We treat personal information as private and confidential, but may disclose it outside TSB in some circumstances, to fulfil the purposes set out above (including sharing with partners with whom we provide services as described above). This may include sharing it with subcontractors, who will act only on our instructions or our behalf, and will use your information only for the purposes set out above.
We will disclose information to others:
To meet our contractual obligations to you in accordance with the Terms and Conditions, including where:
- Other product parties and/or business parties may be entitled to see your transactions
- It is needed by other parties connected with your account (including guarantors)
- We need to share information with other lenders who also hold a charge on your property
Where we must comply with legal obligations to which we are subject, including where:
- HMRC or other authorities require it
- The law, a regulatory body or the public interest requires it
- It is required as part of our duty to protect your accounts - for example we are required to disclose your information to the UK Financial Services Compensation Service (FSCS) or it’s required by us or others to detect, investigate or prevent crime or fraud
- Or where the person consents or asks us to. If they give their consent, they can withdraw it at any time and we'll stop disclosing the information in that way
Credit Reference Agencies
In order to process your application for a product or service, we will perform credit and identity checks with one or more credit reference agencies (“CRAs”). Where you take banking services from us, we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply business and personal information relating to you, product parties and/or business parties to CRAs and they will give us information about you and these people. This will include information from your credit application and about your financial situation, and financial history, as well as that of the product parties and business parties. CRAs will supply us with public (including the electoral register) and shared credit, financial situation and financial history information as well as fraud prevention information.
We will use this information to:
- Consider your creditworthiness and whether you can afford to take the product
- Verify the accuracy of the data you have provided to us
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Trace and recover debts
- Make sure any offers are appropriate to your circumstances
We will continue to exchange information with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file and that of the product parties and business parties. These footprints may be seen by other lenders.
If you tell us that you have a spouse or financial associate, we will link your records together. You should make sure you discuss this with them, and share this information, before making the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your spouse, or financial associate successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain. CRAIN is also accessible from each of the CRAs that TSB uses – clicking on any of these links will also take you to the same CRAIN document:
TransUnion www.transunion.co.uk/crain
Experian www.experian.co.uk/crain
Fraud Prevention Agencies
The government also requires us to screen applications that are made to us, to make sure we are complying with the international fight against terrorism, money laundering, modern slavery and other criminal activities. So we may need to disclose information to government bodies and to fraud prevention agencies to meet these legal obligations.
We will study patterns of activity, check for unusual transactions and monitor devices used to access TSB’s systems. Including Internet Protocol (IP) addresses and may include using widely available geographical mobile phone technology to assess the location.
General
Before we provide services, goods or financing to your business, we undertake checks for the purposes of preventing fraud and money laundering, and to verify the identity of the business, product parties and business parties. These checks require us to process personal data about these people.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details of product parties and business parties.
We and fraud prevention agencies may also enable law enforcement agencies to access and use this personal data to detect, investigate and prevent crime.
We process this personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold this personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Consequences of processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing that has been requested, or we may stop providing existing services to you or your business.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you or the business. If you have any questions about this, please contact us on the details above.
Data transfers
Whenever fraud prevention agencies transfer personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
If we or any other company in our Group wishes to sell or transfer all or part of its business and assets, or any associated rights or interests, or to acquire a business or enter into a merger, we/it may disclose your personal data and confidential business information to any potential buyer, transferee, merger partner or seller and its advisers and any other persons we/it may reasonably decide, provided that each person to whom information is disclosed promises to keep it confidential. If the sale or transfer is completed, the buyer, transferee or merger partner may continue to use and disclose the information, subject to the same provisions set out here