Privacy Notice
Version: 12 July 2022
Version: 12 July 2022
Metro Bank PLC, (“Metro Bank”, “we” or “us”), registered in England and Wales
Company number: 6419578.
We are a controller for the processing activities specified in this privacy notice that relate to your personal data.
This privacy notice also explains how other parties, including companies belonging to the Metro Bank group, may use your personal data. Some of our products, applications or services have separate privacy notices which do not incorporate this privacy notice.
If you have any questions about this privacy notice, would like more information about how we use your personal data, or to exercise any of your data subject rights (see “Your rights”) please contact our Data Protection Officer:
Write to
Data Protection Officer
Metro Bank PLC
One Southampton Row
London, WC1B 5HA
If you are unhappy with our management of your information, you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit http://www.ico.org.uk/ for more information.
Personal data includes any information that directly or indirectly (whether alone or in conjunction with other information) identifies you (or someone else). This includes information such as your name, address, and contact details. It also includes, for example, any photograph we have of you (e.g. when you provide us with a selfie and a copy of a photo ID as part of the account-opening process), online identifiers such as IP address or device ID, and location data.
The personal data we hold about you is limited to information that you have given us directly – for example, when you contact us, apply for any of our products or services (e.g. a selfie and your contact information, or details of your query or complaint), or when you complete customer surveys.
This also includes information we:
Where we ask you to provide personal data to us on a mandatory basis, we will tell you at the time of collection. In the event that particular personal data is required by the contract or law, this will be made clear. We will also explain the consequences of failure to provide any mandatory personal data – for example, if you can’t show us proof of identity this will mean that we cannot open an account for you.
We may also collect your personal data where you engage with us online (for example, on Twitter or LinkedIn) or where you mention us in a public forum. Remember that any information you publish online may be seen by others; please see the section on “Social Networking Sites” for further information.
If you open an account with us and you are under 18, we may also collect personal data that directly or indirectly identifies your parent or legal guardian who helped you open an account. We may use and keep their personal data only for the purposes of checking your identity. You must not give us personal data about someone else (such as a joint applicant or a parent or guardian) without first getting their permission for it to be used and released. We will assume that that person has given permission, although we may still ask for confirmation.
At the end of your relationship with us (for example, if you decide to close your account), we retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than seven years, in line with our data retention policy.
Your personal data is collected and processed for business and business-compatible purposes, in accordance with applicable laws and as set out below. Personal data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. in fraud investigations or similar).
We generally process your personal data under one of the following legal bases:
We may also rely on other bases (for example, where the processing is necessary in the performance of a task carried out in the public interest, or in order to protect your vital interests or those of another person, or where you have given your consent) on an exceptional basis, where none of the above applies.
We have identified the following purposes for processing personal data, each of which relates to a lawful basis for processing, as required under applicable law. These purposes include:
Purpose for processing |
Lawful basis |
To provide products and services which you have requested, and to conduct business with you (for example, to process your application, to manage your account, to tell you about important changes to our services, to process and to respond to your enquiries, complaints and issues) and to keep updated and bring together and improve records. |
Contractual performance |
To provide an initial quotation where you have applied for credit. |
Contractual performance Legitimate interests: We consider that we have a legitimate interest in ensuring that customers have a clear understanding of the product they have applied for, without there being a detrimental effect on their credit rating. |
For security, credit, identification and verification purposes.
