Santander UK

We read Santander UK's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a request

Organisation information

Description

Bank

Registration country

United Kingdom

Registration number

02294747

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Postal address

201 Grafton Gate East, Milton Keynes, MK9 1AN

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Bank account details

  • Bank transactions

  • BiometricsSpecial category

  • Communications

  • Credit history

  • Date of birth

  • Device information

  • Education

  • Email address

  • Employment

  • Income

  • Location

  • Names

  • Postal address

  • Telephone number

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • The Santander group of companies and associated companies

  • Sub-contractors and others who help Santander provide services

  • Companies and others providing services to Santander

  • Legal and professional advisors including auditors

  • Fraud prevention, credit reference, and debt collection agencies

  • Other organisations to do income verification and affordability checks

  • Law enforcement bodies

  • Government bodies and agencies in the UK and overseas

  • Courts

  • The Financial Services Ombudsman

  • Others in an emergency or to protect your vital interests

  • To other parties connected with your account (e.g. guarantors)

  • Parties involved in mergers and acquisitions with Santander

  • Market research organisations

  • Payment systems (e.g. Visa or MasterCard)

  • Anyone else where consent is given or as required by law

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Santander indicate that they will retain data as long as necessary to deal with customer queries, for as long as customers may bring legal action against them, or for as long as their legal and regulatory requirements dictate.

Observations

The policy does not offer specific time periods but does break down the criteria that Santander will use to determine which retention period will apply to a piece of data.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    a) When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
    b) When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
    c) To send you marketing communications where we’ve asked for your consent to do so.

  • Contract

    a) To take steps at your request prior to entering into it;
    b) To decide whether to enter into it;
    c) To manage and perform that contract;
    d) To update our records; and
    e) To trace your whereabouts to contact you about your account and recovering debt.
    f) If a 123 Mini Account is opened in trust, you understand that the trustee may have to hold a qualifying account for this account to remain open.

  • Legal obligation

    a) When you exercise your rights under data protection law and make requests;
    b) For compliance with legal and regulatory requirements and related disclosures;
    c) For establishment and defence of legal rights;
    d) For activities relating to the prevention, detection and investigation of crime;
    e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
    f) To monitor emails, calls, other communications, and activities on your account.

  • Legitimate interests

    a) For good governance, accounting, and managing and auditing our business operations;
    b) To search at credit reference agencies at your home and business address (if you are a business customer) if you’re over 18 and apply for credit;
    c) To monitor emails, calls, other communications, and activities on your account;
    d) For market research, analysis and developing statistics; and
    e) To send you marketing communications and for marketing to you in-branch, including automated decision making relating to this.

Observations

Santander provide a very clear breakdown of the lawful bases used for the processing of specific data.

Security standards

Organisations must ensure that data is stored and processed securely.

Security standards URL

https://www.santander.co.uk/uk/help-support/security-centre/our-approach-to-security

Observations

Santander provide some information about how they verify users for security purposes.

How specific is this information?

This organisation provides specific details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

They use automated decision making"to decide which of our other products or services might be of interest to customers, to analyse statistics, and to assess lending and insurance risks.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

The policy does not offer specific instructions on where to direct complaints to Santander directly, but does include contact details for the ICO.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a request

  • See data they hold about you

    You can ask to see what data Santander UK has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    By post

    Subject Access Requests, Santander UK PLC, PO BOX 1111, Bradford, BD1 9NQ

    Observations from contributor

    Santander appear to only accept Subject Access Requests by post. More details can be found at the attached URL.

  • Change data they hold about you

    You can ask Santander UK to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    By post

    Santander Business Banking, Bridle Road, Bootle, L30 4GB

    Observations from contributor

    The URL here provides several telephone numbers to exercise this right, depending on what service a customer holds with Santander. The policy also notes that this right is exercisable in any Santander branch, or via online banking.

  • Delete data they hold about you

    You can ask that Santander UK delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    By phone

    08009123123

    Observations from contributor

    The policy also notes that this right is exercisable in any Santander branch.

  • Limit how they use data about you

    You can ask that Santander UK only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    Observations from contributor

    The URL here provides several telephone numbers to exercise this right, depending on what service a customer holds with Santander. The policy also notes that this right is exercisable in any Santander branch.

  • Stop their use of data about you

    You can ask Santander UK to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    Observations from contributor

    Santander note that "In certain circumstances you can object to the processing of your personal information" and provide some information on opting-out of processing for marketing purposes.

  • Export data they hold about you

    You can ask Santander UK to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    Observations from contributor

    The URL here provides several telephone numbers to exercise this right, depending on what service a customer holds with Santander. The policy also notes that this right is exercisable in any Santander branch.

  • Challenge an automated decision

    You can ask Santander UK to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    Through their website

    https://www.santander.co.uk/uk/help-support/your-personal-data-rights-explained

    Template

    Copy template to clipboard

    Observations from contributor

    Santander note that customers can request that automated decisions are reviewed by a human, and provide several postal addresses to exercise this right depending on which Santander product the customer uses or wishes to use.

Last updated 2019-01-18 at 10:01:35 • Download as JSONAPI documentationView on GitHubView on OpenCorporates