We collect and process various categories of personal information at the start of and for the duration of your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. We will process information about: (a) you and your business partners, including any other directors or persons of significant control; and (b) shareholders who are beneficial owners of 25% or more of the business. Personal information may include:
basic personal information, including name and address, date of birth and contact details;
financial information, including account and transactional information and history (including where you have chosen to link your bank account to us, to retrieve historic 12 month statement information on an ongoing basis about your business bank account);
information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
education and employment information;
goods and services provided;
visual images and personal appearance (such as copies of passports); and
online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example, your login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns.
We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to customers. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided). This may include:
information about racial or ethnic origin,
religious or philosophical beliefs,
trade union membership;
physical or psychological health details or medical conditions; and
biometric information, relating to the physical, physiological or behavioural characteristics of a person, including for example using voice recognition or similar technologies to help us prevent fraud and money laundering.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.