[x close]

Your Privacy

Introduction

This privacy notice sets out how we will collect and use your personal data and your information rights. Chelsea is a trading name of Yorkshire Building Society. Within this notice, any references to ‘Chelsea’, ‘CBS’, ‘us’, ‘our’ and ‘we’ means ‘YBS’. This notice does not extend to:

  • our subsidiary company Accord Mortgages Limited. You can find out more about how Accord Mortgages Limited uses your personal information by visiting their website www.accordmortgages.com.
  • other organisations, such as any external websites you may access from our website. Other organisations may inform you how they use your personal data.

To download a copy of this Privacy Notice click here

If you a Share Plans customer, you can find out how we use your personal data in our Share Plans Privacy Notice.

If you are a job applicant, you can find out how we use your personal data in our Applicant Privacy Notice.

If you are an Employee of YBS, you can find out how we use your personal data in our Employee Privacy Notice.

We have also produced a child friendly privacy notice for children and young people.

We are committed to taking good care your personal data and ensuring the highest standards of privacy. If you have any questions about this notice, don’t hesitate to get in touch with us. We’ll be more than happy to help.

Data Controller

An organisation that decides how the personal data it collects and holds is used is called a ‘data controller’. We call this use of personal data ‘processing’ – this includes the collection, storage, analysis, sharing, retention and disposal of personal data. If you’re a member of Chelsea Building Society, the data controller of your personal data is Yorkshire Building Society.

As a Data Controller, we are registered with the Information Commissioner's Office (ICO) - the organisation in the UK that oversees that an organisation is acting accordingly when processing personal data. Our registration numbers are:

  • Z9006086
  • Z5217596
.
Why do we need your personal data?

In order that we can provide you with a high quality service, deal with your queries, make an assessment on the suitability of our products or services and to enter into a relationship with you, we will need to obtain and use personal data.

If we already hold some of your personal data, for example, if you are already a member, we may not need to collect it again and in such cases, we will make this clear.

.
What if you do not provide personal data?

You are under no statutory or contractual obligation to provide any personal data to us. However, if you do not provide the information, we may not be able to provide you with our products or services or dal with your queries. We will be also be unable communicate with you effectively.

.
What personal data do we collect?

We collect and use a variety of personal data to run our business and manage our relationship with you.  The table below shows the typical categories of personal data we ask you for when you open a saving account take out a mortgage with us with and why we may ask for it. You will find more specific information in the how do we use your personal data section:

Category

What will we collect?

How we may use it

General Personal Data

Name, title, sex, address

We use this to identify you and:

  • To open and manage your accounts and relationship with us.
  • To provide products and services of our partners.
  • To provide you with support and for debt recovery purposes.
  • To enhance your experience and our products and services.
  • To share relevant marketing about our products and services.
  • To meet our legal and regulatory obligations.
  • To process your application for any job you apply for with us.
  • Inform you of any meetings such as the Annual General Meeting (AGM) and facilitate voting.

Date of birth and/or age

We use this to identify you and:

  • To open and manage your accounts and relationship with us.
  • To confirm your age.
  • To meet our legal and regulatory obligations.
  • To process your application for any job you apply for with us.

Nationality

  • To meet our legal and regulatory obligations.
  • To open and manage your accounts and relationship with us.

Occupation

We ask you for your profession or occupation, whether you are employed, self-employed or perhaps retired. This helps us determine the eligibility for some products and services and ensures you get the right information when you contact us or visit us in Branch.

National insurance number, passport, driving licence and other national identifiers

We use this to verify your identity when you apply for a product or job with us and to meet our requirements with Her Majesty’s Revenue and Customs (HMRC) for tax reporting regulations.

Email address  and phone number

We use your email address and phone number to:

  • Enable you to register for an online account (‘e-enable’).
  • Enable you to register for any App we may offer from time to time.
  • Contact you about your account(s).
  • Inform you of any meetings such as the Annual General Meeting (AGM) and to facilitate voting.
  • Send you marketing information (where you have consented).
  • Enable you to register your interests for new product or service updates that we may offer.
  • Enable you to register to receive updates about our community activities or other events we are involved in.
  • Process any job applications you have with us.
  • Run and administer competitions/prize draws which you have entered and to notify the winner.

Tax status

Where applicable, we will use this for identifying your tax status. If you are a tax resident overseas or a US citizen, you are required to complete a declaration and we are obliged to report the information relating to you and your account(s) to HM Revenue and Customs (HMRC). HMRC may share the information with the relevant tax authorities.

Call recordings

It is important that we provide the best possible service to you. This might mean that we log and record calls you make to us to resolve any discrepancies or issues that inevitably crop up from time to time.  We may also record calls for training and monitoring purposes, including meeting our legal obligations.

Smartphone applications and online banking

In order for you to get the best experience from any digital or mobile app that we may offer, we may ask you for details of your Operating System your phone runs on (e.g. IOS or Android).

Location data

If you use a digital or mobile app that we offer, we may capture your location data when using this. This will be used so that we can provide you with relevant services and to prevent fraud.

How you interact with us

We record how you interact with us currently or in the past in order to give you the best service and prevent fraud.  This can include whether you have carried out a transaction over the phone, over the internet, by any app or online service we may offer or even a visit to your Branch.

