Privacy Notice

Personal information & the law

1. Who are we?

Metro Bank PLC, (“Metro Bank”, “we” or “us”), registered in England and Wales, Company number: 6419578.

We are a controller for the processing activities specified in this Privacy Notice that relate to your personal data.

This Privacy Notice also explains how other parties, including companies belonging to the Metro Bank group, may use your personal data excluding any products, applications or services that have separate privacy notices which do not incorporate this Privacy Notice.

If you have any questions about this Privacy Notice, or would like more information about how we use your personal data or to exercise any of your data subject rights (see “Your rights”) please contact our Data Protection Officer:

Write to:                          

Data Protection Officer
Metro Bank PLC
One Southampton Row
London, WC1B 5HA

Email: DataProtectionOfficer@metrobank.plc.uk

If you are unhappy with our management of your information, you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit www.ico.org.uk for more information.

2. Our collection and retention of personal data

Personal data includes any information that directly or indirectly (whether alone or in conjunction with other information) identifies you (or someone else). This includes information such as your name, address and contact details, but also includes, for example, any photograph we have of you (e.g. when you provide us with a selfie and a copy of a photo ID as part of the account opening process), online identifiers such as IP address or device ID, and location data.

The personal data we hold about you is limited to information that:

• You have given us directly, for example when you apply for an account or contact us (e.g. a copy of your ID, a selfie and your contact information, or details of your query or complaint);
• We capture through the use of CCTV when you visit one of our stores
• We record and monitor through our telephone calls to help improve the products and services we offer;
• We receive from trusted third parties during eligibility checks
• We collect during the provision of our contracted services to you (e.g. your account details, and details of your transactions and interactions with us)
• We, or third parties acting on our behalf (such as Google Analytics), automatically collect when you use our website [or interact with our emails] (in each case, with your consent, where necessary). Examples of data collected include your IP address, browser type referral source, information about which parts of our page you have visited and how long you spent on them, the preferences you have set, and whether you have opened our emails
• We occasionally obtain personal data from publicly available sources, such as social media sites (e.g. we may collect your name and comments where you mention us in a post) and Government registers (e.g. Companies House).

Where we ask you to provide personal data to us on a mandatory basis, we will tell you at the time of collection. In the event that particular personal data is required by the contract or law, this will be made clear. We will also explain the consequences of any failure to provide any mandatory personal data: for example, if you can’t show us proof of identity, this will mean that we cannot open an account for you.

We may also collect your personal data where you engage with us online (for example, on Twitter or LinkedIn) or where you mention us in a public forum.  Remember that any information you publish online may be seen by others: please see the section on “Social Networking Sites” for further information.

If you open an account with us and you are under 18, we may also collect personal data that directly or indirectly identifies your parent or legal guardian who helped you open an account.  We may use and keep their personal data only for the purposes of checking your identity. You must not give us personal data about someone else (such as a joint applicant or a parent or guardian) without first getting their permission for it to be used and released.  We will assume that that person has given permission, although we may still ask for confirmation.

At the end of your relationship with us (for example, if you decide to close your account), we retain your personal data for as long as required to meet our legal and regulatory obligations.  Where retention is based on other reasons, we will retain it for no more than seven years, in line with our data retention policy.

3. The purposes and lawful basis for our collection of personal data

Your personal data is collected and processed for business and compatible purposes, in accordance with applicable laws and as set out below. Personal data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. in fraud investigations or similar).

We generally process your personal data under one of the following legal bases:

• Our legitimate business interests (described in the section below), except where these are overridden by your interests or fundamental rights and freedoms which require protection of personal data (“Legitimate Interests”);
• Compliance with our legal obligation to which we are subject (“Legal Obligation”)
• For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (“Contractual Performance”).

We may also rely on other bases (for example, where the processing is necessary in the performance of a task carried out in the public interest or in order to protect your vital interests or those of another person or where you have given your consent) on an exceptional basis, where none of the above apply.

