Our Privacy Notice gives you all the details you need to know about how we use your personal information and your privacy rights. Personal information includes what you tell us about yourself, what we learn about you as a customer, and the ways you’ve told us we can get in touch.
We’ve added individual links below to help you quickly find the right section, or you can read through or print out this page.
Find out more about us, how we collect personal information, and how the law protects you.
2. Our collection and retention of personal data
3. The purposes and lawful basis for our collection of personal data
6. Law enforcement, fraud prevention and other agencies
You can ask us to change or remove the information we hold for you, get a copy, or withdraw your permission for us to keep it.
Read through who we share your information with for marketing purposes, to provide credit, and combat fraud.
13. Processing personal data outside of the EU (EEA) and the UK
Metro Bank PLC, (“Metro Bank”, “we” or “us”), registered in England and Wales, Company number: 6419578.
We are a controller for the processing activities specified in this Privacy Notice that relate to your personal data.
This Privacy Notice also explains how other parties, including companies belonging to the Metro Bank group, may use your personal data excluding any products, applications or services that have separate privacy notices which do not incorporate this Privacy Notice.
If you have any questions about this Privacy Notice, or would like more information about how we use your personal data or to exercise any of your data subject rights (see “Your rights”) please contact our Data Protection Officer:
Write to:
Data Protection Officer
Metro Bank PLC
One Southampton Row
London, WC1B 5HA
Email: DataProtectionOfficer@metrobank.plc.uk
If you are unhappy with our management of your information, you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit www.ico.org.uk for more information.
Personal data includes any information that directly or indirectly (whether alone or in conjunction with other information) identifies you (or someone else). This includes information such as your name, address and contact details, but also includes, for example, any photograph we have of you (e.g. when you provide us with a selfie and a copy of a photo ID as part of the account opening process), online identifiers such as IP address or device ID, and location data.
The personal data we hold about you is limited to information that:
Where we ask you to provide personal data to us on a mandatory basis, we will tell you at the time of collection. In the event that particular personal data is required by the contract or law, this will be made clear. We will also explain the consequences of any failure to provide any mandatory personal data: for example, if you can’t show us proof of identity, this will mean that we cannot open an account for you.
We may also collect your personal data where you engage with us online (for example, on Twitter or LinkedIn) or where you mention us in a public forum. Remember that any information you publish online may be seen by others: please see the section on “Social Networking Sites” for further information.
If you open an account with us and you are under 18, we may also collect personal data that directly or indirectly identifies your parent or legal guardian who helped you open an account. We may use and keep their personal data only for the purposes of checking your identity. You must not give us personal data about someone else (such as a joint applicant or a parent or guardian) without first getting their permission for it to be used and released. We will assume that that person has given permission, although we may still ask for confirmation.
At the end of your relationship with us (for example, if you decide to close your account), we retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than seven years, in line with our data retention policy.
Your personal data is collected and processed for business and compatible purposes, in accordance with applicable laws and as set out below. Personal data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. in fraud investigations or similar).
We generally process your personal data under one of the following legal bases:
We have identified the following purposes for processing personal data, each of which relates to a lawful basis for processing, as required under applicable law. These purposes include:
Purpose for processing | Lawful Basis |
---|---|
To provide products and services which you have requested, and to conduct business with you (for example: to process your application, to manage your account, to tell you about important changes to our services, to respond to your enquires, complaints and issues) and to keep updated and bring together and improve records. |
Contract Performance |
For security, credit, identification and verification purposes.
