This privacy notice sets out how we will collect and use your personal data and your information rights. Chelsea is a trading name of Yorkshire Building Society. Within this notice, any references to ‘Chelsea’, ‘CBS’, ‘us’, ‘our’ and ‘we’ means ‘YBS’. This notice does not extend to:
To download a copy of this Privacy Notice click here
If you a Share Plans customer, you can find out how we use your personal data in our Share Plans Privacy Notice.
If you are a job applicant, you can find out how we use your personal data in our Applicant Privacy Notice.
If you are an Employee of YBS, you can find out how we use your personal data in our Employee Privacy Notice.
We have also produced a child friendly privacy notice for children and young people.
We are committed to taking good care your personal data and ensuring the highest standards of privacy. If you have any questions about this notice, don’t hesitate to get in touch with us. We’ll be more than happy to help.
An organisation that decides how the personal data it collects and holds is used is called a ‘data controller’. We call this use of personal data ‘processing’ – this includes the collection, storage, analysis, sharing, retention and disposal of personal data. If you’re a member of Chelsea Building Society, the data controller of your personal data is Yorkshire Building Society.
As a Data Controller, we are registered with the Information Commissioner's Office (ICO) - the organisation in the UK that oversees that an organisation is acting accordingly when processing personal data. Our registration numbers are:
In order that we can provide you with a high quality service, deal with your queries, make an assessment on the suitability of our products or services and to enter into a relationship with you, we will need to obtain and use personal data.
If we already hold some of your personal data, for example, if you are already a member, we may not need to collect it again and in such cases, we will make this clear.
You are under no statutory or contractual obligation to provide any personal data to us. However, if you do not provide the information, we may not be able to provide you with our products or services or dal with your queries. We will be also be unable communicate with you effectively.
We collect and use a variety of personal data to run our business and manage our relationship with you. The table below shows the typical categories of personal data we ask you for when you open a saving account take out a mortgage with us with and why we may ask for it. You will find more specific information in the how do we use your personal data section:
Category | What will we collect? | How we may use it |
---|---|---|
General Personal Data |
Name, title, sex, address |
We use this to identify you and:
|
Date of birth and/or age |
We use this to identify you and:
|
|
Nationality |
|
|
Occupation |
We ask you for your profession or occupation, whether you are employed, self-employed or perhaps retired. This helps us determine the eligibility for some products and services and ensures you get the right information when you contact us or visit us in Branch. |
|
National insurance number, passport, driving licence and other national identifiers |
We use this to verify your identity when you apply for a product or job with us and to meet our requirements with Her Majesty’s Revenue and Customs (HMRC) for tax reporting regulations. |
|
Email address and phone number |
We use your email address and phone number to:
|
|
Tax status |
Where applicable, we will use this for identifying your tax status. If you are a tax resident overseas or a US citizen, you are required to complete a declaration and we are obliged to report the information relating to you and your account(s) to HM Revenue and Customs (HMRC). HMRC may share the information with the relevant tax authorities. |
|
Call recordings |
It is important that we provide the best possible service to you. This might mean that we log and record calls you make to us to resolve any discrepancies or issues that inevitably crop up from time to time. We may also record calls for training and monitoring purposes, including meeting our legal obligations. |
|
Smartphone applications and online banking |
In order for you to get the best experience from any digital or mobile app that we may offer, we may ask you for details of your Operating System your phone runs on (e.g. IOS or Android). |
|
Location data |
If you use a digital or mobile app that we offer, we may capture your location data when using this. This will be used so that we can provide you with relevant services and to prevent fraud. |
|
How you interact with us |
We record how you interact with us currently or in the past in order to give you the best service and prevent fraud. This can include whether you have carried out a transaction over the phone, over the internet, by any app or online service we may offer or even a visit to your Branch. |
|
Direct marketing preferences |
We ask you if you wish to receive notifications from us about our products and services that may be of interest to you. We will only do this where we have your explicit consent and will only contact you by methods you have chosen (e.g. phone, text, email). |
|
Mortgages |
Employment status |