Direct marketing preferences

We ask you if you wish to receive notifications from us about our products and services that may be of interest to you. We will only do this where we have your explicit consent and will only contact you by methods you have chosen (e.g. phone, text, email).

Mortgages

Employment status

We ask you for your profession or occupation, whether you are employed, self-employed or perhaps retired. This helps us determine the eligibility for some products and services and ensures you get the right information when you contact us or visit us in Branch.

Earnings, income and expenditure and  spending habits

When you apply for a mortgage with us, we use this to determine your earnings so that any lending or access to credit is appropriate and affordable to you.
We ask you about your other sources of income including pension payments or benefits you may receive.  We use this to assess how you manage account payments and credit.
We will use this information where to enable us to provide support as part of our collections process.

County Court Judgments (CCJ) and insolvency data

We collect information in relation to any insolvency proceedings about you, including CCJs in order to inform our lending decision making and provide you with appropriate advice and support.

Residential status, property details and occupancy status

When you apply for a mortgage with us, we use this information to understand the current and previous properties you have lived at, other properties you own, whether you are an owner, tenant or living with parents. This helps us to provide you with appropriate advice and to inform our lending decisions.

Transaction history and source of funds

We need to ask you the source of your income or perhaps an amount of cash that you wish to put down as a deposit or paying into (or withdrawing) from an account.  This will also help us to detect fraudulent activity on your account and to comply with our regulatory requirements.

Criminal convictions (spent or unspent) and offences

We will only use information relating to criminal convictions or alleged criminal behaviour where the law allows us to do so.

This can arise when it is necessary for us to comply with the law or for another reason where there is a substantial public interest in us doing so.
Less commonly, we will, if necessary, use information relating to criminal convictions or alleged criminal behaviour where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

Share Plans, Sharesave, Share Incentive Scheme

Employer data

If you apply for a Share Plans, Sharesave or Share Incentive Plan Scheme with us, we will ask you for your employer details in order for us to open an account for you and to manage our relationship with you.  For further details, see the Share Plans privacy notice.

Insurance

Property details and occupancy status

We will use this to understand your circumstances and needs and assess the suitability of products and services you apply for with us or one of our partners.

Family details, for example, marital status, next of kin, dependents

We will use this to understand your circumstances and needs and assess the suitability of products and services you apply for with us or one of our partners.

Child Savings Accounts

Trustee information

Where a child account is held is trust, we will obtain personal data relating to the trustee to manage our relationship with the trustee and to manage the account(s).

Birth certificate, passport or other identification

When an account is opened by or for a child, we will ask for identification to confirm the child’s identity.

.
Special Category Data

From time to time, we may need to ask for personal data that might seem sensitive. This is known as ‘special category data’. For example, a question about your health, vulnerabilities or whether you have any previous criminal convictions.

In general we do not collect special category data about you, but sometimes the personal data we collect may reveal this. This will, however, be limited to the minimum required. This can include personal data relating to your:

  • race or ethnicity
  • trade union membership (only where you have mentioned this in your application e.g. where you list being a union representative in “positions of responsibility”)
  • health, including any medical condition, health and sickness
  • biometric data
  • criminal convictions and offences.

When you apply for certain products with us, such as an insurance or life planning product , we may contact your medical professional representative with your consent to obtain information or confirm a pre-existing medical condition you have informed us of, but we will always explain why we need the information.

.
Where do we obtain personal data from?

We obtain your personal data in the following ways:

Who from?

Details

Directly from you

We will obtain personal data directly from you:

  • When you apply for our products or services online or on the phone.
  • When update your information online, in branch or over the phone (such as when you change your address).
  • When you visit us in branch.
  • When you speak to us on the phone (we may record some calls for training and quality purposes).
  • When using our websites, online web chat services and any digital or mobile app we may offer now or in the future
  • When you send us in letters, emails or other documents.
  • When we use information that you’ve made public, such as social media content or when you interact with our social media profiles.
  • When you apply for a job with us (see our Applicant Privacy Notice).

From a third party acting on your behalf

We may obtain personal data relating to you from third parties as part of the application process for one of our products or services. This can include individuals who are:

  • a joint applicant on an account you hold or are applying for
  • a trustee on an account
  • a parent
  • a guardian
  • a nominated representative
  • acting under a Power of Attorney or similar authority
  • a mortgage broker or mortgage intermediary (such as Accord Mortgages) who is acting on your behalf.

 

If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.

In the event that you’re providing personal data about another individual, we’ll assume that you have told them that you are sharing their details and where they can find more information on how we may process their personal data.

From other third parties

As part of our relationship with you, we collect or receive personal data relating to you from certain third parties in order to facilitate our decision making including:

  • Current and former employers.
  • Referees.
  • Housing Associations.
  • Royal Mail (UK postal addresses).
  • Local Authorities (electoral roll).
  • The Insolvency Service.
  • Companies’ House.
  • Housing associations and landlords
  • Court and tribunal Service
  • Credit reference agencies.
  • Government bodies and agencies.
  • HM Revenue and Customs and other tax authorities.
  • Regulators, such as ICO, FCA and PRA.
  • Law enforcement agencies.
  • Fraud prevention agencies.
  • Insurers.
  • Financial advisers.
  • Land agents.
  • Card associations.
  • Retailers.
  • Comparison websites.
  • Market research providers.
  • Tracing and debt recovery agents.
  • Organisations providing data services to support us in managing our relationship with you and operating our business.
.
How do we collect special category data?

