Privacy Policy
UTB takes its Data Protection responsibilities seriously and we are committed to using the personal data we hold in accordance with the law.
Our Privacy Notice describes UTB’s policies and procedures regarding its collection and use of your personal data, and sets forth your privacy rights under GDPR & Data Protection regulations. We recognise that information privacy is an on-going responsibility, and so will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
Data Controller
United Trust Bank Limited (Company Number 549690 and ICO registration number Z4646448)
Address – One Ropemaker Street, London, EC2Y 9AW
Telephone – 020 7190 5555
Contact
Data Protection Officer
Our Data Protection Officer (DPO) is Mark Heaphy
Telephone number – 0207 190 5555
The DPO can be contacted at any time if you have queries about this privacy notice or wish to exercise any of the rights mentioned in it.
Definitions
Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights and freedoms. Those laws call this the ‘legitimate interests’ legal reason for processing personal information.
Personal Information means information that is about you or from which we can identify you.
Process or processing includes everything we do with your personal information from its collection, through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying and transferring it overseas. In this privacy notice we use “process”, “hold” and various other terms to mean the same thing – Processing
Privacy notices of Fraud Prevention Agencies and Credit Reference Agencies
You will see within this privacy notice that we mention the privacy notices of Fraud Prevention Agencies and Credit Reference Agencies. We are required to share these notices with you. Please read them carefully and contact those organisations if you have questions about their notices (their details are in their notices).
Why we process your personal information and what is the legal basis for this (including when we share it with others)?
We may use the personal information which we hold about you for the following legal reason (for some processing more than one legal reason may be relevant except where we rely on your consent):
Performance of Contract
We will process your personal information when that information is necessary to perform our contract with you or for taking steps prior to entering into the contract with us (but where the party to the contract is a corporate or business, this legal reason for processing personal data regarding any individual named or associated will not apply). We will do this for providing you with the product applied for and servicing that product during the life of the relationship. This could include:
- notifying you about either important changes to the features and operation of the product;
- responding to your enquiries and complaints;
- updating, consolidating, and improving the accuracy of our records;
- arrears and debt recovery activities;
- sharing your personal information with payment services providers (this means a firm providing and maintaining a payment account) such as when you ask us to share information about your account with them;
Legal Obligations
We will process your personal information when it is necessary to comply with our legal obligations including:
- checking your identity (this means you as an individual and/or you as a person associated with a corporate entity who is our customer – as relevant), anti-money laundering checks and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that;
- crime detection, prevention, and prosecution;
- regulatory reporting;
- when required by law and for compliance with laws that apply to us;
- to process information about a crime or offence, and proceedings related to these (in practice this will be relevant if we know or suspect fraud);
- when we share your personal information with other people and organisations including:
– your guarantor (if you have one), joint account holders and any person with power of attorney over your affairs (in each case only if relevant to you);
– other payment service providers such as when you ask us to share information about your account with them;
– Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman Service, the European Commission Online Dispute Resolution, the Information Commissioner’s Office and under the Financial Services Compensation Scheme (in cases where we are under a legal compulsion to provide the personal information);
– Courts and to other organisations where that is necessary for the administration of justice.
Legitimate Interests
We will process your personal information where we consider that it is, on balance, when having considered your rights and freedoms, appropriate for us to do so for the following legitimate interests (for ourselves and in some cases other organisations as listed below):
- processing personal information about you as an individual and you as a person associated with a corporate entity (or its subsidiaries) who is our customer – as relevant. For example a signatory, director, trustee, shareholder, controller or where you hold Power of Attorney for a customer;
- testing new systems and checking upgrades to existing systems;
- portfolio modelling, statistical and trend analysis, with the aim of developing and improving products and services or modelling the risk profile of the bank;
- to adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman Service, the European Commission Online Dispute Resolution, the Information Commissioner’s Office and under the Financial Services Compensation Scheme;
- to carry out searches at Credit Reference Agencies (CRAs) pre-application, at the application stage, and periodically after that;
- administering and managing your account and services relating to it;
- for some of our marketing (this applies if you are a corporate customer or a Credit Intermediary/Broker/or other intermediary) and in that case we will market to you based on this being for our legitimate interests;
- for all of the Profiling that we do (see below for further information on Profiling);
- processing your information where you provide us with a CV in relation to a vacancy you have applied for or where you are submitting a CV with a view to future opportunities;
- when we share your personal information with other people and organisations including:
– your guarantor (if you have one), joint account holders and any person with power of attorney over your affairs (in each case only if relevant to you);
– other payment service providers such as when you ask us to share information about your account with them;
– the broker or other intermediary who introduced you to us (if you have one);
– our legal and professional advisers, auditors and actuaries; Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme (in cases where we are not under a legal compulsion to provide the personal information but where we consider this necessary for legitimate interests);
– other organisations and businesses who provide services to us such as debt recovery agencies, field agents, solicitors and suppliers of back office/servicing functions or IT services;
– law enforcement agencies where it is lawful and proportionate to do so.