We ask you for your profession or occupation, whether you are employed, self-employed or perhaps retired. This helps us determine the eligibility for some products and services and ensures you get the right information when you contact us or visit us in Branch. |
Earnings, income and expenditure and spending habits |
When you apply for a mortgage with us, we use this to determine your earnings so that any lending or access to credit is appropriate and affordable to you. |
|
County Court Judgments (CCJ) and insolvency data |
We collect information in relation to any insolvency proceedings about you, including CCJs in order to inform our lending decision making and provide you with appropriate advice and support. |
|
Residential status, property details and occupancy status |
When you apply for a mortgage with us, we use this information to understand the current and previous properties you have lived at, other properties you own, whether you are an owner, tenant or living with parents. This helps us to provide you with appropriate advice and to inform our lending decisions. |
|
Transaction history and source of funds |
We need to ask you the source of your income or perhaps an amount of cash that you wish to put down as a deposit or paying into (or withdrawing) from an account. This will also help us to detect fraudulent activity on your account and to comply with our regulatory requirements. |
|
Criminal convictions (spent or unspent) and offences |
We will only use information relating to criminal convictions or alleged criminal behaviour where the law allows us to do so. This can arise when it is necessary for us to comply with the law or for another reason where there is a substantial public interest in us doing so. |
|
Share Plans, Sharesave, Share Incentive Scheme |
Employer data |
If you apply for a Share Plans, Sharesave or Share Incentive Plan Scheme with us, we will ask you for your employer details in order for us to open an account for you and to manage our relationship with you. For further details, see the Share Plans privacy notice. |
Insurance |
Property details and occupancy status |
We will use this to understand your circumstances and needs and assess the suitability of products and services you apply for with us or one of our partners. |
Family details, for example, marital status, next of kin, dependents |
We will use this to understand your circumstances and needs and assess the suitability of products and services you apply for with us or one of our partners. |
|
Child Savings Accounts |
Trustee information |
Where a child account is held is trust, we will obtain personal data relating to the trustee to manage our relationship with the trustee and to manage the account(s). |
Birth certificate, passport or other identification |
When an account is opened by or for a child, we will ask for identification to confirm the child’s identity. |
From time to time, we may need to ask for personal data that might seem sensitive. This is known as ‘special category data’. For example, a question about your health, vulnerabilities or whether you have any previous criminal convictions.
In general we do not collect special category data about you, but sometimes the personal data we collect may reveal this. This will, however, be limited to the minimum required. This can include personal data relating to your:
When you apply for certain products with us, such as an insurance or life planning product , we may contact your medical professional representative with your consent to obtain information or confirm a pre-existing medical condition you have informed us of, but we will always explain why we need the information.
We obtain your personal data in the following ways:
Who from? | Details |
---|---|
Directly from you |
We will obtain personal data directly from you:
|
From a third party acting on your behalf |
We may obtain personal data relating to you from third parties as part of the application process for one of our products or services. This can include individuals who are:
If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us. In the event that you’re providing personal data about another individual, we’ll assume that you have told them that you are sharing their details and where they can find more information on how we may process their personal data. |
From other third parties |
As part of our relationship with you, we collect or receive personal data relating to you from certain third parties in order to facilitate our decision making including:
|
In almost all cases, we’ll ask for your explicit consent before collecting special category data unless we are required to by law, there is an overriding public interest, or where we believe you or someone else may be at risk.
If you contact us containing this type of information, then we’ll assume that you’re happy for us to record it – unless you tell us not to. If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.
You have the right to withdraw your consent to us recording and using special category data at any time. This will not affect any use we have made of the information before you withdrew your consent.
We offer savings accounts for children which they can open themselves. The age at which they can do this will depend on the type of account. Any account opened for a child under age 8 can only be held in trust.