In almost all cases, we’ll ask for your explicit consent before collecting special category data unless we are required to by law, there is an overriding public interest, or where we believe you or someone else may be at risk.

If you contact us containing this type of information, then we’ll assume that you’re happy for us to record it – unless you tell us not to. If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us.

You have the right to withdraw your consent to us recording and using special category data at any time. This will not affect any use we have made of the information before you withdrew your consent.

.
Personal data relating to children

We offer savings accounts for children which they can open themselves. The age at which they can do this will depend on the type of account. Any account opened for a child under age 8 can only be held in trust.

If a child opens an account themselves, we will obtain personal data and identification from them (or from their parent/guardian on their behalf). If a child opens an account when they are 16, we will verify their identity electronically, but if this is not possible, we will ask for identification, such as a passport or birth certificate from them.

If an account is opened on the child’s behalf, for example by a parent or family member, we will obtain identification for the child, such as a passport or birth certificate, from the person opening the account in order to verify the child’s identity. If they are not the child’s parent or guardian, we may ask for confirmation they have permission to open an account for the child.

We do not contact children under 16 with details of our products, services and offers, but we may send them birthday greetings if they have an account with us.

Personal data relating to children may be included in applications for products or services we offer to adults, for example where dependants are mentioned in a mortgage application or for an insurance product.

We have produced a child friendly privacy notice to assist children in understanding how we use their personal data and to explain their rights.

.
Collecting personal data about individuals who are not a customer or member

From time to time, we might need to collect or use personal data about individuals who aren’t our members. This could include individuals who are:

Who

Why

Brokers and financial advisers, Solicitors, licensed conveyancers and other professional advisers.

To identify them and to manage our business relationship with them and you.

Employers (current, past or prospective).

To confirm your employment status and income received and to obtain data about your relationship with them.

Lenders and landlords.

To obtain data about your relationship with them and confirm your residency status and payment history. This will be used to inform our lending decisions.

Other adults living in the mortgaged property.

To contact them to inform them of mortgage or additional borrowing application applications and ask them to confirm that they have no claim on the property.

Other third parties.

On occasion, individuals may contact us who are not our members. For example, to notify us of a death of a member or make an enquiry.
We may also from time to time capture third party details in documents and this can include where individuals have ‘witnessed’ a documents and provided a name or address. 
We may retain this information but will not process this in any other way.

.
Lawful basis for processing personal data

We process your personal data for a number of different purposes. When we collect, use, share or hold your personal data, we must have a valid reason to do so (known as a ‘lawful basis’).  The table below sets out the different lawful basis we may rely on.  You can find out more in the how we use your personal data section.

Lawful basis

Description

Consent

You have given free and clear consent for us to process your personal data for a specific purpose.

Contract

The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.

Explicit consent

You have given explicit consent for us to process your sensitive personal data (special category) for a specific purpose.

Legal obligation

The processing is necessary for us to comply with the law or legal requirement.

Legitimate interests

The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests. 

.
Lawful basis for processing Special category data

We will only process your special category personal data where we have an additional lawful basis. This includes:

  • Where we need to carry out our legal obligations or exercise rights in connection your application for an account with us.
  • Where it is needed in the public interest: for example, we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equality and diversity monitoring and reporting.
  • With your explicit written consent. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
  • Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

.
How do we use your personal data?

We use your personal data stated above for a whole host of reasons.  This includes:

Purpose

Why we use your personal data this way

Lawful basis we rely on to process your personal data

Managing your enquiry, application and ongoing account management

We will collect, use, share and keep personal data needed for us to deal with your enquiries, process your applications, provide any illustrations you require, and manage the ongoing administration of your accounts, products and services. This includes keeping your account records up to date and contacting you when needed.

You have the right to object to us using your personal data for legitimate interests.

Contract, legitimate interests

CCTV

We use CCTV for the safety and security of our customers and employees throughout our branch network and offices. This may capture personal data such as your image, likeness and voice.

Using CCTV in our branches is necessary for our legitimate business interests. It helps us provide a safe and secure environment for people who visit us or carry out business in our premises. It also supports us in detecting and deterring any criminal activity.

Footage may be reviewed by ourselves, or passed to police or law enforcement agencies upon request following any incidents relating to the security and/or safety of individuals and to assist with any ongoing crime investigations.

You have the right to object to us using your personal data for legitimate interests.

Legitimate interests

Communicating with you via our various channels

We will use your personal data to communicate with you. This includes via the telephone, email, live chat and social media. It also includes any app we may offer from time to time.

You have the right to object to us using your personal data for legitimate interests.

Contract, legitimate interests

Competitions, prize draws and interactive features

We use personal data to manage and run competitions/prize draws for customers, members and the wider public.

When we collect personal data for this reason, we use it to administer the competition/draw and notify the winner. If we wish to use the data for any other purpose this information will be provided at the time.

You have the right to object to us processing your personal data in this way.

Legitimate interests

 

 

Debt recovery purposes

We collect and use your personal data to:

  • Assess the likelihood that your circumstances have changed.
  • Work with you through challenging times, by understanding and supporting your needs.
  • Recover any outstanding money owed to us (this could include trying to locate you).
  • Help us decide on any further action we may need to take in order to recover money owed (e.g. whether we need to consider legal action or using a debt recovery agent).

