Barclays Bank

We read Barclays Bank's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a request

Organisation information

Description

Bank

Registration country

United Kingdom

Registration number

09740322

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

DPO@Barclays.com

Postal address

The Data Protection Officer, Barclays Bank UK PLC, Leicester, LE87 2BB

Data categories collected

Organisations must give details about what categories of data are stored and processed.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Barclays Group companies

  • Payment-processing service providers

  • Other financial institutions who you ask us to deal with

  • Independent third-party service providers

  • Companies that you have paid from your Barclays account

  • Our service providers and agents

  • Our business partners who we provide services with

  • Our Account Pack partners

  • Insurance providers

  • Government Agencies

  • HM Revenue and Customs (HMRC)

  • Any third party after a restructure, sale or acquisition of any Barclays company or debt

  • Any third party after a restructure, sale or acquisition of any Barclays company or debt

  • Any potential guarantor

  • Social media companies

  • Your advisors

  • Fraud prevention agencies

  • Credit reference agencies

  • UK and overseas regulators, law enforcement agencies and authorities

Observations

Data is shared with social media companies "(in an encrypted format so that they can match this to personal data they already hold) to display messages to you about our products and services"

Retention rules

Organisations must give details about how long data is kept.

Summary

Barclays indicate that most data will be retained for six or seven years following account closure or a transaction.

They note that data may be retained after this period if it is necessary to do so to comply with the law.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Unspecific times for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    - To contact customers with marketing and offers.

  • Contract

    - To provide, manage and personalise our services to you.
    - To communicate with you about your product / service for legal, regulatory and servicing purposes.
    - To manage complaints, undertake remediation activities (e.g. PPI) and to resolve queries.
    - To develop and improve products and services through assessment and analysis of the information.
    - To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify identity.
    - To recover debt owed and enforce other contractual obligations.
    - To apply for quotations for insurance products.
    - To provide payment initiation and account information services in relation to accounts you hold with us.
    - To verify your identity.
    - To prevent and detect fraud, money laundering and other crimes.

  • Legal obligation

    - To provide, manage and personalise our services to you.
    - To communicate with you about your product / service for legal, regulatory and servicing purposes.
    - To manage complaints, undertake remediation activities (e.g. PPI) and to resolve queries.
    - To assess and analyse services and for training/quality purposes.
    - To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify identity.
    - To recover debt owed and enforce other contractual obligations.
    - To apply for quotations for insurance products.
    - To provide payment initiation and account information services in relation to accounts you hold with us.
    - To verify your identity.
    - To prevent and detect fraud, money laundering and other crimes.
    - To comply with regulatory and legal obligations.
    - To prepare high-level anonymised statistical reports.

  • Legitimate interests

    - To provide, manage and personalise our services to you.
    - To manage complaints, undertake remediation activities (e.g. PPI) and to resolve queries.
    - To assess and analyse services and for training/quality purposes.
    - To develop and improve products and services through assessment and analysis of the information.
    - To undertake checks for the purposes of security, detecting and preventing fraud and money laundering, and to verify identity.
    - To contact customers with marketing and offers.
    - May share some personal data with social media companies to display relevant products and services to customers.
    - To recover debt owed and enforce other contractual obligations.
    - To apply for quotations for insurance products.
    - To verify your identity.
    - To prevent and detect fraud, money laundering and other crimes.
    - To comply with regulatory and legal obligations.
    - To prepare high-level anonymised statistical reports.
    - To personalise marketing messages for customers.

Security standards

Organisations must ensure that data is stored and processed securely.

Security standards URL

https://www.barclays.co.uk/security/protecting-your-account/

How specific is this information?

This organisation provides specific details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Observations

Automated decision making is used primarily for screening processes for the purposes of credit lending, and for assessing fraud and money laundering risks.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

This privacy notice does not contain information about to make a complaint to a data protection regulator.

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a request

  • See data they hold about you

    You can ask to see what data Barclays Bank has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Through their website

    https://www.apply.barclays.co.uk/forms/gdpr?formtype=access

    Template

    Copy template to clipboard

  • Change data they hold about you

    You can ask Barclays Bank to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    By email

    Email DPO@Barclays.com using a template.

    Template

    Copy template to clipboard

    By post

    The Data Protection Officer, Barclays Bank UK PLC, Leicester, LE87 2BB

  • Delete data they hold about you

    You can ask that Barclays Bank delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    Through their website

    https://www.apply.barclays.co.uk/forms/gdpr?formtype=erasure

    Template

    Copy template to clipboard

  • Limit how they use data about you

    You can ask that Barclays Bank only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    Through their website

    https://www.apply.barclays.co.uk/forms/gdpr?formtype=restrict

    Template

    Copy template to clipboard

  • Stop their use of data about you

    You can ask Barclays Bank to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    Through their website

    https://www.apply.barclays.co.uk/forms/gdpr?formtype=object

    Template

    Copy template to clipboard

  • Export data they hold about you

    You can ask Barclays Bank to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    Through their website

    https://www.apply.barclays.co.uk/forms/gdpr?formtype=portability

    Template

    Copy template to clipboard

  • Challenge an automated decision

    You can ask Barclays Bank to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    By email

    Email DPO@Barclays.com using a template.

    Template

    Copy template to clipboard

    By post

    The Data Protection Officer, Barclays Bank UK PLC, Leicester, LE87 2BB

    Observations from contributor

    No individual web form is provided for users to exercise their rights around automated decision making, but the privacy policy indicates that users can contact Barclays to request an automated decision to be reviewed by a human being.

Last updated 2018-11-02 at 10:11:07 • Download as JSONAPI documentationView on GitHubView on OpenCorporates