If a child opens an account themselves, we will obtain personal data and identification from them (or from their parent/guardian on their behalf). If a child opens an account when they are 16, we will verify their identity electronically, but if this is not possible, we will ask for identification, such as a passport or birth certificate from them.
If an account is opened on the child’s behalf, for example by a parent or family member, we will obtain identification for the child, such as a passport or birth certificate, from the person opening the account in order to verify the child’s identity. If they are not the child’s parent or guardian, we may ask for confirmation they have permission to open an account for the child.
We do not contact children under 16 with details of our products, services and offers, but we may send them birthday greetings if they have an account with us.
Personal data relating to children may be included in applications for products or services we offer to adults, for example where dependants are mentioned in a mortgage application or for an insurance product.
We have produced a child friendly privacy notice to assist children in understanding how we use their personal data and to explain their rights.
From time to time, we might need to collect or use personal data about individuals who aren’t our members. This could include individuals who are:
Who | Why |
---|---|
Brokers and financial advisers, Solicitors, licensed conveyancers and other professional advisers. |
To identify them and to manage our business relationship with them and you. |
Employers (current, past or prospective). |
To confirm your employment status and income received and to obtain data about your relationship with them. |
Lenders and landlords. |
To obtain data about your relationship with them and confirm your residency status and payment history. This will be used to inform our lending decisions. |
Other adults living in the mortgaged property. |
To contact them to inform them of mortgage or additional borrowing application applications and ask them to confirm that they have no claim on the property. |
Other third parties. |
On occasion, individuals may contact us who are not our members. For example, to notify us of a death of a member or make an enquiry. |
We process your personal data for a number of different purposes. When we collect, use, share or hold your personal data, we must have a valid reason to do so (known as a ‘lawful basis’). The table below sets out the different lawful basis we may rely on. You can find out more in the how we use your personal data section.
Lawful basis | Description |
---|---|
Consent |
You have given free and clear consent for us to process your personal data for a specific purpose. |
Contract |
The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract. |
Explicit consent |
You have given explicit consent for us to process your sensitive personal data (special category) for a specific purpose. |
Legal obligation |
The processing is necessary for us to comply with the law or legal requirement. |
Legitimate interests |
The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests. |
We will only process your special category personal data where we have an additional lawful basis. This includes:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We use your personal data stated above for a whole host of reasons. This includes:
Purpose | Why we use your personal data this way | Lawful basis we rely on to process your personal data |
---|---|---|
Managing your enquiry, application and ongoing account management |
We will collect, use, share and keep personal data needed for us to deal with your enquiries, process your applications, provide any illustrations you require, and manage the ongoing administration of your accounts, products and services. This includes keeping your account records up to date and contacting you when needed. You have the right to object to us using your personal data for legitimate interests. |
Contract, legitimate interests |
CCTV |
We use CCTV for the safety and security of our customers and employees throughout our branch network and offices. This may capture personal data such as your image, likeness and voice. Footage may be reviewed by ourselves, or passed to police or law enforcement agencies upon request following any incidents relating to the security and/or safety of individuals and to assist with any ongoing crime investigations. You have the right to object to us using your personal data for legitimate interests. |
Legitimate interests |
Communicating with you via our various channels |
We will use your personal data to communicate with you. This includes via the telephone, email, live chat and social media. It also includes any app we may offer from time to time. You have the right to object to us using your personal data for legitimate interests. |
Contract, legitimate interests |
Competitions, prize draws and interactive features |
We use personal data to manage and run competitions/prize draws for customers, members and the wider public. When we collect personal data for this reason, we use it to administer the competition/draw and notify the winner. If we wish to use the data for any other purpose this information will be provided at the time. You have the right to object to us processing your personal data in this way. |
Legitimate interests
|
Debt recovery purposes |
We collect and use your personal data to:
