Union Investment Bank (UK) WEBSITE PRIVACY & COOKIE NOTICE
Last updated Nov 2018
What does this notice cover?
This Privacy Notice describes how Union Investment Bank (UK) (also referred to as "Zenith", "we" or "us") will make use of your data when you use our products, services and websites.
It also describes your data protection rights, including a right to object to some of the processing which Zenith carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
What information do we collect?
We collect and process personal data about you when you interact with us and our websites, and when you apply for or use any of our products or services. This includes:
- Your name, age, date of birth and gender.
- National insurance number or other national identifier information.
- Your username and password.
- Contact details, such as your address, email address and phone number.
- Banking information, including your debit or credit card information and sort code and account number and also transactional information including in respect of products which you purchase.
- Your financial position, status and history.
- Information about your communications with us.
- Your marketing preferences, including any consents you have given us.
- Location data we get about where you are, such as the address where you connect a computer to the internet, or a shop where you buy something with your card.
- Information related to the browser or device you use to access our website.
- Information about your contact with us e.g. meetings, phone calls, emails / letters
The law and other regulations treat some types of personal information as a special category. We will only collect and use these types of data if the law allows us to do so. Examples of special category information that we process are:
- health data that we request from you (if you purchase products from us where health information is relevant, such as mortgage products).
- information about criminal convictions and offences (in the course of running know your customer checks or if we need to investigate you in connection with use of our services or in connection with staff/ staff application background checks
- Political opinions or affiliations
What information do we receive from third parties?
We offer some of our services in connection with other web sites, such as Moneysupermarket.com. Personal information that you provide to those sites may be sent to us in order to deliver the products and services you have requested.
We may combine the information you submit under your account with information from other Zenith services or third parties. For certain services, we may give you the opportunity to opt out of combining such information.
We may sometimes receive your personal information including name and contact details, from financial or other advisers, estate agencies, consultants and other professional experts.
How do we use this information, and what is the legal basis for this use?
At the core of all personal information processing activities undertaken by the Bank, is the assurance and verification that the Bank is in compliance with Article 6 of the GDPR and its lawfulness of processing obligations. Prior to carrying out any personal data processing activity, we must identify and establish the legal basis for doing so and verify this against the regulatory requirements to ensure the most appropriate legal basis is applied.
The Bank relies on the following Article 6 lawfulness of processing provisions for processing personal data in order of priority:
- Legal obligation – where we must undertake the processing to comply with our legal obligations – such as undertaking customer due diligence for the purposes of meeting anti-money laundering regulatory requirements.
- Contractual performance – where we must undertake the processing in order to perform a contract with the individual – such as transferring funds or undertaking a credit assessment.
- Legitimate interest – includes any other processing which is necessary in the interests of the Bank’s activities and to the extent that it does not unduly interfere with the rights of the individuals. A legitimate interest assessment must be undertaken in order to rely upon this legal basis.
- Consent – we require explicit consent from the individual where the processing does not meet one of the other lawfulness provisions. Consent must be clear, explicit and freely given in order to rely upon this legal basis.
If the proposed processing does not fall within any of the above lawfulness provisions, then we must not process the data unless a situation arises whereby processing is necessary to protect the vital interests of an individual.
The Bank keeps a master record of the instances of data processing undertaken across departments along with the legal basis relied upon for the purposes of each instance of processing. Any proposed new instances of data processing must be approved by the Compliance department so that the master record can be duly updated, and assurance can be given that the new instance of data processing is lawful. Compliance will periodically review the master record to ensure that it remains up to date and that the purported legal bases stated are fair and legitimate.
We will not be able to provide the banking or other services requested if we are not provided with all relevant personal data. The provision of some information, such as the details you provide so we can send you marketing communications, is optional.
Please note we do not use any significant decision automated tool to provide services to you
Who will we share this data with?
Your personal data will be processed in and accessed from jurisdictions outside the European Economic Area (“EEA”) by us and by the third parties with whom we share your personal data.
We may share your personal data with Union Investment Bank Plc and its subsidiaries to administer and manage group functions, including the provision of banking and other services to you.
We may share your personal data with our branch office in the United Arab Emirates. Some of our third parties providers are also located outside the EEA.
When we transfer your data within the Union Investment Bank Group, we use an intra-company agreement containing European Commission-approved standard contractual clauses. When we transfer your data to organisations outside the Union Investment Bank Group we use European Commission-approved standard contractual clauses to safeguard the transfer, unless we transfer personal data to a third party that has implemented Binding Corporate Rules or which uses the EU-U.S. Privacy Shield or on the EU Adequacy Decision List, in which case we may rely on one of those mechanisms to safeguard the transfer.
Your personal data will also be shared with trusted third parties, such as financial or other advisers, consultants and other professional experts.
We will share your personal data with companies providing services under contract to Zenith. Such third parties include providers of website and IT hosting, help desks, maintenance, call centre operation, identity and background checking and debit card providers.
Your personal data will also be shared with government agencies (including UK HM Revenue & Customs and the UK Financial Services Compensation Scheme) and/or law enforcement agencies and credit reference and fraud prevention agencies if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
What rights do I have?
You have the right to ask Zenith for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain the personal data you provide in a structured, machine readable format and ask us to share (port) this personal data to other organisations. You can submit a Subject Access Request using this form. You also have the right to object to processing in some circumstances.
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Zenith processing your personal data, this will not affect any processing which has already taken place at that time. You can also ask us not to send or to carry out profiling for direct marketing, at any time.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.
If you wish to exercise these rights, please contact us as set out below.
If you have unresolved concerns you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occured.
How long will you retain my data?
Where we process account registration data and personal data in connection with the provision of banking services, we do this for as long as you are an account holder and for 6 years after you terminate your account.
Where we process personal data in order to comply with our legal obligations (for example, “know-your-client” information processed for anti-money laundering purposes) we will retain this for as long as you use our services, and in compliance with our regulatory obligations as set by the Financial Conduct Authority thereafter.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Updates to this Privacy Notice
This Privacy Notice may be updated periodically. We will update the date at the top of this Privacy Notice accordingly. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Notice as required by applicable law.
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, feel free to contact our Data Protection Officer, who can be contacted at:
The Data Protection Officer
Union Investment Bank
London EC3V 3ND
Tel: +44 (0)20 7105 3953
The data controller for your information is Union Investment Bank Ltd registered in England and Wales under Company Number 5713749 whose registered office address is: 39 Cornhill, London EC3V 3ND
Cookies and similar technologies
What are they?
Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs. All these technologies are together referred to in this policy as “Cookies”.
The types of Cookies that we use on our website, and the purposes for which they are used, are set out below:
- Analytical/performance cookies: These cookies collect information about how you and other visitors use our site, for instance which pages you go to most often, and if you get error messages from web pages. We use data from these cookies to help test designs and to ensure a consistent look and feel is maintained on your visit to the website. All information these cookies collect is aggregated. It is only used to improve how a website works.
- You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
- Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/.
- Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
To remove cookies from your PC, you can use these guides:
Internet Explorer: https://support.microsoft.com/en-us/kb/278835#/en-us/kb/278835
Please note that by deleting our cookies or disabling future Cookies you may not be able to access certain areas or features of our site.
To find out more about Cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.