Name of DPO: Theyagarajan Natarajan, Contact Email: email@example.com
This policy explains how Bank of Baroda (UK) Limited (referred to in this policy as Bank of Baroda (UK) Limited, Bank, we or us) collects and uses information about you in the course of providing services to you. This includes when you use our website or our online services when you apply to become a customer and when we provide services to you as a customer.
This policy covers the following
- What is Personal Information?
- Whose Personal Information do we collect?
- How do we collect your Personal Information?
- What Information do we collect?
- How do we use your personal information and what is our legal basis for doing so?
- What happens if you do not provide the information which we request?
- How do we share your personal information?
- When do we transfer your data overseas?
- For how long do we keep your personal information?
- Your Rights in relation to your information
- Right to Object
- Exercising your Rights
"The table in section 4 of this policy provides an overview of the data that we collect. The table at section 5 of this policy provides an overview of the purposes for which we use that data, and the legal basis which permits us to use your information.
Our contact details are as follows
Address: Data Protection Officer, Bank of Baroda (UK) Limited, 32 City Road, London EC1Y 2BD Telephone: +44 (0) 20 7457 1515
We have appointed a Data Protection Officer. You can contact the Data Protection Officer using the following details:
What is personal information?
Personal information is any information that tells us something about you or “ other third parties”. This could include information such as name, contact details, date of birth, medical information and bank account details.
Whose personal information do we collect?
How do we collect personal information?
We collect personal information about you from various sources including:
- When you contact us directly through the account application process or during our business relationship with you or a customer you are connected to.
- From other third parties when we carry out due diligence checks or ongoing monitoring – if we do this we will inform you during the account application process of the exact checks that are carried out.
What information do we collect?
We collect the following categories of information about you:
|We collect the following information directly from you||We collect the following information from third parties|
|Name||Sanctions information, if any|
|Title||PEP information, if any|
|Date of Birth||Mortality information, if any|
|Contact details such as current and previous address, contact number, email address||Bankruptcy/insolvency information, if any|
|Nationality||Information about criminal convictions and offences committed, if any|
|Citizenship Status||Electoral roll information, if any|
|Employment Status||Telephone directory, if any|
|Income Details||Adverse media information|
|Employer Contact Details||Credit history|
|Marital Status||Directorship information in an entity|
|Dependants||Persons of significant control in an entity|
|Source of Funds and Source of Wealth|
|ID Document Number (usually passport or driving licence)|
|Other bank account details|
|Voice recording (if you call our contact centre or one of our branches)|
|Tax identification number(s)|
|National Insurance number|
|Birth details such as town/city/country of birth|
|Details of public position held if you are a Politically Exposed Person|
|Details of public positions held by your immediate family, i.e., spouse, partner, children and their spouses and partners, parent if they are Politically Exposed Persons|
|Details of public positions held by your close associates if they are Politically Exposed Persons|
|Residential property ownership status|
|Security information to enable you to access your account and verify your identity|
How do we use your information and what is our legal basis for doing so?
Under data protection legislation we are only permitted to use your personal information if we have a legal basis for doing so as set out in the data protection legislation. We rely on the following legal bases to use your information for business-related purposes
- Where we need to use your personal information in order to enter into a contract with you or to perform a contract with you to provide banking services.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
In more limited circumstances we may also rely on the following legal bases
- Where we need to protect your interests (or someone else's interests)
- Where it is needed in the public interest or for official purposes
There are additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data. We may process criminal conviction information where we need to do so to comply with our regulatory obligations. In the table below we set out an explanation of the purposes for which we use your personal information and the legal bases that permit us to use your personal information for those purpose. Where appropriate, we have also identified our legitimate interests in processing your personal data.
We may process your personal information for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us if you need details about the specific legal basis we are relying on to process your personal information where more than one ground has been set out in the table below.
|Purpose and/or activity||Legal basis for processing|
|To make decisions about providing credit to you or a customer you are connected to||
|To comply with our regulatory duties, including regulatory reporting||
|To assess customer transactions from a finance, management and regulatory perspective||
|For business management and planning purposes, including accounting, auditing and compliance with statutory record keeping requirements||
|For marketing purposes||
|To deal with legal disputes||
|For fraud and financial crime prevention||
|To make/receive payments||
What happens if you do not provide information that we request?
We need some information so that we can comply with our legal obligations. For example, we need information from you so that we can comply with our regulatory requirements to identify our customers and carry out anti-money laundering checks before we can offer our services to a new customer and during the customer relationship. We also need certain information to enable us to provide our services to you and perform our contract with you. For example, we need your contact information so that we can communicate with you about your account.
Where information is needed for these purposes if you do not provide it we will not be able to provide services to you or the customer you are connected to (as applicable). If you do not provide information as requested during the course of our relationship with you/our customer, we may have to stop providing services to you/our customer (as applicable).
