your credit worthiness based on your financial profile.
To carry out credit scoring we use information you give to us, information we obtain from credit reference agencies, and details about how you have used other products and services you have with us or the Group (for example how you are making repayments on other credit products). In some cases we will also use external data sources for credit scoring. Download a list of credit reference agencies (opens in a new window). We analyse this information to identify a credit score based on how likely it is that debts will be re-paid.
We use credit scoring to make the following decisions about you: whether we enter into a contract to provide a product or service to you; whether to adjust products or services you have (such as an increasing or decreasing credit limits); to pre-approve future products or services for you; to authorise overdraft limits; to authorise payments from you; and in some cases where we need to recover a debt from you.
Profiling for marketing
We want you to get the most relevant information about products and services at the right time. The most effective way for us to do this is to use automated processes to create a profile of you for marketing.
To carry out marketing profiling we use information you give to us, details about how you have used other products and services you have with us or the Group and any feedback you have given us, information we have obtained from credit reference agencies and other external data sources and information from other companies we are partnering with. Download a list of credit reference agencies and a list of the companies we partner with (opens in a new window).
We use processes to analyse this information to decide what products and services to offer to you and to prioritise the marketing messages you receive by; assessing your eligibility for those products and services; assessing how likely they are to be useful for you; and deciding how likely you are to respond.
We use an artificial intelligence programme which uses data that you have provided or that we have collected from you from use of your account. We use this information to create models based on the performance of previous promotional initiatives, so that we can predict the likely success of future promotions generally, but this information is not used to make any specific decisions about you as an individual.
The partners we pass your personal information to for marketing might also carry out marketing profiling using your personal information for these purposes. Download a list of our partners and the categories of our suppliers (opens in a new window).
8. Our legal basis for using your personal information
8.1 We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
- we have your consent (if consent is needed);
- we need to use the information to comply with our legal obligations;
- we need to use the information to perform a contract with you; and/or
- it is fair to use the personal information either in our interests or someone else's interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about products or services, market to you, or collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See Section 12 ‘Keeping you up to date’, clause 12.2 for details about how to withdraw your consent to marketing.
8.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
- we have a legal obligation to do so (for example to protect vulnerable people);
- it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
- it is in the substantial public interest;
- it is necessary for the prevention or detection of crime;
- it is necessary for insurance purposes; or
- you have specifically given us explicit consent to use the information.
Find out more about how we use special categories of personal information for the following purposes:
- if you apply for a health related insurance product, we will require your personal information to provide you with services that are suitable for you;
- if we identify that you have a health related vulnerability, we will share that within our organisation to the extent needed to protect your interests and provide you with services that are suitable for you;
- if we need to provide you with urgent medical assistance when you are on our premises; and
- to ensure you are treated fairly in circumstances where financial difficulty has arisen due to a vulnerability.
Genetic / biometric identifiers
- some of our accounts use facial and other biometric recognition technology to enable customers to verify identity when opening accounts – we will ask for your consent when setting up this access.
Racial / ethnic origin
- we may ask for this information to fulfil our regulatory and reporting obligations relating to ensuring fairness and equality in our service delivery.
- we may use information about criminal proceedings relating to you to make lending decisions (for example we will not lend to you if you have a criminal prosecution pending), for fraud prevention/anti-money laundering purposes and to fulfil our legal and regulatory obligations.
- sometimes the transactions in your bank accounts will reveal special categories of information (such as your political opinions, health status, religious beliefs and trade union membership), depending on payments you make and receive. This information may be processed by us to provide account payment services to you and will not be used for any other purpose.
9. Sharing your personal information with or getting your personal information from others
9.1 We will share personal information within our Group and with others outside Clydesdale Bank PLC where we need to do that to make products and services available to you, market products and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. See Section 6 ‘How we use your personal information’ for more information about how we do this. We will only share your personal information to the extent needed for those purposes.
9.2 Who we share your personal information with depends on the products and services we provide to you and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT Suppliers, with credit reference agencies and fraud prevention agencies. See Section 6 ‘How we use your personal information’ for more information on who we share your personal information with and why.
9.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing products and services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention or marketing purposes, for example so you can receive the best offers from us and our partners. See Section 6 ‘How we use your personal information’ for more information on who we get your personal information from and why.
10. Transfers outside the UK
10.1 We may need to transfer your information outside the UK to other Group companies, service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area, such as the USA.
Find out more about how we transfer your data outside of the UK
We may need to transfer your personal information to territories that are outside the EEA. We will only transfer your personal information outside the EEA where either the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses. We also use the EU Commission approved EU-US Privacy Shield (Link opens in new window) when personal information is transferred to the US.
You can find out more information about standard contractual clauses as detailed by the ICO. Visit their website at ico.org.uk (Link opens in a new window) and search for ‘International transfers’.
11. How long we keep your personal information for
11.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for.
Find out more about how long we keep your data for
We will not use your personal information for marketing purposes once you no longer have any active products or services with us. We keep the other personal information we use for seven years after closure of your account or from the date you last used one of our services. We may hold information relating to insurance accounts and pension accounts for up to 15 years from the date of expiry of the account. In some circumstances we will hold personal information for longer where necessary for active or potential legal proceedings, to resolve or defend claims, and for the purpose of making remediation payments.
12. Keeping you up to date
12.1 We will communicate with you about products and services we are delivering using any contact details you have given us - for example by post, email, text message, social media, and notifications on our app or website.
12.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.
You can also update your contact preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.
13. Your online activities
13.2 Find out more about cookies