Privacy policy

How we use and protect your personal data

Last updated: 21st of April 2022

Who we are

UK Finance Ltd (UK Finance) is committed to protecting and respecting your privacy.  UK Finance is a limited company (with company number 10250295) registered at 1 Angel Court, London, EC2R 7HJ. Any reference to ‘us’, ‘our’ or ‘we’ in this Privacy Policy is a reference to UK Finance.  Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Policy is a reference to any of our past, prospective or current membership, employee, government, agency, partner, media or other public or industry contacts. Collectively “data subjects”.

UK Finance is the collective voice for the banking and finance industry. Representing 300 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation.

This Privacy Policy (Notice) describes your rights, the information or “Personal Data” we would usually collect and use and how we would protect it.

We have appointed a data protection officer who may be contacted at privacy@ukfinance.org.uk or dpo@ukfinance.org.uk

You can find more information about us by clicking here.

Our commitment and obligations to you

We take the collection, usage and security of your personal data seriously. We can only use your personal data under law if we have a good reason for doing so. The law provides examples of those reasons. These include:

  • to perform or fulfil an agreement we have with you; 
  • if we have a legal duty; 
  • if it is within our legitimate business interest; 
  • if there is a public interest reason for doing so; or
  • if you have given your consent.

A legitimate interest is when we have a business or commercial reason to use your information. But even then it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Types of personal data

  • Your personal information (for example, your name and date of birth) 
  • Contact details (for example, your postal address, phone number, email address or mobile number)
  • Customer relationship data (for example, notes of calls or requests you may have made or attendance at an event or webinar)
  • Payment transactions data (for example, when you use the web shop)
  • Financial information (for example, bank account numbers)
  • Online profile and social media information 
  • Communications data
  • Technical Information including internet protocol (IP) address, your login data, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
  • Location data
  • User login and subscription data
  • Economic crime related information (e.g. financial crime and fraud information)
  • Investigations data
  • Education and employment information
  • Visual images and personal appearance (such as copies of passports or CCTV images)
  • Information about your family, lifestyle and social circumstances (such as dependants, marital status, next of kin and contact details)

On occasion the following special category (sensitive) personal data may be obtained: physical or mental health details, political opinion, racial or ethnic origin and religious beliefs.  We will only obtain and process this information with your consent (permission) or in situations where it is in the wider public interest.

If you choose to provide us with any personal data relating to a third party (for example, information relating to your spouse, children, parents, and/or employees) or ask us to share their personal data with third parties by submitting such information to us, you confirm that they understand the information in this notice about how we will use their personal data. 

How is the personal data obtained?

We obtain this information in several ways, for example through your use of our services or other dealings with us, including through the member onboarding process, enquiry forms, and from information provided in the course of ongoing correspondence. We may collect personal data from you:

  • When you fill in forms, visit the member portal or the web shop on our website www.ukfinance.org.uk (“our site”) or when you correspond with us by phone, email or otherwise. This includes information you provide when you subscribe to our training, events and/or services, complete a survey, sign up to a newsletter, post material on our site, report a problem with our site, or request further services. 
  • When applying for a role or position within UK Finance either online, via third party sites and/or direct contact made with UK Finance.  
  • When you browse other sites which we operate or support.  In such cases, please refer to the privacy policy/ notice contained on the relevant site.

With regard to each of your visits to our site we may collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; 
  • information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), cookies and methods used to browse away the page and any phone number used to call our customer service number.

Further, if you visit our offices or premises, we may have CCTV which may record your image.

Information received from events, training and working groups / committees

We may collect data about you when you attend any of our events, training sessions and/or UK Finance working groups / committees. This may be collected via business card information you have provided to a UK Finance employee or where you have been invited, nominated or otherwise requested to attend one of our events, training sessions and/or working groups / committees. This information may include your name, job title, company, business or personal email address, phone numbers (business or personal).

Information received from other sources

  • We may receive information from other sources, such as from our members, associate members, government officials, law enforcement and fraud prevention agencies, regulatory bodies, our other partners for the purpose of providing services to our members. This includes supporting members and law enforcement and fraud prevention agencies to combat, prevent and detect economic criminal activity. The information received may include names, address, bank account details, transaction information, criminal convictions and cautions and indications of potential or actual criminal
  • Offers and promotions to you via our site, any other websites we operate or other services we provide, advertising networks and analytics providers or publicly accessible data.

