This Privacy Notice (the Notice) sets out how Leek Building Society collects and uses your personal data and the rights you have under applicable data protection laws. When you share your details with us, we want you to be confident that we'll protect that data and only use it in the ways we set out in this Notice.
To help you navigate, the Notice is divided into helpful sections with clear subject headings. This Privacy Notice may be updated from time to time. Here, you'll find the most up to date version. You can download a printable copy of this and our Privacy Notice for young savers at the bottom of this page.
At the end of this Privacy Notice, we've shared with you the privacy notices of Fraud Prevention Agencies and Credit Reference Agencies (CRAs). Please read them carefully and contact those organisations if you have questions (their details are in their notices).
We are Leek Building Society of 50 St. Edward Street, Leek, Staffordshire, ST13 5DL. Leek Building Society is a trading name of Leek United Building Society, which is authorised by the Prudential Regulation Authority and regulated by
the Financial Conduct Authority and the Prudential Regulation Authority with firm reference number 100014.
In line with data protection law, we are the data controller of your information. This means that we are responsible for your personal data and making sure it is processed fairly and lawfully.
When we use terms such as we, us and our in this Notice, we mean Leek Building Society.
We have appointed a Data Protection Officer, referred to in this Notice as the DPO. The Society’s Chief Risk Officer, Andrew Davies, is the appointed DPO. The DPO can be contacted if you have queries about this Privacy Notice or wish to exercise any of your data protection rights.
Marking your communication as FAO Society DPO, either email andrew.davies@leekbs.co.uk or use our postal address: 50 St. Edward Street, Leek, Staffordshire, ST13 5DL.
Alternatively, call our central switchboard on 01538 384151 and request to speak with the DPO.
Your personal data is any information about you that can be used to identify you. The amount of personal data that we hold about you will depend upon the types of interactions we have had, the services you have accessed and
whether you have any accounts with us.
We have set out below some categories of personal data that we might hold about you:
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Privacy Notice.
You should tell us without delay so that we can update our records. The contact details for this purpose can be found here. If you were introduced to us by a broker or other intermediary, you should also contact them separately.
Most personal data that we collect and process about you will come directly from you. The data is collected when you:
If you make a joint application with your spouse, partner, or family member, we'll also collect their personal information and you must show this Notice to them and confirm they know you'll share their personal information with us.
If there's somebody who has power of attorney over your affairs, that person will see this Notice when we contact them.
We collect personal data about you whenever you use our website or app and when you transact on your accounts.
We receive and process personal data about you from various other sources as set out below.
If you're introduced to us by a broker or other intermediary, we'll obtain some personal information about you from them when they introduce you to us.
In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, CRAs, your employer, landlord, other lenders, HMRC, DWP, publicly available directories and information (e.g., phone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist with your application for one of our products, the management of your accounts, as well as in the prevention and detection of crime, police, and law enforcement agencies.
Some of the personal information obtained from CRAs will have originated from publicly accessible sources. CRAs draw on court decisions, bankruptcy registers and the electoral register.
We're unable to provide you with mortgage or savings products or process your application without having personal information about you. We need your personal information before you can enter the relevant contract with us. It's required during the life of that contract, or for as long as by the laws that apply to us remain in place.
We'll only use your personal data where the law allows us to. Data protection law refers to lawful bases of processing, four of which are set out below. The lawful basis that we rely on will depend on the purpose for which we're processing the data.
We'll use your personal data in the following circumstances:
In very limited circumstances we may process data about your health so that we can protect your financial interests.
Much of what we do with your personal information isn't based on your consent, instead it's based on another lawful basis as detailed in the table below.
If we do seek your consent, we'll explain how we wish to process your personal data. For processing that is based on your consent, you have the right to take it back at any time. You can do this by contacting us using the details below.
The table below sets out the ways we use your personal data and the lawful basis we rely on for that processing.
| Purpose | Lawful basis |
|---|---|
| To confirm your identity | To comply with legal obligation |
| To carry out credit check | You have given your consent |
| To open and manage your account | To perform the contract |
| To collect money owed to us | To perform the contract |
|
To manage our relationship with you, for example:
|
To perform the contract To comply with legal obligations |
| To prevent financial crime | To comply with legal obligations |
| To protect branch security | To comply with legal obligations |
| To market our products and services | You have given your consent |
| To comply with legal and regulatory obligations generally | To comply with legal obligations |
| Sharing your data with other payment services providers |
To comply with legal obligations You have given your consent |
We may use your address, phone numbers, email address and social media (e.g., Facebook, Google, and message facilities in other platforms) to contact you according to your marketing preferences. You'll only receive such materials where you've opted in. You can stop our marketing at any time by phone, email or visiting one of our branches.
We'll never sell of share your personal data with any third party for marketing purposes.
