GDPR

GDPR

The General Data Protection Regulation

Our focus on respecting your privacy and safeguarding your personal data remains as strong as ever. We’ve updated our privacy notices to reflect the new and strengthened rights in relation to your personal data, and the legal grounds for using it.

We’re committed to

  • Keeping your data safe
  • Giving you control and flexibility
  • Providing useful and timely information


We’ll always keep your data safe

We’re committed to respecting your privacy and safeguarding your personal data. We’ll only retain your data for as long as is necessary and we’ll always dispose of it safely.

If we’re required by law to share your data with other organisations, such as the government, we do so securely and we don’t share more than we need to. When we ask other companies to process data on our behalf we’ll always make sure they follow similarly high standards. Sometimes we use data to support government initiatives, but any reports that we publish will always be anonymous.

How we use your data

We use your data to ensure we process your transactions safely and securely. It can also help us to personalise your experience and develop new services that we think you’ll like. For example, we use customer spending data to develop our cashback offers, which give you money back on qualifying purchases. Data can also help us to focus on the needs of individuals – we take extra care when dealing with vulnerable customers, and we never send marketing material to children.

Whether it’s to deliver products and services to you and others, or to follow legal requirements, we’ll always be clear and open with you about how and why we’re using your data. And if you need more detail, we’ll always keep our privacy notices where you can find them easily.

How data makes things easier

Sharing some personal data with us is essential for you to be able to use our services securely. For example, it means we can quickly get in touch with you if we think there’s fraud on your account. Knowing more about our customers also means we’ve been able to help them out and provide extra support during difficult times, such as after a major incident.

About the GDPR

The General Data Protection Regulation (GDPR) became effective from 25 May 2018.
Personal data could be used to identify you. It includes your name and contact details, and can also include data about your transactions or your use of our services.

What does the GDPR mean?

The GDPR aims to give you more control of your data. It provides new and strengthened rights.

Right to access – you can ask us whether we’re processing your personal data, including where and for what purpose. You can also request an electronic copy of your personal data free of charge

Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data

Right to rectification – you can ask us to correct inaccurate personal data we hold about you

Right to erasure (right to be forgotten) – in certain circumstances, you can ask us to erase your personal data

Right to data portability – you can ask us to provide you with a copy of your personal data in a commonly used electronic format, so that you can transfer it to other businesses

Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data that produce significant legal effects

Right to lodge a complaint – you can lodge a complaint with your local data protection authority

To read more about the GDPR, please visit the Information Commissioner’s Office website – it’s an independent authority that upholds information rights in the public interest.

Do I need to do anything?

You don’t need to do anything.

We haven’t changed the ways we use your personal data. Our privacy notices provide additional detail about this, in particular

  • Who we are, our contact details and the contact details of our data protection officer
  • The types of personal data we collect about you and, where we don’t collect it from you, who we collect it from
  • The recipients or categories of recipients of your personal data, if any
  • The legal basis for using your personal data
  • Where applicable, if we intend to store, process or transfer your personal data to a third country or international organisation
  • How long we keep your personal data after our relationship with you has ended (for example, after you stop banking with us or using our platforms)
  • Automated decisions we make about you – for example we use technology to help identify that someone else may be using your account without your permission
  • Your rights in relation to the personal data we hold about you


About our privacy notices

We may change our privacy notices and add new privacy notices in the future, so we recommend that you check this page occasionally to ensure that you’re happy with any changes.