We’ll process your personal data in this way when it’s necessary to meet the promises we’ve made in the terms and conditions of your product or service, and also when you ask us to carry out activities that need your authorisation (e.g. when you’ve requested for someone to act on your behalf or if you choose to give us information about your health or any criminal convictions). When necessary, we’ll share your personal data with individuals and organisations that you’ve asked to act on your behalf (e.g. Citizens Advice and Debt Advice Charities) as well as credit reference agencies, solicitors, tracing and debt collection agents, home visit agents and debt purchasers. To carry out these activities, we may need to use profiling (where we use your information to categorise groups of members and customers together based on their behaviours and interactions). This helps us make sure that we’re being fair and consistent in the way we treat our members and customers and also to support those who may be experiencing financial difficulty. We may also use your personal data for our legitimate business interests. Rest assured, we’ll always ensure that the way we process your information is safe and not unfair to you. You have the right to object to us processing your personal data for our legitimate interests. |
Legitimate interests |
Enhancing your experience and our products and services |
We collect and use your personal data to help us make our business better, improve products and services and enhance how we engage with members. We use your personal data in this way when it is in our legitimate business interests. Your information and views help us understand the changing needs of our members and customers. We look at you and how you engage with us (e.g. how long you’ve been a member or whether you open our emails), your transactions and how you use our products and services (e.g. the types of accounts you have and how you use our online banking and any digital or mobile app we may offer). Sometimes, we’ll collect personal data you from organisations carrying out market research on our behalf to make sure you had a positive experience in our branch network or call centre, or to ask your opinion on our products and services, or trends in our industry. Then, we structure and analyse this information to consider how you might use our products and services in the future. We may also use your information to categorise groups of members who interact and engage with us in similar ways. You have the right to object to us processing your personal data for our legitimate interests. |
Legitimate interests |
Informing you of our community events and initiatives |
We will use your personal data to enable you to register to receive updates about our community activities or other events we are involved in. |
Consent |
Making checks regarding your financial status |
Sometimes, we’ll need to share your personal data with a credit reference Agency (CRA) to check that a product or service is right for you or to verify your identity as part of an application for a job or role with us. We do this to:
When we ask a credit reference Agency to do a search on our behalf, this may leave a search footprint on your credit file that may be seen by other lenders. This happens whether or not you, or us choose to proceed with the application. If you’re making a joint application, your credit records will be linked together. This creates what’s known as a ‘financial association’ at credit reference agencies. So, you should always discuss and agree this with other applicants before disclosing their information to check that they’re happy to proceed. Information about any financial associations will be shared with other lenders if either of you make a credit application in the future – whether it’s in just your name or together with someone else. There are three key credit reference agencies that we use. Take a look at their Credit Reference Agency Information Notices (CRAINs) to find out more about them, the data they hold (and for how long), the way they use and share your information, how they prevent fraud and your data protection rights. You can find out more about CRAs below:
You have the right to object to us using your personal data for legitimate interests. |
Contract |
Marketing our products and services |
We understand that you may wish to hear from us from time to time about our products or services that we think you’ll find interesting or to keep up to date with the latest developments and news. If you have consented to receiving such communications, we may use the contact details you’ve supplied us to send you marketing information. You can, of course, change your mind at any time and can change your marketing preferences. We’ll never pass on your details to anyone else for their marketing purposes. |
Consent |
Meeting our legal and regulatory obligations |
We’re required to collect and use your personal data in a number of circumstances to meet our legal and regulatory obligations. These include using your personal data to carry out a range of activities that ensure we comply with the requirements set out by our regulators (e.g. Financial Conduct Authority – FCA – and Prudential Regulation Authority – PRA) and in relevant legislation (e.g. Data Protection Legislation and Anti-Money Laundering Regulations). We also disclose information to HMRC and other government bodies when we are required or permitted to do so. |
Legal obligation |
Open banking |
Under the Payment Services Directive (PSD2) you have a right, for certain types of online accounts, to instruct Third Party Payment and Information Providers to facilitate payments and provide aggregation services for your financial information. We have a legal obligation to provide this information, but we will only send your data to these third parties once we have received confirmation from yourself and only to those providers who have the relevant authorisation from the FCA. Your selected data, once authorised by you, is sent through secure means to the authorised third party. You can manage your open banking settings and authorities through your chosen open banking app or online account. |
Legal obligation |
Preventing and detecting fraud and financial crime |
