Privacy Notice

Personal information & the law

1. Who are we?

Metro Bank PLC, (“Metro Bank”, “we” or “us”), registered in England and Wales

Company number: 6419578.

We are a controller for the processing activities specified in this privacy notice that relate to your personal data.

This privacy notice also explains how other parties, including companies belonging to the Metro Bank group, may use your personal data. Some of our products, applications or services have separate privacy notices which do not incorporate this privacy notice.

If you have any questions about this privacy notice, would like more information about how we use your personal data, or to exercise any of your data subject rights (see “Your rights”) please contact our Data Protection Officer:

Write to

Data Protection Officer
Metro Bank PLC
One Southampton Row
London, WC1B 5HA

Email

DataProtectionOfficer@metrobank.plc.uk

If you are unhappy with our management of your information, you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit http://www.ico.org.uk/ for more information.

2. Our collection and retention of personal data

Personal data includes any information that directly or indirectly (whether alone or in conjunction with other information) identifies you (or someone else). This includes information such as your name, address, and contact details. It also includes, for example, any photograph we have of you (e.g. when you provide us with a selfie and a copy of a photo ID as part of the account-opening process), online identifiers such as IP address or device ID, and location data.

The personal data we hold about you is limited to information that you have given us directly – for example, when you contact us, apply for any of our products or services (e.g. a selfie and your contact information, or details of your query or complaint), or when you complete customer surveys.

This also includes information we:

• may ask you to provide to support your application for our services or products (e.g. a copy of your ID, your current and previous employer, income details, banking details and financial status)
• capture through the use of CCTV when you visit one of our stores
• record and monitor through our telephone calls to help improve the products and services we offer
• receive from trusted third parties – such as credit reference agencies and fraud prevention agencies – during eligibility checks. Further information about these agencies is set out in the ‘How we use credit reference agencies’ and ‘Preventing crime’ sections below
• receive from any brokers who introduce you to our services or products, or from a third party acting with your authority on your behalf, including

1. information that the third party enters as part of the application process, or on any of our online forms
2. information the third party provides when communicating with us, whether in writing, via email, SMS or by telephone; or
3. (in relation to comparison websites), information you have entered on the comparison site as part of their application process.

• collect during the provision of our contracted services to you (e.g. your account details, and details of your transactions and interactions with us)
• collect, or third parties acting on our behalf (such as Google Analytics) automatically collect, when you use our websites or interact with our emails (in each case with your consent, where necessary). Examples of data collected include your IP address, browser type referral source, information about which parts of our page you have visited and how long you spent on them, the preferences you have set, and whether you have opened our emails
• occasionally obtain from publicly-available sources, such as social media sites (e.g. we may collect your name and comments where you mention us in a post) and Government registers (e.g. Companies House).

Where we ask you to provide personal data to us on a mandatory basis, we will tell you at the time of collection. In the event that particular personal data is required by the contract or law, this will be made clear. We will also explain the consequences of failure to provide any mandatory personal data – for example, if you can’t show us proof of identity this will mean that we cannot open an account for you.

We may also collect your personal data where you engage with us online (for example, on Twitter or LinkedIn) or where you mention us in a public forum. Remember that any information you publish online may be seen by others; please see the section on “Social Networking Sites” for further information.

If you open an account with us and you are under 18, we may also collect personal data that directly or indirectly identifies your parent or legal guardian who helped you open an account. We may use and keep their personal data only for the purposes of checking your identity. You must not give us personal data about someone else (such as a joint applicant or a parent or guardian) without first getting their permission for it to be used and released. We will assume that that person has given permission, although we may still ask for confirmation.

At the end of your relationship with us (for example, if you decide to close your account), we retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than seven years, in line with our data retention policy.

3. The purposes and lawful basis for our collection of personal data

Your personal data is collected and processed for business and business-compatible purposes, in accordance with applicable laws and as set out below. Personal data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. in fraud investigations or similar).

We generally process your personal data under one of the following legal bases:

• Our legitimate business interests (described in the section below), except where these are overridden by your interests or fundamental rights and freedoms which require protection of personal data (“legitimate interests”)
• Compliance with a legal obligation to which we are subject (“legal obligation”)
• For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (“contractual performance”).

We may also rely on other bases (for example, where the processing is necessary in the performance of a task carried out in the public interest, or in order to protect your vital interests or those of another person, or where you have given your consent) on an exceptional basis, where none of the above applies.