 

We’ll process your personal data in this way when it’s necessary to meet the promises we’ve made in the terms and conditions of your product or service, and also when you ask us to carry out activities that need your authorisation (e.g. when you’ve requested for someone to act on your behalf or if you choose to give us information about your health or any criminal convictions).

When necessary, we’ll share your personal data with individuals and organisations that you’ve asked to act on your behalf (e.g. Citizens Advice and Debt Advice Charities) as well as credit reference agencies, solicitors, tracing and debt collection agents, home visit agents and debt purchasers.

To carry out these activities, we may need to use profiling (where we use your information to categorise groups of members and customers together based on their behaviours and interactions). This helps us make sure that we’re being fair and consistent in the way we treat our members and customers and also to support those who may be experiencing financial difficulty.

We may also use your personal data for our legitimate business interests. Rest assured, we’ll always ensure that the way we process your information is safe and not unfair to you.

You have the right to object to us processing your personal data for our legitimate interests.

Legitimate interests

Enhancing your experience and our products and services

We collect and use your personal data to help us make our business better, improve products and services and enhance how we engage with members.

We use your personal data in this way when it is in our legitimate business interests. Your information and views help us understand the changing needs of our members and customers. 

We look at you and how you engage with us (e.g. how long you’ve been a member or whether you open our emails), your transactions and how you use our products and services (e.g. the types of accounts you have and how you use our online banking and any digital or mobile app we may offer).

Sometimes, we’ll collect personal data you from organisations carrying out market research on our behalf to make sure you had a positive experience in our branch network or call centre, or to ask your opinion on our products and services, or trends in our industry.

Then, we structure and analyse this information to consider how you might use our products and services in the future. We may also use your information to categorise groups of members who interact and engage with us in similar ways.

You have the right to object to us processing your personal data for our legitimate interests.

Legitimate interests

Informing you of our community events and initiatives

We will use your personal data to enable you to register to receive updates about our community activities or other events we are involved in.

Consent

Making checks regarding your financial status

Sometimes, we’ll need to share your personal data with a credit reference Agency (CRA) to check that a product or service is right for you or to verify your identity as part of an application for a job or role with us.

We do this to:

  • Assess your creditworthiness, and consider whether we believe you can afford to take out a product or service with us.
  • Confirm your income and outgoings.
  • Check the information you’ve provided to us is accurate.
  • Prevent criminal activity and financial crime including fraud and money laundering.
  • Manage your ongoing relationship with us.
  • Trace and recover debts.
  • Make sure any offers we propose are appropriate (when we have the right to do so).
  • Verify your identity as part of the application process for a job or role with us.

 

When we ask a credit reference Agency to do a search on our behalf, this may leave a search footprint on your credit file that may be seen by other lenders. This happens whether or not you, or us choose to proceed with the application.

If you’re making a joint application, your credit records will be linked together. This creates what’s known as a ‘financial association’ at credit reference agencies. So, you should always discuss and agree this with other applicants before disclosing their information to check that they’re happy to proceed. 

Information about any financial associations will be shared with other lenders if either of you make a credit application in the future – whether it’s in just your name or together with someone else.

There are three key credit reference agencies that we use. Take a look at their Credit Reference Agency Information Notices (CRAINs) to find out more about them, the data they hold (and for how long), the way they use and share your information, how they prevent fraud and your data protection rights.

You can find out more about CRAs below:

 

 

You have the right to object to us using your personal data for legitimate interests.

Contract

Marketing our products and services

We understand that you may wish to hear from us from time to time about our products or services that we think you’ll find interesting or to keep up to date with the latest developments and news.

If you have consented to receiving such communications, we may use the contact details you’ve supplied us to send you marketing information.  You can, of course, change your mind at any time and can change your marketing preferences.

We’ll never pass on your details to anyone else for their marketing purposes.

Consent

Meeting our legal and regulatory obligations

We’re required to collect and use your personal data in a number of circumstances to meet our legal and regulatory obligations.

These include using your personal data to carry out a range of activities that ensure we comply with the requirements set out by our regulators (e.g. Financial Conduct Authority – FCA – and Prudential Regulation Authority – PRA) and in relevant legislation (e.g. Data Protection Legislation and Anti-Money Laundering Regulations).  We also disclose information to HMRC and other government bodies when we are required or permitted to do so.

Legal obligation

Open banking

Under the Payment Services Directive (PSD2) you have a right, for certain types of online accounts, to instruct Third Party Payment and Information Providers to facilitate payments and provide aggregation services for your financial information.

We have a legal obligation to provide this information, but we will only send your data to these third parties once we have received confirmation from yourself and only to those providers who have the relevant authorisation from the FCA. Your selected data, once authorised by you, is sent through secure means to the authorised third party.

You can manage your open banking settings and authorities through your chosen open banking app or online account.

Legal obligation

Preventing and detecting fraud and financial crime

We use and share your personal data with fraud prevention agencies to help prevent financial crime. If required for fraud or criminal investigation reasons, we (and the fraud prevention agencies) may also allow law enforcement agencies to access and use your personal data.

