Skip to main content

Privacy Notice and Security

Metro Bank is committed to keeping your personal information private and secure.

This policy outlines how we will process your information.

Who are we?

Who are we?

Data Protection Statement Metro Bank PLC. Registered in England and Wales. Company number: 6419578. Registered office: One Southampton Row, London, WC1B 5HA.

The purposes and lawful basis for our collection of personal information

The purposes and lawful basis for our collection of personal information

When you sign up for an account with us we process personal information you provide including contact, residency, employment, income and expenditure details, to enable us to provide a range of banking services (contract & pre-contract). Our lawful basis for processing this data is that you are entering into a contract for the performance of services or that we have a legitimate interest to process the information. Those legitimate interests are: enhancing the services that you receive from us, managing and supporting our staff, and effectively managing our own accounts and records.

We process personal information for crime and fraud prevention and the apprehension and prosecution of offenders (law and financial regulation). We make copies of personal identity evidence that are provided to us for our security, identification and verification purposes. Our lawful basis for processing this personal data is our compliance with our legal obligations and, in particular, our Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations. We cannot provide banking services without this personal information.

We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings.

We will explain this further to you at the point of collection by one of our colleagues. For more information please see section 2 of our Terms and Conditions.

The personal information we hold about you is limited to what you have provided us directly, personal information we’ve received from trusted third parties during eligibility checks and the provision of our services to you, or occasionally personal information which is publicly available.

Examples of how we will collect your information include:

  • Completed application forms and supporting documentation
  • Correspondence received by us e.g. emails, telephone calls, letters and conversations held with colleagues in store
  • Online customer account opening
  • Information provided through social media e.g. Twitter, Youtube

At the end of your relationship with us (for example, if you decide to close your account) we retain your information for as long as required to meet our statutory legal and regulatory requirements. Where retention is based on other reasons we will retain it for no more than 7 years.

Sharing your information

Sharing your information

To enable us to process personal information for the above purposes, we must share personal information with Credit Reference Agencies, Law enforcement, HM Revenue & Customs, Fraud detection organisations, UK Financial Regulators, External Auditors & Accountants and other Financial Service Organisations.

Our credit checks will be recorded by the Credit Reference Agency, and where we must ask if you are resident for tax purposes in another country, we will notify HMRC of that fact. Where we are requested by law enforcement to help investigate or prevent crime or terrorism, and to meet our legal obligations in this area, we share personal information with law enforcement agencies and other organisations.

We will only share your information where:

  • the law or UK financial & data regulatory bodies require us to provide it;
  • HM Revenue & Customs require it;
  • we are required to detect and prevent crime;
  • there are other parties connected to your account i.e. joint accounts;
  • with specific subcontractors who help to provide you with the services you have requested; or
  • to comply with mandatory Governmental data requirements; or
  • you have provided your consent;

 

Joint applications

Joint applications

If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account details (excluding identification material).

Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.

Processing personal data outside of the EU (EEA)

Processing personal data outside of the EU (EEA)

We may occasionally send your data to countries (or international organisations) outside of the European Economic Area (EEA) that are deemed to have adequate data protection by the European Commission. In addition, we may transfer personal information to India & the USA. If we do so, we will ensure that the transfer is made pursuant to the model contract clauses published by the European Commission. A copy of the model contract clauses are available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en. In relation to transfers to the US, we may transfer personal information pursuant to the EU-US Privacy Shield.

Instances where we will transfer your data outside of the EU include:

  • processing international payments;
  • performing identity checks; or
  • disclosures to foreign authorities to reduce financial crime and terrorism.

 

How we use credit reference agencies

How we use credit reference agencies

As a responsible lender, we do perform automated credit scoring during applications. We do this to ensure an independent, objective and consistent approach is taken to only contracting within the banks risk appetite. Our risk-based lending decision is influenced by this risk profile. We are not obliged to accept an application, and you may contact us to reconsider our decision.

If you apply for one of our accounts or credit with us, we will search your record at companies called credit-reference agencies when considering your application.

We may share your personal information with credit-reference agencies:

  • to check your identity and verify the accuracy of the data you provide to us;
  • to assess your creditworthiness and decide if you are eligible for an account, service or facility;
  • to trace and recover debts;
  • to manage your account(s) or
  • to prevent criminal activity, fraud and money laundering

Credit-reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgments and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.