We have identified the following purposes for processing personal data, each of which relates to a lawful basis for processing, as required under applicable law. These purposes include:

Purpose for processing	Lawful basis
To provide products and services which you have requested, and to conduct business with you (for example, to process your application, to manage your account, to tell you about important changes to our services, to process and to respond to your enquiries, complaints and issues) and to keep updated and bring together and improve records.	Contractual performance
To provide an initial quotation where you have applied for credit.	Contractual performance Legitimate interests: We consider that we have a legitimate interest in ensuring that customers have a clear understanding of the product they have applied for, without there being a detrimental effect on their credit rating.
For security, credit, identification and verification purposes.	Legal obligation (e.g. compliance with our Anti-Money Laundering and Know Your Customer obligations).
To detect, investigate, prevent and prosecute criminal activity and to meet out regulatory, legal and compliance obligations (including performing regulatory and prudential compliance checks on an ongoing basis, account and transaction monitoring, checks for sanctions and politically-exposed persons, and transaction and tax reporting. Also including making disclosures to, co-operating with, and complying with requests from: public authorities, regulators, courts of law, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud, terrorism and other crime).	Legal obligation Legitimate interests: To the extent our processing of your personal data for these purposes extends beyond that strictly required by applicable UK law to which we are subject, or where such legal/regulatory obligations do not specify the method by which a mandatory outcome (e.g. preventing terrorist financing) shall be achieved, or where we are subject to a legal obligation in another jurisdiction, we consider that we have a legitimate interest in ensuring effective compliance in all relevant jurisdictions, in protecting our customers, and in maintaining a good relationship with law enforcement, regulators and other relevant authorities. We also consider that we have a legitimate interest in protecting our legal rights.
To assess lending and insurance risks.	Legitimate interests: We consider that we have a legitimate Interest in ensuring that the risk to which we are exposed remains within our risk tolerance.
To collect money that you owe us, and to exercise our rights set out in agreements or contracts.	Contractual performance Legitimate interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability.
To improve customer service, and to decide if a product or service is suitable for your needs.	Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively.   We consider that we have a legitimate interest in ensuring that we provide our customers with appropriate products and services, to ensure both appropriate risk management and good client relationship management.
To provide you with the appropriate level of service, to accommodate your specific individuals needs and treat you fairly based on any vulnerability you may have, whether you have told us or we believe necessary to record, to improve customer service ensure equality of treatment, protect vulnerable customers or safeguard your economic wellbeing.	Consent Public Interest Vital Interest Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively.
To carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, to carry out billing-related and payments administration, to maintain stocks and shares registers).	Legal obligation (to maintain certain statutory records) Legitimate interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest in running our business efficiently.
To share relevant information in respect of a prospective sale of the company, or any of its subsidiaries, or any part of its or their business.	Legal obligation Legitimate interests: We consider that we have a legitimate interest in complying with due diligence requirements and being efficient in how we run the business.
To manage, support and provide training to our staff.	Legitimate interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Legal obligation (to maintain certain statutory records).
Marketing: To tell you about other Metro Bank products, services and facilities that may interest you (by post, email, phone or text, in accordance with your preferences).	Legitimate interests: We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings. Consent to data being processed in relation to direct marketing by electronic means such as by email or SMS.
We may share some personal data (for example, your email address), in a secure format, with our advertising partners and social media companies, so that they can display the most relevant messages to you and others about our products and services. This includes instructing these companies not to show adverts to our existing customers. If you do not want us to share your personal data with our advertising partners or social media companies for this purpose, you can tell us not to.	Legitimate interests: It is in our legitimate interests to give you information about our products and services that you or others may be interested in.
To evaluate the effectiveness of marketing and for research, training and statistical analysis with the aim of improving services.	Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations.
To help us to improve our products, services and operations (Including market research, analysis of customer preferences, transactions and market trends, evaluating proposed products, testing new systems and upgrading existing systems).	Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations.
To manage our business and to protect and enforce our rights (Including assessing, monitoring and managing financial, reputational and other risk, conducting audits, liaising with regulators and law enforcement, and to establish, enforce and defend against legal claims).	Legal obligation Legitimate interests: We consider that we have a legitimate interest in prudently managing our business and in protecting and enforcing our rights.
To be able to work with other companies that provide services to us and our customers.	Contractual performance

Where you have consented we may also sell or exchange your data, or share your information with other carefully chosen organisations, so that you can hear from them about their products or services.