|
Legal Obligation (e.g. compliance with our Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations). |
To detect, investigate, prevent and prosecute criminal activity and to meet out regulatory and compliance obligations (including performing regulatory and prudential compliance checks on an ongoing basis; account and transaction monitoring, checks for sanctions and politically-exposed persons, transaction and tax reporting; making disclosures to, co-operating with, and complying with requests from, public authorities, regulators, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud, terrorism and other crime). |
Legal Obligation Legitimate Interests: To the extent our processing of your personal data for these purposes extends beyond that strictly required by applicable UK and / or EU law to which we are subject, or where such legal / regulatory obligations do not specify the method by which a mandatory outcome (e.g. preventing terrorist financing) shall be achieved, or where we are subject to a legal obligation in another jurisdiction, we consider that we have a legitimate interest in ensuring effective compliance in all relevant jurisdictions, in protecting our customers, and in maintaining a good relationship with law enforcement, regulators and other relevant authorities. We also consider that we have a legitimate interest in protecting our legal rights. |
To assess lending and insurance risks. |
Legitimate Interests: We consider that we have a legitimate Interest in ensuring that the risk to which we are exposed remains within our risk tolerance. |
To collect money that you owe us, to decide if a product or service is suitable for your needs. |
Legitimate Interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability. Legitimate Interests: We consider that we have a legitimate interest in ensuring that we provide our customers with appropriate products and services, both to ensure appropriate risk management and client relationship management. |
To improve customer service, to collect money that you owe us. |
Legitimate Interests: We consider that we have a legitimate interest in providing and improving our customer service, as this allows us to maintain good client relationships and to deal effectively with any queries and complaints. Legitimate Interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability. |
To provide you with the appropriate level of service, to accommodate your specific individuals needs and treat you fairly based on any vulnerability you may have, whether you have told us or we believe necessary to record, to improve customer service. |
Consent Public Interest Vital Interest Legitimate Interests: We consider that we have a legitimate interest in providing and improving our customer service, as this allows us to maintain good client relationships and to deal effectively with any queries and complaints. |
To carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, carrying out billing-related and payments administration, maintaining stocks and shares registers). |
Legal Obligation (to maintain certain statutory records) Legitimate Interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest running our business efficiently. |
To manage and support and provide training to, our staff, to carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, carrying out billing-related and payments administration, maintaining stocks and shares registers) |
Legitimate Interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Legal Obligation (to maintain certain statutory records). Legitimate Interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest running our business efficiently. |
Marketing: To tell you about other Metro Bank products, services and facilities that may interest you (by post, email, phone or text, in accordance with your preferences) To manage and support and provide training to, our staff.
|
Legitimate Interests: We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings. Legitimate Interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Consent to data being processed in relation to direct marketing |
To evaluate the effectiveness of marketing and for research, training and statistical analysis with the aim of improving services. |
Legitimate Interests: We consider that we have a legitimate interest in improving our products, services and operations. |
To help us to improve our products, services and operations (Including market research, analysis of customer preferences, transactions and market trends, evaluating proposed products, testing new systems and upgrading existing systems). |
Legitimate Interests: We consider that we have a legitimate interest in improving our products, services and operations. |
To manage our business and to protect and enforce our rights (Including assessing, monitoring and managing financial, reputational and other risk, conducting audits, liaising with regulators and law enforcement, and to establish, enforce and defend against legal claims). |
Legitimate Interests: We consider that we have a legitimate interest in prudently managing our business and to protect and enforce our rights. |
Where you have consented, we may also sell or exchange your data, or share your information with other carefully chosen organisations, so that you can hear from them about their products or services.
We may also process your personal data for other purposes permitted or mandated by applicable laws, including those legitimate interests pursued by Metro Bank, where these are not overridden by the interests or fundamental rights and freedoms of individuals.
We may collect a limited amount of Special Category Personal data (revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where that information is used to identify an individual), information concerning physical or mental health, an individual's sex life or sexual orientation, (in order to make appropriate accommodations or adjustments), or to provide biometric identification services. When we do so, we will explain to you why we need it, and obtain your consent to use it for the relevant purpose.
To the extent permitted by applicable laws, we may collect and process a limited amount of information regarding criminal convictions and offences and related proceedings (including information relating to allegations and suspicions of criminal offences).
If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account details (excluding identification material).
Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.
If you give us false or inaccurate information and we identify or suspect fraud or other criminal activity, we may pass details to fraud prevention agencies or credit reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering, for example, when:
If you ask, we will provide you with details of the relevant fraud-prevention agencies.
We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit reference agencies (or both) from other countries.
When you visit our website or use our online applications, personal data may be collected automatically, either by us or by a third party acting on our behalf (please see the section on “Google Analytics” for further information), using “cookies”.
Cookies are small text files which are placed on your computer (with your consent, where required by applicable law) by websites you visit. You can use the settings in your web browser to control which cookies you accept, and to erase or block certain or all cookies. Please refer to your browser instructions or the website below for guidance.
If you choose to accept cookies, cookies will be stored on your machine, which help us to analyse how you use our applications (please see “Google Analytics”) and also help you to use some of its functions (for example, to remember your preferences or your password). If you choose not to accept cookies, you should be aware that some of this functionality may be limited.
For further information please visit www.allaboutcookies.org.
What is it?
_ga
Used to identify unique visitors
Expires: 1 year+
_gid
Used to identify unique visitors
Expires: 2 years
_gat
Used to throttle rate requests
Expires: 2 years
If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.
You have specific rights over your personal data, as explained below. These may not apply in all circumstances – we will let you know where this is the case.
You can exercise your rights by contacting us on 0345 08 08 500, in writing using the contact details given at the top of this document, or by visiting one of our stores.
We will respond to your request within one calendar month. We may need to confirm your identity before processing your request. If you can’t give us satisfactory proof of your identity, we have the right to refuse your request. We also have the right to reject requests that are manifestly unfounded or excessive.