– buyers and their professional representatives as part of any restructuring or sale of our business or assets;– CRAs and other lenders who also hold or seek to hold a charge on any property on which we hold security; and
– providing feedback to recruitment agencies, head hunters and other agencies on the suitability of your CV or on any interview undertaken.
– Online review platforms for the purpose of encouraging and understanding customer feedback so we can continuously improve our services
Consent
Your personal information may be used for other purposes for which you have given your explicit permission, including.
- Information Sharing – When you give your consent for UTB to share your personal information with another party. See section 10 for more information about information sharing
- Marketing – We will only send marketing materials related to our products and services to individuals who have consented to us doing so. You are in control of this consent and therefore it can be withdrawn at any time. Should you wish to do so please see https://www.utbank.co.uk/preference-centre/ or contact us on 020 7190 5550.
- Identification Checks – UTB uses biometric information to confirm our customer’s identity for some products. You will be informed when this data is to be collected and an alternative system of verifying your identity will be available. Biometric information will not be held by UTB and we will inform you who will process your information and how long they will hold it for when your consent is collected.
- Customer Wellbeing – We take the wellbeing of our customers seriously and we may hold information on your health, or other Special Categories of personal data, in order to service the agreement appropriately. In such cases we will explain why the information is needed and ask you to provide your consent to it being processed where this is needed. However, please note that sometimes there may be reasons of public interest or law which enable us to use this information without consent.
- Criminal Convictions – We may store information about any criminal conviction you may have had as part of our credit risk assessment process. There are reasons of public interest or law which enable us to use this information without consent.
Source of information
If you are applying directly to us, the information stored by us will have been received directly from you either electronically or in paper form. This includes any information supplied for any joint applicant or associate for which you have obtained permission. If you make a joint application you must show this privacy notice to the other applicant and ensure they confirm that they know you will share information with us for the purposes described in it.
We will also obtain personal information from CRAs (see below), public records and where you provide consent, business associates. Some of the personal information obtained from CRAs will have originated from publicly accessible sources. In particular, CRAs draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll).
We will also obtain personal information from Fraud Prevention Agencies (see below).
In addition we may obtain personal information from your employer, landlord, other lenders, HMRC, Department of Work and Pensions, publically available directories, debt recovery and/or tracing agents, other organisations who assist in prevention and detection of crime, police and law enforcement agencies.
Where you have applied to us via a Credit Intermediary/Broker/or other intermediary, your information will have been provided to us by them based on the legal ground of legitimate interests.
When a Credit Intermediary/Broker/ or other intermediary processes your personal information on our behalf, this privacy notice will apply and you should contact our Data Protection Officer to exercise your rights under data protection laws. When a Credit Intermediary/Broker/ or other intermediary processes your personal information as a data controller in its own right, its own privacy notice will apply and you should ask them for a copy if you do not have one by the time you are introduced to us.
Credit intermediary’s/Broker’s send us personal information in many forms. We may receive your information via paper forms, emailed forms or through a secure computer system.
In addition, as part of our Financial Crime/Anti-Money Laundering checks, we use a service provided by third parties. These are resellers of data which they obtain from public sources, Experian, Equifax, HMRC and Dow Jones. They take data from these sources into their system to provide us with further information to complete our customer due diligence. This means these third parties may be a source of the personal information we have about you.
