Privacy Policy

1. Introduction

When you request or make an enquiry about financial advice, apply for products and services, carry out transactions, or contact us to make an enquiry or a complaint, Skipton Building Society collects personal data about you.

This Privacy Notice details the types of personal data we collect either from you or from others, what we do with it, who we share it with, how long we keep it and your rights.

It does not extend to any external websites you may access from this site – this includes sites that are available from other members of the Skipton Building Society Group. Other organisations will inform you how they use your personal data.

When we refer to ‘we’, ‘our’, ‘us’ and the ‘Society’ in this Privacy Notice we mean Skipton Building Society which, for Data Protection purposes, is the Data Controller. 

2. Personal data we collect about you

The type of personal data we collect about you and how it is used depends on what you contact us about, your needs, the relationship you have with us, the products and services you hold or enquire about, and a range of other circumstances.

In general we do not collect, use or share sensitive personal data about you but in some cases the personal data we do collect may reveal this. Sensitive personal data is defined by data protection regulations as ‘special category’, for example, your ethnic or racial origin, health, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation and genetics or biometrics. We also collect personal data relating to criminal convictions, (including pending convictions, bankruptcy/receivership, county court judgements, court records and pending orders). This will be limited to what’s needed. We will only collect and use this special category personal data when we have to in order to meet a legal obligation, with your explicit consent, or where we believe you or another person may be at risk.

Overview

2.1 Personal data we collect about you:

We use this to:

Name, title, address, contact details (including any previous changes), date of birth and/or age.

 - identify you

 - manage your relationship with us.

Lifestyle, social and family details, for example, location, web browsing history, marital status, next of kin and dependants.

 - understand your circumstances and needs

 - assess the suitability of products and  services you apply for or have with us

 - manage your experience with us.

Telephone, voice recording and video images (including CCTV, webchat, IP and/or MAC address where known, your location based on your mobile phone signals).

 - provide a record of the dealings and conversations you have with us

 - understand your needs and assess the suitability of our products and services

 - manage your experience  with us

 - protect you and provide security

 - provide colleague training to help improve the quality of our service

 - meet regulatory requirements

 - use for crime and fraud prevention purposes.

Nationality and national identifiers, for example, national insurance, passport and driving licence numbers.

 - identify you

 - meet Her Majesty’s Revenue & Customs (HMRC) and Foreign Account Tax Compliance Act (FATCA) reporting regulations where required

 - use for crime and fraud prevention purposes.

Details of the relationships, products and services you hold with us, our partners and/or other organisations including financial details, for example, balance, transactions, how you operate the accounts and services.

 - assess the suitability of products and services you apply for or already hold

 - manage your relationship, products and services with us and our partners

 - meet regulatory requirements.

Property details & occupancy status, for example, owner, tenant, living with parents.

 - understand your circumstances and needs

 - assess the suitability of products and services you apply for or have with us

 - meet regulatory requirements

 - provide financial advice and recommendations.

Employment details including your salary, other income and status, for example, employed, self-employed, retired.

 - understand your circumstances and needs

 - verify the data you provide

 - assess the suitability of products and services you apply for or hold

 - meet regulatory requirements

 - provide financial advice and recommendations.

Additional financial details relating to your financial position. This includes details of any pensions, investments, life policies, your spending habits, debts and regular and ad hoc income and outgoings etc.

 

 - understand your circumstances and needs

 - assess the suitability and affordability of products and services you apply for or have with us

 - meet regulatory requirements

 - provide financial advice and recommendations.

Estate planning arrangements you have in place, for example, will, power of attorney, funeral plan.

 - understand your circumstances and needs

 - assess the suitability and affordability of products and services you apply for or have with us

 - meet regulatory requirements

 - provide financial advice and recommendations.

Details relating to your financial attitudes and aspirations including attitude to risk, investment goals, plans and priorities.

 - understand your circumstances, needs and attitude to risk

 - assess the suitability and affordability of products and services you apply for or have with us

 - meet regulatory requirements

 - provide financial advice and recommendations.

Lifestyle, social and family and circumstances, for example, location, web browsing history, marital status, next of kin, dependants, health, medical and smoker history. 

 - understand your circumstances and needs

 - assess the suitability of products and services you apply for or have with us

 - provide appropriate financial advice and recommendations

 - meet regulatory requirements

 - manage your experience with us.

3. Who we share data with and why

There are times when we need to share your personal and special category (sensitive) personal data with others. We will only do this where data protection law allows it, with adequate protection and where appropriate will have contracts in place to protect the security and confidentiality of your data, or where you have asked us to. We will limit the data shared to what is needed and will ensure appropriate security measures are taken in order to protect you and keep your data safe and secure.

To find out more about the types of organisations and/or individuals we may share personal data with and why see below:

3.1 Others who we share personal data with

We share personal data with them to:

Your authorised representatives, for example, family members, attorneys.

 - deal with their enquiries, requests and further applications

 - manage the ongoing administration of your accounts, products and services

 - process transactions.

We will do this where:

 - they are authorised to provide information and administer your investments without you being present

 - we already hold authority for them or they confirm they have your authority to provide your data or to act on your behalf

 - a power of attorney document has been registered against your account, products and services.

Joint account holders, including former, current and/or future potential account holders and trustees.

 - deal with enquiries, requests and further applications

 - manage the ongoing administration of your joint account, products and services

 - process transactions.

We will do this where:

 - the data is data in common to all account holders

 - they are authorised to operate the account without you, for example, either or any account holder is authorised to operate and transact on the account rather than both or all)

 - they confirm they have your authority to provide your data on your behalf.

Financial advisers

 - review and assess your suitability and application for products and services

 - manage your ongoing relationships.

We will do this when you have authorised them to act on your behalf.

Solicitors, licensed conveyancers and other professional advisers.

 - provide professional services

 - administer and manage disputes and/or legal claims.

Financial organisations

 - review and assess your suitability and application for products and services

 - manage payments (including the use of payment services involving the transfer of electronic payments into or out of your account), transactions and ISA transfers

 - use for crime and fraud prevention purposes

 - assist with enquiries and investigations.

Other companies in the Skipton Building Society Group

 - manage your relationships and experience with us and our Group companies

 - refer you to them for the additional products and services they can offer you

 - provide and improve our security and systems and protect you

 - support any joint Group reporting requirements to our regulators

 - use for crime and fraud prevention purposes.

Mailing houses and printers.

 - provide you with service information, for example, account statements

 - provide you with a range of other communications about our products, services, news and offers.

We will only send you marketing material when you have given us your consent.

Information Technology service providers.

 - provide third party systems, storage, software and application support.

Credit reference agencies.

 - verify your identity

 - trace your whereabouts if we have been unable to contact you.

Fraud prevention agencies.

 - carry out checks for the purposes of preventing fraud and money laundering

 - verify your identity

 - Assess your suitability for products and services.

Voluntary and charitable organisations.

 - register and manage your involvement in our charity or community events.

Law enforcement agencies including police forces, private investigators, security organisations and prosecuting authorities.

 - assist with any ongoing investigations relating to the security and/or safety of individuals

 - use for crime and fraud prevention purposes.

Courts and tribunals.

 - respond to court and tribunal requests

 - manage and resolve  complaints, disputes and/or legal claims.

Ombudsmen and regulatory organisations, for example, Financial Ombudsman Service, Financial Conduct Authority, Prudential Regulation Authority, Financial Services Compensation Scheme, Information Commissioner’s Office.

 - provide our regulatory and governing bodies with data about our business

 - assist with enquiries, investigations, complaints and assessments.

Trade associations and industry groups, for example, UK Finance, Building Societies Association.

 - assist with enquiries, investigations, complaints and assessments

 - develop industry standards

 - understand and predict trends in customer and financial behaviours.

HMRC.

 - provide information for tax reporting purposes

 - assist with enquiries, investigations, complaints and assessments

 - use for crime and fraud prevention purposes.

Central and local government departments and agencies, for example, Department of Work and Pensions (DWP), Jobcentre Plus, local councils.

 - confirm payments received and ongoing benefits

 - assist with enquiries, investigations, complaints and assessments.

Field agents, debt collection agencies, tracing agents and appointed receivers and trustees in bankruptcy.

 - understand your circumstances and financial situation

 - assist in recovering debt

 - locate you when we have been unable to contact you via our usual communication channels

 - meet legal requirements where receivers or trustees in bankruptcy have been appointed to deal with your financial affairs.

Research and insight agencies.

- better understand our customers and members including their experiences, life stages, circumstances, needs and responses to current and potential Skipton Building Society products, services and wider initiatives

 - gain a range of insights, for example, into market trends, consumer behaviour, competitors, technological change and more

 - support a wide range of business decision making such as product development.

In addition we use data for profiling and customer segmentation to create a broad understanding of our customers.

This helps shape our communications, products and the overall customer experience from what our branches look like, to how we handle phone calls and other customer contacts.

Management Consultancy firms.

 - gain a range of insights , for example, into market trends, consumer behaviour, competitors and technological change

 - help make recommendations into future development and strategy

 - get support with a range of business decisions.

Other organisations involved in handling mergers, acquisitions and other corporate transactions.

 - enable the sale or purchase of all or part of our business.

External auditors, risk and rating agencies, for example, Moody’s, Fitch.

 - better understand our customers and members including their experiences, life-stages, circumstances, needs and responses to current and potential Skipton Building Society products, services and wider initiatives

 - support a wide range of business decision making such as product development

 - validate reports

 - facilitate the management and audit of business operations

 - perform reviews of mortgage files for secured funding transactions to enable the necessary reporting to be completed

 - assess the Society, including Group entities, to enable the granting of a credit rating

 - assist in meeting our legal obligations.  

Data modelling and risk organisations.

 - understand and predict trends in customer and financial behaviours

 - support a wide range of business decision making including the provision of credit to customers

 - review and validate the accuracy of reports and/or model outputs from other organisations.

Registrars.

 - keep registered shareholder information in relation to Permanent Interest Bearing Securities.

Fund providers, managers, networks and platforms.

 - provide the products and services you have selected

 - enable the effective and efficient management of your investments, funds, accounts and chosen products and services

 - help manage your ongoing relationship with us and them

 - enable the ongoing correct charging of products and services you have selected both to you, and between us and the third parties as appropriate.

Insurance Companies.

 - provide the products and services you have selected

 - enable the effective and efficient management of your investments, funds, accounts and chosen products and services

 - help manage your ongoing relationship with us and them

 - enable the ongoing correct charging of products and services you have selected both to you, and between us and the third parties as appropriate.

 

3.6 Others who we collect, use and hold personal data about

We collect, use and hold personal data about them to identify them and to:

Your authorised representatives. This includes family members, attorneys, mortgage guarantor, executors and beneficiaries.

 - manage our business relationship with them and to enable them to manage your accounts, products and services in line with your authorisation.

 - Personal data may also be shared with the account holder about these authorised representatives (e.g. communications, transactions)

Brokers and financial advisers.

 - manage our business relationship with them.

Solicitors, licensed conveyancers, and other professional advisers

 - manage our business relationship with them.

Voluntary and charitable organisations and their representatives/members.

 - manage the relationship they have with us as a representative/member of the charitable organisation and support their charitable cause.

Field agents, debt collection agents appointed receivers and trustees in bankruptcy.

 - manage our business relationship with them.

3.7 Our third party partners

Skipton can offer or introduce you to a number of products and services provided by our third party partners. If you enquire or request details about these products and services we will share your personal data with our partner so they can answer your queries, provide you with illustrations and complete your application. They will also share data with us so we can identify all your relevant holdings and improve the experience you have with us. Currently our third party partners are:

Third party

Product or Service provided/introduced

Redstone Wills Ltd.

 - Will writing and Power of Attorney documentation services including storage.

Dignity Pre Arrangement Limited.

 - Funeral planning services.

Ascot Lloyd Financial Services Limited.

Financial advice in relation to:

 - defined benefit and other pension options

 - Life Time Allowance and Annual Allowance.

4. What allows us to collect, use, share and keep your personal data: lawful basis

We can only collect, use, share and keep your personal data when we have a lawful basis for doing so. The lawful basis will be different dependant on the relationship you have with us and what we do with your personal data. 

To find out more about what the different lawful bases are, what they mean and how they affect you, see below:

Lawful basis

More details about what this means

Legal obligation.

 - Where we are required by law to collect, use, share or keep personal data we will do so.

 - As an organisation operating in a regulated industry we have to comply with the laws and regulations set by government bodies and our regulators. 

 - Our regulators are the Financial Conduct Authority, Prudential Regulation Authority and, for personal data, the Information Commissioner’s Office.

 - If we are unable to meet our legal obligations we will be unable to continue with your application and provide the ongoing management of your accounts, products and services.

Contract.

 

 - This is where you choose to enter into an agreement with us or make an enquiry with the intention of entering into an agreement. This includes the terms and conditions for the ongoing management of those accounts, and products and services once opened.

 - If you do not enter into an agreement with us we will be unable to continue with your application and provide the ongoing management of your accounts, products and services.

Legitimate business interest.

 - This is where we or another third party has a valid interest in the personal data we collect, use, share and keep as long as it does not unduly affect you or cause you undue detriment, damage or distress.

 - You have a right to challenge our legitimate interest if you believe we do not have a valid reason to collect, use, share or hold your data.

Consent.

 - This is where we ask for your agreement to carry out certain activities such as marketing.

 - You can withdraw your consent at any time.

 - If you withdraw your consent for marketing you may miss out on information about our products, services, offers and other news that may be of interest to you.

 - We will however continue to contact you regarding the administration of your existing accounts and relationship with us.

Explicit consent.

 - Where we collect, use, share or keep special category (sensitive) personal data we will tell you and ask for your explicit consent before we do this.

Vital interest.

 - This is applied in very limited circumstances where we feel you or another individual may be at serious risk, for example, life or death circumstances) and no other lawful basis can be applied.

 

5. How we use your personal data

When you contact us about financial advice we will collect data in order to get to know you and understand your needs, so we can offer personalised advice and provide financial planning recommendations tailored to your needs and circumstances.

If you choose to proceed with any of the recommendations given by our financial adviser we will share your data with external organisations such as fund providers and platforms, where needed, to:

  • provide the products, services and investments you choose

  • communicate with you about your investments, products and services

  • manage your ongoing relationship

  • send you details about our products, services, news and offers where you have given your permission for us to do this

  • use for crime and fraud prevention purposes.

Should you select an ongoing review service we will communicate with you as agreed about your investments, products and services performance and to undertake reviews. As part of the reviews we will discuss your existing product/service/investment performance and your current circumstances in order to make any new recommendations if appropriate to understand and meet your changing needs.

5.1 Identification, credit checking and crime prevention

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

More information about how we use this data is below.

5.1.1 Credit and identity checks

In order to process your application, we are required by law to identify you and assess the affordability of the products and services you apply for. We do this by using automated systems provided by one or more credit reference agencies. If you take products and services from us we may also make periodic searches at credit reference agencies to manage your account in future.

To do this, we will share your data with the credit reference agencies and they will give us data about you. This will include public data, for example, from the electoral register and other data, for example, from your credit applications about your financial situation, financial history, shared credit and specific fraud prevention data.

We will use this data to:

  • identify you

  • assess your creditworthiness and whether you can afford to take the product

  • prevent criminal activity, fraud and money laundering

  • manage your accounts

  • trace and recover debts

  • ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange data about you with credit reference agencies while you have a relationship with us. We will also inform the credit reference agencies about your settled accounts. If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt. This data may be supplied to other organisations by credit reference agencies.

When credit reference agencies carry out a search they will place a footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together. You should make sure you share this data and discuss it with them before making an application. Credit reference agencies will also link your records together if they identify a link between you, joint applicants and/or any individual identified as your spouse or financial partner. These links will remain on the files until such time as you or your partner successfully files for a disassociation with the credit reference agencies to break that link.

The credit reference agency checks we carry out are a condition of the lending contract you take out when applying for products and services with us.

Any documents requested or provided to help prove your identity may be checked with the issuing authority and/or anyone who has certified a copy.

The data from the credit reference agencies is used to automatically assess your application against the Society's lending criteria. If your application is declined based on this automatic assessment you have a right to challenge the decision. If you do not agree with the assessment you can contact us to challenge the decision and we will give you the opportunity to discuss this with us and review the results of the assessment for accuracy.

The information we obtain from credit reference agencies is owned by them and limited to what is needed for our own purposes. We will tell you if your application is rejected because of information we have received from credit reference agencies but will not be able to provide any details. You will need to contact the credit reference agencies directly to request a full credit report if you require details of what they hold about you.

More details about which credit reference agencies we use, their role as fraud prevention agencies, what personal data they hold (including how they use and share it), their retention periods and your data protection rights with the credit reference agencies, are explained in more detail in the Credit Reference Agency Data Notice (CRAIN).

The CRAIN is accessible from each of the three credit reference agencies – clicking on any of the three links below will take you to the same CRAIN document:

Callcredit, Equifax, Experian.

5.1.2 Fraud prevention

We will use and share your data with fraud prevention agencies to carry out checks for the prevention of fraud, money laundering and to verify your identity.

We and fraud prevention agencies may also allow law enforcement agencies to access and use your data to detect, investigate and prevent crime.

The fraud prevention checks we carry out are a condition of the contract you take out when applying for products and services with us.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies.

Fraud prevention agencies can hold your data for different periods of time. If you are considered to pose a fraud or money laundering risk your data can be held for up to six years.

Data held by credit reference and fraud prevention agencies can be accessed by other financial organisations, law enforcement and government agencies and may result in others refusing to provide services, finance or employment to you.

5.2 Communicating with you

We will use any of the contact details we hold for you to communicate with you about the products and services you hold with us, contact you as requested and to send you information we are required to provide you with by law, for example, account statements.

5.2.1 Marketing

We may use your information to provide details about our products, services, news and offers that we believe may be of interest to you. The communications sent to you will be based on a range of factors including what products you already have with us, whether you are a member of the Society, where you live, data received from third parties, for example, customer lifestyle information from external data agencies and other information gained about your behaviours and dealings with us.

We will only get in touch with these types of communication if you have given your consent to be contacted for marketing purposes, and only contact you by the methods you have agreed to, for example, post, telephone, email or text.

You can change your marketing consents at any time by visiting a branch, logging into Skipton Online, calling us on 0345 850 1700 or writing to us at FREEPOST SKIPTON BUILDING SOCIETY (please use block capitals).

5.2.2 Research, performance and customer relationship management

We want to provide you with the best products, services and experience. To do this, we need to understand what your and other customers’ needs and circumstances are, what you like about Skipton and any improvements you think could be made.

We use external agencies including research companies to help us gain such insights, carry out research, and obtain feedback about products, services and experiences. We will pass your contact details to the agencies so they can contact you. They will share the data they obtain from you with us, this can be at an individual customer level, at group level or anonymised. This supports a wide range of business decision making such as product development.

In addition, we use data for profiling and customer segmentation to create a broad understanding of our customers. This helps shape our communications, products and other activity. We also carry out behaviour and trend analysis, including the use of financial, behavioural and other models. In this way we can understand not only what is important to our customers now, but also predict future behaviours and needs. This includes looking at information we hold about you, or that we may have received from other sources, such as credit reference agencies.

5.2.3  Competitions

We sometimes run competitions for customers, members and the wider public. When we collect personal data for this reason, it is only kept for the duration of the competition and then deleted unless otherwise stated at the time.

5.2.4    Promotional material

From time to time, we may use case studies, video footage and/or photographic images of our customers in promotional content for the Society, both internally and externally. We will obtain your consent prior to the collection and use of this type of content. If the use of it changes we will notify you and re-obtain your consent for the new usage.

You can withdraw your consent for the use of your information in case studies and promotional material by emailing marketingpromotions@skipton.co.uk or by telephoning 0345 850 1700.

If you withdraw your consent we will not use your case studies, video footage and/or photographic images in any future promotional material and will remove them from any existing material already made public at the next update/re-print.

5.2.5  Quality assurance and communication monitoring

We may sometimes access your data as part of our internal quality assurance processes, to ensure that you have received the best and correct outcome for your situation. These monitoring activities also allow us to carry out ongoing training with our colleagues

We will record and monitor some of your contact with us, this includes telephone calls, email and, where you use Skipton Link, the verbal content of the meeting - we do not record or monitor visual content. This is to help us in our continuous attempts to improve customer service and to offer additional protection and security. We also retain information for evidential purposes and to meet legal and regulatory requirements. Telephone calls, Skipton Link and other electronic communications may also be monitored for reasons of staff training.

5.3 Customers who require additional support

We take our responsibilities to our customers seriously, especially those who may be vulnerable including the families and loved ones of bereaved customers.

5.3.1 Adjustments for customers needing help

Everyone needs a little help sometimes and we want to ensure that you get the best experience from Skipton Building Society. With your consent, we will add notes to your records about any adjustments we need to make, such as using large print when we communicate with you, to ensure it’s easier for you to interact with us. 

5.3.2 Bereavement

If you’re named as an executor in the Will or there is no Will and you’re the legal next of kin, and can show us proof of this, we can tell you the account balance(s) and interest due up to the date of death. 

At the request of the executor(s) we will share data with solicitors, HMRC and the customer’s beneficiaries.

If you inform us about the death of one of our customers, we may tell the executor(s) who has informed us of the death.

5.4 Sale or purchase of all or part of our business

If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your data.

5.5 Improvement of our systems, security and integrity

We continually look to improve our systems, delivering change and new functionality. To ensure that these improvements are robust and suitable for use, we use customer data within our testing environments. We ensure that these activities are carried out in a secure and controlled environment.

5.6 Transfers outside the EEA

If we need to transfer data outside the European Economic Area (EEA) and the country it’s transferred to is not on an approved list for having adequate security controls in place, we will limit when we do this and the amount of personal data we send.

We have a subsidiary company called Jade Software Corporation Limited based in New Zealand, which provides us with systems and technical support. New Zealand is on a list of countries approved by The Information Commissioner’s Office as having adequate security controls in place.

Organisations in the USA can sign up to the EU-US Privacy Shield which is recognised by the Information Commissioner’s Office as having adequate security controls in place. When we use third party systems, application support and cloud based providers based in the USA, we will use third parties who have signed up to the EU-US Privacy Shield and impose contractual obligations on them to ensure the security and confidentiality of your data.

We will also ensure that there is adequate protection in place before sending anything to other countries outside the EEA by imposing contractual obligations on the recipients to ensure the security and confidentiality of your data.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

5.7 Cookies

We may store data about you using cookies, (files which are sent by us to your computer or other device you use to access our website) which we can access when you visit our site in future. We do this to provide the online services you request, understand your needs, improve our website services and provide a better experience for you.

We use the following types of cookies:

  • persistent to recognise you when you re-visit our site. These will remain on your computer until deleted, or until they reach a specified expiry date

  • session to keep track of where you are whilst navigating our website. These are deleted from your computer when you close your browser

  • strictly Necessary to provide the services you have requested.

We also use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google's privacy policy is available at: google.com/privacypolicy.html.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “internet options”, “privacy”, and selecting “block all cookies” using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.

Further information about deleting or controlling cookies is available at AboutCookies.org. Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our website.

To find out more about cookies see our Cookies Policy or visit AboutCookies.org.

5.8 How long we keep your data

We have a Records Management and Retention Policy in place to determine how long personal data needs to be kept, which is based on our legal, regulatory and business requirements. How long we keep your personal data is based on your relationship with us, membership status and the types of accounts, products and services you have with us. When determining retention periods we consider the following:

  • legal and regulatory guidance, case law and expected outcomes

  • maximum or minimum retention periods identified by the law or our regulators

  • ours and others’ contractual rights and obligations

  • your expectations

  • current or future operational requirements

  • the cost of maintaining, storing, archiving, and retrieving the data

  • forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes

  • our policies and standards

  • the risks involved in retention, deletion and removal

  • the capability or restraints of our systems and technology.

In accordance with the payment card industry data security standard (PCI-DSS), we do not store cardholder data on our systems.

If you do not proceed or we are unable to assist you with financial advice and you have no other accounts or relationships with Skipton we will keep your personal data for a maximum of two years.

5.9 Your rights

You have certain rights in relation to your personal data, not all rights apply in all cases, and these are explained in more detail below:

You have a right to:

What this means

Be informed.

The purpose of this privacy notice is to do this. We also do this by giving a notice in our application forms, web pages and telephone scripts when we collect new or additional data from you. See the list below for details of the information we are required to include:

 - who is collecting, using, sharing and keeping your personal data

 - the reason it is being collected

 - what it will be used for

 - what allows its collection, use, sharing and storing

 - how we work out how long it will be kept

 - what countries outside the European Economic Area (EEA) it will be transferred to and the security measures in place

 - what your rights are.

Access your personal data.

We will allow you access to, and give you details of the personal data we hold about you including the data covered in Your Right to be Informed above.

Have inaccurate or incomplete personal data corrected.

We will correct and/or update your personal data if you inform us or we identify that it is inaccurate or incomplete.

Request erasure.

We will delete your personal data if:

 - we no longer need it for the reason(s) we told you

 - you withdraw your consent and this is the only lawful basis (as explained in section 4 of this Privacy Statement) allowing us to collect, use, share and/or keep it

 - you object and we do not have a valid business interest that does not unduly affect you or cause you undue detriment, damage or distress

 - the collection, use, sharing, keeping of it is unlawful

 - we are required by law to do so.

Children also have a right to request erasure if the information collected, used, shared or held about them relates to the offer of or access to social media or promotions. At Skipton we don’t do this but we do facilitate investments on behalf of children in certain circumstances.

Restrict the collection use, sharing and keeping of personal data.

We will put on hold the collection, use, sharing and deletion of your personal data when:

 - its accuracy needs to be verified

 - you have objected and we need to consider if our legitimate business interest overrides your request

 - it has been collected, used, shared or kept unlawfully and you have requested that it’s not deleted but want it to be restricted

 - we no longer need it but you request it to establish, exercise or defend a legal claim.

We will tell you before we remove any restrictions.

Portability

You can request that we move, copy and/or transfer personal data electronically to you and/or another service provider. This will allow you to take advantage of services available to help you find deals and understand your spending habits.

 

We will do this in a safe and secure way, where you have made a request to us or another service provider, or when required to meet a contractual obligation.

Object.

You can object to the collection, use, sharing and retention of your personal data where:

 - you feel our legitimate business interest will cause you undue detriment, damage or distress Legitimate business interest  is where we or another third party has a valid interest in the personal data we collect, use, share and keep as long as it does not unduly affect you or cause you undue detriment, damage or distress.

 - you do not agree to direct marketing (including profiling).

Challenge automated decisions.

We will give you the opportunity to discuss with us and review the accuracy of any decisions made based on an automated assessment.

5.9.1 Complaints

If you have any concerns about how we collect, use, share or keep your personal data, or you think there has been a breach, you can contact us to make a complaint or find out more about our complaints procedure by going to skipton.co.uk/contact us, into a branch or by calling 0345 850 1700.

If you do make a complaint we will follow our internal complaints procedure to resolve your complaint quickly and fairly. If we cannot resolve your complaint to meet your expectations, you may contact:

The Financial Ombudsman Service (FOS)

Exchange Tower

London

E14 9SR

Telephone 08000 234 567

E-mail: complaint.info@financial-ombudsman.org.uk

Web: financial-ombudsman.org.uk

You also have a right to complain to the Information Commissioner’s office if you have any concerns about how we collect, use, share or keep your personal data by contacting them at:

Information Commissioner’s Office (ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Web: ico.org.uk

6. Contact us

If you require any more details about how we collect, use, share and store your personal data, or about your rights and how to exercise them, please contact us:

Data Protection Officer

Skipton Building Society

The Bailey

Skipton

North Yorkshire

BD23 1DN

Tel: 0345 850 1700

Web: skipton.co.uk/contact-us/contact-us-form