How we use and protect your personal data

Last updated: 17 May 2018

Who are we

NewTa Limited, trading as UK Finance (“we“, “our“, “us” or “UK Finance”) is committed to protecting and respecting your privacy.  UK Finance, is a limited company (with company number 10250295) registered at 1 Angel Court, London, EC2R 7HJ.

UK Finance represents nearly 300 of the leading firms providing finance, banking, markets and payments-related services in or from the UK. UK Finance has been created by combining most of the activities of the Asset Based Finance Association, the British Bankers’ Association, the Council of Mortgage Lenders, Financial Fraud Action UK, Payments UK and the UK Cards Association.

UK Finance is dedicated to protecting the confidentiality and privacy of information entrusted to us. We comply with all relevant data protection laws including the EU General Data Protection Regulation (GDPR). Please read this Privacy Notice to learn about your rights, what information we collect, how we use and protect it.

Our data protection officer for the purpose of applicable data protection law may be contacted at privacy@ukfinance.org.uk. If you have any questions or would like to discuss further, you can call us on: 020 7706 3333.

You can find more information about us by clicking here: //www.ukfinance.org.uk/about-us/.

Our Commitment and Obligations to you

We take the collection, usage and security of your personal data seriously.
We can only use your personal data under law if we have a good reason for doing so.  The law provides examples of those reasons.  These include:

  • To perform or fulfil a agreement we have with you; or
  • If we have a legal duty; or
  • If it is within our legitimate business interest; or
  • If there is a public interest reason for doing so; or
  • If you have given your consent.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Types of Personal Data

  • Basic personal information including name and address, date of birth and contact details  identification information
  • Customer Relationship Data
  • Payment Transactions Data
  • Financial information including account and transactional information and history Risk Data / Ratings
  • Profile Data
  • Online profile and social media information and activity based on your interaction with us and our websites and applications, including for example, your banking profile and login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns
  • Information Security Risk Data
  • Communications Data
  • Complaints information
  • Technical Information (IP / Cookies)
  • Location Data
  • User login and Subscription Data
  • Economic Crime related information (e.g. Financial Crime and Fraud Information)
  • Investigations Data
  • Education and employment information
  • Visual images and personal appearance (such as copies of passports or CCTV images)
  • Information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details)

What Personal Data We Collect and Where From

You may give us information about you:

  • When filling in forms on our website www.ukfinance.org.uk (“our site“) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you subscribe to our training, events and/or services, complete a survey, sign up to a newsletter, post material on our site, report a problem with our site, request further services. The information you give us may include your name, address, email address, phone number, and personal description;
  • When applying for a role or position within UK Finance either online, via third party sites and/or direct contact made with UK Finance.  This information may include your employment history, resume / CV, past salary information and other contact and personal information;
  • We may also collect information from you when you use other sites which we operate or support.  In such cases, please refer to the privacy notice contained on such sites.

Information we collect about you.

With regard to each of your visits to our site we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), cookies and methods used to browse away the page and any phone number used to call our customer service number.

Information received from events, training and working groups / committees.

We may collect data about you when you attend any of our events, training sessions and/or attendance of UK Finance working groups / committees.  This may be collected via business card information you have provided to a UK Finance employee or where you have been invited, nominated or otherwise requested to attend one of our events, training sessions and/or working groups / committees.  This information may include your name, job title, company, business or personal email address, phone numbers (business or personal).

Information received from other sources.

  • We may receive information from other sources, such as from our members, associate members, government officials, law enforcement and fraud prevention agencies, regulatory bodies, our other partners for the purpose of providing services to our members including supporting members and law enforcement and fraud prevention agencies to combat, prevent and detect economic criminal activity.  The information received may include: names, address, bank account details, transaction information, criminal convictions and cautions and indications of potential or actual criminal activity
  • Offers and promotions to you via our site, any other websites we operate or other services we provide, advertising networks and analytics providers or publicly accessible data.

What do we use your personal information for?

  • To carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us, including providing membership services to you; including events, training and working groups;
  • To ensure that content from our site is presented in the most effective manner for you and for your computer or device or to provide you with content which we feel may interest you, where (if required to do so) you have consented to be contacted for such purposes:
    • to allow you to participate in interactive features of our services, when you choose to do so; and
    • to notify you about changes to our services.