We may also process your personal data for other purposes permitted or mandated by applicable laws, including those legitimate interests pursued by Metro Bank, where these are not overridden by the interests or fundamental rights and freedoms of individuals.

4. Sensitive personal data

We may collect a limited amount of ‘special category’ personal data: i.e. information revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where that information is used to identify an individual), information concerning physical or mental health, an individual's sex life or sexual orientation, in order to make appropriate accommodations or adjustments, or to provide biometric identification services. When we do so, we will explain to you why we need it, and obtain your consent to use it for the relevant purpose.

To the extent permitted by applicable laws, we may collect and process a limited amount of information regarding criminal convictions and offences and related proceedings (including information relating to allegations and suspicions of criminal offences).

5. Joint applications

If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account holder’s details (excluding identification material).

Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.

6. Law enforcement, fraud prevention and other agencies

If you give us false or inaccurate information and we identify or suspect fraud or other criminal activity, we may pass details to fraud-prevention agencies or credit-reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering – for example, when:

• checking details on applications for credit and credit-related accounts or other facilities
• managing credit and credit-related accounts or facilities.

If you ask, we will provide you with details of the relevant fraud-prevention agencies.

We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit-reference agencies (or both) from other countries.

7. Use of cookies for online applications

When you visit our different online channels, we or a third-party service provider may collect technical and navigational information. This is done through the use of cookies.

A ‘cookie’ is a small text file that's stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.

Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.

Our online services use session and persistent cookies.

Some cookies are set by websites you go to – they are known as first-party cookies. Others are set by outside organisations such as social media, search engines, other advertising networks and our business partners – these are known as third-party cookies. Whether a cookie is first- or third-party depends on where it comes from.

Our online services use first- and third-party cookies.

For further information about cookies please visit http://www.allaboutcookies.org/.

8. Cookies policy

The following sections set out Metro Bank’s cookies policy, explaining how we use cookies and similar tracking technologies. It also explains the choices you can make about whether we can put some types of cookies on your PC, tablet or mobile phone.

In this policy, where we say 'cookies' we also include similar tracking technologies that collect data while you use our websites, Online Banking and mobile applications to help provide you with the best possible online experience.

The information cookies collect, and how we use that information may count as personal information e.g. internet protocol address (‘IP address’), operating system, browser type, pages visited and average time spent.

Data we collect will be held by Metro Bank. We use this data to:

• protect our visitors and customers from fraud and keep improving security
• analyse how our visitors use our online services to help us improve their performance
• decide which of our products, services and offers may be relevant for you.

We do not sell data to organisations outside our group.

If you have questions on our use of cookies, please email DataProtectionOfficer@metrobank.plc.uk.

8.1 Types of cookies we use

The cookies we use are either strictly necessary or optional.

Strictly necessary cookies

Generally, these cookies will be essential cookies and are required for the operation of our websites. They include cookies that enable you to log into secure areas of our websites and help ensure the content of the pages you request load quickly. Without these cookies, you will not be able to access our online services (e.g. our websites or a service on any of our websites) which you have requested, this is why we will not collect your preferences in regards to these cookies.

Essential cookies are used to:

• Maintain online security and protect against online fraud
• Maintain your privacy and to help keep your details safe and secure.

Optional cookies:

We would like to use cookies to provide optional features and improve our websites.

We understand that not everyone likes data to be collected about them when it's not strictly necessary, and so we'll ask you to set your preferences when you first visit our websites.

To make it easier to choose which optional cookies to accept, we've organised these cookies by category. These are set out below. You can choose which categories you'd be happy for us to use in your cookie settings and make changes at any time by referring to the ‘Managing cookies’ section below and selecting ‘Customise my preferences’.

Performance cookies – tracking website performance

These cookies collect aggregated information and are not used to identify you. All the information collected is anonymous and is only used to help us understand and analyse how visitors use our online services and look for ways to improve their performance.

For example, a cookie might allow us to both count visitors and see how visitors navigate our online services, which allows us to improve the customer journey.