We have identified the following purposes for processing personal data, each of which relates to a lawful basis for processing, as required under applicable law. These purposes include:

Purpose for processing	Lawful Basis
To provide products and services which you have requested, and to conduct business with you (for example: to process your application, to manage your account, to tell you about important changes to our services, to respond to your enquires, complaints and issues) and to keep updated and bring together and improve records.	Contract Performance
For security, credit, identification and verification purposes.	Legal Obligation (e.g. compliance with our Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations).
To detect, investigate, prevent and prosecute criminal activity and to meet out regulatory and compliance obligations (including performing regulatory and prudential compliance checks on an ongoing basis; account and transaction monitoring, checks for sanctions and politically-exposed persons, transaction and tax reporting; making disclosures to, co-operating with, and complying with requests from, public authorities, regulators, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud, terrorism and other crime).	Legal Obligation Legitimate Interests: To the extent our processing of your personal data for these purposes extends beyond that strictly required by applicable UK and / or EU law to which we are subject, or where such legal / regulatory obligations do not specify the method by which a mandatory outcome (e.g. preventing terrorist financing) shall be achieved, or where we are subject to a legal obligation in another jurisdiction, we consider that we have a legitimate interest in ensuring effective compliance in all relevant jurisdictions, in protecting our customers, and in maintaining a good relationship with law enforcement, regulators and other relevant authorities. We also consider that we have a legitimate interest in protecting our legal rights.
To assess lending and insurance risks.	Legitimate Interests: We consider that we have a legitimate Interest in ensuring that the risk to which we are exposed remains within our risk tolerance.
To collect money that you owe us, to decide if a product or service is suitable for your needs.	Legitimate Interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability. Legitimate Interests: We consider that we have a legitimate interest in ensuring that we provide our customers with appropriate products and services, both to ensure appropriate risk management and client relationship management.
To improve customer service, to collect money that you owe us.	Legitimate Interests: We consider that we have a legitimate interest in providing and improving our customer service, as this allows us to maintain good client relationships and to deal effectively with any queries and complaints. Legitimate Interests: We consider that we have a legitimate interest in collecting money owed to us, to ensure our ongoing financial stability.
To provide you with the appropriate level of service, to accommodate your specific individuals needs and treat you fairly based on any vulnerability you may have, whether you have told us or we believe necessary to record, to improve customer service.	Consent Public Interest Vital Interest Legitimate Interests: We consider that we have a legitimate interest in providing and improving our customer service, as this allows us to maintain good client relationships and to deal effectively with any queries and complaints.
To carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, carrying out billing-related and payments administration, maintaining stocks and shares registers).	Legal Obligation (to maintain certain statutory records) Legitimate Interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest running our business efficiently.
To manage and support and provide training to, our staff, to carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, carrying out billing-related and payments administration, maintaining stocks and shares registers)	Legitimate Interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Legal Obligation (to maintain certain statutory records). Legitimate Interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest running our business efficiently.
Marketing: To tell you about other Metro Bank products, services and facilities that may interest you (by post, email, phone or text, in accordance with your preferences) To manage and support and provide training to, our staff.	Legitimate Interests: We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings. Legitimate Interests: We consider that we have a legitimate interest in managing, supporting and providing training to our staff. Consent to data being processed in relation to direct marketing
To evaluate the effectiveness of marketing and for research, training and statistical analysis with the aim of improving services.	Legitimate Interests: We consider that we have a legitimate interest in improving our products, services and operations.
To help us to improve our products, services and operations (Including market research, analysis of customer preferences, transactions and market trends, evaluating proposed products, testing new systems and upgrading existing systems).	Legitimate Interests: We consider that we have a legitimate interest in improving our products, services and operations.
To manage our business and to protect and enforce our rights (Including assessing, monitoring and managing financial, reputational and other risk, conducting audits, liaising with regulators and law enforcement, and to establish, enforce and defend against legal claims).	Legitimate Interests: We consider that we have a legitimate interest in prudently managing our business and to protect and enforce our rights.

 

Where you have consented, we may also sell or exchange your data, or share your information with other carefully chosen organisations, so that you can hear from them about their products or services.

We may also process your personal data for other purposes permitted or mandated by applicable laws, including those legitimate interests pursued by Metro Bank, where these are not overridden by the interests or fundamental rights and freedoms of individuals.