If you apply for one of our current accounts or credit facilities (not cash account), we may use details of your credit history to assess your ability to meet your financial commitments. Credit-reference agencies will record details of your application and our search will form part of your credit history. They will do this whether or not you go ahead with your application. These details will be seen by other organisations that examine your record. Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application.

If you hold a current account with us, we will regularly update the credit-reference agencies with details of the status of your account including:

  • the balance of any overdraft;
  • details of any defaults;
  • changes to your personal information; or
  • any special circumstances that apply to your account.

The credit reference agencies that we use are Experian and Equifax, their addresses are:

Experian Consumer Help Service,
PO Box 9000,
Nottingham
NG80 7WP

Telephone: 0844 481 8000 or log on to www.experian.co.uk

Equifax Ltd
Customer Service Centre
PO Box 10036
Leicester
LE3 4FS

The ways in which they use and share personal information are explained by them in more detail at (same CRAIN document):

Equifax - www.equifax.co.uk/crain
Experian- www.experian.co.uk/crain

Recording our calls

Recording our calls

We regularly record and monitor our telephone calls to help improve the products and services we provide to you.

The reasons we record and monitor calls are:

  • to help improve customer service;
  • to help us meet our legal and regulatory requirements;
  • to help detect and prevent fraud and/or other crimes; and
  • to help us answer your queries and issues. 

Social networking sites

Social networking sites

We maintain an online presence on popular social media websites including (but not limited to) Twitter, LinkedIn and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:

  • social media web pages are not private, please do not share your personal account information on any of the websites, including through the use of private messages;
  • although we do always try to read every message sent to us on social media, we cannot guarantee a response to every message;
  • any pictures you provide on our social media web pages may be used within our internal newsletters; and
  • any information that you provide us with on social media webpages may be retained by the webpage for longer than your relationship with us.

How your information will be used on the page

Use of Cookies for online applications

Use of Cookies for online applications

Cookies are small text files which ask permission to be placed on your computer by websites you visit. Your web browser may allow you to erase the cookies, block all cookies or receive a warning before a cookie is stored. Please refer to your browser instructions or the website below for guidance. However, in some instances, unless the cookies are accepted, parts of our application will not function, fully or at all.  

If you do allow cookies to be used, when you view our application, we will store some cookie files, which will enable us to measure the use of the pages and features on our application and allow you to use some of its functions. The cookie is used to identify your machine and will not contain any data personal to you. We do not make any attempt to find out, by means of the cookies, the identities of those visiting our application. For further information please visit www.allaboutcookies.org.

Google Analytics

Google Analytics

Our application uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies to help us analyse how you use the application. The information generated by cookies about your use of the application (including your IP address) will be transmitted to and stored by Google on servers in the United States.  

Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  

Neither Metro Bank nor Google will associate your IP address with any other data held by Metro Bank or Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

 

Cookie nameWhat is it?
_ga

Used to identify unique visitors

Expires: 1 year+

_gid

Used to identify unique visitors

Expires: 2 years

_gat

Used to throttle rate requests

Expires: 2 years

_utmv* Used to store site visit referral information

Java/ActiveX

Java/ActiveX

The Metro Bank website does not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our website you will not be asked by us if you want to allow a program to run. 

SSL Certificates / Green Bar

SSL Certificates / Green Bar

Metro Bank uses SSL (Secure Sockets Layer) encryption to protect all network traffic between your PC and our systems. All information travelling to and from our website is safe against interception by third parties who might otherwise use that information without your consent.

SSL also protects you by confirming that you are looking at Metro Bank’s website and not a fraudulent site designed to trick you into disclosing your personal information. We use the VeriSign Extended Validation Green Bar to give you the best assurance that you are connected to Metro Bank.

Your information and personal data

Keeping your information up to date

Keeping your information up to date

If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.

Your Rights

Your Rights

You have a right to request access to or rectification of your personal data which we hold about you. You also have the right to erase your personal data, to restrict the processing of your personal data and a right to request that we transmit your personal data to another controller.

Where we process your personal data because you have given us your consent, you have the right to withdraw your consent at any time.

If we determine that your personal data is to be used for a purpose not already notified to you, we will provide you with further information before processing for that new purpose.

If you have any questions about this policy, the use of your personal information or want to exercise any of your rights, please contact our Data Protection Officer at DataProtectionOfficer@metrobank.plc.uk, or please write to "Data Protection" at One Southampton Row, London, WC1B 5HA.

If you are ultimately dissatisfied with our management of your information you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit www.ico.org.uk for more information.