What do we use your personal information for?

  • To carry out our obligations arising from any agreements entered into between you and us and to provide you with the information, products and services that you request from us, including providing membership services to you, including events, training and working groups.
  • To ensure that content from our site is presented in the most effective manner for you and for your computer or device or to provide you with content which we feel may interest you, where (if required to do so) you have consented to be contacted for such purposes:
  • to allow you to participate in interactive features of our services, when you choose to do so; and
  • to notify you about changes to our services.

As a business, it is critical that we perform our agreement with you with the best service possible, and it is in our legitimate interest to be responsive to you and to ensure the proper functioning of our products and organisation. 

Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

What we use your personal data for What is the lawful reason Business or commercial reason (our legitimate interest)
Manage client relationships; engage stakeholders Carried out pursuant to the agreement we have with you. Where no agreement, this is done within the legitimate interests of UK Finance. In order to provide and ensure we offer the best service to members and associate members, information can be used to manage relationships for the benefit of the member / associate member.
Inform and execute UK Finance’s policy work and non-policy projects Legitimate interests. In order to provide and ensure we offer the best service to members and associate members, information can be used to inform policy and non-policy engagements.
Perform contractual obligations for members Carried out pursuant to the agreement we have with you. N/A
Process complaints from members’ clients on their behalf Carried out pursuant to the agreement we have with members or with the consent of the person providing the complaint. N/A
Improve services offered to members Carried out pursuant to the agreement we have with you. N/A
Manage client relationships and communications Carried out pursuant to the agreement we have with you. N/A
Perform contractual obligations to members Carried out pursuant to the agreement we have with you. N/A
To process and administer lost account tracing claims submitted to mylostaccount.org.uk and to help develop the service further This is done with your consent. N/A
Manage websites and improve services Legitimate interests. In order to provide and ensure we offer the best service to members and associate members.
Member organisations’ clients submitting ‘Better Business Finance’ appeals Carried out pursuant to the agreement we have with you. N/A
To process and administer an independent complaints process for invoice finance and asset based lending member firms. This is provided by an independent specialist Alternative Dispute Resolution (ADR) provider This is done with your explicit consent. Clients of members can choose to share personal data with UK Finance.
Provide specific communications such as "News in Brief", the CEO newsletter and other "opt-in" material that can be subscribed to directly such as the Libor newsletter. This is done with your consent. You can withdraw your consent on request.
To upload and host blog material written and provided by members including associated personal data such as photographs of individuals. This is done with your consent. You can withdraw your consent on request but please be aware that, once published, the material would likely remain in circulation.
To produce videos from events. This is done with your consent. You can withdraw your consent on request but please be aware that, once published, the material would likely remain in circulation.
Placing cookies and similar technologies on devices and browsers for analytics purposes (please refer to our cookie notice). This is done with your consent. You can withdraw your permission at any time, by using the contact details at the end of this privacy notice or by clicking on the ‘C’ logo displayed on the web page.
To carry out suitable adjustments for events/services that involve the processing of special category (sensitive) personal data such as dietary needs or disabilities. This is done with your explicit consent. You can withdraw your consent on request but it may mean suitable arrangements cannot be made to accommodate your needs.
Business owners or their professional advisors submitting data through the use of the ‘Better Business Finance Finder’ telephone or online services This is done with your consent. You can withdraw your consent on request.
To process and administer 'Restore UK' WWII claims through the relevant financial institution(s) This is done with your consent. N/A
As a business contact, when we use your corporate email address to inform you of products, services, activities, of UK Finance, or to send newsletters or other information (business-to-business direct marketing) This is within our legitimate business interests to perform. Promoting UK Finance to business contacts. We will always offer you a simple way to opt out of these communications, should you wish to.
As a business contact who has enrolled in a UK Finance virtual activity (such as a webinar) we may share your contact data (name, job title, organisation name and email address) with the activity sponsor, unless you choose to opt out from this. This is within our legitimate business interests, and those of the sponsors of our virtual activities. Promoting UK Finance to our sponsors and enabling them to promote themselves to you if you have enrolled. We will always offer you a simple way to opt out of these communications, should you wish to.
If we use your private (non-corporate) email address to inform you of products, services, activities, of UK Finance, or to send newsletters or other information (business-to-customer direct marketing) This is done with your consent. We will always offer you a simple way to withdraw your consent, should you wish to.
Children and Young People Financial Education Provision Mapping project (contacting you in relation to the project survey after you have registered as a participant) This is done with your consent. You can withdraw your consent on request.
Community Access to Cash Initiative This is within our legitimate business interests to perform. To support the Community Access to Cash Initiative, including sharing the data with LINK and the Award Committee so that applications can be decided upon and the grant funding processed to successful applicants.
Events and training coordination (such as contacting you once you have signed up for an event or training) Carried out pursuant to the agreement we have with you. N/A
Prevention of and detection of crime related to economic crime including fraud and financial crime We carry out this use of data as this is within the public interest to carry this processing out. N/A
Hosting of joint working groups, information sharing meetings (for the purpose of the prevention and detection of crime) and other meetings specifically focused around economic crime We use data relating to the participants of the meetings to fulfil the agreement with have in place to facilitate the sessions. N/A
Hosting of websites and access to portals.  These include: the member portal, Financial Crime Alerts Service (FCAS); Financial Fraud Bureau (FFB) information sharing portal; Fraud Intelligence Sharing System (FISS); Mylostaccount. Carried out pursuant to the agreement we have with you. N/A
Queries from members of the public This is within our legitimate business interests to perform. This is conducted as required in order to help the request which has been provided to UK Finance.