4. Sensitive personal data

We may collect a limited amount of Special Category Personal data (revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where that information is used to identify an individual), information concerning physical or mental health, an individual's sex life or sexual orientation, (in order to make appropriate accommodations or adjustments), or to provide biometric identification services. When we do so, we will explain to you why we need it, and obtain your consent to use it for the relevant purpose.

To the extent permitted by applicable laws, we may collect and process a limited amount of information regarding criminal convictions and offences and related proceedings (including information relating to allegations and suspicions of criminal offences).

5. Joint applications

If you have applied for a joint account, this will mean that both parties will have access to the account at all times. This also means that account holders who submit a request for their information will also be entitled to a copy of the joint account details (excluding identification material).

Where you have provided information regarding the other applicant, you must ensure you do so with their full consent.

6. Law enforcement, fraud prevention and other agencies

If you give us false or inaccurate information and we identify or suspect fraud or other criminal activity, we may pass details to fraud prevention agencies or credit reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering, for example, when:

• Checking details on applications for credit and credit-related accounts or other facilities
• Managing credit and credit-related accounts or facilities.

If you ask, we will provide you with details of the relevant fraud-prevention agencies.

We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit reference agencies (or both) from other countries.

7. Use of Cookies for online applications

When you visit our different online channels, we or a third-party service provider may collect technical and navigational information. This is done through the use of cookies.

A "cookie" is a small text file that's stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.

Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.

Our online services use session and persistent cookies.

Some cookies are set by websites you go to, they are known as first party cookies. Others are set by outside organisations such as social media, search engines, other advertising networks and our business partners; these are known as third party cookies. Whether a cookie is first or third party depends on where it comes from.

Our online services use first and third party cookies.

For further information please visit www.allaboutcookies.org.

8. Cookies

Metro Bank’s Cookies policy explains how we use cookies and similar tracking technologies. It also explains the choices you can make about whether we can put some types of cookies on your PC, tablet or mobile phone.

In this policy, where we say 'cookies' it also includes similar tracking technologies that collects data while you use our website, online banking site and mobile applications to help provide you with the best possible online experience.

The information cookies collect, and how we use that information, may count as computer information e.g. Internet Protocol address (‘IP address’), operating system, browser type, pages visited and average time spent.

Data we collect will be held by Metro Bank. We use this data to:

• Protect our visitors and customers from fraud and keep improving security.
• Analyse how our visitors use our online services to help us improve their performance
• Decide which of our products, services and offers may be relevant for you.

We do not sell data to organisations outside our Group.

If you have questions on our use of cookies, please get in touch at DataProtectionOfficer@metrobank.plc.uk.

8.1 Types of cookies we use

The cookies we use are either strictly necessary or optional.

Strictly necessary cookies

Generally, these cookies will be essential cookies and are required for the operation of our website. They include cookies that enable you to log into secure areas of our website and help ensure the content of the pages you request load quickly. Without these cookies, you will not be able to access our online services (e.g. our website or a service on our website) which you have requested, this is why we will not collect your preferences in regards to these cookies.

Essential cookies are used to:

• Maintain online security and protect against online fraud
• Maintain privacy of end user to help keep your details safe and secure

Optional cookies:

We would like to use cookies to provide optional features and improve our website.

We understand that not everyone likes data to be collected about them when it's not strictly necessary, and so we'll ask you to set your preferences when you first visit our website.

To make it easier to choose which optional cookies to accept, we've organised these cookies by category. These are set out below. You can choose which categories you'd be happy for us to use in your cookie settings and make changes at any time by selecting 'Manage cookie settings' at the top of this page.

Performance cookies – tracking website performance

These cookies collect aggregated information and are not used to identify you, all the information collected is anonymous and is only used to help us understand and analyse how visitors use our online services and look for ways to improve their performance.

 For example, a cookie might allow us to both count visitors and see how visitors navigate our online services which allow us to improve customer journey.

