Alpha This is a new service – your feedback will help us to improve it.

Menu Search

Lloyds Bank

The information on this page is from the privacy notice published by Lloyds Bank.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

  • See data they hold about you

    You can ask to see what data Lloyds Bank has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Through their website

    https://apply.lloydsbank.co.uk/personal/a/gforms?formId=F010&prodType=GN

    By post

    DSAR Unit, Lloyds Bank Customer Service Recovery, Charlton Place C57, Andover, SP10 1RE

  • Change data they hold about you

    You can ask Lloyds Bank to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    By phone

    03456021997

    Observations from contributor

    Customers can also exercise their right to rectification in any Lloyds Bank branch.

  • Delete data they hold about you

    You can ask that Lloyds Bank delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    By phone

    03456021997

  • Limit how they use data about you

    You can ask that Lloyds Bank only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    By phone

    03456021997

  • Stop their use of data about you

    You can ask Lloyds Bank to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    By phone

    03456021997

  • Export data they hold about you

    You can ask Lloyds Bank to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    By phone

    03456021997

    Observations from contributor

    Customers can also exercise their right to data portability in any Lloyds Bank branch.

  • Challenge an automated decision

    You can ask Lloyds Bank to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    By phone

    03456021997

    Observations from contributor

    Lloyds notes that customers have the following rights around automated decision making: * You can ask that we do not make our decision based on the automated score alone. * You can object to an automated decision, and ask that a person reviews it. The policy instructs people wishing to exercise these rights to contact Lloyds. No specific contact details are provided.

Organisation information

Description

Bank

Registration country

United Kingdom

Registration number

00002065

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Telephone number

03456021997

Data categories collected

Organisations must give details about what categories of data are stored and processed.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

Observations

Lloyds appear to list the protected categories of data from the GDPR in the "Special types of data" section, and indicate that they will "only collect and use these types of data if the law allows us to do so".

It is, however, unclear from any of the sections in the policy why Lloyds may have reason to collect data on a customer's sex life or sexual orientation.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Other companies in Lloyds Banking Group

  • Central and local government

  • HM Revenue & Customs, regulators and other tax authorities

  • UK Financial Services Compensation Scheme and other deposit guarantee schemes

  • Law enforcement and fraud prevention agencies

  • Agents, suppliers, sub-contractors and advisers

  • Agents who help us to collect what is owed to us

  • Credit reference agencies (such as Callcredit, Equifax and Experian)

  • Someone linked with you or your business’s product or service

  • Other financial services companies (to help prevent, detect and prosecute unlawful acts and fraudulent behaviour)

  • Independent Financial Advisors

  • Price comparison websites and similar companies

  • Employers (for instance, to confirm your identity if we ask for a mortgage reference)

  • Companies you ask us to share your data with (for Open Banking purposes)

  • If you apply for insurance through us, we may pass your personal or business details to the insurer

  • If you apply for insurance with us as the insurer, we may share your personal or business details with reinsurers

  • If you make an insurance claim, information you give to us or the insurer may be put on a register of claims

  • Debit, credit, and charge card transaction providers (Such as Visa and Mastercard)

  • The Direct Debit scheme

  • If you have a product which has a loyalty scheme like Avios or Everyday Offers, we will share your data with that scheme

  • If you have a product with benefits such as travel insurance or discount offers, we will share your data with the benefit providers

  • If you have a secured loan or mortgage with us, we may share information with other lenders who also hold a charge on the property

  • Companies we have a joint venture or agreement to co-operate with (such as a store or car dealership offering finance deals through us)

  • Organisations that introduce you to us

  • Market researchers

  • Advisers who help us to come up with new ways of doing business

  • Mergers and acquisitions

How specific is this information?

Third parties are listed as groups

Observations

Although Lloyds are not able to name all potential parties, their breakdown of third-parties is clear and readable, and offers examples where appropriate.

Retention rules

Organisations must give details about how long data is kept.

Summary

Lloyds indicate that they may keep customer data for up to 10 years after a customer stops using their services.

In some cases, Lloyds note that they may keep data for longer than 10 years if they cannot delete it for legal, regulatory or technical reasons.

Data from insurance claims for building subsidence is kept for 15 years, and pension transfer data is kept indefinitely.

How specific is this information?

  • Retention rules are given for specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    * To manage our relationship with you or your business
    * To develop and carry out marketing activities
    * To study how our customers use products and services from us and other organisations
    * To communicate with you about our products and services

  • Contract

    * To manage our relationship with you or your business
    * To develop and carry out marketing activities
    * To study how our customers use products and services from us and other organisations
    * To communicate with you about our products and services
    * To test new products
    * To manage how we work with other companies that provide services to us and our customers
    * To develop new ways to meet our customers' needs and to grow our business
    * To deliver of our products and services
    * To make and manage customer payments
    * To manage fees, charges and interest due on customer accounts
    * To collect and recover money that is owed to us
    * To manage and provide treasury and investment products and services
    * To detect, investigate, report, and seek to prevent financial crime
    * To manage risk for us and our customers
    * To obey laws and regulations that apply to us
    * To respond to complaints and seek to resolve them
    * To exercise our rights set out in agreements or contracts

  • Legal obligation

    * To manage our relationship with you or your business
    * To develop and carry out marketing activities
    * To study how our customers use products and services from us and other organisations
    * To communicate with you about our products and services
    * To test new products
    * To manage how we work with other companies that provide services to us and our customers
    * To develop new ways to meet our customers' needs and to grow our business
    * To deliver of our products and services
    * To make and manage customer payments
    * To manage fees, charges and interest due on customer accounts
    * To collect and recover money that is owed to us
    * To manage and provide treasury and investment products and services
    * To detect, investigate, report, and seek to prevent financial crime
    * To manage risk for us and our customers
    * To obey laws and regulations that apply to us
    * To respond to complaints and seek to resolve them
    * To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit

  • Legitimate interests

    * To manage our relationship with you or your business
    * To develop and carry out marketing activities
    * To study how our customers use products and services from us and other organisations
    * To communicate with you about our products and services
    * To test new products
    * To manage how we work with other companies that provide services to us and our customers
    * To develop new ways to meet our customers' needs and to grow our business
    * To deliver of our products and services
    * To make and manage customer payments
    * To manage fees, charges and interest due on customer accounts
    * To collect and recover money that is owed to us
    * To manage and provide treasury and investment products and services
    * To detect, investigate, report, and seek to prevent financial crime
    * To manage risk for us and our customers
    * To obey laws and regulations that apply to us
    * To respond to complaints and seek to resolve them
    * To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit

Security standards

Organisations must ensure that data is stored and processed securely.

This privacy notice does not appear to have this information.

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

The privacy policy features a comprehensive breakdown of the situations in which Lloyds make automated decisions based on customer data.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

The policy links to a secure online contact form for submitting complaints (https://secure.lloydsbank.com/retail/contact_us/how-we-can-help.asp).

It also contains links to the relevant data protection authorities for the UK, as well as Jersey, Guernsey, and the Isle of Man.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:08 • Download as JSONAPI documentationView on GitHubView on OpenCorporates