We may need to share your personal information with colleagues in the bank (including our suppliers and other RBS Group companies). We will take steps to ensure that the personal information is accessed only by employees that have a need to do so for the purposes described in this notice.
We may also share your personal information outside of the RBS Group:
- with credit reference and fraud prevention agencies for the purposes of confirming your identity and to comply with regulatory obligations to prevent and detect crime, money laundering and fraud;
- to third party suppliers, agents or vendors for the purposes of providing services to us, including third parties carrying out due diligence and screening checks on our behalf. These third parties will be subject to confidentiality requirements and they will only use your personal information as described in this privacy notice;
- if we sell any of our business or assets or if we are acquired by a third party, in which case we may disclose your personal information to the prospective buyer for due diligence purposes;
- courts, regulators, government bodies and similar organisations as required by law (such as the Financial Conduct Authority, Prudential Regulatory Authority, or local equivalents);
- with compliance departments responsible for overseeing your conduct where they reasonably request it;
- corporate auditors and legal or other advisors; and
- to the extent required by law, for example if we are under a duty to disclose your personal information in order to comply with any legal obligation, or to establish, exercise or defend our legal rights.