We use and share your personal data with fraud prevention agencies to help prevent financial crime. If required for fraud or criminal investigation reasons, we (and the fraud prevention agencies) may also allow law enforcement agencies to access and use your personal data. We have a legal obligation and legitimate interest to check people’s identity, and identify and prevent financial crime including fraud and money laundering. Sharing your personal data in this way, when necessary, allows us to protect your financial security as well as that of our other members and customers. It also makes sure that we’re complying with the law. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below. You have the right to object to us processing your personal data for our legitimate interests. |
Legal obligation, legitimate interests |
Processing a Decision in Principle |
We will collect, use, share and keep personal data to provide you with a Decision in Principle and to assess, review and process your application. This process involves reviewing your application with the use of financial models and automated systems provided by Credit Reference Agencies and against our lending criteria. This will help us to understand your mortgage application and to assess the affordability of the products and services you apply for. |
Contract |
Profiling |
There may be some circumstances where we use your personal data for profiling. Profiling is used to make automated decisions. This is where we combine your personal data with information about others so that we can:
Profiling your personal data alongside other members and customers also helps us to ensure that we’re providing a consistent service and giving people the best products and advice at the right times. We’ll always make sure the way we process your information is safe and not unfair to you. Where possible, we’ll keep your details anonymous and use your information only to produce statistical reports. This way, you will not be identifiable from the data. You have the right to object to us using your personal data for legitimate interests. |
Legitimate interests |
Providing products and services of our partners |
We use your personal data to provide, introduce or distribute products and services from our partners. Our partners will also collect and use your information to manage the products and services that you have with them. As this then makes them the ‘data controller’, they’ll provide more details on how they process your information at the time when it’s collected by them or shared by us. When selecting our partners, we take appropriate steps to make sure that they have adequate protection in place and that they follow data protection legislation. You have the right to object to us using your personal data for legitimate interests. |
Contract, legitimate interests |
Sending birthday greetings |
We sometimes send birthday cards to children and will l use personal for this purpose. You can request we stop this at any time. You have the right to object to us using your personal data for legitimate interests. |
Legitimate interests |
Social media |
We want you to get the most out of your relationship with us so we use social media and websites to let you know about the products and services we offer that might be of interest to you and to communicate with you if you contact us through this method. We may also use social media services to enhance our services, presence and your customer experience. Your comments, opinions and messages may be used so that we can better understand our customers and improve our products, services and overall customer offering. We will never agree to social media companies or websites sharing or selling your information to third parties You have the right to object to us using your personal data for legitimate interests. If you submit a request, we will stop sending you marketing messages tailored to you. However, you might still receive some general marketing messages from us, but these won’t be targeted to you. If you want to control the adverts you see on social media platforms, you can manage your marketing preferences (including receiving targeted marketing ad) through their settings and privacy pages. You may still see adverts, but these won’t be tailored to you. |
Legitimate interests |
Statistical analysis and reporting |
We use personal data as in order to carry out Data Analysis, Trends and Statistical Reporting. We will only do this using personal data where necessary and if we are unable to use anonymous data. You have the right to object to us using your personal data for legitimate interests. |
Legitimate interests |
Testing our systems and processes |
In order to improve our services and systems, we may use your personal data for testing our systems so that we can make them even better. Using your personal data for testing is necessary for our legitimate business interests as it allows us to maintain and improve the security, integrity and performance of our systems. We have stringent processes in place to keep your personal data safe and we won’t use it in a way that’s unfair to you. When we are unable to use 'masked' or anonymous data (i.e. that which doesn’t identify you), we will aim to :
You have the right to object to us using your personal data for legitimate interests. |
Legitimate interests |
Verifying your identify |
We have a regulatory requirement to confirm the identity of anyone opening an account with us or when they apply for a job or role with us. This upholds our legal obligation to complete necessary due diligence checks to make sure we know our customers and potential employees, helps prevent and detect fraud, prevents identity theft and protects our business. You have the right to object to us using your personal data for legitimate interests. |
Contract, Legal obligation legitimate interests |
We’ll only ask for this type of personal data when we absolutely need to and use it for limited circumstances to:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance where this is required or permitted by law.