The analytics cookies we use include the following:

• Google analytics – which uses cookies to help us analyse how our visitors use the site. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website, where visitors have come to the website from or the pages they visited. Find out more about how these cookies are used on the Google privacy site: https://policies.google.com/privacy?gl=GB&hl=en-GB
• Hotjar – which uses cookies to collect user behavioural patterns online for statistical purposes: https://www.hotjar.com/legal/policies/privacy/
• Episerver – which uses cookies to tag a unique ID to the user and provide personalised content on the Metro Bank websites: https://www.episerver.com/legal/privacy-statement
• Heap – which uses cookies to track user behavioural patterns on our website for statistical purposes: https://heap.io/privacy

Functional cookies – giving you a better online experience

These cookies remember your preferences so that you do not have to enter them each time you visit our websites and other online channels. These cookies allow us to personalise content for you; without them we cannot remember your choices.

Targeting cookies

These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. They will always be persistent but time-limited cookies.

Targeting cookies are used to send you relevant information and see which content you use. They do this by recording your visits to our websites, the pages you have visited and the links you have followed. We then use the information collected to tailor both our websites and the relevance of the advertising displayed to your interests. In order to make the advertising displayed more relevant, we provide the information collected to advertising networks. Please note these cookies do not contain any of your personal or financial information.

We partner with third-party companies including Google Ads and Facebook to provide cookies that help us optimise the relevance of advertisement on the websites.

Overview of the cookies we use across all online service channels

Category	What they do	My choices
Strictly necessary	These cookies are needed to run our websites, to keep them secure if you are logged on and to obey regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details safe and private. Other important jobs they do are: ·         Help you move around the site ·         Tell us if you’ve been to it before and which pages you went to ·         Tell us how the site is working, so we can find and fix any problems.	You can’t turn off these cookies
Functional	These cookies are used for remembering things like: ·         Your user ID on the logon page ·         Your region or country ·         Your preferred language ·         Accessibility options like large font or high-contrast pages.	We’ll ask for your consent to use these cookies
Performance	These cookies tell us how you and our other customers use our websites. We combine all this data together and study it. This helps us to: ·         Improve the performance of our services ·         Improve the products we provide.	We’ll ask for your consent to use these cookies
Marketing	These cookies help us decide which of our products, services and offers may be relevant for you. We may use this data to tailor the marketing and ads you see on our own and other websites and mobile apps, including social media. For instance, you may see our ads on other sites after you have been to our websites. If you turn off marketing cookies you will still see ads online, but they will not be tailored to things that may interest you.	We’ll ask for your consent to use these cookies

8.2 Managing cookies

You can manage your cookie preferences at any time by changing your cookie settings.

Cookie Settings

You can also use your browser settings to delete cookies that have already been set at any time and to manage cookies, for example, to switch off a cookie altogether. If you do this, it could mean that we can't use ‘strictly necessary’ cookies properly and so parts of our websites may not work correctly.

For more information about how to use your browser settings to clear your browser data or to manage cookies, check your browser 'Help' function.

Find out more on how to manage cookies in common browsers (Internet Explorer, Chrome, Firefox and Safari) on the Information Commissioners’ Office (ICO) website.

8.3 How do we remember your cookie preferences?

Your preferences are saved in cookies stored on your browser. If you switch off a category of cookies that you've previously accepted, then for technical reasons those cookies will not be deleted.

To delete cookies from your browser, we recommend that you clear your browser data. If you do this, or change browser, we'll ask for your preferences again when you next visit our websites.

Managing your personal information

9. Keeping your information up to date

If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.

10. Your rights

You have specific rights over your personal data, as explained below. These may not apply in all circumstances – we will let you know where this is the case.

• Data subject access request: You may request information concerning what personal data we process on you and request a copy of that personal data
• Rectification of inaccurate personal data: You may request rectification of any inaccurate personal data. We take reasonable steps to keep your personal data accurate and current but you can also ask us to change any information we hold about you to keep it accurate, complete and current. However, please remember that it is your responsibility to tell us about any updates to this information
• Erasure of personal data: You have the right to ask us to erase the personal data we hold about you. It may be necessary to retain your personal data to fulfil our contract with you or to fulfil our legal and regulatory obligations
• Restricting processing of personal data: You can request that we restrict our processing of your personal data where you contest the accuracy of the information we hold (restricted until it has been verified), where it was processed unlawfully and you do not wish us to erase it but just to restrict our processing, or where we no longer need the personal data but you need us to retain it for the establishment, exercise or defence of a legal claim. Where a restriction is in place we can continue to store your information but only otherwise process it with your consent or for the establishment, exercise or defence of legal claims, for the protection of another individual’s rights or for important public interest reasons. We will inform you prior to the lifting of any restriction
• Right of portability: In certain circumstances, where technically feasible, you have the right to receive the personal data in a structured, commonly-used and machine-readable format and the right to transmit such personal data to another controller, if the processing is based on consent and is carried out by automated means
• Object to the processing of your personal data: Where we process your personal data on the basis of ‘legitimate interests’, you can request we stop such processing. Where we process your personal data for direct marketing purposes, you can request we stop such processing and we will cease any processing related to direct marketing
• Right not to be subject to automated decision making: You have the right to ask that a human reviews an automated decision, to express your point of view and to contest an automated decision
• Right to withdraw consent: Where we process your personal data because you have given us your consent, you can withdraw your consent at any time