|
Legal obligation (e.g. compliance with our Anti-Money Laundering and Know Your Customer obligations). |
To detect, investigate, prevent and prosecute criminal activity and to meet out regulatory, legal and compliance obligations (including performing regulatory and prudential compliance checks on an ongoing basis, account and transaction monitoring, checks for sanctions and politically-exposed persons, and transaction and tax reporting. Also including making disclosures to, co-operating with, and complying with requests from: public authorities, regulators, courts of law, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud, terrorism and other crime). |
Legal obligation Public interest Legitimate interests: To the extent our processing of your personal data for these purposes extends beyond that strictly required by applicable UK law to which we are subject, or where such legal/regulatory obligations do not specify the method by which a mandatory outcome (e.g. preventing terrorist financing) shall be achieved, or where we are subject to a legal obligation in another jurisdiction, we consider that we have a legitimate interest in ensuring effective compliance in all relevant jurisdictions, in protecting our customers, and in maintaining a good relationship with law enforcement, regulators and other relevant authorities. We also consider that we have a legitimate interest in protecting our legal rights. |
To assess lending and insurance risks. |
Legitimate interests: We consider that we have a legitimate Interest in ensuring that the risk to which we are exposed remains within our risk tolerance. |
To collect money that you owe us, and to exercise our rights set out in agreements or contracts. |
Contractual performance Legitimate interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability. |
To improve customer service, and to decide if a product or service is suitable for your needs. |
Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively.
We consider that we have a legitimate interest in ensuring that we provide our customers with appropriate products and services, to ensure both appropriate risk management and good client relationship management. |
To provide you with the appropriate level of service, to accommodate your specific individuals needs and treat you fairly based on any vulnerability you may have, whether you have told us or we believe necessary to record, to improve customer service ensure equality of treatment, protect vulnerable customers or safeguard your economic wellbeing. |
Consent Public interest Vital Interest Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively. |
To carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, to carry out billing-related and payments administration, to maintain stocks and shares registers). |
Legal obligation (to maintain certain statutory records) Legitimate interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest in running our business efficiently. |
To share relevant information in respect of a prospective sale of the company, or any of its subsidiaries, or any part of its or their business. |
Legal obligation Legitimate interests: We consider that we have a legitimate interest in complying with due diligence requirements and being efficient in how we run the business. |
To manage, support and provide training to our staff. |
Legitimate interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Legal obligation (to maintain certain statutory records). |
Marketing: To tell you about other Metro Bank products, services and facilities that may interest you (by post, email, phone or text, in accordance with your preferences).
|
Legitimate interests: We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings. Consent to data being processed in relation to direct marketing by electronic means such as by email or SMS. |
We may share some personal data (for example, your email address), in a secure and hashed format, with our advertising partners and social media companies, so that they can display the most relevant messages to you and others about our products and services. This includes instructing these companies not to show adverts to our existing customers. If you do not want us to share your personal data with our advertising partners or social media companies for this purpose, you can tell us not to.
|
Legitimate interests: We consider that we have legitimate interests to give you information about our products and services that you or others may be interested in. |
To evaluate the effectiveness of marketing and for research, training and statistical analysis with the aim of improving services. |
Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations. |
To help us to improve our products, services and operations (Including market research, analysis of customer preferences, transactions and market trends, evaluating proposed products, testing new systems and upgrading existing systems). |
Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations. |
To manage our business and to protect and enforce our rights (Including assessing, monitoring and managing financial, reputational and other risk, conducting audits, liaising with regulators and law enforcement, and to establish, enforce and defend against legal claims). |
Legal obligation Legitimate interests: We consider that we have a legitimate interest in prudently managing our business and in protecting and enforcing our rights. |
To be able to work with other companies that provide services to us and our customers. |
Contractual performance |
Where you have consented we may also sell or exchange your data, or share your information with other carefully chosen organisations, so that you can hear from them about their products or services.
We may also process your personal data for other purposes permitted or mandated by applicable laws, including those legitimate interests pursued by Metro Bank, where these are not overridden by the interests or fundamental rights and freedoms of individuals.
We may collect a limited amount of ‘special category’ personal data: i.e. information revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where that information is used to identify an individual), information concerning physical or mental health, an individual's sex life or sexual orientation, in order to make appropriate accommodations or adjustments, or to provide biometric identification services. When we do so, we will explain to you why we need it, and obtain your consent to use it for the relevant purpose.
To the extent permitted by applicable laws, we may collect and process a limited amount of information regarding criminal convictions and offences and related proceedings (including information relating to allegations and suspicions of criminal offences).