There may be circumstances where we use automated decision making using your personal data. We use automated decision making to check that we can enter into an agreement with you, and also carry out our legal and regulatory obligations. Sometimes, it’s required by law (e.g. when complying with UK money laundering regulations).
When you request a Decision in Principle and/or apply for a mortgage with us, you will be taking the steps necessary to enter into a contract with us.
This process involves reviewing your application with the use of financial models, automated systems provided by Credit Reference Agencies (CRAs) and against our full lending criteria. This is to help us better understand your mortgage application and to assess the affordability of the products and services you apply for.
When we do this the CRAs will keep a record of our search, whether or not you proceed with a full mortgage application. This is known as a credit footprint. They do this so that you can see who has looked at your credit report, when it was looked at and why. This record may also be seen by other lenders and could affect your ability to obtain future credit.
We will use automated decision making to:For automated decision making, we use information that we’ve collected or hold about you from your applications. Sometimes, we might also use information from other sources such as credit reference or fraud prevention agencies – but we check this against the information you give us.
There may be occasions where we need to share your personal data with external partners or organisations. The table below provides details on who we share personal data with and the reasons why:
Who | Reason |
---|---|
Accord Mortgages |
|
Adult occupiers (for mortgages) |
|
Claims Management Companies |
|
Courts and tribunals |
|
Credit reference agencies (CRAs) |
|
Data processors |
|
Debt recovery agencies |
|
Direct marketing providers |
|
Employers (past and present) |
|
Financial advisers |
|
Fraud prevention agencies (e.g. CIFAS and National Hunter) |
|
Government bodies providing financial assistance (for example, Homes England or Help to Buy (Wales) Limited) |
|
HM Revenue and Customs (HMRC) and other tax authorities |
|
Insurers and reinsurers |
|
Joint account holders, including former, current and/or future account holders and trustees (where authorised to operate the account) |
|
Law enforcement agencies |
|
Market research providers |
|
Medical professionals or representatives |
|
Mortgage Guarantors or potential guarantors and their legal representatives |
|
Other financial institutions |
|
Referees |
|
Regulators e.g. Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO) |
|
Social Media providers |
|
Solicitors, licensed conveyancers, valuers, panel managers and other professional advisers |
|
Third Party Payment Providers (TPPPs) |
|
UK Financial Services Compensation Scheme Financial Ombudsman Scheme |
|
We have a relationship or partnership with the following organisations and may share your personal data with the companies listed below associated purposes. All companies we work with are assessed for adequacy of their security controls, so you know your personal data is safe.
Organisation | Purpose |
---|---|
Accord Mortgages |
To provide mortgage intermediary services. |
Acoustic Marketing UK Ltd |
To provide email communication services. |
AIG Life Limited |
To provide life insurance and critical illness insurance. |
Cardif Pinnacle |
To provide mortgage payment insurance and short term income protection. |
CIFAS |
To provide fraud prevention and tracing activities. |
Engage Mutual Assurance |
To provide Child Trust Fund services. |
Experian |
To provide ID and tracing services. |
Fairmead Insurance Limited (formerly Legal & General Insurance Limtited) |
To provide mortgage-linked life insurance. |
Gemalto |
To provide card and PIN Services. |
ICR Speech Solutions and Services Limited |
To provide text messaging services (SMS). |
Investec |
To provide share dealing services. |
LMS Conveyancing |
To provide conveyancing services for fees assisted products. |
National Hunter Limited |
To provide fraud prevention and tracing activities. |
Optima Legal Services |
To provide re-mortgage services. |
Paragon Customer Communications (London) Ltd |
To provide printing and communication services. |
Royal and Sun Alliance Insurance |
To provide household insurance services. |
Salary Finance |
To provide financial wellbeing benefits. |
Sign Live |
To provide British Sign Language interpreter services. |
Stocktrade |
To provide share dealing services. |
United Legal Services |
To provide conveyancing services. |
VST |
To provide documents in alternative formats. |
If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your personal data.
