Who are we?
We are Leek United Building Society of 50 St. Edward Street, Leek, Staffordshire, ST13 5DL. Leek United Building Society is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Registered No: 100014
In line with data protection law, we are the data controller of your information. This means that we are responsible for your personal data and making sure it is processed fairly and lawfully.
When we use terms such as we, us and our in this Notice, we mean Leek United Building Society.
Our Data Protection Officer
We have appointed a Data Protection Officer, referred to in this Notice as the DPO. The DPO can be contacted if you have queries about this Privacy Notice or wish to exercise any of your data protection rights.
Marking your communication as FAO Society DPO, either email:
email@example.com or use our postal address:
50 St. Edward Street, Leek, Staffordshire, ST13 5DL.
Alternatively, call our central switchboard on 01538 384151 and request to speak with the DPO.
What we collect
Your personal data is any information about you that can be used to identify you. The amount of personal data that we hold about you will depend upon the types of interactions we have had, the services you have accessed and whether you have any accounts with us.
We have set out below some categories of personal data that we might hold about you:
- Identity - this means your first, middle and last name, title, date of birth, marital status, gender, nationality, national insurance number, passport number, driving licence number;
- Contact data - home postal address, correspondence address (if different to your home address), address history, email address, telephone numbers (home, mobile, work);
- Financial data - accounts you hold with us, details of other accounts you hold if you have shared this with us, income and expenditure details, savings held, employment status, any debt you have;
- CCTV - images that we capture on CCTV inside and outside our premises;
- Marketing preferences - whether and how you consent to receiving marketing materials;
- Cookies - these track your browsing activity on our website;
- Special category data - this relates to your physical and mental health.
Data anonymisation and use of aggregated data
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Privacy Notice.
If your personal data changes
You should tell us without delay so that we can update our records. The contact details for this purpose can be found by clicking here. If you were introduced to us by a broker or other intermediary, you should also contact them separately.
Data we collect from you
Most personal data that we collect and process about you will come directly from you. The data is collected when you:
- Complete an application for one of our mortgage or savings products;
- Contact us about one of your accounts or an application you have made whether that be on the telephone, in writing, via email or in a face-to-face interaction;
- Make an enquiry about one of our products or services;
- Make a complaint;
- Request an appointment at one of our branches, via telephone or virtual media;
- Complete a customer survey or post comments via one of our social media channels.
Joint applicants and powers of attorney
If you make a joint application with your spouse, partner, or family member, we will also collect their personal information and you must show this Notice to them and confirm that they know you will share their personal information with us.
If there is somebody who has power of attorney over your affairs, that person will see this Privacy Notice when we contact them.
Data collected through technology
We collect personal data about you whenever you use our website and when you transact on your accounts.
- When you use our website, we collect technical and usage data about your computer, browsing actions and patterns of behaviour using cookies and server logs;
- Our systems automatically record your transaction data whenever money goes into or out of the accounts you hold with us.
Data collected from third parties or publicly available sources
We receive and process personal data about you from various other sources as set out below.
If you are introduced to us by a broker or other intermediary, we will obtain some personal information about you from them when they introduce you to us.
In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, CRAs, your employer, landlord, other lenders, HMRC, DWP, publicly available directories and information (e.g., telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist with your application for one of our products, the management of your accounts, as well as in the prevention and detection of crime, police, and law enforcement agencies.
Some of the personal information obtained from CRAs will have originated from publicly accessible sources. CRAs draw on court decisions, bankruptcy registers and the electoral register.
If you don’t provide your personal data
We are unable to provide you with mortgage or savings products or to process your application without having personal information about you. Your personal information is required before you can enter the relevant contract with us and is required during the life of that contract, or for as long as required by the laws that apply to us.
Legal grounds for using personal data
We will only use your personal data where the law allows us to. Data protection law refers to lawful bases of processing, four of which are set out below. The lawful basis that we rely on will depend on the purpose for which we are processing the data.
We will use your personal data in the following circumstances:
- Where we need to perform the contract we have already or are about to enter with you;
- Where we need to comply with our legal obligations;
- Where you have consented to us using your personal data; or
- Where we feel it is necessary for our legitimate interests and we are confident that processing the data will not lead to a significant risk to you.
In very limited circumstances we may process data about your health so that we can protect your financial interests.
Much of what we do with your personal information is not based on your consent, instead it is based on another lawful basis. If we do seek your consent, we will explain how we wish to process your personal data. For processing that is based on your consent, you have the right to take it back at any time. You can do this by contacting us using the details here.