As a business, it is critical that we perform our agreement with you with the best service possible, and it is in our legitimate interest to be responsive to you and to ensure the proper functioning of our products and organisation. We use information held about you in the following ways:

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

What we use your personal data for What is the lawful reason Business or Commercial Reason (Our Legitimate Interest)
Manage client relationships; engage stakeholders Carried out pursuant to the agreement we have with you.  Where no agreement, this is done within the legitimate interests of UK Finance. In order to provide and ensure we offer the best service to members and associate members, information can be used to manage relationships for the benefit of the member / associate member.
Inform & execute UK Finance’s policy work & non-policy projects Legitimate Interests In order to provide and ensure we offer the best service to members and associate members, information can be used to inform policy and non-policy engagements.
Perform contractual obligations for members; Carried out pursuant to the agreement we have with you. N/A
Process complaints from members’ clients on their behalf; Carried out pursuant to the agreement we have with members or with the consent of the person providing the complaint. N/A
Improve services offered to members Carried out pursuant to the agreement we have with you. N/A
Manage client relationships & communications Carried out pursuant to the agreement we have with you. N/A
Perform contractual obligations to members Carried out pursuant to the agreement we have with you. N/A
To process and administer lost account tracing claims submitted to mylostaccount.org.uk and to help develop the service further This is done with your consent N/A
Manage websites & improve services Legitimate Interests In order to provide and ensure we offer the best service to members and associate members.
Member organisations’ clients submitting ‘Better Business Finance’ appeals Carried out pursuant to the agreement we have with you. N/A
To process and administer ‘Restore UK’ WWII claims through the relevant financial institution(s) This is done with your consent N/A
Informing you of products and services of UK Finance (Direct marketing) This is done with your consent N/A
Events and training coordination (such as contacting you once you have signed up for an event or training) Carried out pursuant to the agreement we have with you. N/A
Manage subscription services such as our newsletter “news in brief” This is done with your consent N/A
Prevention of and detection of crime related to economic crime including fraud and financial crime. We carry out this use of data as this is within the public interest to carry this processing out. N/A
Hosting of joint working groups, information sharing meetings (for the purpose of the prevention and detection of crime) and other meetings specifically focused around economic crime We use data relating to the participants of the meetings to fulfil the agreement with have in place to facilitate the sessions. N/A
Hosting of websites and access to portals.  These include: Financial Crime Alerts Service (FCAS); Financial Fraud Bureau (FFB) Information Sharing Portal; Fraud Intelligence Sharing System (FISS); Mylostaccount. Carried out pursuant to the agreement we have with you.

 

N/A
Queries from members of the public This is within our legitimate business interests to perform This is conducted as required in order to help the request which has been provided to UK Finance.

We may use data of UK Finance personnel (and those wishing to become personnel of UK Finance) for the following reasons:

What we use your personal data for What is the lawful reason Business or Commercial Reason (Our Legitimate Interest)
For referring employees to provider of life insurance policy This is done with your consent. N/A
For referring employees to Health Cash plan This is done with your consent. N/A
Talent acquisition (for purposes of communication, candidate vetting) This is within our legitimate business interests to perform This is essential to the potential employment you may with UK Finance.
To process CV submissions This is done with your consent. N/A
Talent retention (for purposes of communication, performance of contractual duties to employees) This is within our legitimate business interests to perform This is essential to the employment you have with UK Finance.
If required for the role you perform, background screening to ensure you are able to provide services. Depending upon the role you fulfil, we conduct these checks because we are required to do so by law.  Where we carry out background criminal record checks, we only collect this information once we have your permission / consent to do so.  We use this information because we have a legal obligation to carry out these searches. N/A
Provide the customer, member or associate members with services Perform the agreement we have with our customers, members or associate members.  This is within our legitimate business interests to perform. We need to do this where it is necessary to share your name and business contact details for the purpose of meetings and other engagements.
Maintain member, customer and associate member relationships This is within our legitimate business interests to perform. We need to do this where it is necessary to share your name and business contact details for the purpose of maintaining our relationship with our members, associate members and customers.
Talent retention This is pursuant to the agreement of employment we have with you N/A
Communication with you for purpose of your employment This is within our legitimate business interests to perform This is essential to the employment you have with UK Finance.
Providing and improving quality of services to member, customer and associate members This is within our legitimate business interests to perform We review data to ensure we provide members, customers and associate members with the best possible service.
Payment to you for services performed Perform the agreement we have with you (or take steps needed at your request prior to entering into a agreement with you) N/A
Accounting purposes This is within our legitimate business interests to perform We need to use your data for our everyday accounting purposes.
Legal obligations We will use your data for the purpose of complying with our legal obligations. N/A
Performance of contractual duties to employees including pensions, payroll, expenses, performance management, training and development. This is pursuant to the agreement of employment we have with you N/A

Cookies

We may obtain information about your general internet usage by using cookie files stored on your computer or device (“cookies“). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service.

