Privacy notice

The types of personal data we capture and use will depend on what you are doing on the website or when using internet banking. We'll use your personal data for some or all of the reasons set out in this Privacy Statement. If you become a customer we'll also use it to manage the account, product or service you've applied for and we'll provide you with a separate data protection statement specifically in relation to that as part of the application process. Some of the information relevant to that is included in this Privacy Statement for consistency. Examples of the personal data we use in relation to our websites may include:

• full name and personal details including contact information (e.g. home and/or business address and address history, email address, home, business and mobile telephone numbers);
• date of birth and/or age (e.g. to make sure you are eligible to apply for a product or service);
• financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us);
• records of products and services you've obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
• information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us;
• family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependents you have);
• education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us;
• personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Statement and any related data protection statement with them beforehand together with details of what you've agreed on their behalf (i.e. Financial Adviser or Intermediary); and
• special category data, including data about your health and biometric data (e.g. facial ID, fingerprints, keystrokes, and voice recordings for TouchID and voice recognition).

Subject to applicable laws, we'll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We'll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what's been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.

Subject to applicable data protection law we may share your personal data:

• with the Santander group of companies* and associated companies in which we have shareholdings;
• with sub-contractors and other persons who help us provide our products and services;
• with companies and other persons providing services to us;
• with our legal and other professional advisors, including our auditors;
• with fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management;
• with other organisations who use shared databases to do income verification and affordability checks and to manage/collect arrears;
• with law enforcement bodies;
• with government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner's Office);
• with courts, to comply with legal requirements, and for the administration of justice;
• with the Financial Services Ombudsman;
• with other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing;
• in an emergency or to otherwise protect your vital interests;
• to protect the security or integrity of our business operations;
• to other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions;
• when we restructure or sell our business or its assets or have a merger or re-organisation;
• with market research organisations who help to improve our products or services;
• with payment systems providers (e.g. Visa or MasterCard) if we issue cards linked to your account; they may transfer your personal data to others to process transactions, resolve disputes and for statistical purposes, including by sending your personal data overseas; this is necessary to operate your account and for regulatory purposes; and
• with anyone else where we have your consent or where we have another lawful basis for doing so.

If you apply for an account via the website, before you enter any personal details into the online form, we'll tell you how your information will be used in our data protection statement relevant to that account, in the Using my personal data (pdf) booklet and sometimes in the relevant terms and conditions. You'll be asked to confirm that you have read these and you'll be asked to agree to our terms and conditions before you submit the application.

The data protection statement, in conjunction with the Using my personal data (pdf) booklet, includes details of the uses we may make of your data, the legal bases we are relying upon to carry out that processing, and who we may share your personal data with. For instance, for credit account applications like bank accounts, we may pass your details to a recognised credit reference agency to help process your application.

We may occasionally send you information about accounts and services which we think would be of interest to you but only where we have your consent or if this is within our legitimate interests (see above for more details about lawful bases). You can choose to stop receiving information at any time by contacting us.

We may automatically process your personal information, without human intervention, to evaluate certain personal aspects about you (known as profiling).

In particular, we may analyse or predict (among other things) your economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you using your personal information. For example, we might analyse certain customer demographics, account holdings and account behaviours (such as Direct Debits you have set up on your accounts including those which identify accounts and products such as credit cards and store cards which you hold with other providers/elsewhere) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries.

In some instances we'll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you. We'll look at the types of accounts that you already have with us, as well as your age, where this is relevant to the product, we think you might be interested in. We'll also conduct behavioural scoring, including by looking at the accounts and products you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your credit report, but they will not affect your ability to get credit.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.

You may withdraw your consent at any time by contacting us. Further details can be found in the Using my personal data (pdf) booklet.

We'll treat any survey or competition information you provide with the same high standard of care as we do all other customer information, using any details provided strictly within the terms of the competition and this Privacy Statement.

The following criteria are used to determine data retention periods for your personal data:

• retention in case of queries. We'll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
• retention in case of claims. We'll retain your personal data for as long as legal claims can be brought and defended.; and
• retention in accordance with legal and regulatory requirements. We'll retain your personal data after your account has been closed or has otherwise come to an end based on our legal and regulatory requirements.

Your personal data may be converted into statistical or aggregated data, which can't be used to identify you. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.

We'll notify you if there are any material changes to this Privacy Statement if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.

Certain hypertext links in this website may lead you to websites which are not under the control of Cater Allen Private Bank. When you activate these, you may leave the caterallen.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Cater Allen Private Bank.

We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

You can contact us on 0800 092 3300 or write to our DPO at: 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:

1. never share a One Time Passcode (OTP) with another person, not even a member of Cater Allen staff
2. do not log on using a public computer
3. always access Internet Banking by typing https://www.caterallen.co.uk into your web browser and logging on via our website
4. never enter your Internet Banking details after clicking on a link in an email or text message
5. do not send confidential information by email as it's not secure and there is always a risk it could be intercepted
6. if you're logged into any online service, do not leave your computer unattended. Close down your internet browser once you've logged off
7. never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

For more information about staying safe online you can visit our Fraud and Security Centre at caterallen.co.uk