We have a legal obligation and legitimate interest to check people’s identity and prevent financial crime including fraud and money laundering. Sharing your personal data in this way, when necessary, allows us to protect your financial security as well as that of our other members and customers. It also makes sure that we’re complying with the law.

You have the right to object to us using your personal data for legitimate interests.

Legal obligation, legitimate interests

Processing a Decision in Principle

We will collect, use, share and keep personal data to provide you with a Decision in Principle and to assess, review and process your application.

This process involves reviewing your application with the use of financial models and automated systems provided by Credit Reference Agencies and against our lending criteria.

This will help us to understand your mortgage application and to assess the affordability of the products and services you apply for.

Contract

Profiling

There may be some circumstances where we use your personal data for profiling. 

Profiling is used to make automated decisions. This is where we combine your personal data with information about others so that we can:

  • Understand trends, traits and behaviours.
  • Make predictions about how you might use our products and services in the future.
  • Analyse data to improve our service and generate alerts (e.g. where we suspect that you may be the victim of financial crime).

 

Profiling your personal data alongside other members and customers also helps us to ensure that we’re providing a consistent service and giving people the best products and advice at the right times.

We’ll always make sure the way we process your information is safe and not unfair to you. Where possible, we’ll keep your details anonymous and use your information only to produce statistical reports. This way, you will not be identifiable from the data.

You have the right to object to us using your personal data for legitimate interests.

Legitimate interests

Providing products and services of our partners

We use your personal data to provide, introduce or distribute products and services from our partners. 

Our partners will also collect and use your information to manage the products and services that you have with them. As this then makes them the ‘data controller’, they’ll provide more details on how they process your information at the time when it’s collected by them or shared by us.

When selecting our partners, we take appropriate steps to make sure that they have adequate protection in place and that they follow data protection legislation.

You have the right to object to us using your personal data for legitimate interests.

Contract, legitimate interests

Sending birthday greetings

We sometimes send birthday cards to children and will l use personal for this purpose.  You can request we stop this at any time.

You have the right to object to us using your personal data for legitimate interests.

Legitimate interests

Social media

We want you to get the most out of your relationship with us so we use social media and websites to let you know about the products and services we offer that might be of interest to you and to communicate with you if you contact us through this method.

We may also use social media services to enhance our services, presence and your customer experience. Your comments, opinions and messages may be used so that we can better understand our customers and improve our products, services and overall customer offering.
We may do this by matching the personal details we hold about you, such as your email address, with the details social media companies or websites hold about you. This is done in a controlled, anonymous way so your identity is never revealed.  By doing this, social media and websites can share tailored marketing messages with you about our products and services.

We will never agree to social media companies or websites sharing or selling your information to third parties

You have the right to object to us using your personal data for legitimate interests.

If you submit a request, we will stop sending you marketing messages tailored to you. However, you might still receive some general marketing messages from us, but these won’t be targeted to you.

If you want to control the adverts you see on social media platforms, you can manage your marketing preferences (including receiving targeted marketing ad) through their settings and privacy pages. You may still see adverts, but these won’t be tailored to you.

Legitimate interests

Statistical analysis and reporting

We use personal data as in order to carry out Data Analysis, Trends and Statistical Reporting. We will only do this using personal data where necessary and if we are unable to use anonymous data.

You have the right to object to us using your personal data for legitimate interests.

Legitimate interests

Testing our systems and processes

In order to improve our services and systems, we may use your personal data for testing our systems so that we can make them even better.

Using your personal data for testing is necessary for our legitimate business interests as it allows us to maintain and improve the security, integrity and performance of our systems.

We have stringent processes in place to keep your personal data safe and we won’t use it in a way that’s unfair to you. When we are unable to use 'masked' or anonymous data (i.e. that which doesn’t identify you),  we will aim to :

  • Always do this in a secure and controlled environment.
  • Only use the minimum amount of data necessary for the testing required.
  • Only use carefully selected specialist service providers, where necessary.
  • Only hold your information in this way for as long as needed to carry out testing.

 

You have the right to object to us using your personal data for legitimate interests.

Legitimate interests

Verifying your identify

We have a regulatory requirement to confirm the identity of anyone opening an account with us or when they apply for a job or role with us. This upholds our legal obligation to complete necessary due diligence checks to make sure we know our customers and potential employees, helps prevent and detect fraud, prevents identity theft and protects our business.

You have the right to object to us using your personal data for legitimate interests.

Contract, Legal obligation legitimate interests

.
How do we use special category data?

We’ll only ask for this type of personal data when we absolutely need to and use it for limited circumstances to:

  • Understand and accommodate any additional needs or requirements that you might have. For example, to help with any issues around your health, memory, caring responsibilities or any challenges you’re facing in life.
  • Understand any details about your health that we need to know for the purpose of insurance policies or investment products.
.
Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance where this is required or permitted by law.

.
Automated decision making

There may be circumstances where we use automated decision making using your personal data. We use automated decision making to check that we can enter into an agreement with you, and also carry out our legal and regulatory obligations. Sometimes, it’s required by law (e.g. when complying with UK money laundering regulations).

When you request a Decision in Principle and/or apply for a mortgage with us, you will be taking the steps necessary to enter into a contract with us.

This process involves reviewing your application with the use of financial models, automated systems provided by Credit Reference Agencies (CRAs) and against our full lending criteria. This is to help us better understand your mortgage application and to assess the affordability of the products and services you apply for.

