Business Data Privacy Notice

When providing business banking services, we manage Personal Information. This includes information relating to Product Parties and Business Parties.  This Personal Information is protected by the UK’s Privacy laws.  These Privacy laws do not apply to information about Partnerships in Scotland, Limited Liability Partnerships or Limited Companies, but do apply to information which relates to Product Parties, Business Parties or other individual who we manage. We will of course also treat your business information as private and confidential and ensure it is kept secure.  

We have a dedicated team that looks after data privacy rights. In addition, we have a Data Protection Officer ("DPO") to guide our business and oversee our use of your personal Information. See  below for their contact information and for more information on how we manage your Personal Information:

When you apply for a product or service and throughout our relationship, you will provide Personal Information to us, and we will obtain certain Personal Information from other sources, some of which may be publicly available. 

We will not be able to open or maintain an account or service if you do not provide certain information. For example, we will not be able to open an account without you providing details about Product Parties and Business Parties.

We use personal information so that we can deliver the banking service that business wants in the 21st century. This includes using personal information so that we can:

• Provide you and/or Business parties and/or Product Parties with services. 

This is necessary to comply with our contractual obligations to you under our Terms and Conditions

• Identify products and services which might be suitable for you and/or Business parties and/ or Product Parties.

This is necessary to meet our legitimate business interests in providing our customers with products and services that they like. There is no obligation for you to make use of these products or services

• Assess lending and insurance risks. 

This is necessary for us to meet our legitimate interests in making sure we have an appropriate risk profile. Ensuring that we do not take excessive risks is in the public benefit, as we ensure your money is kept safe

• Recover debts, prevent, detect and prosecute fraud and other crimes. 

This is necessary to meet our legitimate interests in exercising our rights and ensuring that you and other customers are not subject to crime or fraudulent activity

• Manage our and any member of our Group's relationship with you and/or Business parties and/or Product Parties. 

This may be necessary to ensure we can meet our contractual obligations under our Terms and Conditions, and is also necessary to meet our interests in ensuring we can access your account details when you contact us

• Update our records about you and/or Business parties and/or Product Parties. 

This is necessary to meet our legitimate interests in keeping our records accurate and up to date, and to ensure that we do not use out of date information about you.

• Improve our performance. 

This includes testing new systems and checking upgrades to existing systems, training, undertaking transactional analysis, conducting audits, assessing lending and insurance risks, customer modelling, statistical and trend analysis with the aim of developing and improving products and services, and providing information to Regulators. We do this to meet our legitimate interests in providing better services to our customers and making sure commercial and personal information is appropriately protected.

• Send Direct Marketing and Promotional Material. 

We will offer you, Product Parties and Business Parties, an opportunity to receive direct marketing and promotional information. We will use your personal information to send marketing information on the basis that it is in our legitimate interests to market our products to our business customers. We will only send post, email, phone or SMS marketing if you indicate you wish to receive it. We value our relationship and do our best to send information which we think may be of interest, by post, email, phone or SMS. We respect your choices, and Product Parties and Business Parties can ask us to stop sending marketing to them at any time by contacting our Data Rights Team, by clicking 'unsubscribe' in any marketing email we send or by following the instructions in our marketing SMS’ – and when this happens, we will stop. 

Where Product Parties and Business Parties log in and use our online services, we will aim to give them a personal service, so that they easily see relevant information, including details of our products that we think are of interest.  

They may also see TSB advertisements that we think may be of interest, when logged in to other secure websites. 

Product Parties and Business Parties can object to this, by contacting our Data Rights Team. This will mean that they experience more general webpages.  They will not see any fewer advertisements, but the pages and advertisements may be of less relevance. 

• Social Media.

If Product Parties and/or Business Parties engage with TSB through social media, we may use their information to engage with them.  We only use this information if you actively engage with us through social media, on the basis that it is in our legitimate interests to respond to you when you connect with us. To deliver the best customer experience, we partner with software providers that allow us to connect with them via online communities and blogs.  These partners manage personal information only in accordance with our instructions.  Personal information will not be stored or transferred outside the European Economic Area (“EEA”) and TSB can require these partners to delete all Personal Information, or return it securely to TSB, at the end of our contract with them. Click here for a list of EEA countries.

• Do what you ask us to do.

If you request particular services from us, or ask us a question, we will use Product Parties and/or Business Parties personal information to respond. This is to meet our legitimate interests in making sure we can provide you with the best possible service.

• Comply with legal obligations. 

This might include providing information to HMRC, preventing money laundering and doing what our Regulators require. We only do this where strictly necessary to comply with these legal obligations.

• To deliver better banking for Britain. 

This includes using personal information to ensure we manage and develop customer relations; assess the suitability of existing and proposed products for our customers; pass information to Credit Reference Agencies (as described below); conduct internal or external reviews of our performance and quality; instruct our internal or external legal teams; detect and prevent fraud and liaise with Police and other anti-fraud agencies; engage with and interact on social media; and ensure we manage TSB as effectively and efficiently as possible.

We use personal information in this way as it is in our business interests to do so, and it allows us to defend our rights, provide a better service to our customers and understand what our customers want from us. Whenever we use personal information, we will always ensure we work to protect personal data interests and rights. We will not use personal information for any purpose which is incompatible with those set out above, we will keep data appropriately secure, and will advise when we use it for a new purpose.
 