Monitoring refers to any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, social media messages, face to face meetings and other communications, including CCTV.
We may monitor where permitted by law and we'll do this where the law requires it. Where we're required by the Financial Conduct Authority’s regulatory regime to record certain phone lines we'll do so.
Some of our monitoring may be to
We have CCTV inside and outside all our premises to keep both our customers and staff safe. We have signage in the areas which are covered by CCTV to remind you.
All CCTV footage is kept secure and is retained in line with our data retention policy. Footage may be disclosed to other parties, but in very limited circumstances, for example when we're required to do so by law.
We may share your personal information with third parties where it is necessary to administer or manage the contract we've entered into with you, where we need to comply with a legal obligation, or where it's necessary for our legitimate interests.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions. We don't allow them to use your personal information for their own purposes.
We're solely based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA) to help us to provide our products and services. If it's processed within Europe or other parts of the EEA then it's protected by European data protection standards.
Where we send your personal data outside the EEA, we'll make sure that suitable safeguards are in place before we transfer your personal information. Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the EEA.
If you'd like further information about the transferring of data outside of the UK, including safeguards, contact our Data Protection Officer, Andrew Davies. See section 1.2 for contact details.
Before we can open a savings account for you or arrange a mortgage, we need to check your identity to confirm you are who you say you are. It's a legal requirement. Checking your identity is one way that we can stop criminals from using other people’s identities to commit crimes.
We use technology to make some decisions about you, without involving a person to make that decision – this is called “automated decision-making”. We do this when we confirm your identity when you use our Online Services.
Identity checks will be carried out every time you apply for a new account or mortgage with us. These checks don't affect your credit score.
To process your mortgage application, we'll perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). To do this, we'll supply your personal information to CRAs and they'll give us information about you. This will include information from your credit application and about your financial situation and history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We'll use this information to:
We'll continue to exchange information about you with CRAs while you have a relationship with us. We'll also inform the CRAs about your settled accounts. If you borrow and don't repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
We carry out two types of credit checks during our mortgage application process.
A soft check is carried out before a Decision in Principle is issued. This doesn’t leave a footprint on your credit file.
When you choose to proceed with the application, a hard credit check is performed and the CRA will place a search footprint on your credit file that may be seen by other lenders.
If you’re making a joint application or telling us you have a spouse or financial associate, we’ll link your records together. You should discuss and share this information with them, before lodging the application. CRAs will also link your records together and these links will remain on both of your files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on the Equifax website and Experian website.
Fraud prevention agencies exist to try to prevent individuals and organisations from becoming victims of financial fraud. To do this, they maintain detailed records of confirmed and suspected fraudulent activity. This is explained in more detail on the: Equifax website: www.equifax.co.uk/crain; the Experian website: www.experian.co.uk/legal/crain; the National Hunter website: www.nhunter.co.uk/privacy-policy; and the CIFAS website: www.cifas.org.uk/fpn.
When you apply for a mortgage or savings account, we share your information with fraud prevention agencies to prevent or detect fraud and to verify your identity. If you provide false or inaccurate information and/or fraud is identified, your application will not proceed, or may be subsequently closed, and details will be passed to fraud prevention agencies to prevent fraud and money laundering. This may result in you being refused services, financing or employment. You can obtain further details explaining how information held by fraud agencies may be used, as well as your data protection rights by visiting one of the websites detailed above.
Unless we explain otherwise to you, we'll hold your personal information for the following periods:
If you'd like further information about our data retention practices, contact our Data Protection Officer.
Here is a list of the rights that all individuals have under data protection laws. They don't apply in all circumstances. If you wish to exercise any of the rights, please contact us as set out in Section 1. The right of data portability is only relevant from May 2018.
ICO - Guide to your data protection rights
If you wish to exercise any of your rights against the CRAs, the Fraud Prevention Agencies, a broker or other intermediary who's a data controller, you should contact them separately.
You have the right to complain at any time if you're unhappy with the way that we've used your personal data. You can do this by contacting the Information Commissioner’s Office which enforces data protection laws clicking here.
You can also complain to the Society directly by contacting our Data Protection Officer on 01538 381451, complaining via our website or contacting your local branch.
As you know, we share your personal information with Fraud Prevention Agencies and CRAs. They require us to pass on to you information about how they'll use your personal information to perform their services or functions as data controllers. These notices are separate to our own and can be found below.
The meaning of some terms that we use in this Notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, or using a computer based, automated system without a person being involved in making that decision (at least first time around).
Profiling means any form of automated processing of your personal information to evaluate certain personal aspects about you. This includes analysing or predicting aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Process or processing includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying, transferring it overseas.
Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate. It isn't outweighed by your interests, fundamental rights, and freedoms. Those laws call this the legitimate interest’s legal ground for personal data processing.