You can exercise your rights by contacting us on 0345 08 08 500, in writing using the contact details given at the top of this document, or by visiting one of our stores.

We will respond to your request within one calendar month. We may need to confirm your identity before processing your request. If you can’t give us satisfactory proof of your identity, we have the right to refuse your request. We also have the right to reject requests that are manifestly unfounded or excessive.

 

How we use your personal information

11. Further processing

If we determine that your personal data is to be used for a new purpose, we will inform you beforehand.

12. Sharing your information

Your personal information may be shared with third-party service providers, including companies belonging to the Metro Bank group, which may provide products or services to you or us.

We will only share your personal data where necessary and where we have a lawful basis for doing so (for the purposes already outlined). Recipients of your personal data may include:

• other parties connected to your account (i.e. joint account holders)
• credit reference agencies (please see section below)
• our service providers (such as payment processors, IT service providers, email service providers and web analytics providers)
• specific subcontractors who help to provide you with the services you have requested
• tax authorities, regulatory authorities, government bodies, insolvency service, law enforcement agencies and fraud prevention agencies (please see section below)
• our insurers, lawyers, auditors, consultants and other professional advisers
• other banks or financial institutions (where you ask us to share your personal data, or where we are asked to confirm your identity for the purposes of preventing or investigating financial crime)
• selected third parties, if you want to use our referral to get discounts for their services, or where you want to take advantage of our functionality to import or export your banking data
• third parties, where you have consented for us to share your data with them
• advertisers, technology providers, social media platforms and providers of apps and smart devices. This is so that you are only shown marketing we think you might be interested in and we can try to find new customers who are like you, or have similar interests to yours.

These recipients may be located in countries around the world (please see “Processing personal data outside of the EU (EEA) and UK”).

Our websites may contain links to other websites operated by third parties. This privacy policy applies only to the personal information that Metro Bank collects and we are not responsible for personal information that others may collect, store and use through their websites. You should refer to the privacy policy of the third party's website for details on how they collect and use your personal information.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at http://www.cifas.org.uk/FPN

13. Processing personal data outside of the EU (EEA) and the UK

Parties with which we share your personal data (for the purposes explained above), may be located in countries outside of the UK and the European Economic Area (EEA), such as India and the USA which have more lenient data protection laws than those of the UK.

We will only make such a transfer where an appropriate transfer mechanism is in place, in compliance with applicable data protection law. Where necessary, we will carry out a risk assessment to ensure that your personal data remains appropriately protected.

In most cases, such transfers are made pursuant to the standard contract clauses approved by the European Commission. A copy of the standard contract clauses are available on the ‘Standard contractual clauses’ page of the European Commission’s website.

14. How we use credit reference agencies

As a responsible lender, we take into account your personal circumstances to see whether we should open a current account for you or to lend to you. To help us to do this, we may use automated credit scoring during applications.

This means that if you apply for one of our accounts or credit with us, we will search your record at companies called ‘credit reference agencies’ when considering your application.

We or the relevant credit reference agency take into account available information about you – such as your ability to repay, your credit history and factors such as how long you have lived at your present address. Credit reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgements and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.

If you apply for one of our current accounts or credit facilities (other than our cash account), we may use details of your credit history to assess your ability to meet your financial commitments. Credit reference agencies will record details of your application and the search will form part of your credit history. This will happen whether or not you go ahead with your application. These details will be seen by other organisations that examine your record.

Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application. 

Credit scoring helps us to work out the level of repayment risk for each applicant based on available information. If that level of risk is unacceptable for us, having looked at your credit score and other factors, we will refuse your application. Occasionally, Metro Bank will manually assess an application to understand the reason for any credit impairment and whether this is an exceptional circumstance.