The analytics cookies we use include:

• Google analytics – which uses cookies to help us analyse how our visitors use the site. Find out more about how these cookies are used on the Google privacy site. [https://policies.google.com/privacy?gl=GB&hl=en-GB]
• Hotjar – which uses cookies to collect user behaviours online for statistical purposes. [https://www.hotjar.com/legal/policies/privacy/]
• Episerver – which uses cookies to tag a unique ID to the user to be able to provide personalised content for the Metro Bank website [https://www.episerver.com/legal/privacy-statement]

Functional cookies – giving you a better online experience

These cookies remember your preferences so that you do not have to reset your preferences each time you visit our website and other online channels. These cookies allow us to deliver a more personal experience and to personalise content for you, without them we cannot remember your choices or personalise your online experience.

For example, we use functional cookies to maintain your preferences across all pages of an online service platform you visit.

Targeting cookies

These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. They will always be persistent but time-limited cookies.

Targeting cookies are used to send you relevant information and see which content you use. They do this by recording your visits to our websites, the pages you have visited and the links you have followed. We then use the information collected to tailor both our website and the relevance of our advertising displayed to your interests. In order to make our advertising displayed more relevant, we provide the information collected to advertising networks. Please note these cookies do not contain any of your personal or financial information.

We partner with third-party companies including Google Ads and Facebook to provide cookies that help us optimise the relevance of advertisement on the website.

Overview of the cookies we use across all online service channels

Category	What they do	My choices
Strictly necessary	These cookies are needed to run our website, to keep it secure if you are logged on and to obey regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details safe and private. Other important jobs they do are: Help you move around the site Tell us if you’ve been to it before and which pages you went to Tell us how the site is working, so we can find and fix any problems.	You can’t turn off these cookies
Functional	These cookies are used for remembering things like: Your user ID on the log on page Your region or country Your preferred language Accessibility options like large font or high contrast pages.	We’ll ask for your consent to use these cookies
Performance	These cookies tell us how you and our other customers user our website. We combine all this data together and study it. This helps us to: Improve the performance of our services Improve the products we provide.	We’ll ask for your consent to use these cookies
Marketing	These cookies help us decide which of our products, services and offers may be relevant for you. We may use this data to tailor the marketing and ads you see on our own and other websites and mobile apps, including social media. For instance, you may see our ads on other sites after you have been to our website. If you turn off marketing cookies, you will still see ads online, but they will not be tailored to things that may interest you.	We’ll ask for your consent to use these cookies

 

8.2 Managing cookies

You can manage your cookie preferences at any time by changing your cookie settings.

Cookie Settings

You can also use your browser settings to delete cookies that have already been set at any time and to manage cookies, for example, to switch off a cookie altogether. If you do this, it could mean that we can't use strictly necessary cookies properly and so parts of our website may not work correctly.

For more information about how to use your browser settings to clear your browser data or to manage cookies, check directly your browser 'Help' function.

Find out more on how to manage cookies in common browsers (Internet Explorer, Chrome, Firefox and Safari) on the Information Commissioners’ Office (ICO) website.

8.3 How do we remember your cookie preferences

Your preferences are stored in cookies stored on your browser. If you switch off a category of cookies that you've previously accepted, then for technical reasons those cookies will not be deleted.

To delete cookies from your browser, we recommend that you clear your browser data. If you do this, or change browser, we'll ask for your preferences again when you next visit our website.

The control you have

9. Keeping your information up to date

If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.

10. Your rights

You have specific rights over your personal data, as explained below. These may not apply in all circumstances – we will let you know where this is the case.

