ZENITH BANK (UK) WEBSITE PRIVACY NOTICE
Last updated May 2018
What does this notice cover?
This Privacy Notice describes how Zenith Bank (UK) (also referred to as "Zenith", "we" or "us") will make use of your data when you use our products, services and websites.
It also describes your data protection rights, including a right to object to some of the processing which Zenith carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
We may also provide you with additional information when we collect personal data, where we feel it would be helpful to provide relevant and timely information.
What information do we collect?
We collect and process personal data about you when you interact with us and our websites, and when you apply for or use any of our products or services. This includes:
- Your name, age, date of birth and gender.
- National insurance number or other national identifier information.
- Your username and password.
- Contact details, such as your address, email address and phone number.
- Banking information, including your debit or credit card information and sort code and account number and also transactional information including in respect of products which you purchase.
- Your financial position, status and history.
- Information about your communications with us.
- Your marketing preferences, including any consents you have given us.
- Location data we get about where you are, such as the address where you connect a computer to the internet, or a shop where you buy something with your card.
- Information related to the browser or device you use to access our website.
- Information about your contact with us e.g. meetings, phone calls, emails / letters
The law and other regulations treat some types of personal information as a special category. We will only collect and use these types of data if the law allows us to do so. Examples of special category information that we process are:
- health data that we request from you (if you purchase products from us where health information is relevant, such as mortgage products).
- information about criminal convictions and offences (in the course of running know your customer checks or if we need to investigate you in connection with use of our services or in connection with staff/ staff application background checks
- Political opinions or affiliations
What information do we receive from third parties?
We offer some of our services in connection with other web sites, such as Moneysupermarket.com. Personal information that you provide to those sites may be sent to us in order to deliver the products and services you have requested.
We may combine the information you submit under your account with information from other Zenith services or third parties. For certain services, we may give you the opportunity to opt out of combining such information. We may sometimes receive your personal information including name and contact details, from financial or other advisers, estate agencies, consultants and other professional experts.
How do we use this information, and what is the legal basis for this use?
We use the personal data referred to above and information which you give us for the following purposes:
- To fulfil a contract, or take steps linked to a contract: this is relevant where you apply for one of our financial products or services. This includes:
- Verifying your identity.
- Taking and processing payments.
- Communicating with you.
- Providing trading, investment and related customer services
- Managing our relationship with you.
- Where necessary for Zenith’s legitimate interests, as listed below, and where our interests are not overridden by your data protection rights:
- Providing products and services you have requested, as well as investigating and responding to any comments or complaints you may send us. We may process personal data about your dependents, family and partner (which you give to us) in doing so.
- Promoting our services to clients and potential clients, advising you of news and industry updates, and hosting or administering events.
- Monitoring the use of our websites and online services and using your information to help us monitor, improve and protect our products, content, services and websites, both online and offline.
- Personalising our website, products or services for you.
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit.
- Monitoring customer accounts to detect, prevent, investigate and/or report crimw, including fraud, terrorist financing, money laundering, and other matters such as misrepresentation, security incidents or crime in accordance with applicable law.
- Managing how we work with other companies that provide services to us and our customers.
- In connection with legal claims and for compliance, regulatory and investigative purposes.
- Call recordings when you call us (we will always flag to you when a call is being recorded).
- Application which you give us if you are applying for a job or information that we obtain from referees or your previous employees.
- Where you give us consent:
- We will send you direct marketing by email and/or SMS in relation to our services.
- We will place cookies and use similar technologies in accordance with our Cookies Policy (below) and the information provided to you when those technologies are used.
- Before we recruit for certain roles we run a background checks which may involve us processing information about criminal conviction or offences information. If you are applying for such a role we will inform you before running such checks and seek your consent to do so.
- On other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
- For purposes which are required by law:
- Undertaking compliance checks on clients, potential clients and other third parties as part of our anti-money laundering obligations, as well as for the purpose of compliance with other legal, regulatory and professional obligations.
- In response to requests by government or law enforcement authorities conducting an investigation.
We will not be able to provide the banking or other services requested if we are not provided with all relevant personal data. The provision of some information, such as the details you provide so we can send you marketing communications, is optional.
Please note we do not use any significant decision automated tool to provide services to you.
Who will we share this data with?
Your personal data will be processed in and accessed from jurisdictions outside the European Economic Area (“EEA”) by us and by the third parties with whom we share your personal data. We may share your personal data with Zenith Bank Plc and its subsidiaries to administer and manage group functions, including the provision of banking and other services to you.
We may share your personal data with our branch office in the United Arab Emirates. Some of our third parties providers are also located outside the EEA.
When we transfer your data within the Zenith Bank Group, we use an intra-company agreement containing European Commission-approved standard contractual clauses. When we transfer your data to organisations outside the Zenith Bank Group we use European Commission-approved standard contractual clauses to safeguard the transfer, unless we transfer personal data to a third party that has implemented Binding Corporate Rules or which uses the EU-U.S. Privacy Shield, in which case we may rely on one of those mechanisms to safeguard the transfer.
Your personal data will also be shared with trusted third parties, such as financial or other advisers, consultants and other professional experts.
We will share your personal data with companies providing services under contract to Zenith. Such third parties include providers of website and IT hosting, help desks, maintenance, call centre operation, dentity and background checking and debit card providers.
Your personal data will also be shared with government agencies (including UK HM Revenue & Customs and the UK Financial Services Compensation Scheme) and/or law enforcement agencies and credit reference and fraud prevention agencies if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
What rights do I have?
You have the right to ask Zenith for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain the personal data you provide in a structured, machine readable format and ask us to share (port) this personal data to other organisations. You also have the right to object to processing in some circumstances.
Where we have asked for your consent, you may withdraw consent at any time. If you ask to withdraw your consent to Zenith processing your personal data, this will not affect any processing which has already taken place at that time. You can also ask us not to send or to carry out profiling for direct marketing, at any time.
These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.
If you wish to exercise these rights, please contact us as set out below.
If you have unresolved concerns you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occured.
How long will you retain my data?
Where we process account registration data and personal data in connection with the provision of banking services, we do this for as long as you are an account holder and for 6 years after you terminate your account.
Where we process personal data in order to comply with our legal obligations (for example, “know-yourclient” information processed for anti-money laundering purposes) we will retain this for as long as you use our services, and in compliance with our regulatory obligations as set by the Financial Conduct Authority thereafter.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Updates to this Privacy Notice
This Privacy Notice may be updated periodically. We will update the date at the top of this Privacy Notice accordingly. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy Notice as required by applicable law.
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, feel free to contact our Data Protection Officer, who can be contacted at firstname.lastname@example.org
The data controller for your information is Zenith Bank UK Ltd registered in England and Wales under Company Number 5713749 whose registered office address is: 39 Cornhill, London EC3V 3ND