Where you have provided your CV to a recruitment agency, head hunter or other agency with a view to obtaining employment and that agency has forwarded your details to us for consideration.
Information we hold – relevant to all, including occupiers living with a mortgage applicant who are not party to the application
This will depend on the products or services you apply for and (if your application is successful) obtain from us. Before we explain what particular information we need in relation to our products we will explain what information is relevant to all of our products and services.
Personal information that we generally process in connection with all our products and services.
United Trust Bank process the following categories of information about you (the examples provided within each category are not exhaustive):
Personal Information – such as your name, address, date of birth, nationality (if this is necessary for us to comply with our legal and regulatory requirements), national insurance number, occupation, contact details (e.g. your email address, home and mobile telephone numbers), and security information.
Financial/Asset Details – such as your bank account details from which you wish to repay a loan or your nominated account to receive and return funds from your deposit account with us.
Information about your employment status – including for example whether you are employed, retired or receive benefits.
Product Information – details of products held and applied for including reasons for not proceeding where relevant and notes regarding contact made with the Bank.
Fraud check details – Personal information which we obtain from Fraud Prevention Agencies.
Special Category Personal Data – Sensitive Personal Data such as data about your health if you are a vulnerable customer (more details in Section 6 – Consent).
Additional personal information that we process in connection with a Mortgage (first/second charge residential or Buy to Let product)
This includes:
Financial/Asset Details – such as:
- Your financial details e.g. your salary and details of other income such as rental income, interest, pension, details of your savings, details of your monthly expenditure, and details of account(s) held with other providers if you pay your mortgage from those account(s) or we are repaying debt you owe them;
- Details about all of your existing borrowings and loans (mortgages, loans, overdrafts, credit cards, hire purchase);
- Details of other on-going commitments such as memberships, pension contributions, child or spouse maintenance;
- Personal information about your credit history which we obtain from CRAs including data which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the insolvency service, Companies’ House, other lenders and providers of credit (who supply data to the CRAs), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
- Information about your occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property in which you live at the time of your application;
- Information which is relevant for your residency and/or citizenship status, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK;
- Where relevant, information about any guarantor which you provide in any application;
- Details of the security property including for example, current valuation, purchase price, year build, number of rooms and bedrooms, tenure details (freehold/leasehold status) and remaining term of the lease (if appropriate).
- The repayment method for your loan
Family/Associate and dependants –
- Details of your marital status, family, lifestyle or social circumstances if relevant to the mortgage product (e.g. the number of dependents you have (including age) or whether you are a widow or widower).
Non applicant occupiers
If you are living (occupier) in a property on which we are providing a loan but you are not party to the loan application and you are over 18, we will hold your personal information contained within the ‘occupiers consent form’ you will be asked to complete. The personal information may include your employment status will be collected for the legal purpose of Legitimate Interests because it is relevant to assessing the applicant’s application.
Additional personal information that we process in connection with a Deposit product
Financial/Asset Details – this includes:
- Where a person other than the savings account holder makes a withdrawal from the account, information about that person and the transaction; and
- Tax reference details.
Personal Information – this includes:
- On-line security information.
Additional personal information that we process in connection with a Bridging, Structured Finance lending or Development Finance loan
This includes:
Personal Information – such as:
- Details of any credit/mortgage applications for which you were declined and previous criminal convictions.
Financial/Asset Details – such as:
- your financial details e.g. your salary including rental and details of other income, details of your savings including shares, other properties, details of your expenditure, and details of account(s) held with other providers if you pay your mortgage from those account(s) or where we are repaying debt you owe them;
- Details about all of your existing borrowings and loans (mortgages, loans, overdrafts, credit cards, hire purchase);
- Details of repayment method (how you will repay your loan);
- Personal information about your credit history which we obtain from CRAs including data which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the insolvency service, Companies’ House, other lenders and providers of credit (who supply data to the CRAs), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
- Information about your occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property in which you live at the time of your application;
- Information which is relevant for your residency and/or citizenship status, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK;
- Details of the security property/ies including current valuation, purchase price, year built, number of rooms and bedrooms, tenure details (freehold/leasehold status), remaining term of the lease (if appropriate);
- Details of any works to be completed on the security property including cost breakdown and estimated future value; and
- Where relevant, information about any guarantor which you provide in any application.
