Data Protection Statement Metro Bank PLC. Registered in England and Wales. Company number: 6419578. Registered office: One Southampton Row, London, WC1B 5HA.
When you sign up for an account with us we process personal information you provide including contact, residency, employment, income and expenditure details, to enable us to provide a range of banking services (contract & pre-contract). Our lawful basis for processing this data is that you are entering into a contract for the performance of services or that we have a legitimate interest to process the information. Those legitimate interests are: enhancing the services that you receive from us, managing and supporting our staff, and effectively managing our own accounts and records.
We process personal information for crime and fraud prevention and the apprehension and prosecution of offenders (law and financial regulation). We make copies of personal identity evidence that are provided to us for our security, identification and verification purposes. Our lawful basis for processing this personal data is our compliance with our legal obligations and, in particular, our Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations. We cannot provide banking services without this personal information.
We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings.
We will explain this further to you at the point of collection by one of our colleagues. For more information please see section 2 of our Terms and Conditions.
The personal information we hold about you is limited to what you have provided us directly, personal information we’ve received from trusted third parties during eligibility checks and the provision of our services to you, or occasionally personal information which is publicly available.
Examples of how we will collect your information include:
At the end of your relationship with us (for example, if you decide to close your account) we retain your information for as long as required to meet our statutory legal and regulatory requirements. Where retention is based on other reasons we will retain it for no more than 7 years.
We will only share your personal information where we are required to do so or where you have provided your consent.
We will only share your information where:
If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account details (excluding identification material).
Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.
We may occasionally send your data to countries (or international organisations) outside of the European Economic Area (EEA) that are deemed to have adequate data protection by the European Commission. In addition, we may transfer personal information to India & the USA. If we do so, we will ensure that the transfer is made pursuant to the model contract clauses published by the European Commission. A copy of the model contract clauses are available on the Standard Contractual Clauses page. In relation to transfers to the US, we may transfer personal information pursuant to the EU-US Privacy Shield.
Instances where we will transfer your data outside of the EU include:
As a responsible lender, we do perform automated credit scoring during applications. We do this to ensure an independent, objective and consistent approach is taken to only contracting within the banks risk appetite. Our risk-based lending decision is influenced by this risk profile. We are not obliged to accept an application, and you may contact us to reconsider our decision.
If you apply for one of our accounts or credit with us, we will search your record at companies called credit-reference agencies when considering your application.
We may share your personal information with credit-reference agencies:
Credit-reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgements and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.
If you apply for one of our current accounts or credit facilities (not cash account), we may use details of your credit history to assess your ability to meet your financial commitments. Credit-reference agencies will record details of your application and our search will form part of your credit history. They will do this whether or not you go ahead with your application. These details will be seen by other organisations that examine your record. Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application.
If you hold a current account with us, we will regularly update the credit-reference agencies with details of the status of your account including:
The credit reference agencies that we use are Experian and Equifax, their addresses are:
Experian Consumer Help Service,
PO Box 9000,
Telephone: 0844 481 8000 or log on to www.experian.co.uk
Customer Service Centre
PO Box 10036
The ways in which they use and share personal information are explained by them in more detail at (same CRAIN document):
Equifax - www.equifax.co.uk/crain
We regularly record and monitor our telephone calls to help improve the products and services we provide to you.
The reasons we record and monitor calls are:
We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:
Cookies are small text files which ask permission to be placed on your computer by websites you visit. Your web browser may allow you to erase the cookies, block all cookies or receive a warning before a cookie is stored. Please refer to your browser instructions or the website below for guidance. However, in some instances, unless the cookies are accepted, parts of our application will not function, fully or at all.
If you do allow cookies to be used, when you view our application, we will store some cookie files, which will enable us to measure the use of the pages and features on our application and allow you to use some of its functions. The cookie is used to identify your machine and will not contain any data personal to you. We do not make any attempt to find out, by means of the cookies, the identities of those visiting our application. For further information please visit www.allaboutcookies.org.
Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
|Cookie name||What is it?|
Used to identify unique visitors
Expires: 1 year+
Used to identify unique visitors
Expires: 2 years
Used to throttle rate requests
Expires: 2 years
|_utmv*||Used to store site visit referral information|
The Metro Bank website does not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our website you will not be asked by us if you want to allow a program to run.
Metro Bank uses SSL (Secure Sockets Layer) encryption to protect all network traffic between your PC and our systems. All information travelling to and from our website is safe against interception by third parties who might otherwise use that information without your consent.
SSL also protects you by confirming that you are looking at Metro Bank’s website and not a fraudulent site designed to trick you into disclosing your personal information. We use the VeriSign Extended Validation Green Bar to give you the best assurance that you are connected to Metro Bank.
If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.
You have a right to request access to or rectification of your personal data which we hold about you. You also have the right to erase your personal data, to restrict the processing of your personal data and a right to request that we transmit your personal data to another controller.
Where we process your personal data because you have given us your consent, you have the right to withdraw your consent at any time.
If we determine that your personal data is to be used for a purpose not already notified to you, we will provide you with further information before processing for that new purpose.
If you have any questions about this policy, the use of your personal information or want to exercise any of your rights, please contact our Data Protection Officer at DataProtectionOfficer@metrobank.plc.uk, or please write to "Data Protection" at One Southampton Row, London, WC1B 5HA.
If you are ultimately dissatisfied with our management of your information you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit www.ico.org.uk for more information.
Metro Bank is committed to keeping your personal information private and secure.
This policy outlines how we will process your information.
Who are we?
The purposes and lawful basis for our collection of personal information
Sharing your information
Processing personal data outside of the EU (EEA)