How do we share your personal information?
We share your personal information in the following ways
- We share customer information with the Bank of Baroda Corporate Office, Mumbai, and Data Recovery site in India (Parent Bank) so that they can provide us with IT services. We also share customer information with the Parent Bank for regulatory purposes, so that the Bank can comply with Indian regulatory requirements.
- When we use service providers to help us deliver our services to you or to administer your accounts we share customer information with those service providers. This may include IT service providers, debt recovery agents and other service providers
- We share customer information with our regulators (both in the UK and in India) when we have a regulatory duty to do so.
- We share customer information with the police and with criminal investigation agencies in the UK and in India where necessary for the purposes of preventing, detecting or investigating crime.
- In some circumstances we have legal obligations to report suspected criminal activities to relevant authorities. This includes where we suspect money laundering or other criminal activities.
- We will disclose customer information when it is necessary to do so to protect the Bank's interests or to pursue a legal claim.
- If you have a joint account or if you have authorised another person to act on your behalf, your information will be shared with the joint account holder or authorised user (as applicable).
- We share your information with fraud prevention agencies. If you provide us with false or inaccurate information and fraud is identified, we will pass details of the fraud to fraud prevention agencies to prevent fraud and money laundering.
Credit reporting: "Where you apply for new products, we will share your information with Credit Reference Agencies (CRAs) in order to assess whether you or your business can afford to make the repayments, to manage your account(s) with us, to confirm whether the information you provide is accurate and for fraud and crime prevention purposes.
During the course of your relationship with the Bank we will continue to exchange information about you with CRAs, We will inform the CRAs in respect of your repayment history or if you fail to repay in full or on time. In turn this information may be supplied by CRAs to other organisations.
A CRA search request places a search footprint on your credit file which will be visible when you apply for a loan, credit card, mortgage or attempt to open another account. Where you have made a joint application we will link your records and you should inform the other person of this before submitting the application.
The CRAs have created a joint document called the Credit Reference Agency information Notice which provides further information about how CRAs use your personal data. The notice is available at the following locations
- Call Credit : www.callcredit.co.uk/crain
- Equifax : www.equifax.co.uk/crain
- Experian : www.experian.co.uk/crain
When do we transfer your information overseas?
When data is transferred to countries outside of the UK and the European Economic Area those countries may not offer an equivalent level of protection for personal information to the laws in the UK. Where this is the case we will ensure that appropriate safeguards are put in place to protect your personal information.
The countries to which your personal information is transferred and the safeguards in place are detailed below:
India – our parent bank in India provides IT support to us. We have put in place a contract with our parent bank on the model terms approved by the European Commission. For further details, see Commission: Model contracts for the transfer of personal data to third countries.
For how long do we keep your information?
As a general rule we keep your personal information for the duration of our contract with you or the customer to which you are connected (as applicable) and for a period of 6 years after that contract ends. However, where we have statutory obligations to keep personal information for a longer period or where we may need your information for a longer period in case of a legal claim, then the retention period may be longer.
Your rights in relation to your information
You have a number of rights in relation to your personal information, these include the right to
- Be informed about how we use your personal information
- Obtain access to your personal information that we hold
- Request that your personal information is corrected if you believe it is incorrect, incomplete or inaccurate,
- Request that we erase your personal information in the following circumstances:
- If Bank of Baroda (UK) Limited is continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected
- If Bank of Baroda (UK) Limited is relying on consent as the legal basis for processing and you withdraw consent (we do not usually rely on consent)
- If Bank of Baroda (UK) Limited is relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us continue with the processing
- If the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation)
- If it is necessary to delete the personal data to comply with a legal obligation
- Ask us to restrict our data processing activities where you consider that:
- Personal information is inaccurate
- Our processing of your personal information is unlawful
- Where we no longer need the personal information but you require us to keep it to enable you to establish, exercise or defend a legal claim
- Where you have raised an objection to our use of your personal information
- Request a copy of certain personal information that you have provided to us in a commonly used electronic format. This right relates to personal information that you have provided to us that we need in order to perform our agreement with you and personal information where we are relying on consent to process your personal information; and
- Not be subject to automated decisions which produce legal effects or similarly significant effects on you.
Right to object
You have a right to object to our processing of your personal information where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal information
Exercising your rights
If you would like to exercise any of your rights or find out more, please contact Data Protection Officer, Bank of Baroda (UK) Limited, 32 City Road, London EC1Y 2BD.
If you have any complaints about the way we use your personal information please contact Data Protection Officer, Bank of Baroda (UK) Limited, 32 City Road, London EC1Y 2BD who will try to resolve the issue. If we cannot resolve your complaint, you have the right to complain to the data protection authority in your country (the Information Commissioner in the UK).