Family/Associate and dependants –
- Details of your marital status, family, lifestyle or social circumstances (e.g. the number of dependents (including age) you have or whether you are a widow or widower).
Non applicant occupiers
If you are living (occupier) in a property on which we are providing a loan but you are not party to the loan application and you are over 18, we will hold your personal information contained within the ‘occupiers consent form’ you will be asked to complete. The personal information may include your employment status which will be collected for the legal purpose of Legitimate Interests because it is relevant to assessing the applicant’s application.
Additional personal information that we process in connection with an Asset Finance or Motor Finance agreement
Financial/Asset Details – such as:
- Your financial details e.g. your salary including rental and details of other income, details of your savings including shares, other properties, details of your expenditure;
- Details about all of your existing borrowings and loans (mortgages, loans, overdrafts, credit cards, hire purchase etc.);
- Personal information about your credit history which we obtain from CRAs including data which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the insolvency service, Companies’ House, other lenders and providers of credit (who supply data to the CRAs), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
- Information about your occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property in which you live at the time of your application;
- Information which is relevant for your residency and/or citizenship status, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK;
- Details of the asset being funded (e.g. registration, chassis, serial or registration number); and
- Where relevant, information about any guarantor which you provide in any application.
Information supplied with a view to potential employment
If you have provided to us, directly or indirectly, your CV, we will hold your personal information including employment status, interview notes and history as detailed within.
Who we hold information on
We hold information on customers, and where required by the product(s) applied for or by our legal obligations, we may also hold information on their associates, trustees, beneficial owners and guarantors.
If you apply for a product with a guarantor, that person will see this privacy notice when he/she submits his own personal information to us because he/she must necessarily provide his details and sign the application form.
If there is somebody who has power of attorney over your affairs, that person will see this privacy notice when we make contact with him/her directly.
Where the customer is a corporate entity, information will be stored on the individual signatories to the agreement, directors, trustees, beneficial owners and any guarantors.
Who we may share the information with
We may share information outside the Bank if:
- allowed by our agreement;
- you provide consent;
- it is needed by our agents, advisors or others involved in running accounts and services for you or collecting what you owe us (this would include debt recovery and field agents, solicitors, valuers and any supplier we have contracted with for back office/administration services);
- it is needed by subcontractors to help us manage your accounts or records;
- required by HMRC or other authorities;
- permitted or required by the law, regulatory bodies or the public interest;
- it is required by us or others to investigate or prevent crime;
- it is needed by any other parties connected with your account (including guarantors);
- it is required as part of our duty to protect your accounts, for example we are required to disclose your information to the Financial Services Compensation Scheme (FSCS);
- you have a secured loan or mortgage with us and we need to share information with other lenders who also hold or seek to hold a charge on your property.
Guarantor
If you are a guarantor, the performance for the agreement to which you are a guarantor will not impact your credit profile unless a County Court Judgement is obtained against you, for non-payment/breach of contract.
Credit Reference Agencies
In order to process your application for a deposit account we will perform an identity check on you. For loan products, we will perform credit and identity checks on you, any joint applicant and guarantors, with one or more CRAs. We may also make periodic credit and identity searches at CRAs to meet our on-going regulatory responsibilities.
For loan products to corporate entities we will perform credit and identity checks on associated individuals (e.g. directors, shareholders and guarantors).
To complete these credit checks, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information as relevant to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering; and
- Trace and recover debts.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled/closed accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. Information may be supplied to other organisations by CRAs.
When CRAs receive a credit search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at:
Equifax – www.equifax.co.uk/crain
Experian – www.experian.co.uk/crain
TransUnion – www.transunion.co.uk/crain
TransUnion is used for all electronic identification checks. Equifax is for the credit assessment and electronic identification checks for first/second charge and Buy to Let Mortgages. Experian is used for credit assessment purposes by the other lending departments and by all departments when verifying the registered address; company number; shareholders; directors of corporate customers.
You have a right to apply to the CRAs for a copy of your file. The information they hold may not be the same and there is a small fee that you may need to pay to each agency that you apply to.