There may be some circumstances where we may transfer your personal data to countries outside the UK when:
When working with our suppliers and/or transferring personal data to countries outside the UK, we take appropriate steps to ensure that there is adequate protection and controls are in place and that data protection legislation is followed.
This could be by:
If you would like more information on this, please contact us.
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our aim is to keep your personal data only for as long as we need to, in order to manage your relationship with us and comply with legal and regulatory requirements. When determining retention periods, we consider the following:
The table below provides details on how long we will retain your personal data for:
Category | Retention Period |
---|---|
CCTV |
We will retain CCTV footage for up to 3 months from the date taken in relation to CCTV images at our Head Office sites and branch network for crime prevention and public safety purposes. |
Competitions/Prize Draws |
We will keep details of the competitions and/or prize draws you enter for up to 6 months after the end of the competition and/or prize draw, unless otherwise stated in the competition/prize draw information we provide at the time. |
Complaints |
If you make a complaint to us, we will retain your personal data in relation to the complaint for up to 6 years after the closure of a complaint to meet our legal and regulatory obligations and to manage any escalation to the Financial Ombudsman Service (FOS). |
Fraud prevention data |
Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held by us for up to 6 years from the end of our relationship with you. |
General enquiries |
If you contact us with a general enquiry, via email, phone, post or in personal (e.g. in Branch), we will retain your personal data for up to 6 months from the date the information was obtained in order to allow time for you to open an account, product or service and for us to respond to further queries from you. If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received. |
Job Applications |
If you apply for a job or role with us, but are unsuccessful, we will retain any job applications for up to 1 year from the date the unsuccessful candidate is notified to allow us to deal with any queries. See our Applicant Privacy Notice for more details. If you are you are a successful applicant, we may retain your application in your employee record for up to 6 years from the date our relationship ends. |
Marketing preferences |
If you have opted to receive marketing information from us, we will retain your preferences for up to 3 years in relation to the methods you have chosen to be contacted unless you tell us otherwise. |
Mortgage Account - where potential customer has applied for a product, but the application does not complete |
If you apply for a mortgage product, but the application does not progress to opening, we will keep details of your application, including results of any credit search for up to 10 years from the date the application was received to help us better understand your mortgage application, to assess the affordability of the products and services you apply for and deal with your queries. |
Mortgage Account - where potential customer has applied for a product and the application completes |
Where you apply for a mortgage product and the application completes, we will keep details of your application, including results of any credit search for up to 10 years from the date the from the end of the relationship with you to meet our legal and regulatory obligations and deal with your queries. |
Mortgage Account - general enquiries where potential customer has not applied for a product |
If you make a general enquiry in relation to a mortgage account, but do not apply for a product, we will keep your personal data for up to 6 months from the date the information was obtained to deal with your queries. If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent. |
Power of Attorney information |
We will retain this indefinitely to deal with your queries or concerns. |
Savings Account - where potential customer has applied for a product and opens an account |
Where you apply for a savings product and open an account, we will keep details of your application, including results of any credit search for up to 10 years from the end of the relationship with you to meet our legal and regulatory obligations and deal with your queries. |
Savings Account - general enquiries where potential customer has not applied for a product |
If you make a general enquiry in relation to a savings account but do not apply for a product, we will keep your personal data for up to 6 months from the date the information was obtained, to deal with your queries. If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent. |
Savings Account – where potential customer has applied for a product, but does not open an account. |
Where you applied for a savings product and the application does not open an account, we will keep your personal data for up to 6 months from the date the information was obtained, to deal with your queries. If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent. |
We may keep your personal data for longer than indicated if we cannot delete it for legal, regulatory or technical reasons. We may also keep it for research or statistical purposes. If we do, we’ll make sure that your privacy is protected and only use it for those specified purposes.