If we determine that your personal data is to be used for a new purpose, we will inform you beforehand.
12. Sharing your information
Your personal information may be shared with third party service providers, including companies belonging to the Metro Bank group, which may provide products or services to you or us.
We will only share your personal data where necessary and where we have a lawful basis for doing so (for the purposes previously outlined). Recipients of your personal data include:
These recipients may be located in countries around the world (please see “Processing Personal Data outside of the EU (EEA) and UK”).
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at www.cifas.org.uk/FPN.
Parties with which we share your personal data (for the purposes explained above), may be located in countries outside of the UK and the European Economic Area (EEA), such as India and the USA which have more lenient data protection laws than those of the UK.
We will only make such a transfer where an appropriate transfer mechanism is in place, in compliance with applicable data protection law. Where necessary, we will carry out a risk assessment to ensure that your personal data remains appropriately protected.
In most cases, such transfers are made pursuant to the standard contract clauses approved by the European Commission. A copy of the standard contract clauses are available on the Standard Contractual Clauses page of the European Commission’s website.
As a responsible lender, we take into account your personal circumstances to see whether we should open a current account or to lend to you. To help us to do this, we may use automated credit scoring during applications.
This means that if you apply for one of our accounts or credit with us, we will search your record at companies called credit-reference agencies when considering your application.
We or the relevant credit reference agency take into account available information about you – such as your ability to repay, your credit history and factors such as how long you have lived at your present address. Credit-reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgements and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.
If you apply for one of our current accounts or credit facilities (not cash account), we may use details of your credit history to assess your ability to meet your financial commitments. Credit-reference agencies will record details of your application and our search will form part of your credit history. They will do this whether or not you go ahead with your application. These details will be seen by other organisations that examine your record. Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application.
Credit scoring helps us to work out the level of repayment risk for each applicant based on available information. If that level of risk is unacceptable for us, having looked at your credit score and other factors, we will refuse your application. Exceptionally, Metro Bank will manually assess an application to understand the reason for any credit impairment and whether this is an exceptional circumstance.
We are not obliged to accept an application. If we are unable to accept your application, we will tell you. If we can, we will also tell you the main reason why we did not accept your application. If we refuse your application, we will not pass this information on to a credit-reference agency. You may contact us and ask us to reconsider our decision. If you do, we will generally ask you to give us the extra information that we need.
We may share your personal data with credit-reference agencies:
If you hold a current account with us, we will regularly update the credit-reference agencies with details of the status of your account including:
The credit reference agencies that we use are Experian, Equifax and TransUnion.
For further information about how they use your personal data, please see the links below.
Equifax - www.equifax.co.uk/crain
Experian- www.experian.co.uk/crain
TransUnion - www.transunion.co.uk/crain
This section covers how we shares information outside of the Bank to help fight financial crime. This includes crimes such as fraud, money-laundering and terrorist financing.
We may share your personal information (including copies of your identification, photographs, signature and any other personal information that we hold about you) with fraud-prevention or law-enforcement agencies and other organisations (including credit-reference agencies, other lenders and operators of card schemes) both within the UK and abroad. We may do this to help investigate or prevent crime or terrorism, to check your identity or to meet our legal obligations.
If you give us false or inaccurate information and we identify or suspect fraud, we may pass details to fraud- prevention agencies or credit-reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering, for example, when:
If you ask, we will provide you with details of the relevant fraud-prevention agencies.
We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit- reference agencies (or both) from other countries.
We regularly record and monitor our telephone calls to help improve the products and services we provide to you.
The reasons we record and monitor calls are:
You may request information concerning what personal data we process on you and request a copy of that personal data (see “your rights”).
We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 3 years, in line with our data retention policy.
When visiting our stores we capture your images through the use of CCTV.
The reasons we record CCTV are for the purposes of:
You may request information concerning what personal data we process on you and request a copy of that personal data (see “your rights”).
We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 90 days, in line with our data retention policy.
We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:
Our application uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies to help us analyse how you use the application. The information generated by cookies about your use of the application (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Neither Metro Bank nor Google will associate your IP address with any other data held by Metro Bank or Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.
The Metro Bank website does not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our website you will not be asked by us if you want to allow a program to run.
Metro Bank uses SSL (Secure Sockets Layer) encryption to protect all network traffic between your PC and our systems. All information travelling to and from our website is safe against interception by third parties who might otherwise use that information without your consent.
SSL also protects you by confirming that you are looking at Metro Bank’s website and not a fraudulent site designed to trick you into disclosing your personal data. We use the VeriSign Extended Validation Green Bar to give you the best assurance that you are connected to Metro Bank.