If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account holder’s details (excluding identification material).
Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.
If you give us false or inaccurate information and we identify or suspect fraud or other criminal activity, we may pass details to fraud-prevention agencies or credit-reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering – for example, when:
If you ask, we will provide you with details of the relevant fraud-prevention agencies.
We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit-reference agencies (or both) from other countries.
When you visit our different online channels, we or a third-party service provider may collect technical and navigational information. This is done through the use of cookies.
A ‘cookie’ is a small text file that's stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.
Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.
Our online services use session and persistent cookies.
Some cookies are set by websites you go to – they are known as first-party cookies. Others are set by outside organisations such as social media, search engines, other advertising networks and our business partners – these are known as third-party cookies. Whether a cookie is first- or third-party depends on where it comes from.
Our online services use first- and third-party cookies.
For further information about cookies please visit http://www.allaboutcookies.org/.
The following sections set out Metro Bank’s cookies policy, explaining how we use cookies and similar tracking technologies. It also explains the choices you can make about whether we can put some types of cookies on your PC, tablet or mobile phone.
In this policy, where we say 'cookies' we also include similar tracking technologies that collect data while you use our websites, Online Banking and mobile applications to help provide you with the best possible online experience.
The information cookies collect, and how we use that information may count as personal information e.g. internet protocol address (‘IP address’), operating system, browser type, pages visited and average time spent.
Data we collect will be held by Metro Bank. We use this data to:
We do not sell data to organisations outside our group.
If you have questions on our use of cookies, please email [email protected].
The cookies we use are either strictly necessary or optional.
Strictly necessary cookies
Generally, these cookies will be essential cookies and are required for the operation of our websites. They include cookies that enable you to log into secure areas of our websites and help ensure the content of the pages you request load quickly. Without these cookies, you will not be able to access our online services (e.g. our websites or a service on any of our websites) which you have requested, this is why we will not collect your preferences in regards to these cookies.
Essential cookies are used to:
Optional cookies:
We would like to use cookies to provide optional features and improve our websites.
We understand that not everyone likes data to be collected about them when it's not strictly necessary, and so we'll ask you to set your preferences when you first visit our websites.
To make it easier to choose which optional cookies to accept, we've organised these cookies by category. These are set out below. You can choose which categories you'd be happy for us to use in your cookie settings and make changes at any time by referring to the ‘Managing cookies’ section below and selecting ‘Customise my preferences’.
Performance cookies – tracking website performance
These cookies collect aggregated information and are not used to identify you. All the information collected is anonymous and is only used to help us understand and analyse how visitors use our online services and look for ways to improve their performance.
For example, a cookie might allow us to both count visitors and see how visitors navigate our online services, which allows us to improve the customer journey.
The analytics cookies we use include the following:
Functional cookies – giving you a better online experience
These cookies remember your preferences so that you do not have to enter them each time you visit our websites and other online channels. These cookies allow us to personalise content for you; without them we cannot remember your choices.
Targeting cookies
These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. They will always be persistent but time-limited cookies.
Targeting cookies are used to send you relevant information and see which content you use. They do this by recording your visits to our websites, the pages you have visited and the links you have followed. We then use the information collected to tailor both our websites and the relevance of the advertising displayed to your interests. In order to make the advertising displayed more relevant, we provide the information collected to advertising networks. Please note these cookies do not contain any of your personal or financial information.
We partner with third-party companies including Google Ads, Bing, LinkedIn and Facebook for marketing campaigns. Cookies from these websites help with campaign measurement and improve advertising relevancy.