Their contact details:
Experian Limited
Post: Experian, PO BOX 9000, Nottingham, NG80 7WF
Web Address: https://www.experian.co.uk/consumer/index.html
Phone: 0344 481 0800 or 0800 013 8888
Equifax Limited
Post: Equifax Ltd, Customer Service Centre PO Box 10036, Leicester, LE3 4FS.
Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
Email: [email protected]
Phone: 0333 321 4043 or 0800 014 2955
TransUnion International UK Limited
Post: TransUnion. One Park Lane, Leeds, West Yorkshire LS3 1EP.
Website: https://www.transunion.co.uk/consumer/consumer-enquiries
Email: [email protected]
Phone: 0330 024 7574
Fraud Prevention Agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud, money-laundering and other financial crimes, and to verify your identity. If fraud, money laundering or any other financial crime is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by accessing our Fraud Awareness webpage here https://www.utbank.co.uk/about-utb/fraud-awareness/ or alternatively by asking our DPO for a copy of the full privacy notice of the fraud prevention agency that we use.
In case of conflict between their notice and our own privacy notice, ours will prevail in respect of our own processing of your personal information to prevent fraud, money laundering and other financial crimes, and to verify your identity. In particular, you will see from our own notice that we consider compliance with our legal obligations as the lawful reason under data protection laws for the checks we do at fraud prevention agencies which involve processing your personal information to prevent fraud, money laundering and other financial crimes, and to verify your identity. In the fraud prevention agencies’ notice they also mention the contract with you and legitimate interests as lawful reasons for fraud checks.
Location of personal information and processing of your personal information outside the UK and the European Union
When personal information is processed within Europe or other parts of the European Economic Area (EEA) it is protected by European data protection standards. Some countries outside the EEA do have adequate protection for personal information under laws that apply to us but others do not. We will not store or host your personal information outside of the UK or EEA without applying the safeguards required by law.
Some examples of when your personal information may be processed outside the UK or the EEA include providers of Cloud hosting; IT vendors and providers of back office functions. Some of the safeguards we will put in place include standard contractual clauses and enforceable administrative arrangements which will be used to protect your personal information. If no safeguards can be put in place we will not transfer your data outside of the UK or EEA without your explicit, informed consent.
For more information about suitable safeguards, and how to obtain a copy of them or to find out where they have been made available as well as what personal information is transferred outside of the EEA by UTB, you can contact our DPO using the details above.
Data Retention
The length of time we store your personal information depends on if your application resulted in taking out a product with us, the type of product you took and if the personal information is stored on the basis of your explicit consent rather than any other basis.
Deposit Accounts:
- Applications that did not result in the opening/funding of an account will be stored for 1 month from the date of last activity;
- Accounts opened will be stored for 6 years from the date of account closure. Where you hold or are associated to multiple accounts (including loans), the 6 years is effective from the date of closure of the last account held or associated to you.
Loans:
- For most loans, information related to applications that did not complete will be stored for 1 year from the date of the last activity; for Asset Finance loans, information relating to applications that did not complete will be kept for 6 years.;
- Account information for completed applications will be stored for 6 years from the date of account closure. Where you hold or are associated to multiple accounts (including deposit accounts), the 6 years is effective from the date of closure of the last account held or associated to you..
Unless we explain otherwise to you, we will hold your personal information for the following periods:
- Retention in case of queries. We will retain the personal information that we need to keep in case of queries from you (for instance, if you apply unsuccessfully for a product or service) for 12 months unless we have to keep it for a longer period (see directly below);
- Retention in case of claims. We will retain the personal information that we need to keep for the period in which you might legally bring claims against us which in practice means 6 years from the date of closure for the last/only account with us unless we have to keep it for a longer period (see directly below); and
- Retention in accordance with legal and regulatory requirements. We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end for 6 years from the date of closure for the last/only account with us and this will be to satisfy our legal and regulatory requirements.
If you would like further information about our data retention practices, contact our DPO using the contact details at the top of this Privacy Notice.
