Privacy notice - before 1 February 2021
1.2 This Policy describes how we collect, protect, use, process, disclose and share personal information when you visit, access or use the ClearBank Services. Please read the following carefully to understand our views and practices regarding personal information and how we will treat it. By using the ClearBank Services you are accepting and consenting to the practices described in this Policy.
1.3 For the purpose of applicable data protection legislation (including but not limited to the Data Protection Act 1998 and the General Data Protection Regulation (Regulation (EU) 2016/679)) and/or the Data Protection (Jersey) Law 2018 (the "Data Protection Legislation"), the data controller is ClearBank Limited; 133 Houndsditch, London, EC3A 7BX ("ClearBank").
2. Collection of information
2.1 The types of personal information we receive or collect from you in relation to your use of the ClearBank Services (together, "Your Data") include:
2.1.2 Information you give us: This is information you give us about you or third parties by filling in forms or submitting data via the ClearBank Services, or by corresponding with us (e.g., by e-mail or chat). It includes information you provide when you register to use, download or subscribe to any ClearBank Services and when you report a problem with any of the ClearBank Services. If you contact us, we may keep a record of that correspondence. The information you give us may include names, addresses, e-mail addresses and phone numbers, ages, usernames and other registration information, personal descriptions and photographs of you or third parties.
2.1.2 Information we collect about you: Each time you access or use a ClearBank Service we may automatically collect the following information:
A. technical information, including the type of device you use, a unique device identifier (e.g., an IMEI number or Ip or MAC address), network information, the type of operating system and browser you use, time zone settings, and other device-related information;
B. device identification information for fraud prevention purposes (referred to in the application at the time of installation of a device);
C. details of your access or use of any ClearBank Services including, but not limited to traffic data, weblogs and other communication data, whether this is required for our own purposes or otherwise and the resources that you access;
D. login details;
E. date, time and duration of access including pages viewed; and
F. event logs (e.g., changes in passwords).
2.1.3 Information we receive from other sources: We work closely with third parties (e.g., business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies).
3. Use of information
3.1 We may use Your Data to allow us to further evaluate, improve and promote our business and the ClearBank Services and to comply with applicable laws and regulations.
3.2 We may also use Your Data on an aggregate or anonymous basis (such that it does not identify any individual clients) for various business purposes, where permissible under applicable laws and regulations.
3.3 We will use Your Data for the following purposes:
3.3.1 to carry out our obligations arising from any contracts entered into between you and us;
3.3.2 to provide you with the information, products and services that you request from us;
3.3.3 to notify you about changes to our services;
3.3.4 to ensure that ClearBank Service content is presented in the most effective manner for you and for your devices;
3.3.5 to administer the ClearBank Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
3.3.6 as part of our efforts to keep the ClearBank Services safe and secure;
3.3.7 to maintain our own accounts and records; and
3.3.8 to support and manage our employees, as our use of your information for all of these purposes will be necessary for our legitimate interests of providing ClearBank Services appropriately and efficiently, maintaining accurate records and ensuring our system runs correctly.
3.4 We may also process your personal data where necessary for us to comply with a legal obligation.
3.5 We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this Policy for as long as it is combined.
If we have received your personal data from someone who asked for your consent to share that information with us, we may rely on that consent (to the 3.6 extent we are allowed to by law), or one of the other grounds noted above.
4. Disclosure of information
4.1 We may be required from time to time to disclose or share information with regulatory and law enforcement authorities and judicial bodies if necessary to comply with legal requirements.
4.2 You agree that we may disclose your personal information to third parties:
4.2.1 if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
4.2.2 if we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
4.2.3 if ClearBank or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
4.2.4 in order to:
A. protect against fraud;
C. protect the rights, property or safety of ClearBank, our customers or others (which may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
4.3 You agree that we have the right to disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
4.4 We may enter into agreements with external parties, including but not limited to business partners, service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants), outsourced IT providers, analytics and search engine providers to provide services necessary for our activity. Under these agreements we may share your information with these external parties, to the extent that use of your information for these purposes is necessary for our legitimate interests or for the legitimate interests of those external parties.
5. Storage of information
5.1 Your Data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us, our affiliates, or for one of our affiliates or partners. These staff may be engaged in the fulfilment of your request, order or reservation, the processing of your payment details and the provision of support services. By submitting your personal data or using the ClearBank Services, you agree to this transfer, storing or processing.