We treat personal information as private and confidential, but may disclose it outside TSB in some circumstances, to fulfil the purposes set out above (including sharing with partners with whom we provide services as described above). This may include sharing it with subcontractors who will act only on our instructions or our behalf and will use your information only for the purposes set out above.

We will disclose information to others:

To meet our contractual obligations to you in accordance with the Terms and Conditions, including where:

• Other Product Parties and/or Business Parties may be entitled to see your transactions
• It is needed by other parties connected with your account (including guarantors)
• We need to share information with other lenders who also hold a charge on your property

Where strictly necessary to comply with legal obligations to which we are subject, including where:

• HMRC or other authorities require it
• The law, a regulatory body or the public interest requires it
• It is required as part of our duty to protect your accounts, for example we are required to disclose your information to the UK financial services compensation service (FSCS)it is required by us or others to detect, investigate or prevent crime or fraud
• Or where the person consents or asks us to. If they give their consent, they can withdraw it at any time and we'll stop disclosing the information in that way

Credit Reference Agencies

In order to process your application for a product or service, we will perform credit and identity checks with one or more credit reference agencies (“CRAs”). Where you take banking services from us, we may also make periodic searches at CRAs to manage your account with us. 

To do this, we will supply business and personal information relating to you, Product Parties and/or Business Parties to CRAs and they will give us information about you and these people. This will include information from your credit application and about your financial situation and financial history, as well as that of the Product Parties and Business Parties. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. 

We will use this information to:

• Assess your creditworthiness and whether you can afford to take the product
• Verify the accuracy of the data you have provided to us
• Prevent criminal activity, fraud and money laundering
• Manage your account(s)
• Trace and recover debts
• Ensure any offers provided to you are appropriate to your circumstances   

We will continue to exchange information with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. 

When CRAs receive a search from us they will place a search footprint on your credit file and that of the Product Parties and Business Parties.  These footprints may be seen by other lenders. 

If you tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your spouse or financial associate successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain. CRAIN is also accessible from each of the CRAs that TSB uses – clicking on any of these links will also take you to the same CRAIN document:

Callcredit www.callcredit.co.uk/crain

Experian www.experian.co.uk/crain

The government also requires us to screen applications that are made to us, to ensure we are complying with the international fight against terrorism, money laundering, modern slavery and other criminal activities. As a result, we may need to disclose information to government bodies to meet these legal obligations.

If we or any other company in our Group wishes to sell or transfer all or part of its business and assets or any associated rights or interests, or to acquire a business or enter into a merger, we/it may disclose your personal data and confidential business information to any potential buyer, transferee, merger partner or seller and its advisers and any other persons we/it may reasonably decide, provided that each person to whom information is disclosed undertakes to keep it confidential. If the sale or transfer is completed, the buyer, transferee or merger partner may continue to use and disclose the information subject to the same provisions set out here.

The UK and other EEA countries provide a high standard of data protection and privacy. We may run your accounts and provide other services from centres outside the UK and EEA, which are not considered by the European Commission to have a similar standard of legal protection for personal information. If so, we will require personal information to be protected to at least UK standards.

To do this, we make sure we only transfer personal information to countries which are regarded under EU law as providing an adequate level of protection for personal information, to companies in the USA which are certified as providing an adequate level of protection, or we will put in place contractual commitments which ensure an adequate level of protection.

If you want to learn more about the specific countries to which we transfer personal data, or if you wish to obtain a copy of the safeguards we have in place for particular countries, please contact the Data Rights Team.

We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation if, for example, you make a CHAPS payment or a foreign payment. Those external organisations may process and store personal information abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. If these are based outside the UK and the European Economic Area (“EEA”), such personal information may not be protected to standards similar to those in the UK, but we will take steps, including through contractual commitments, to ensure that an adequate level of protection is provided. Click here for a list of EEA countries. 

We will only keep personal information for as long as your application for an account or product, or for as long as you have accounts or products with us. We will also keep your personal information for a certain period after your application has ended or you have closed your accounts. 

When determining how long this period will last, we take into account our legal obligations, the expectations of financial and data protection regulators, and the amount of time we may strictly need to hold your personal information to carry on our business or defend our rights. For example, if you have an account with TSB, we will keep your information and details of the account, while the account is open. To meet our legal and regulatory requirements, we must keep much of this information for a number of years after the account is closed, even if you do not have another account with us, and we will need to keep your information in archived form in order to defend our legal rights (which may be for the period in which legal claims can be made under applicable law. In the UK this is six years for contractual claims). We have policies and procedures in place to ensure that we delete information that is no longer needed for any of these purposes.

People in the UK and across the EEA have certain rights over their personal information. These include the right to access a copy of their personal information or have some elements of it transmitted to themselves or another company in a common electronic format. In certain circumstances they can have their personal information rectified or erased, or have our use of their personal information restricted.  

They also have the right to object to our uses of their personal information described above. 

An individual who wishes to know more about their data rights should refer to our Data Privacy Notice, which can be found at: www.tsb.co.uk/privacy They can also collect a copy at any TSB branch. We will generally not charge a person for exercising these rights. 

We aim to work with you in relation to any request, complaint or question you have about your personal information. However, if you believe we have not adequately resolved a matter, you can complain to the Information Commissioner's Officer (the "ICO"). 

You have a right, at any time, to complain to the ICO, The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.  You can follow this link to their website: https://ico.org.uk/ or ask for details from our Data Rights Team.