• Data subject access request: You may request information concerning what personal data we process on you and request a copy of that personal data
• Rectification of inaccurate personal data: You may request rectification of any inaccurate personal data.  We take reasonable steps to keep your personal data accurate and current but you can also ask us to change any information we hold about you to keep it accurate, complete and current. However, please remember that it is your responsibility to tell us about any updates to this information
• Erasure of personal data: You have the right to ask us to erase the personal data we hold about you. It may be necessary to retain your personal data to fulfil our contract with you or our legal and regulatory obligations
• Restricting processing of personal data: You can request that we restrict our processing of your personal data where you contest the accuracy of the information we hold (restricted until it has been verified), it was processed unlawfully but you do not wish us to erase it just restrict our processing or we no longer need the personal data but you need us to retain it for the establishment, exercise or defence of a legal claim.  Where a restriction is in place we can continue to store your information but only otherwise process it with your consent or for the establishment, exercise or defence of legal claims, for the protection of another individuals rights or for important public interest reasons. We will inform you prior to the lifting of any restriction
• Right of portability: In certain circumstances, where technically feasible, you have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another controller, if the processing is based on consent and is carried out by automated means
• Object to the processing of your personal data: Where we process your personal data on the basis of ‘Legitimate Interests’, you can request we stop such processing. Where we process your personal data for direct marketing purposes, you can request we stop such processing and we will cease any processing related to direct marketing
• Right not to be subject to automated decision-making: You have the right to ask that a human reviews an automated decision, to express your point of view and to contest an automated decision
• Right to withdraw consent: Where we process your personal data because you have given us your consent, withdraw your consent at any time

You can exercise your rights by contacting us on 0345 08 08 500, in writing using the contact details given at the top of this document, or by visiting one of our stores.

We will respond to your request within one calendar month. We may need to confirm your identity before processing your request. If you can’t give us satisfactory proof of your identity, we have the right to refuse your request.  We also have the right to reject requests that are manifestly unfounded or excessive.

 

How personal information is used

11. Further processing

If we determine that your personal data is to be used for a new purpose, we will inform you beforehand.

12. Sharing your information

Your personal information may be shared with third party service providers, including companies belonging to the Metro Bank group, which may provide products or services to you or us.

We will only share your personal data where necessary and where we have a lawful basis for doing so (for the purposes previously outlined). Recipients of your personal data include:

• Other parties connected to your account (i.e. joint account holders)
• Credit reference agencies (please see section below)
• Our service providers (such as payment processors, IT service providers, email service providers and web analytics providers)
• Specific subcontractors who help to provide you with the services you have requested
• Tax authorities, regulatory authorities, law enforcement agencies and fraud prevention agencies
• Our insurers, lawyers, auditors, consultants and other professional advisers
• Other banks or financial institutions (where you ask us to share your personal data, or where we are asked to confirm your identity for the purposes of preventing or investigating financial crime)
• If you want to use our referral to selected third parties to get discounts for their services, or where you want to take advantage of our functionality to import or export your banking data
• Third parties where you have consented for us to share your data with them.

These recipients may be located in countries around the world (please see “Processing Personal Data outside of the EU (EEA) and UK”).

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at www.cifas.org.uk/FPN.

13. Processing personal data outside of the EU (EEA) and the UK

Parties with which we share your personal data (for the purposes explained above), may be located in countries outside of the UK and the European Economic Area (EEA), such as India and the USA which have more lenient data protection laws than those of the UK.

We will only make such a transfer where an appropriate transfer mechanism is in place, in compliance with applicable data protection law. Where necessary, we will carry out a risk assessment to ensure that your personal data remains appropriately protected.

In most cases, such transfers are made pursuant to the standard contract clauses approved by the European Commission.  A copy of the standard contract clauses are available on the Standard Contractual Clauses page of the European Commission’s website.

14. How we use credit reference agencies

As a responsible lender, we take into account your personal circumstances to see whether we should open a current account or to lend to you. To help us to do this, we may use automated credit scoring during applications.

This means that if you apply for one of our accounts or credit with us, we will search your record at companies called credit-reference agencies when considering your application.

We or the relevant credit reference agency take into account available information about you – such as your ability to repay, your credit history and factors such as how long you have lived at your present address.  Credit-reference agencies use information from a number of different public sources (for example, the electoral roll, county court judgements and bankruptcies), as well as information from other banks or lenders on how you manage your other banking or credit arrangements.

If you apply for one of our current accounts or credit facilities (not cash account), we may use details of your credit history to assess your ability to meet your financial commitments.  Credit-reference agencies will record details of your application and our search will form part of your credit history. They will do this whether or not you go ahead with your application.  These details will be seen by other organisations that examine your record.  Records relating to one or more of your partners may already be linked to your record and we may consider these ‘associated’ records when considering your application. 