We are not obliged to accept an application. If we are unable to accept your application, we will tell you. If we can, we will also tell you the main reason why we did not accept your application. If we refuse your application, we will not pass this information on to a credit reference agency. You may contact us and ask us to reconsider our decision. If you do, we will generally ask you to give us the extra information that we need.

We may share your personal data with credit reference agencies:

• to check your identity and verify the accuracy of the data you provide to us
• to help us understand whether or not we think you can afford any credit facility you apply for
• to assess your creditworthiness and decide if you are eligible for an account, service or facility
• to trace and recover debts
• to manage your account(s)
• to prevent criminal activity, fraud and money laundering.

If you hold a current account with us, we will regularly update the credit reference agencies with details of the status of your account, including:

• the balance of any overdraft
• details of any defaults
• changes to your personal data
• any special circumstances that apply to your account.

The credit reference agencies that we use are Experian, Equifax and TransUnion.

For further information about how they use your personal data, please see the links below.

Equifax – www.equifax.co.uk/crain

Experian – www.experian.co.uk/crain

TransUnion – www.transunion.co.uk/crain

If you are applying for a business current account or business lending product, then in addition to the personal data, we will also use and share your business data for the purposes outlined within this section.

15. Automated decisions

We sometimes use systems to make automated decisions using the personal information we have obtained from you and other sources about you or your business. Automation allows us to make consistent, efficient and quick decisions about offering you our products and services. These automated decisions can affect what we may offer you now or in the future, or the price that we charge you for them.

Below are details of the automated decisions we make which are necessary for entering into, or performance of a contract:

Automated decision	What automation occurs
Pricing	Where you have requested credit, we will decide what rate of interest to charge based on what we know about you from your application and other sources.
Tailored products & services	We work with advertising partners – such as social media companies – to help us try to find new customers who are like you, or have similar interests to yours. These companies help us look for new customers who may be interested in products, services or offers that our existing customers are interested in.
Detecting fraud	We use your personal information to monitor and assess if your account is being used or suspected to be used for fraud or money-laundering. We look for traits adopted by fraudsters or behavioural trends which do not match your usual activity.
Opening accounts	When you apply for an account we will check that the product or service is suitable for you or your business. We will also check that you or your business meet the requirements to open an account or receive the product or service applied for. We will check data like your age and financial position.
Approving credit	We use an internal system to decide whether to lend money to you or your business, if you submit a loan application. The information used is historic data.   Credit scoring uses data from three sources:   • The loan application details submitted • Credit reference agencies • Data we may already hold   A credit score gives an overall assessment based on this. Metro Bank uses this to help us make responsible lending decisions that are fair, informed and consistent. Credit scoring methods are tested and reviewed regularly to make sure that a fair and unbiased decision is provided consistently.
Account lifecycle management	When you have a loan agreement with Metro Bank, we will periodically assess the management of it to predict the likely performance or outcome of the loan agreement. Dependent upon the assessment outcome, this may result in us making contact with you to further understand your current situation.

16. Preventing crime

We may share your personal information (including copies of your identification, photographs, signature and any other personal information that we hold about you) with fraud prevention or law-enforcement agencies and other organisations (including credit reference agencies, other lenders and operators of card schemes) both within the UK and abroad. We may do this to help investigate or prevent crime or terrorism, to check your identity or to meet our legal obligations.

17. Recording our calls and video services

We regularly record and monitor our telephone calls and video services to help improve the products and services we provide to you.

The reasons we record and monitor calls and video services are:

• to help improve customer service
• to help us meet our legal and regulatory requirements
• to help detect and prevent fraud and/or other crimes
• to help us answer your queries and issues.

You may request information concerning what personal data we process on you and request a copy of that personal data (see “Your rights”).

We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 3 years, in line with our data retention policy.

18. CCTV

When visiting our stores we capture your images through the use of CCTV.

The reasons we record CCTV are for:

• security
• health & safety
• crime prevention and detection.

You may request information concerning what personal data we process on you and request a copy of that personal data (see “Your rights”).

We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 90 days, in line with our data retention policy.

19. Social networking sites

We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:

• Social media web pages are not private. Please do not share your personal account information on any of the websites, including through the use of private messages
• Although we do always try to read every message sent to us on social media, we cannot guarantee a response to every message
• Any pictures you provide on our social media web pages may be used within our internal newsletters
• Any information that you provide us with on social media web pages may be retained by the website for longer than your relationship with us.

20. Java/ActiveX

Metro Bank’s websites do not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our websites you will not be asked by us if you want to allow a program to run.