The simplest and quickest way to request this information is by completing our simple Online Request Form.
Alternatively you can call us, visit us at a YBS branch or agency, or write to us at the address below.
There are a number of rights you have in regard to the personal information we hold about you. You can submit an information request on any of the rights listed below.
Right | Description |
---|---|
Request to be informed about how we process your personal data. | You have the right to be informed about the collection and use of your personal data. |
Request access to your personal data (commonly known as a “data subject access request”). | This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. |
Request rectification/correction of the personal data that we hold about you. | This enables you to have any incomplete or inaccurate data corrected. |
Request erasure of your personal data. | This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object. |
Object to processing of your personal data. | You can object to us using your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. |
Request the restriction of processing of your personal data. | This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it. |
Request the transfer of your personal data to another party. | In certain circumstances, you have the right to ask us to transfer a copy of some of your personal data to you or to a new data controller (e.g. another financial provider or comparison website). |
Right to withdraw your consent | Where we rely on your consent to process any of your personal data, you have a right to withdraw that consent at any time. This will not affect any use we have made of the information before you withdrew your consent. |
Object to automated decision making /Profiling | In certain circumstances, you have the right to ask for an automated decision (such as a lending decision made by a machine) to be reviewed by a human. |
Complain to the Regulator | You have the right to make a complaint to the Supervisory Authority. In the UK, this is the Information Commissioner’s Office (ICO). You can find out how to contact the ICO below. |
Whilst we make every effort to ensure your data is correct, we kindly request that you help us by reporting any inaccuracies or discrepancies at the earliest opportunity. It your responsibility to keep us informed of any change of your circumstances including any name changes, alternative contact details or change of address. If you were introduced to us by a broker or other intermediary who is a data controller in their own right, you should contact them separately.
You can update your details:
You can update your name and date of birth by sending us a secure message. We may ask for proof of your ID as part of this process.
It is possible to update some personal details over the phone. You can find out by calling:
You can change your marketing preferences and how we contact you in relation to new products and services by logging onto your online account, by calling the numbers above, or by visiting any branch or agency. We will not sell your details to other companies, but we may use marketing agents to act on our behalf.
If you subscribe to one of our special customer services e.g. our Savings Pledges—to be kept informed of new savings accounts by email, we will use these details for this service until you unsubscribe from this service and these details will be removed. These services are not linked to and do not affect the marketing permissions and other details you have registered with us.
In order to improve your online experience with us, we use cookies. To find out more about cookies, the types of cookies we use, how we use them and how to manage your preferences, please see our cookies policy.
If you have any concerns about how we collect, use, share or keep your personal data, you think there has been a breach, or you have a question or concern about anything in this notice, you may contact our Data Protection Officer (DPO) using the details below:
Data Protection Officer
Yorkshire House
Yorkshire Drive
Bradford
West Yorkshire
BD5 8LJ
You have a right to complain to the Information Commissioner’s Office (ICO) if you have any concerns about how we collect, use, share or keep your personal data. You may contact them at:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Web: ico.org.uk
We regularly review and, where necessary, update our privacy information contained within this notice. This was last updated on 21 April 2021.
Select the cookies that you are happy for us to collect in order to personalise and enhance your experience.
Your preferences will be valid for 12 months. You can review your choices at any time in your browser settings. To find out how to manage your cookies and what information is being collected read our cookie policy
Essential for performance. These allow you to browse and navigate our website.
Used to understand how people use our website. These allow us to track users through the site so we can make informed decisions on improvements.
Used to try and understand which of our products and services are relevant to you.