Overview of the cookies we use across all online service channels
Category |
What they do |
My choices |
Strictly necessary |
These cookies are needed to run our websites, to keep them secure if you are logged on and to obey regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details safe and private. Other important jobs they do are: · Help you move around the site · Tell us if you’ve been to it before and which pages you went to · Tell us how the site is working, so we can find and fix any problems. |
You can’t turn off these cookies |
Functional |
These cookies are used for remembering things like: · Your user ID on the logon page · Your region or country · Your preferred language · Accessibility options like large font or high-contrast pages. |
We’ll ask for your consent to use these cookies |
Performance |
These cookies tell us how you and our other customers use our websites. We combine all this data together and study it. This helps us to: · Improve the performance of our services · Improve the products we provide. |
We’ll ask for your consent to use these cookies |
Marketing |
These cookies help us decide which of our products, services and offers may be relevant for you. We may use this data to tailor the marketing and ads you see on our own and other websites and mobile apps, including social media. For instance, you may see our ads on other sites after you have been to our websites. If you turn off marketing cookies you will still see ads online, but they will not be tailored to things that may interest you. |
We’ll ask for your consent to use these cookies |
You can manage your cookie preferences at any time by changing your cookie settings.
You can also use your browser settings to delete cookies that have already been set at any time and to manage cookies, for example, to switch off a cookie altogether. If you do this, it could mean that we can't use ‘strictly necessary’ cookies properly and so parts of our websites may not work correctly.
For more information about how to use your browser settings to clear your browser data or to manage cookies, check your browser 'Help' function.
Find out more on how to manage cookies in common browsers (Internet Explorer, Chrome, Firefox and Safari) on the Information Commissioners’ Office (ICO) website.
Your preferences are saved in cookies stored on your browser. If you switch off a category of cookies that you've previously accepted, then for technical reasons those cookies will not be deleted.
To delete cookies from your browser, we recommend that you clear your browser data. If you do this, or change browser, we'll ask for your preferences again when you next visit our websites.
If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.
You have specific rights over your personal data, as explained below. These may not apply in all circumstances – we will let you know where this is the case.
You can exercise your rights by contacting us on 0345 08 08 500, in writing using the contact details given at the top of this document, or by visiting one of our stores.
We will respond to your request within one calendar month. We may need to confirm your identity before processing your request. If you can’t give us satisfactory proof of your identity, we have the right to refuse your request. We also have the right to reject requests that are manifestly unfounded or excessive.
If we determine that your personal data is to be used for a new purpose, we will inform you beforehand.
Your personal information may be shared with third-party service providers, including companies belonging to the Metro Bank group, which may provide products or services to you or us.
We will only share your personal data where necessary and where we have a lawful basis for doing so (for the purposes already outlined). Recipients of your personal data may include:
These recipients may be located in countries around the world (please see “Processing personal data outside of the EU (EEA) and UK”).
Our websites may contain links to other websites operated by third parties. This privacy policy applies only to the personal information that Metro Bank collects and we are not responsible for personal information that others may collect, store and use through their websites. You should refer to the privacy policy of the third party's website for details on how they collect and use your personal information.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at http://www.cifas.org.uk/FPN
Parties with which we share your personal data (for the purposes explained above), may be located in countries outside of the UK and the European Economic Area (EEA), such as India and the USA which have more lenient data protection laws than those of the UK.
We will only make such a transfer where an appropriate transfer mechanism is in place, in compliance with applicable data protection law. Where necessary, we will carry out a risk assessment to ensure that your personal data remains appropriately protected to the same extent as in the UK.
In most cases, such transfers are made pursuant to the standard data protection clauses approved by the UK Parliament. To learn more about this or find a copy of the documentation used please visit the ICO's website.
As a responsible lender, we take into account your personal circumstances to see whether we should open a current account for you or to lend to you. To help us to do this, we may use automated credit scoring during applications.
This means that if you apply for one of our accounts or credit with us, we will search your record at companies called ‘credit reference agencies’ when considering your application.
We or the relevant credit reference agency take into account available information about you – such as your ability to repay, your credit history and factors such as how long you have lived at your present address. Credit reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgements and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.
If you apply for one of our current accounts or credit facilities (other than our cash account), we may use details of your credit history to assess your ability to meet your financial commitments. Credit reference agencies will record details of your application and the search will form part of your credit history. This will happen whether or not you go ahead with your application. These details will be seen by other organisations that examine your record.
Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application.
Credit scoring helps us to work out the level of repayment risk for each applicant based on available information. If that level of risk is unacceptable for us, having looked at your credit score and other factors, we will refuse your application. Occasionally, Metro Bank will manually assess an application to understand the reason for any credit impairment and whether this is an exceptional circumstance.
We are not obliged to accept an application. If we are unable to accept your application, we will tell you. If we can, we will also tell you the main reason why we did not accept your application. If we refuse your application, we will not pass this information on to a credit reference agency. You may contact us and ask us to reconsider our decision. If you do, we will generally ask you to give us the extra information that we need.
We may share your personal data with credit reference agencies:
If you hold a current account with us, we will regularly update the credit reference agencies with details of the status of your account, including:
The credit reference agencies that we use are Experian, Equifax and TransUnion.
For further information about how they use your personal data, please see the links below.
Equifax – www.equifax.co.uk/crain
Experian – www.experian.co.uk/crain
TransUnion – www.transunion.co.uk/crain
If you are applying for a business current account or business lending product, then in addition to the personal data, we will also use and share your business data for the purposes outlined within this section.
We sometimes use systems to make automated decisions using the personal information we have obtained from you and other sources about you or your business. Automation allows us to make consistent, efficient and quick decisions about offering you our products and services. These automated decisions can affect what we may offer you now or in the future, or the price that we charge you for them.
Below are details of the automated decisions we make which are necessary for entering into, or performance of a contract:
Automated decision |
What automation occurs |
Pricing |
Where you have requested credit, we will decide what rate of interest to charge based on what we know about you from your application and other sources. |
Tailored products & services |
We work with advertising partners – such as social media companies – to help us try to find new customers who are like you, or have similar interests to yours. These companies help us look for new customers who may be interested in products, services or offers that our existing customers are interested in.
|
Detecting fraud |
We use your personal information to monitor and assess if your account is being used or suspected to be used for fraud or money-laundering. We look for traits adopted by fraudsters or behavioural trends which do not match your usual activity. |
Opening accounts |
When you apply for an account we will check that the product or service is suitable for you or your business. We will also check that you or your business meet the requirements to open an account or receive the product or service applied for. We will also need to check data like your age and financial position and to verify your identity. |
Approving credit |
We use an internal system to decide whether to lend money to you or your business, if you submit a loan application. The information used is historic data.
Credit scoring uses data from three sources:
• The loan application details submitted • Credit reference agencies • Data we may already hold
A credit score gives an overall assessment based on this. Metro Bank uses this to help us make responsible lending decisions that are fair, informed and consistent. Credit scoring methods are tested and reviewed regularly to make sure that a fair and unbiased decision is provided consistently. |
Account lifecycle management |
When you have a loan agreement and/or credit facility with Metro Bank, we will periodically assess the management of it to predict the likely performance or outcome of the loan agreement and/or credit facility. Dependent upon the assessment outcome, this may result in us making contact with you to further understand your current situation. |
We may share your personal information (including copies of your identification, photographs, signature and any other personal information that we hold about you) with fraud prevention or law-enforcement agencies and other organisations (including credit reference agencies, other lenders and operators of card schemes) both within the UK and abroad. We may do this to help investigate or prevent crime or terrorism, to check your identity or to meet our legal obligations.
We regularly record and monitor our telephone calls, video services and direct messages to help improve the products and services we provide to you.
The reasons we record and monitor calls,video services and direct messages are:
You may request information concerning what personal data we process on you and request a copy of that personal data (see “Your rights”).
We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 3 years, in line with our data retention policy.
When visiting our stores we capture your images through the use of CCTV.
The reasons we record CCTV are for:
You may request information concerning what personal data we process on you and request a copy of that personal data (see “Your rights”).
We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 90 days, in line with our data retention policy.
We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:
Metro Bank’s websites do not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our websites you will not be asked by us if you want to allow a program to run.