Your right to privacy
Your right to privacy is very important to us. We take the security of your information seriously and have strict policies and processes in place to ensure it remains safe. This policy describes the way we collect information, how we use it and how we protect it.
About The Nottingham
We’re The Nottingham, a group of companies that includes Nottingham Building Society.
How we comply with regulations
We are committed to safeguarding your personal information and we are legally obliged to use your information in line with all laws concerning the protection of personal information. We are regulated by the Information Commissioners Office (ICO) which is responsible for regulations that cover the collection, storage, processing, disclosure, transfer and destruction of personal data in the United Kingdom, and we are registered as a Data Controller with the ICO. We have a Data Protection Officer who ensures the fair processing of your information in line with the regulations, whom you can contact using the contact details at the end of this policy. You also have the right to complain to the ICO if you have any concerns.
Information we hold about you
We collect personal information about you when you apply for products or make use of our services. Personal information we hold will include:
- name, address, date of birth and contact information
- information we need to enable us to check your identity, process an application and complete credit referencing
- information for accounts you hold with us including payments and withdrawals, services you use, and other related information
- information we need to be able to process payments for you, for example bank and credit or debit card details
- records of contact with you, such as system notes, emails and letters.
In some instances, it is necessary for us to collect more sensitive information to be able to provide advice to you or complete applications, for example information about your health to support a life insurance application. This type of information is called special category data and where we do need to collect it, we will gain your consent to the collection and processing of this data. You can withdraw your consent at any time to us processing this data, however, this may mean that you can no longer access the service or product the information was gathered for.
For security and training purposes and to check and improve the quality of our service, we also record and monitor telephone calls and record activity on our premises using CCTV.
How we use your personal information
We will only collect, use, hold or disclose personal information where we have a lawful basis to do so. This means information needed to provide you with a product or service, to satisfy legal or regulatory requirements, or where we have your consent. We will use your information to:
- verify your identity when you apply for an account and in order for us to manage your account securely
- process your application for an account or service. If you are applying for a mortgage, this will include credit scoring
- keep our records up to date
- prevent crime and meet our legal and regulatory obligations
- prudentially manage our business through the use of models, forecasts and management information.
- send statements, meeting notices and interest rate changes
- keep you informed of other relevant products or services that may be of interest to you where you have provided consent for us to do this.
We may use automated systems to analyse your personal data. For example, in order to check eligibility and provide access to the benefits of our Member Rewards scheme. You have the right to object to this. However, this would mean you would not receive Member Rewards. Where you have chosen to hear from us about products and services we may tailor communications based on your data.
How we protect your information
The security of your information is very important to us. We protect your information by maintaining physical, electronic, and procedural safeguards in relation to the collection, storage and disclosure of personal data to prevent unauthorised access, accidental loss, disclosure or destruction. We will not transfer your information to other countries outside the EEA unless it is unavoidable to allow us to deliver our products and services. If we do, we take care to ensure the same level of privacy and security as the UK.
How long we keep your information
We will keep your personal information only for as long as necessary to administer the accounts you have in line with regulatory and legal requirements, and will destroy it securely when it is no longer needed.
How we share your information
From time to time we may send information to, receive information from, or exchange your personal information with:
- companies in The Nottingham group to enable us to deliver our service to you and to allow us to manage our business
- partners or agents who support us to deliver our products and services to you, or that we refer you to, or that refer you to us
- companies who perform essential services for us
- credit referencing agencies
- third-party organisations that conduct research, analysis and marketing activities on our behalf
- regulators, courts or other public authorities
- other financial service providers to prevent fraud and verify identities
- debt management agencies and collection agencies, courts and receivers
- the Police, NCA, Action Fraud, DWP, HMRC, fraud prevention agencies and other financial service providers to help them in relation to the prevention or detection of fraud and financial crime. Financial service providers may use this information to make decisions
- the emergency services in the case of accident or emergency.
We will only share or exchange data with third parties with the protection of a written agreement and the ability to oversee their activities, unless information is required for legal or regulatory reasons. Where we have relationships with other organisations that process your information on our behalf we take care to ensure they have high data security standards. We will not allow these organisations to use your personal information for unauthorised purposes.
If the business is reorganised or sold to another organisation, we may transfer any personal information we hold to that organisation.
How we use fraud prevention agencies
The personal information we will/have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If false or inaccurate information is provided and/or if fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies can be provided by asking for a copy of our full fraud prevention agency notice.
How we use credit reference agencies
Credit reference agencies collect and maintain information about consumers’ and businesses’ credit behaviour. We use them to confirm your identity and to keep your money safe. They may keep records of enquiries about you and details of how you manage your accounts.
The credit reference agencies we normally use are:
Credit referencing agencies have published their own guidance on use of personal data called the Credit Referencing Agency Information Notice (CRAIN). You can view these notices by clicking the links about and searching for CRAIN. If you would like to see the information that these credit reference agencies hold about you, please contact them directly. Please note there may be a charge for this service.
How you can manage the information we hold and how we use it
Data protection regulations mean you have rights over how we hold and use the information we hold about you:
- you have the right to give your consent to us using your data for any activities we do not have a lawful basis to carry out, for example sending you marketing communications. You can withdraw that consent at any time
- you have the right to request access to the information we hold about you; this is called a Data Subject Access Request. You can do this by emailing firstname.lastname@example.org
- you have the right to know who your data is shared with and why
- you have the right to have your details updated if they are inaccurate and for information not required for lawful reasons to be deleted
- you have the right to have automated processing and profiling restricted. Profiling may be used to analyse or predict economic situations, health, personal preferences, interests, reliability, behaviour, location or movements
- you have the right to request that information we process by automated means is sent to you or another nominated data controller in a commonly used electronically readable format.
If you wish to action any of the above please contact us by:
- writing to Nottingham House, 3 Fulforth Street, Nottingham, NG1 3DL
- calling us on 0344 481 4444.
Changes to this policy
We regularly review this policy. You may obtain a copy of the most recent version from a branch or download a copy here. This was last updated September 2021.
Last updated on: