Privacy Policy

Zenith Bank

ZENITH BANK (UK) Ltd Privacy Notice

Last updated October 2024

What does this notice cover?

This Privacy Notice describes how Zenith Bank (UK) Ltd (also referred to as "Zenith", "we" or "us") will make use of your data when you use our products, services and websites.

It also describes your data protection rights, including a right to object to some of the processing which Zenith carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.

We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.

What information do we collect?

We collect and process personal data about you when you interact with us and our websites, and when you apply for or use any of our products or services. This may include:

Data Type

Description of Data

Identity Data 

Full Name, maiden name, marital status, title, date of birth, gender, address and employment history, and citizenship, national insurance number or other national identifier information

Contact Data

Address, Email Address and Telephone Numbers

Information received during your contact with face-to-face meetings, phone calls, emails, letters and SMS

Financial Data 

Bank account information and bank statements, your income and outgoings, your financial position, status, and credit history, debit or credit card information and sort code and account number.

 

Transaction Data

Information regarding the products and services you may have benefitted from by using Zenith Bank UK, Zenith Bank Plc and any of its subsidiaries, transactional information including in respect of products which you purchase.

Location data of transactions where you may use your debit card

Technical Data 

Internet protocol (IP) address, your login data, details of your browser and operating system, time zone setting and location, browser plug-in types and versions, platforms and other technology on the devices you use to access this website

Profile Data 

includes your username and password

Job Application Data

 

data submitted throughout the recruitment process eg: name, email address. Any personal information you provide to Zenith Bank UK as part of the recruitment

Usage Data

includes information about how you use our website, products and services

Marketing and Communications Data

Information about your communications with us.

Your preferences in receiving marketing from us and consents you have given us

Under the UKGDPR some types of personal information are classified as a special category. We will only collect and use these types of data if the law allows us to do so. Examples of special category information that we may process are:

  • health data that we request from you (if you purchase products from us where health information may be relevant).
  • information about criminal convictions and offences (when running know your customer checks or if we need to investigate you in connection with use of our services or in connection with staff/ staff application background checks
  • Political opinions or affiliations (for example we may hold details of public office held in line with our regulatory obligation)

What information do we receive from third parties?

We offer some of our services in connection with other websites, such as price comparison websites. Personal information that you provide to those sites may be sent to us so that we can deliver the products and services you have requested.

We may combine the information you submit under your account with information from other Zenith services or third parties. For certain services, we may give you the opportunity to opt out of combining such information. We may sometimes receive your personal information including name and contact details, from financial or other advisers, estate agencies, consultants and other professional experts.

We may use publicly available sources, such as media stories, online registers or directories and other third-party software.

How do we use this information, and what is the legal basis for this use?

At the core of all personal information processing activities undertaken by the Bank, is the assurance and verification that the Bank complies with the UKGDPR’s lawfulness of processing obligations. Prior to carrying out any personal data processing activity, we must identify and establish the legal basis for doing so and verify this against the regulatory requirements to ensure the most appropriate legal basis is applied:

  • Legal Obligation – where we must undertake the processing to comply with our legal obligations – such as undertaking customer due diligence for the purposes of meeting anti-money laundering regulatory requirements
  • Performance of a Contract – where we must undertake the processing to perform a contract with the individual – such as transferring funds or undertaking a credit assessment
  • Legitimate Interest – includes any other processing which is necessary in the interests of the Bank’s activities and to the extent that it does not unduly interfere with the rights of the individuals. A legitimate interest assessment must be undertaken to rely upon this legal basis
  • Consent – we require explicit consent from the individual where the processing does not meet one of the other lawfulness provisions. Consent must be clear, explicit and freely given in order to rely upon this legal basis

Zenith Bank UK Ltd will not process your data outside of the lawful provisions mentioned above except for where the processing of your data is necessary to protect the vital interests of an individual.

We will not be able to provide the banking or other services requested if we are not provided with all relevant personal data. The provision of some information, such as the details you provide so we can send you marketing communications, is optional.

If you would like more information on how Zenith Bank UK Ltd use process your data, please contact our Data Protection Team at dpo@zenith-bank.co.uk.

Please note we do not use any significant decision automated tool to provide services to you.

Who will we share this data with?

Your personal data will be processed in and accessed from jurisdictions outside the European Economic Area (“EEA”) by us and by the third parties with whom we share your personal data. We may share your personal data with Zenith Bank Plc and its subsidiaries to administer and manage group functions, including the provision of banking and other services to you.

We may share your personal data with our branch office in the United Arab Emirates. Some of our third parties providers are also located outside the EEA.

When we transfer your data within the Zenith Bank Group, we use an intra-company agreement containing European Commission-approved standard contractual clauses. When we transfer your data to organisations outside the Zenith Bank Group we use European Commission-approved International Data Transfer Agreements to safeguard the transfer, unless we transfer personal data to a third party that has implemented Binding Corporate Rules.

Your personal data will also be shared with trusted third parties, such as financial or other advisers, consultants and other professional experts.

We will share your personal data with companies providing services under contract to Zenith. Such third parties include providers of website and IT hosting, help desks, maintenance, call centre operation, identity and background checking and debit card providers.

Your personal data will also be shared with government agencies (including UK HM Revenue & Customs and the UK Financial Services Compensation Scheme) and/or law enforcement agencies and credit reference and fraud prevention agencies if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

In the event that Zenith Bank UK Ltd is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

What rights do I have?

You have the right to ask Zenith for a copy of your personal data, to correctdelete or restrict processing of it, and to obtain the personal data you provide in a structured, machine readable format and ask us to share (port) this personal data to other organisations. You also have the right to object to processing in some circumstances.

Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Zenith processing your personal data, this will not affect any processing which has already taken place at that time. You can also ask us not to send or to carry out profiling for direct marketing, at any time.

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.

If you wish to exercise these rights, please contact us as set out below.

If you have unresolved concerns, you have the right to complain to the Information Commissioner’s Office or an EU data protection authority where you live, work or where you believe a breach may have occurred.

How long will you retain my data?

Where we process account registration data and personal data in connection with the provision of banking services, we do this for as long as you are an account holder and for 6 years after you terminate your account.

Where we process personal data to comply with our legal obligations (for example, “know-your client” information processed for anti-money laundering purposes) we will retain this for as long as you use our services, and in compliance with our regulatory obligations as set by the Financial Conduct Authority thereafter.

Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.

Updates to this Privacy Notice

This Privacy Notice may be updated periodically. We will update the date at the top of this Privacy Notice accordingly. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Notice as required by applicable law.

Contact us

We hope that we can satisfy queries you may have about the way we process your data. Zenith Bank UK are registered with the Information Commissioner’s Office (ICO), our registration number is Z9675075. If you have any concerns about how we process your data, feel free to contact our Data Protection Officer, who can be contacted at dpo@zenith-bank.co.uk. You can also write to:

The Data Protection Officer
Zenith Bank UK Ltd
39 Cornhill
London
EC3V 3ND

The data controller for your information is Zenith Bank UK Ltd registered in England and Wales under Company Number 5713749 whose registered office address is:

39 Cornhill,
London
EC3V 3ND