We may use data of UK Finance personnel (and those wishing to become personnel of UK Finance) for the following reasons:

What we use your personal data for What is the lawful reason Business or commercial reason (our legitimate interest)
For referring employees to provider of life insurance policy This is done with your consent. N/A
For referring employees to health cash plan This is done with your consent. N/A
Talent acquisition (for purposes of communication, candidate vetting) This is within our legitimate business interests to perform. This is essential to the potential employment you may with UK Finance.
To process CV submissions This is done with your consent. N/A
Talent retention (for purposes of communication, performance of contractual duties to employees) This is within our legitimate business interests to perform. This is essential to the employment you have with UK Finance.
If required for the role you perform, background screening to ensure you are able to provide services Depending upon the role you fulfil, we conduct these checks because we are required to do so by law. Where we carry out background criminal record checks, we only collect this information once we have your permission / consent to do so.  We use this information because we have a legal obligation to carry out these searches. N/A
Provide the customer, member or associate members with services Perform the agreement we have with our customers, members or associate members.  This is within our legitimate business interests to perform. We need to do this where it is necessary to share your name and business contact details for the purpose of meetings and other engagements.
Maintain member, customer and associate member relationships This is within our legitimate business interests to perform. We need to do this where it is necessary to share your name and business contact details for the purpose of maintaining our relationship with our members, associate members and customers.
Talent retention This is pursuant to the agreement of employment we have with you. N/A
Communication with you for purpose of your employment This is within our legitimate business interests to perform. This is essential to the employment you have with UK Finance.
Providing and improving quality of services to member, customer and associate members This is within our legitimate business interests to perform. We review data to ensure we provide members, customers and associate members with the best possible service.
Payment to you for services performed Perform the agreement we have with you (or take steps needed at your request prior to entering into an agreement with you). N/A
Accounting purposes This is within our legitimate business interests to perform. We need to use your data for our everyday accounting purposes.
Legal obligations We will use your data for the purpose of complying with our legal obligations. N/A
Performance of contractual duties to employees including pensions, payroll, expenses, performance management, training and development This is pursuant to the agreement of employment we have with you. N/A
Monitoring the diversity of the UK Finance workforce We collect diversity data (for example ethnic background, gender and sexual orientation) from colleagues on a voluntary basis to enable us to monitor the composition of our workforce. Processing your diversity data is done with your explicit consent. N/A

Cookies
We may obtain information about your general internet usage by using cookie files stored on your computer or device (“cookies“). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service.
You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/. For more information about our use of cookies, please consult our cookies policy.