5.2 Where we transfer or otherwise process your Data outside of the EEA in a country or territory which is not deemed by the European Union (“EU”) to provide an adequate level of data protection we utilise standard contract clauses approved by the European Commission, adopt other means under European Union law, and/or obtain your consent to legitimise data transfers from the EEA to destinations outside the EEA. ClearBank will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy.
5.3 All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using transport layer security technology.
5.4 We will hold your information for as long as is necessary to comply with our statutory and contractual obligations and in accordance with our legitimate interests as a data controller.
5.5 We will not retain your personal information for longer than is necessary for the practices described in this policy. The following criteria are used to determine data retention periods for your personal data:
5.5.1 Retention in case of queries- we may retain your personal information as long as necessary to deal with your queries.
5.5.2 Retention in accordance with legal and regulatory requirements- We may retain your personal information for 7 years after the account or service has been closed or has come to an end based on your legal and regulatory requirements. This information may also be used to defend any legal claims.
6. Protection of information
6.1 We maintain physical and electronic safeguards that comply with applicable legal standards to secure the confidentiality of your information, including personal information from unauthorised access and use, alteration and destruction.
6.2 We maintain strict security systems designed to prevent unauthorised access to your personal data by anyone, including our staff.
6.3 We will strive at all times to ensure that your personal data will be protected against unauthorised or accidental access, processing or erasure. We maintain this commitment to data security by implementing appropriate physical, electronic and managerial measures to safeguard and secure your personal data.
6.4 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of Your Data transmitted to the ClearBank Services; any transmission is at your own risk. Once we have received Your Data, we will use strict procedures and security features to try to prevent unauthorised access.
6.5 It is your responsibility to ensure that all of your users accessing the ClearBank Services are aware of your security obligations in doing so. We may require your users to provide certain security credentials and/or to answer certain questions (e.g. a memorable word) in order to validate such user and grant access to the ClearBank Services. You are responsible for ensuring that all users possess valid security credentials.
7. Your rights
7.1 You have the right to be informed about the processing of your personal information. You can contact us if you believe the personal information we have for you is incorrect, if you believe that we are not entitled to use your personal information in accordance with this Policy if you want to restrict our processing of your personal data or if you would like to us to erase personal information that we hold about you. You have the right to move, copy or transfer your personal information (“data portability”) in a machine readable format. For any of these, please email or write to us using the contact details at the within Policy.
7.2 You have the right to object to the processing of your personal information if it is being used because: (i) we deem it necessary for our legitimate interests, (ii) we use it to enable us to perform a task in the public interest or exercise official authority, (iii) we use it to send you direct marketing materials, or (iv) we use it for scientific, historical, research, or statistical purposes. If you notify us that you object, using the contact details at the end of this Policy, we will respond within thirty (30) calendar days (subject to any extensions to which we are lawfully entitled). If your objection relates to us processing your personal information because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
7.2.1 we think that we have a compelling legitimate ground for processing which overrides your interests; or
7.2.2 we are processing your information for the establishment, exercise or defence of a legal claim.
7.3 The ClearBank Services may, from time to time, contain links to and from the websites of our partners, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
7.4 The Data Protection Legislation gives you the right to review personal information that we keep about you. You can request an overview of the personal information that we keep about you free of charge by emailing or writing to us using the contact details at the end of this Policy. We may ask you to verify your identity and for more information about your request. We will seek to act on your request within thirty (30) days (subject to any extensions to which we are lawfully entitled).
7.5 You are free at any time to withdraw the consent for the processing of your personal data. The consequence might be that we can’t proceed with certain activity.
8. Other provisions
8.1 We reserve the right, in our sole discretion, to modify this Policy at any time by posting such changes via the ClearBank Services. Please check back regularly to see any updates or changes to this Policy.
8.2 If you have any questions or specific requests, please contact your Relationship Manager. Alternatively, you can contact us through Portal, +44 (0) 203 111 2370 or via e-mail at [email protected]
FAO The Data Protection Officer
8.3 If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated. Our Complaint Handling Policy can be found within the portal. However, you may also contact us on the above details.
8.4 If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office at the following web address: https://www.ico.org.uk/ or, if you live in a country or territory which is deemed by the EU to provide an adequate level of data protection to your local data protection authority.