Fraud related retention:
Based on the legal ground of this being necessary for our legitimate interest of seeking to protect our business against risk of fraud and of protection of our interests more generally with regard to potential financial loss and reputational damage, we will retain your personal information for a further 6 years after our usual retention period has passed (as more particularly described above) if we have identified attempted frauds or frauds, financial crime or for accounts where performance would mean that we would not wish to re-enter into a contract with you at a future point such as repossession of house/asset, enforcement of guarantee, appointment of receivers and use of the right of set off.
CVs
Where you have provided to us your CV, unless we subsequently employ you, at which time you will be provided with an appropriate Privacy Notice, we will store your CV and the information contained therein for 6 months for our legitimate interests. This is in case of questions or queries from you about your application and in case suitable other roles come up which might interest you. If you send us your CV, we will keep your details on file for a period of 6 months so that we may contact you in the event that a suitable opportunity at UTB (not anywhere else) arises during that time. If you’d rather we did not retain your details on file, please let us know as soon as possible by contacting us at [email protected]. In that case your CV will no longer be used by us to contact you about opportunities and it will be dealt with in accordance with our data retention policy.
Data Access Rights
You have the right to obtain a copy of the personal information we are processing and to obtain information about how we process it. We will not charge you for providing you with the information but may charge you a reasonable fee for supplying any additional copies.
Please contact us on:
Data Protection Officer
United Trust Bank Limited
One Ropemaker Street
London
EC2Y 9AW
Please note that where the request is received via email, security checks will be conducted prior to release of any information.
Other rights under data protection laws
Here is a list of other rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them we will explain at that time if they are engaged or not:
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased (the “right to be forgotten”);
- The right to move, copy or transfer your personal information (“data portability”);
- The rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
Please email [email protected] or contact our DPO if you wish to exercise any of these rights if and to the extent they are relevant.
Please note that where the request is received via email, security checks will be conducted prior to release of any information.
Right to withdraw consent (and also how to unsubscribe from marketing even if we do not rely on consent)
Where the reason for processing your personal information is ‘consent’, you can withdraw this consent at any time by contacting our DPO using the details above. If you are withdrawing your consent for future marketing, you can also do this by visiting our Preference Centre https://www.utbank.co.uk/preference-centre/. You can unsubscribe in this way at any time.
If you are a Credit Intermediary/Broker/or other intermediary we will not be relying on consent to do marketing with your personal information instead we will rely on legitimate interests but you can still at any time ask us to stop using your personal information for marketing purposes. To do this you can contact the DPO (contact details at the top of this Privacy Notice) or click on the “unsubscribe link” within the email.
The same applies if you are our contact at the corporate customer and where we use your email address or other business related contact detail to market the corporate. For example, ‘[email protected]’, We will rely on legitimate interests to use your personal information to send you marketing that is intended for the corporate customer. You can contact the DPO (contact details at the top of this Privacy Notice) or click on the unsubscribe link within the email to stop this at any time.
If you withdraw your consent we might not be able to send you some marketing communications (where we were relying on consent as the lawful reason for that – this is not relevant to you if you are a contact person at a corporate customer or Credit Intermediary/Broker/ or other intermediary since we rely on legitimate interests to market you) or that we cannot take into account special categories of personal information such as about your health or if you are a vulnerable customer unless an alternative legal ground such as public interest or law applies to justify our processing of it – see above. These outcomes will be relevant only in cases where we rely on explicit consent for this processing.
To comply with payment services regulations we have to share some of your personal information with other payment service providers in some circumstances such as when you ask us to share information about your account with them. Whilst those payment services regulations mention ‘consent’ for this, ‘consent’ in that context does not have the same meaning as ‘consent’ under data protection laws. The legal grounds which may be relevant to this are compliance with our legal obligations, performance of our contract with you, our legitimate interests, or a combination of these. This is why if you ask to withdraw consent from what we do with your personal information where we need to have it under the payment services regulations, we may still have to hold and use your personal information.
Marketing to corporate customers
If you are a contact at a corporate customer please read this section.
