BFC Bank is the data controller in respect of personal data that we process in connection with our business (including the products and services we provide).
Our main address is BFC Bank, 9th Floor, South Quay Building, 77 Marsh Wall, London E14 9SH.
We are a member of BFC Group Holdings WLL (BFC Group). More information about the BFC Group can be found at https://www.bfcgroupholdings.com/.
We at BFC Bank are committed to protecting and respecting your privacy and the purpose of this notice is to explain:
1. What personal data we collect about you
2. How we collect personal data
3. How we use your personal data
4. Your Rights
5. How to make a complaint
6. How and why we share your personal data
7. Transferring your personal data overseas
8. How long we hold personal data
9. Links to other websites
Please note that our websites are not intended for children and we do not knowingly collect data relating to children.
Data Protection Officer
BFC Bank Limited
South Quay Building
77 Marsh Walk
WHAT PERSONAL DATA WE COLLECT ABOUT YOU
We may collect, use, store and/or transfer different kinds of personal data about you. What we mean by personal data is any information about an individual from which that person can be identified (either by itself or when combined with other information). We will limit the collection and processing of personal data to what is necessary to achieve one or more purpose(s) as identified in this notice. The personal data we collect may include:
1. Basic personal data to identify you such as your first name, maiden name, last name, username or similar identifier, marital status, title, date of birth;
2. Your contact information including your email address, address and telephone numbers;
3. Financial information – including bank account details, card payment details and transactional information and history;
4. Products and services provided to you;
5. Online information and online activity based on your interaction with us, our websites and applications for example your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types, searches, site visits and versions, operating system and platform, and other technology on the devices you use to access this website;
6. Images and personal appearance such as copies of your passport or drivers licence or CCTV images;
7. Profile Data which may include your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses; and
8. Usage Data including statistical data including information about how you use our website, products and services.
9. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We may also process certain special category personal data about you for specific and limited purposes such as detecting and preventing financial crime. We will only process such data where we have asked for your explicit consent or are otherwise lawfully permitted to do so. Such information may include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes such as to perform checks to prevent and/or detect crime and to comply with laws relating to anti money laundering, bribery and corruption, fraud, terrorist financing and international sanctions. It may involve investigating and gather information in relation to suspicious activity and sharing data with banks, law enforcement agencies and/or regulatory bodies.
HOW WE COLLECT PERSONAL DATA
Your personal data comprises both personal and financial information and includes information provided to us including;
1. Information you give to us directly where you:
a) Contact us directly via telephone, letters or email;
b) Use our online contact forms, applications, emails;
c) Search for our products and services;
d) Apply for our products or services electronically or otherwise;
e) Take part in discussion boards or other forms of social media;
f) Request marketing material to be sent to you;
g) Enter a competition, promotion or survey; and/or
h) Give us feedback or contact us.
2. Information we learn about you through our relationship and the way you interact with us;
3. Information we may receive from third parties which may include other BFC Group companies who provide services to you or us, credit reference, fraud prevention or government agencies and other banks (where permitted);
4. Information we gather using technology, which you may use to access our services (an IP address for example or telephone number), and how you use technology (for example recognising behavioural patterns);
5. Information we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines.
HOW WE USE YOUR PERSONAL DATA
We will only use your personal data where it is necessary to carry out our business activities and we are required to have one or more of the following reasons for using your personal data:
1. Performance of a contract – the personal data we may need to deliver our services to you;
2. Legal obligation – where we are required by law to process your personal data;
3. Legitimate interest – where we are permitted to use your personal data where on balance the benefits of us doing so is not outweighed by your legal rights;
4. Consent – where your agreement is sought prior to utilising your personal data. Wherever consent is the only reason for using your personal data you have the right to change your mind and/or withdraw your consent.
BFC Bank will mainly use your personal data in the following ways:
1. When you apply for a product or a service (and throughout your relationship with us), we are required by law to collect and process certain personal data about you. Please note that if you do not agree to provide information requested, it may affect service provision as we may be unable to continue to operate your account and/or deliver our services or products to you.
2. To perform checks and monitor transactions and location data for the purposes of detecting and preventing criminal activity in compliance with laws relating to anti money laundering, fraud, terrorist financing, bribery and corruption and international sanctions.
3. We may check and share information held by us with fraud prevention agencies, law enforcement and other government agencies for the purpose of preventing, detecting and prosecuting financial crime and funding of terrorism.
4. To confirm your identity and check you meet the eligibility criteria to receive our products and services.
5. We will also check the information you have provided to us via credit reference agencies and publicly available information.