When we do this the CRAs will keep a record of our search, whether or not you proceed with a full mortgage application. This is known as a credit footprint. They do this so that you can see who has looked at your credit report, when it was looked at and why. This record may also be seen by other lenders and could affect your ability to obtain future credit.

We will use automated decision making to:

  • To assess your application and check if we can approve you for credit, to make sure that we’re lending responsibility.
  • To assess if we can offer you a financial product and work out the level of interest that you’ll pay.
  • To check if someone’s making a fraudulent application or if there’s activity on your account that needs further review. This is so we can protect your money and protect you from financial crime.
  • To decide if you are, or continue to be, eligible for the product or service you’ve chosen.
.
What information do we use to make these decisions?

For automated decision making, we use information that we’ve collected or hold about you from your applications. Sometimes, we might also use information from other sources such as credit reference or fraud prevention agencies – but we check this against the information you give us.

.
Who has access to your personal data?

There may be occasions where we need to share your personal data with external partners or organisations.  The table below provides details on who we share personal data with and the reasons why:

Who

Reason

Accord Mortgages

  • To review and assess your suitability and application for a mortgage product with Accord Mortgages.
  • To deal with any enquiries.
  • For financial crime and fraud prevention purposes.

Adult occupiers (for mortgages)

  • To contact them to inform them of your mortgage or additional borrowing application applications and ask them to confirm that they have no claim on the property.

Claims Management Companies

  • To assist with enquiries and the assessment of claims.

Courts and tribunals

  • To respond to court and tribunal requests
  • To manage and resolve complaints, disputes and/or legal claims.

Credit reference agencies (CRAs)

  • To verify your identity and to help trace your whereabouts if we have been unable to contact you.
  • To review and assess your suitability, and application for products and services.

Data processors

  • To carry out processing activities on our behalf under contract and after we have assessed their suitability.

Debt recovery agencies

  • To assist with debt collection activities and to locate you if we have been unable to contact you via our usual communication channels.

Direct marketing providers

  • To provide marketing services on our behalf.
  • To provide you targeted adverts based on your previous web browsing history.

Employers (past and present)

  • To confirm your employment and employment status and income received.
  • To open a Share Plans, Sharesave or Share Incentive Account. For further information on this see our Share Plans Privacy Notice.

Financial advisers

  • To provide you with financial advice and assistance.

Fraud prevention agencies (e.g. CIFAS and National Hunter)

  • To carry out checks for the purposes of preventing fraud and money laundering
  • To verify your identity.
  • To assess your suitability for products and services.
  • For fraud prevention and tracing activity.

Government bodies providing financial assistance (for example, Homes England or Help to Buy (Wales) Limited)

  • To facilitate any application for financial assistance under schemes such as Homes England or Help to Buy (Wales) Limited).

HM Revenue and Customs (HMRC) and other tax authorities

  • To confirm your tax status and provide information for tax reporting purposes.
  • To assist with enquiries, investigations, complaints and assessments.
  • To assist with financial crime and fraud prevention.

Insurers and reinsurers

  • To provide you with insurance services.

Joint account holders, including former, current and/or future account holders and trustees (where authorised to operate the account)

  • To respond to enquiries, requests and further applications.
  • To allow ongoing administration of your joint account, products and services
  • To processing transactions.

Law enforcement agencies

  • To assist with any ongoing investigations relating to the security and/or safety of individuals.
  • For financial crime and fraud prevention purposes.

Market research providers

  • To provide market research services on our behalf.
  • To gain better understand our customers and members including their experiences, circumstances, needs and responses to our current and potential products, services and wider initiatives.
  • To gain a range of insights, for example market trends; consumer behaviour; competitors; technological change
  • To support a wide range of business decision making such as product development.
  • For data for profiling and customer segmentation to create a broad understanding of our customers, to help shape our communications, products and the overall customer experience from what our branches look like, to how we handle phone calls and other customer contacts.

Medical professionals or representatives

  • To obtain and verify any information or confirm a pre-existing medical condition you have informed us of in order to be able to provide you with specific products, such as insurance.  We will only do this where we have you your consent to do so.

Mortgage Guarantors or potential guarantors and their legal representatives

  • To deal with their enquiries, requests and further applications.
  • To manage the ongoing administration of your accounts, products and services.
  • To process transactions.

Other financial institutions

  • To review and assess your suitability and application for products and services.
  • To manage payments (including the use of payment services involving the transfer of electronic payments into or out of your account).
  • To respond to requests for the postponement of a charge on your property.
  • For financial crime and fraud prevention purposes.
  • To assist with enquiries and investigations.

Referees

  • To obtain a reference as part of the recruitment process.
  • To obtain a reference for any product or service you apply for (where applicable).

Regulators e.g. Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), Information Commissioner’s Office (ICO)

  • To comply with our regulatory requirements and to resolve complaints.

Social Media providers

  • To communicate with you and answer your queries submitted via social media.
  • To show you targeted advertising.

Solicitors, licensed conveyancers, valuers, panel managers and other professional advisers

  • To provide professional services.
  • To review and assess your suitability and application for products and services.
  • To manage your ongoing relationships.
  • To administer and manage disputes and/or legal claims.

Third Party Payment Providers (TPPPs)

  • To facilitate your requests for open banking.
  • To comply with our legal obligations under the Payment Services Directive (PSD 2).