In addition to, or instead of, sending you marketing intended for the corporate customer, we may market the corporate customer directly be using its own contact detail. For example ‘[email protected]’. We will only do this if you (on its behalf) have provided us with permission to do so. To be clear – this is not a data protection law consent – it is instead a permission for us to use the contact detail for a corporate (not you as the contact at the corporate) for marketing purposes. This means you do not have a right under data protection law to withdraw consent for the corporate customer. However you can tell us to stop marketing the corporate customer at any time by clicking on the link within the email or visiting our Preference Centre https://www.utbank.co.uk/preference-centre/. You can unsubscribe in this way at any time.
How to make a complaint
To make a complaint about how your personal data is used, please refer to our complaints process which can be found at www.utbank.co.uk/about-utb/complaints/ or contact us on 020 7190 5555.
You also have the right to register your complaint directly with the Information Commissioner’s Office (ICO) which regulates the processing of personal data. You can contact the ICO at https://ico.org.uk/concerns/ or on 0303 123 1113.
Profiling and automated decision making
In order to make quick, fair and informed decisions, United Trust Bank uses profiling and automated decision making.
Profiling is using automated processing of personal data to evaluate certain things about an individual.
Automated decision making is any processing where a decision is made about an individual without any human involvement.
United Trust Bank uses profiling and automated decision making for the following reasons:
Residential Mortgage Lending and Buy to Let Mortgages
United Trust Bank needs to be able to assess mortgage applications quickly and fairly. This is achieved by using automated decision making to decide whether to proceed with mortgage applications based on the information provided to us from your broker/credit intermediary and Credit Reference Agencies. You will be informed of this before your application to us is submitted.
Loan Book Profiling
Customer profiling is used to profile our loan book (this means the loans that we have provided to our customers) in relation to on-going credit risk exposure. This processing may use information about loan performance (monthly repayments etc.) and credit history but is not used to make decision about individuals. This is therefore not automated decision making.
Product Pricing
We collate information about the loans that our customers require and carry out profiling to help us to set the price (interest rate) of that loan for the particular customer. This may include (but is not limited to) the size of the loan, your credit history and the type of loan required. The legal basis for this profiling is ‘Legitimate Interests’ as described above. This processing is done in a way which does not have a significant legal effect on you (i.e. this processing will not lead to a decision being made on whether to lend to the applicant and as such is not automated decision making).
Product Eligibility
When applying for a mortgage product with us the pricing and eligibility of the product is determined by your credit profile supplied to us by a CRA. For each element of adverse credit information identified a status point is attached. Our products have status point limits. This does not happen in an
automated way. This happens with human involvement and that is why this is not automated decision making. For further information on our product criteria and pricing, please refer to your Broker/Credit intermediary.
Additionally, when applying for a mortgage product we will undertake an assessment of your financial situation to establish if the loan is affordable. In making this assessment, in addition to asking you information about your income and expenditure, we will also use national data on typical family expenditure to help formulate our decision.
Electronic Identification and Verification
When providing deposit accounts and loan products and periodically during the life of your relationship with us, we use scoring methods to validate your identity. This process involves using various data sources via Credit Reference Agencies to validate your, name, date of birth and address. This process is not automated decision making as there is human involvement.
If your identity cannot be validated electronically, we will ask you to provide physical forms of identity such as Passport and Driving Licence.
All of the above methods of processing personal data are subject to quality assurance and checks are made to ensure that certain groups of individuals are not excluded from obtaining credit.
In addition, risk assessments are undertaken to ensure that the processing is fair, lawful and proportionate.
If you have any questions about the processing mentioned in this section then please contact the Data Protection Officer at the address shown in section two of this document.
Call recording
All calls to UTB are recorded. We may monitor phone calls to ensure that we have carried out your instructions correctly, to resolve queries and complaints, for regulatory purposes, to help detect or prevent fraud or other crimes, improve service and to help monitor and train our staff. Our lawful reason for this under data protection law is our legitimate interests or in some cases compliance with legal obligations.
Data anonymisation and use of aggregated information
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy notice.
Cookies
United Trust uses cookies to keep our sites reliable, secure and personalised. More information about how UTB uses cookies can be found in our Cookies Policy.
Privacy Notice Feedback
If you have any comments or suggestions about United Trust Bank’s Privacy Notice, please complete the survey here: https://www.research.net/r/PrivacyNoticeWeb
Last updated
October 2023