6. To register you as a new customer
7. To administer your account and deliver our services to you including:
i. Managing payments, fees and charges;
ii. Keeping an accurate history of transactions and sending you relevant statements;
iii. Communicating with you in relation to your account for instance notifying you of any changes to interest rates, limits or charges;
iv. Helping to resolve any problems or complaints you may have;
v. Administering any offers or promotions you have agreed to participate;
vi. Collect and recover monies where appropriate.
8. To manage our relationship with you including:
i. Notifying you of changes to our terms and conditions;
iii. Asking you to leave a review or respond to a survey.
9. To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we provide to you.
10. To use data analytics to improve our website, products/services, marketing, customer relationships and experiences.
11. To make suggestions and recommendations to you about our services which may be of interest to you.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you. You have the right to withdraw consent to marketing at any time by contacting us.
You have several rights under data protection laws which are set out below. You can access any of these rights at any time and if you wish to do so or require further information about your rights please contact us using the details above.
1. Access – the right to request a copy of the personal data we hold on you. When you request this data, this is known as making a Subject Access Request (SAR). In most cases, this will be free of charge, however in some limited circumstances, for example, repeated requests for further copies, we may apply an administration fee;
2. Rectification of personal data – is the right to have any inaccurate personal data corrected;
3. Erasure of personal data – the right to have any out of date personal data deleted once there’s no business need or legal requirement for us to hold it;
4. Restriction of processing personal data – the right to object or restrict some processing, in limited circumstances and only when we don’t have legitimate grounds for processing your personal data;
5. Objection to processing of personal data – the right to object to your personal data being used for example to send you marketing material. As mentioned above, we’ll only send you marketing material where you’ve given us your consent to do so. You can remove your consent at any time;
6. Automated decision making – the right to ask for a decision to be made manually, where a decision is made using automated means and this adversely impacts you; and
7. Portability – the right to have personal data we hold about you transferred securely to another service provider in electronic form.
HOW TO MAKE A COMPLAINT
If you are unhappy with the way we have handled your personal data and/or wish to complain about how your personal data is being processed, please contact our Data Protection Officer using the details provided above.
If you’re not satisfied with our response, you can raise a complaint with the Information Commissioner’s Office https://ico.org.uk/, the UK’s supervisory authority set up to enforce the Data Protection Regulations.
HOW AND WHY WE SHARE YOUR PERSONAL DATA
BFC Bank may from time to time share your personal data with the following organisations who are also required to keep your information confidential, safe and secure:
1. Our parent company and any member of the BFC Group;
2. Third parties, commercial partners, agents, professionals and subcontractors who provide products, services and administrative support to the BFC Group;
3. Third parties or professionals who may be engaged on your behalf;
4. Where we are required by law and law enforcement agencies, judicial bodies, credit reference agencies, fraud prevention agencies, governmental entities, tax authorities or regulatory bodies around the world;
5. Where required as part of any proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or business assets;
6. Anyone else with your permission.
TRANSFERRING PERSONAL DATA OVERSEAS
From time to time we may share your personal data with organisations in other countries including organisations within the BFC Group.
Personal data may be transferred inside and outside the European Economic Area (EEA which included countries within the EU and Iceland, Liechtenstein and Norway). For those countries within the EEA processing of personal data is subject to similar standard of legal protection as is found in the UK.
In circumstances where personal data is transferred outside the EEA we will only do so where:
1. The European Commission has decided that country has an adequate legal framework for the protection of personal data (Adequacy Decision);
2. We have entered into a contractual arrangement which includes terms approved by the European Commission imposing the highest standards of protection of personal data.
3. A third party is a signatory to a recognised and binding code of conduct such as Privacy Shield.
HOW LONG DO WE HOLD PERSONAL DATA?
At BFC Bank we retain your personal data for no longer than is necessary. The time periods for retaining data are determined by several factors including but not limited to the nature and type of record, the nature of the activity, the product or service, the country where BFC Group companies may be located and any applicable legal or regulatory requirements.
It is usual for BFC Bank and BFC Group companies to retain customer personal data relating to an account for up to seven years after your relationship with us ends. Our retention periods may be subject to change from time to time based on commercial, legal or regulatory requirements.
LINKS TO OTHER WEBSITES
BFC Bank Limited, 9th Floor, South Quay Building, 77 Marsh Wall, London E14 9SH
BFC Bank is a trading name of BFC Bank Ltd authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority Financial Services Register number: 716167. BFC Bank Limited Registered in England and Wales, company number 4797759.
© BFC Bank 2020