How we share your personal data

We take your privacy very seriously and we’ll only share your information where:

  • we need to for the purposes of providing you with products or services you have requested;
  • we have a public or legal duty to do so e.g. to assist with detecting fraud and tax evasion, economic crime prevention, regulatory reporting, litigation or defending legal rights;
  • we have a legitimate reason for doing so e.g. to manage risk, to assess your suitability for services, or to enable one of our virtual activity sponsors to promote themselves to you; or
  • we have asked you for your permission to share it, and you’ve agreed.

Third parties

We may occasionally share your data with trusted third parties to help us deliver efficient and quality services. We will never sell, trade, or rent your personal data to others; however, we may share your information with selected third parties including:

  • business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you;
  • financial institutions in performance of our role to support with economic crime information sharing initiatives; providing services for our members or where we are otherwise directed by you to share information with them;
  • fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment;
  • provided you have consented; marketing, market research, advertisers and advertising networks that require the data to select and serve relevant adverts to you and others;
  • analytics and search engine providers that assist us in the improvement and optimisation of the website;
  • any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries for the purposes set out above;
  • in the event that we buy or sell any business or assets, including the sale of an individual website owned by us, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and
  • if UK Finance is acquired by (or all of its assets are acquired by) a third party, in which case personal data held by it about its members and customers will be one of the transferred assets.

Economic crime information sharing

We may share your personal data with law enforcement agencies, fraud prevention agencies, public authorities or other organisations if legally required to do so, or if we have a public interest and/or good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request (including responding to any requests from law enforcement authorities outside the EEA, as defined below);
  • enforce our agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address economic criminal activity (including financial crime, fraud, money laundering etc);
  • detect, prevent or otherwise address security, fraud or technical issues with our services and site; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.

Sharing aggregated/anonymised data

Where we have made your information anonymous, we may share this outside of UK Finance with partners such as research groups, universities, advertisers or connected sites. For example, we may share information publicly to show trends about the financial services market.

Links to external websites 

Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any personal data to these websites.

Where we store or transfer your personal data

We would usually ensure that the majority of personal data we store or process is within the UK or European Economic Area (EEA).

There may be situations where the data that we collect from you may be transferred to, and stored at, a destination outside the UK and EEA”), including, in particular, the United States. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers or business partners. We will ensure they agree to apply equivalent levels of protection for personal data. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful. Also, if they are not in a jurisdiction that is regarded as having “adequate” levels of protections for personal data, we will put in place appropriate safeguards (such as contractual commitments), in accordance with applicable legal requirements, to ensure that your data is adequately protected. 

Security of your personal data

We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal data to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. We have appointed a Data Protection Officer to ensure that our management of personal data is in accordance with this Privacy Notice and the applicable legislation. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

UK Finance is ISO 27001 accredited. This is an internationally recognised specification for information security management. To meet our commitment to protecting your data we have invested in our people, processes and technology. Independent assessments are carried out on a regular basis. This would also include a technical audit of our systems to receive our Cyber Essentials Plus certification. For more information about this government-backed scheme, please refer to the National Cyber Security Centre website or follow this link.
   
How long we keep your information

We will retain your personal information for as long as you use our services and for a reasonable time thereafter. After you have terminated your use of our services, we will retain your personal information for up to seven years and thereafter may store it in an aggregated and anonymised format.

Your rights

Data protection laws give you certain rights in relation to the data we hold on you. These include the following rights to:

  • request a copy of the personal data we hold about you;
  • request that we supply you (or a nominated third party) with a copy of the personal data that you provided to us;
  • inform us of a correction to your personal data 
  • exercise your right to restrict our use of your personal data 
  • exercise your right to erase your personal data; or
  • object to the ways in which we are using your personal data.

Your ability to exercise these rights will depend on a number of factors and in some instances, we will not be able to comply with your request e.g. because we have legitimate grounds for not doing so or where the right doesn’t apply to the particular data we hold on you.

Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent.

If you would like more information on these rights, please contact us using the details below.

How to contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@ukfinance.org.uk or dpo@ukfinance.org.uk.

What if I have a complaint?

If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set out above. If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with our supervisory authority, the Information Commissioner’s Office (ICO). You can find details about how to do this on the ICO website at https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

Changes to our Privacy Policy/Notice

Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check this page frequently to see any updates or changes to this Privacy Notice.