UK Financial Services Compensation Scheme

Financial Ombudsman Scheme

  • To provide our regulatory and governing bodies with data about our business.
  • To assist with enquiries, investigations, complaints and assessments.
.
Our relationship with other organisations

We have a relationship or partnership with the following organisations and may share your personal data with the companies listed below associated purposes.  All companies we work with are assessed for adequacy of their security controls, so you know your personal data is safe.

Organisation

Purpose

Accord Mortgages

To provide mortgage intermediary services.

Acoustic Marketing UK Ltd

To provide email communication services.

AIG Life Limited

To provide life insurance and critical illness insurance.

Cardif Pinnacle

To provide mortgage payment insurance and short term income protection.

CIFAS

To provide fraud prevention and tracing activities.

Dignity

To provide Later Life Planning services.

Engage Mutual Assurance

To provide Child Trust Fund services.

Experian

To provide ID and tracing services.

Gemalto

To provide card and PIN Services.

Hugh James

To provide will writing and legal services.

ICR Speech Solutions and Services Limited

To provide text messaging services (SMS).

Investec

To provide share dealing services.

Jarvis

To provide share dealing services.

Legal and General

To provide mortgage-linked life insurance.

LMS Conveyancing

To provide conveyancing services for fees assisted products.

National Hunter Limited

To provide fraud prevention and tracing activities.

Optima Legal Services

To provide re-mortgage services.

Paragon Customer Communications (London) Ltd

To provide printing and communication services.

Royal and Sun Alliance Insurance

To provide household insurance services.

Salary Finance

To provide financial wellbeing benefits.

Sign Live

To provide British Sign Language interpreter services.

Stocktrade

To provide share dealing services.

United Legal Services

To provide conveyancing services.

VST

To provide documents in alternative formats.

.
Sale, purchase or demutualisation of all or part of our business

If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your personal data.

.
Transfers of personal data outside the EEA

There may be some circumstances where we may transfer your personal data to countries outside the UK when:

  • We’re required or permitted to by law or regulatory requirements.
  • We’re sharing data with a third party to support us in the management of your account.

When working with our suppliers and/or transferring personal data to countries outside the UK, we take appropriate steps to ensure that there is adequate protection and controls are in place and that data protection legislation is followed.

This could be by:

  • Ensuring that we transfer personal data to countries that we believe have comparable data protection legislation to the UK.
  • Putting suitable clauses in our contracts to ensure that organisations take appropriate steps to comply with UK data protection laws or the equivalent.

If you would like more information on this, please contact us.

.
How do we protect your personal data?

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

.
How long do we keep your personal data?

Our aim is to keep your personal data only for as long as we need to, in order to manage your relationship with us and comply with legal and regulatory requirements.  When determining retention periods, we consider the following:

  • The maximum or minimum retention periods identified by the law or regulatory guidance
  • Our contractual rights and obligations
  • Customer expectations, the nature of your relationship with us, your membership status and the types of accounts, products and services you have with us
  • Current or future operational requirements
  • Forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes
  • The risks involved in retention, deletion and removal
  • The cost of maintaining, storing, archiving and retrieving data
  • The capability or restraints of our systems and technology.

The table below provides details on how long we will retain your personal data for:

Category

Retention Period

CCTV

We will retain CCTV footage for up to 3 months from the date taken in relation to CCTV images at our Head Office sites and branch network for crime prevention and public safety purposes.

Competitions/Prize Draws

We will keep details of the competitions and/or prize draws you enter for up to 6 months after the end of the competition and/or prize draw, unless otherwise stated in the competition/prize draw information we provide at the time.

Complaints

If you make a complaint to us, we will retain your personal data in relation to the complaint for up to 6 years after the closure of a complaint to meet our legal and regulatory obligations and to manage any escalation to the Financial Ombudsman Service (FOS).

Fraud prevention data

Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held by us for up to 6 years from the end of our relationship with you.

General enquiries

If you contact us with a general enquiry, via email, phone, post or in personal (e.g. in Branch), we will retain your personal data for up to 6 months from the date the information was obtained in order to allow time for you to open an account, product or service and for us to respond to further queries from you.

If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received.

Job Applications

If you apply for a job or role with us, but are unsuccessful, we will retain any job applications for up to 1 year from the date the unsuccessful candidate is notified to allow us to deal with any queries.  See our Applicant Privacy Notice for more details.

If you are you are a successful applicant, we may retain your application in your employee record for up to 6 years from the date our relationship ends.

Marketing preferences

If you have opted to receive marketing information from us, we will retain your preferences for up to 3 years in relation to the methods you have chosen to be contacted unless you tell us otherwise.

Mortgage Account  - where potential customer has applied for a product, but the application does not complete

If you apply for a mortgage product, but the application does not progress to opening, we will keep details of your application, including results of any credit search for up to 10 years from the date the application was received to help us better understand your mortgage application, to assess the affordability of the products and services you apply for and deal with your queries. 

Mortgage Account  - where potential customer has applied for a product and the application completes

Where you apply for a mortgage product and the application completes, we will keep details of your application, including results of any credit search for up to 10 years from the date the from the end of the relationship with you to meet our legal and regulatory obligations and deal with your queries.