Credit scoring helps us to work out the level of repayment risk for each applicant based on available information. If that level of risk is unacceptable for us, having looked at your credit score and other factors, we will refuse your application. Exceptionally, Metro Bank will manually assess an application to understand the reason for any credit impairment and whether this is an exceptional circumstance.

We are not obliged to accept an application. If we are unable to accept your application, we will tell you. If we can, we will also tell you the main reason why we did not accept your application. If we refuse your application, we will not pass this information on to a credit-reference agency. You may contact us and ask us to reconsider our decision. If you do, we will generally ask you to give us the extra information that we need.

We may share your personal data with credit-reference agencies:

• To check your identity and verify the accuracy of the data you provide to us
• To assess your creditworthiness and decide if you are eligible for an account, service or facility
• To trace and recover debts
• To manage your account(s)
• To prevent criminal activity, fraud and money laundering.

If you hold a current account with us, we will regularly update the credit-reference agencies with details of the status of your account including:

• The balance of any overdraft
• Details of any defaults
• Changes to your personal data
• Any special circumstances that apply to your account.

The credit reference agencies that we use are Experian, Equifax and TransUnion.

For further information about how they use your personal data, please see the links below.

Equifax - www.equifax.co.uk/crain  

Experian- www.experian.co.uk/crain

TransUnion - www.transunion.co.uk/crain

15. Fraud prevention agencies

This section covers how we shares information outside of the Bank to help fight financial crime. This includes crimes such as fraud, money-laundering and terrorist financing.

16. Preventing crime

We may share your personal information (including copies of your identification, photographs, signature and any other personal information that we hold about you) with fraud-prevention or law-enforcement agencies and other organisations (including credit-reference agencies, other lenders and operators of card schemes) both within the UK and abroad. We may do this to help investigate or prevent crime or terrorism, to check your identity or to meet our legal obligations.

If you give us false or inaccurate information and we identify or suspect fraud, we may pass details to fraud- prevention agencies or credit-reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering, for example, when:

• Checking details on applications for credit and credit-related accounts or other facilities
• Managing credit and credit-related accounts or facilities.

If you ask, we will provide you with details of the relevant fraud-prevention agencies.

We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit- reference agencies (or both) from other countries.

17. Recording our calls

We regularly record and monitor our telephone calls to help improve the products and services we provide to you.

The reasons we record and monitor calls are:

• To help improve customer service
• To help us meet our legal and regulatory requirements
• To help detect and prevent fraud and/or other crimes
• To help us answer your queries and issues.

You may request information concerning what personal data we process on you and request a copy of that personal data (see “your rights”).

We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 3 years, in line with our data retention policy.

18. CCTV

When visiting our stores we capture your images through the use of CCTV.

The reasons we record CCTV are for the purposes of:

• Security
• Health & Safety
• Crime prevention and detection.

You may request information concerning what personal data we process on you and request a copy of that personal data (see “your rights”).

We retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than 90 days, in line with our data retention policy.

19. Social networking sites

We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:

• Social media web pages are not private, please do not share your personal account information on any of the websites, including through the use of private messages
• Although we do always try to read every message sent to us on social media, we cannot guarantee a response to every message
• Any pictures you provide on our social media web pages may be used within our internal newsletters
• Any information that you provide us with on social media web pages may be retained by the web page for longer than your relationship with us.

20. Google Analytics

Our application uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies to help us analyse how you use the application. The information generated by cookies about your use of the application (including your IP address) will be transmitted to and stored by Google on servers in the United States. 

Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. 

Neither Metro Bank nor Google will associate your IP address with any other data held by Metro Bank or Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

21. Java/ActiveX

The Metro Bank website does not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our website you will not be asked by us if you want to allow a program to run.

22. SSL certificates/Green Bar

Metro Bank uses SSL (Secure Sockets Layer) encryption to protect all network traffic between your PC and our systems. All information travelling to and from our website is safe against interception by third parties who might otherwise use that information without your consent.

SSL also protects you by confirming that you are looking at Metro Bank’s website and not a fraudulent site designed to trick you into disclosing your personal data. We use the VeriSign Extended Validation Green Bar to give you the best assurance that you are connected to Metro Bank.