You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/. You may disable cookies by changing the settings on your browser. However, if you do so, this will affect your enjoyment of our site and we will no longer be able to offer to you a personalised service. Unless you opt out of cookies in your browser settings, we will assume you consent to the use of cookies. For more information about cookies, please consult our cookies policy.

E-mail marketing and newsletters

We may make suggestions and recommendations to you following attendance at our events, training sessions and/or associated meetings and working groups that we think may be of interest to you or members of your team / organisation. We will only contact you by electronic means (email) with information about events, training or other meetings similar to those which you have shown an interest in or attended.

We may also use your data, or permit selected third parties to use your data, to provide you with information about services which may be of interest to you and we or they may contact you about these by electronic means only if you have consented to this.  We also may contact you by phone or via post.

You have the right to ask us not to process your information for marketing purposes. You can exercise your right to prevent such processing by ticking the relevant boxes on the forms we use to collect your information, or you can opt out of receiving future marketing communications from us at any time by following the directions contained in the marketing email to unsubscribe. You can also exercise this right at any time by contacting us at privacy@UKFinance.org.uk.

How we share your personal data

We take your privacy very seriously and we’ll only share your information where:

  • we need to for the purposes of providing you with products or services you have requested;
  • we have a public or legal duty to do so e.g. to assist with detecting fraud and tax evasion, economic crime prevention, regulatory reporting, litigation or defending legal rights;
  • we have a legitimate reason for doing so e.g. to manage risk, or assess your suitability for services; or
  • we have asked you for your permission to share it, and you’ve agreed.

Third Parties

We may occasionally share your data with trusted third parties to help us deliver efficient and quality services.
We may share with third parties, including:

  • business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you;
  • financial institutions in performance of our role to support with economic crime information sharing initiatives; providing services for our members or where we are otherwise directed by you to share information with them;
  • fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment;
  • provided you have consented; marketing, market research, advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
  • analytics and search engine providers that assist us in the improvement and optimisation of the website;
  • any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries for the purposes set out above;
  • in the event that we buy or sell any business or assets, including the sale of an individual website owned by us, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
  • if UK Finance is acquired by (or all of its assets are acquired by) a third party, in which case personal data held by it about its members and customers will be one of the transferred assets.

Economic Crime Information Sharing

We may share your personal data with law enforcement agencies, fraud prevention agencies, public authorities or other organisations if legally required to do so, or if we have a public interest and/or good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request (including responding to any requests from law enforcement authorities outside the EEA, as defined below);
  • enforce our agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address economic criminal activity (including financial crime, fraud, money laundering etc);
  • detect, prevent or otherwise address security, fraud or technical issues with our services and site; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

Sharing Aggregated or Anonymised Data:

Where we have made your information anonymous, we may share it this outside of UK Finance with partners such as research groups, universities, advertisers or connected sites. For example, we may share information publicly to show trends about the financial services market.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including, in particular, the United States.  It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or business partners. By submitting your personal data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Security of your personal data

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of our member and associate member organisations, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How Long We Keep Your Information

We will retain your personal information for as long as you use our services and for a reasonable time thereafter. After you have terminated your use of our services, we will retain your personal information for up to 7 years and thereafter may store it in an aggregated and anonymised format.

Your rights

  • Access to information. The Data Protection Laws give you the right to access information held about you. Your right of access can be exercised in accordance with Data Protection Laws by contacting us at DPO@ukfinance.org.uk.
  • Consent. You may withdraw your consent to any processing of your personal data at any time by contacting DPO@ukfinance.org.uk.
  • Rectification. You have the right to rectify any personal data held about you that is inaccurate. Your right of rectification can be exercised by contacting us at DPO@ukfinance.org.uk.
  • Erasure. You may have the right to erasure of personal data held about you by contacting us at DPO@ukfinance.org.uk.
  • Complaints or Objecting. In the event that you wish to object to or make a complaint about how we process your personal data, please contact us in the first instance at DPO@ukfinance.org.uk and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the UK’s Information Commissioner’s Office.

Changes to our Privacy Notice

Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check this page frequently to see any updates or changes to this Privacy Notice.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@ukfinance.org.uk.