Mortgage Account - general enquiries where potential customer has not applied for a product

If you make a general enquiry in relation to a mortgage account, but do not apply for a product, we will keep your personal data for up to 6 months from the date the information was obtained to deal with your queries.

If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent.

Power of Attorney information

We will retain this indefinitely to deal with your queries or concerns.

Savings Account  - where potential customer has applied for a product and opens an account

Where you apply for a savings product and open an account, we will keep details of your application, including results of any credit search for up to 10 years from the end of the relationship with you to meet our legal and regulatory obligations and deal with your queries.

Savings Account - general enquiries where potential customer has not applied for a product

If you make a general enquiry in relation to a savings account but do not apply for a product, we will keep your personal data for up to 6 months from the date the information was obtained, to deal with your queries.

If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent.

Savings Account – where potential customer has applied for a product, but does not open an account.

Where you applied for a savings product and the application does not open an account, we will keep your personal data for up to 6 months from the date the information was obtained, to deal with your queries.

If you have provided consent to receiving marketing from us, we will retain your personal data for up to 3 years from date the information was received unless you withdraw your consent.

We may keep your personal data for longer than indicated if we cannot delete it for legal, regulatory or technical reasons.  We may also keep it for research or statistical purposes.  If we do, we’ll make sure that your privacy is protected and only use it for those specified purposes.

.
What rights do you have in relation to your personal data?
Right Description
Request to be informed about how we process your personal data. You have the right to be informed about the collection and use of your personal data.
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can make a request by emailing DSAR@ybs.co.uk, calling us or writing to us.
Request rectification/correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object.
Object to processing of your personal data. You can object to us using your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal data to another party. In certain circumstances, you have the right to ask us to transfer a copy of some of your personal data to you or to a new data controller (e.g. another financial provider or comparison website).
Right to withdraw your consent Where we rely on your consent to process any of your personal data, you have a right to withdraw that consent at any time. This will not affect any use we have made of the information before you withdrew your consent.
Object to automated decision making /Profiling In certain circumstances, you have the right to ask for an automated decision (such as a lending decision made by a machine) to be reviewed by a human.
Complain to the Regulator You have the right to make a complaint to the Supervisory Authority. In the UK, this is the Information Commissioner’s Office (ICO). You can find out how to contact the ICO below.

You can make a subject access request by emailing DSAR@ybs.co.uk, calling us or writing to us. You can request other rights above by:

  • Writing to us at the address below.
  • Emailing DPO@ybs.co.uk.
  • By phone using the numbers below.
  • Visiting us in branch or agency.
.
Accuracy of your personal data

Whilst we make every effort to ensure your data is correct, we kindly request that you help us by reporting any inaccuracies or discrepancies at the earliest opportunity. It your responsibility to keep us informed of any change of your circumstances including any name changes, alternative contact details or change of address. If you were introduced to us by a broker or other intermediary who is a data controller in their own right, you should contact them separately.

You can update your details:

By email

Online

  • If you have an online account, you can make certain changes in the account area.

Secure message

You can update your name and date of birth by sending us a secure message. We may ask for proof of your ID as part of this process.

Calling us

It is possible to update some personal details over the phone. You can find out by calling:

  • 0345 166 9300 (existing mortgage customers)
  • 0345 1200 842 (new customers)
  • 0345 744 6622 (existing savings customers)
  • 0345 166 9219 (new savings customers)

Visit any branch or Agency

.
Changing your marketing preferences

You can change your marketing preferences and how we contact you in relation to new products and services by logging onto your online account, by calling the numbers above, or by visiting any branch or agency. We will not sell your details to other companies, but we may use marketing agents to act on our behalf.

If you subscribe to one of our special customer services e.g. our Savings Pledges—to be kept informed of new savings accounts by email, we will use these details for this service until you unsubscribe from this service and these details will be removed. These services are not linked to and do not affect the marketing permissions and other details you have registered with us.

.
Cookies

In order to improve your online experience with us, we use cookies. To find out more about cookies, the types of cookies we use, how we use them and how to manage your preferences, please see our cookies policy.

.
Data Protection Officer (DPO) details

If you have any concerns about how we collect, use, share or keep your personal data, you think there has been a breach, or you have a question or concern about anything in this notice, you may contact our Data Protection Officer (DPO) using the details below:

Data Protection Officer
Yorkshire House
Yorkshire Drive
Bradford
West Yorkshire
BD5 8LJ

dpo@ybs.co.uk

.
Contacting the Information Commissioner’s Office (ICO)

You have a right to complain to the Information Commissioner’s Office (ICO) if you have any concerns about how we collect, use, share or keep your personal data. You may contact them at:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Web: ico.org.uk

.

Updating this notice

We regularly review and, where necessary, update our privacy information contained within this notice. This was last updated on 9 September 2020.

back to top

Manage preferences

Select the cookies that you are happy for us to collect in order to personalise and enhance your experience.

Your preferences will be valid for 12 months. You can review your choices at any time in your browser settings. To find out how to manage your cookies and what information is being collected read our cookie policy

Cookies strictly necessary

Essential for performance. These allow you to browse and navigate our website.

Performance (analytics) cookies

Used to understand how people use our website. These allow us to track users through the site so we can make informed decisions on improvements.

Advertising cookies

Used to try and understand which of our products and services are relevant to you.

Save changes