Purposes for using your data
The table below sets out the ways we use your personal data and the lawful basis we rely on for that processing.
|To confirm your identity
||To comply with legal obligation
|To carry out credit check
||You have given your consent
|To open and manage your account
||To perform the contract
|To collect money owed to us
||To perform the contract
To manage our relationship with you, for example:
- To provide details of changes to our terms and conditions;
- To keep our records up to date;
- To respond to queries and complaints;
- To communication with you about the Society.
To perform the contract
To comply with legal obligations
|To prevent financial crime
||To comply with legal obligations
|To protect branch security
||To comply with legal obligations
|To market our products and services
||You have given your consent
|To comply with legal and regulatory obligations generally
||To comply with legal obligations
|Sharing your data with other payment services providers
To comply with legal obligations
You have given your consent
We may use your home address, phone numbers, email address and social media (e.g., Facebook, Google, and message facilities in other platforms) to contact you according to your marketing preferences. You will only receive such materials where you have opted in. You can stop our marketing at any time by telephone, email or visiting one of our branches.
We will never sell of share your personal data with any third party for marketing purposes.
Monitoring personal data processing
In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, social media messages, in person face to face meetings and other communications including CCTV.
We may monitor where permitted by law and we will do this where the law requires it. Where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone lines we will do so.
Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you such as in relation to fraud risks on your account and for quality control and staff training purposes.
We have CCTV inside and outside all our premises to keep both our customers and staff safe. We have signage in the areas which are covered by CCTV to remind you.
All CCTV footage is kept secure and is retained in line with our data retention policy. Footage may be disclosed to other parties, but in very limited circumstances, for example when we are required to do so by law.
Sending your data outside the UK
We are solely based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA) to help us to provide our products and services. If it is processed within Europe or other parts of the EEA then it is protected by European data protection standards.
Where we send your personal data outside the EEA, we will make sure that suitable safeguards are in place before we transfer your personal information. Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the EEA.
Checking your identity
Before we can open a savings account for you or arrange a mortgage, we need to check your identity to confirm that you are who you say you are. It is a legal requirement. Checking your identity is one way that we can stop criminals from using other people’s identities to commit crimes.
Identity checks will be carried out every time you apply for a new account or mortgage with us. These checks do not affect your credit score.
Conducting credit checks
To process your mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud, and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
Soft and hard credit checks
We carry out two types of credit checks during our mortgage application process.
A soft check is carried out before the issue of a Decision in Principle. This does not leave a footprint on your credit file.
When you choose to proceed with the application, a hard credit check is performed and the CRA will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on the Equifax website.
Sharing your data with fraud prevention agencies
Fraud prevention agencies exist to try to prevent individuals and organisations from becoming victims of financial fraud. To do this, they maintain detailed records of confirmed and suspected fraudulent activity. This is explained in more detail on the Equifax website.
When you apply for a mortgage or savings account, we share your identity and contact data with these agencies to check that you have not been flagged as a fraud risk. Where you are flagged as a fraud risk, we may decide not to continue with your application.
How long we keep your personal data
Unless we explain otherwise to you, we will hold your personal information for the following periods:
- Retention in case of queries. We will retain the personal information that we need to keep in case of queries from you (for instance, if you apply unsuccessfully for a product or service) for one year unless we must keep it for a longer period (see directly below);
- Retention in case of claims. We will retain the personal information that we need to keep for the period in which you might legally bring claims against us. In practice, this means up to 7 years after a savings account has been closed and up to 15 years after a mortgage has been redeemed unless we must keep it for a longer period (see directly below); and
- Retention in accordance with legal and regulatory requirements. We will retain the personal information that we need to keep even after the relevant contract you have with us has come to an end for up to 7 years for a savings account and up to 15 years for a mortgage and this will be to satisfy our legal and regulatory requirements. Where you have been provided with a mortgage illustration and have not proceeded with the mortgage, we are obliged to keep your data for 3 years in accordance with FCA regulation (Mortgage Code of Business Sourcebook).
If you would like further information about our data retention practices, contact our Data Protection Officer.
Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of the rights, please contact us as set out in Section 1. The right of data portability is only relevant from May 2018.
- The right to be informed about your processing of your personal information;
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
- The right to object to processing of your personal information;
- The right to restrict processing of your personal information;
- The right to have your personal information erased (the “right to be forgotten”);
- The right to request access to your personal information and to obtain information about how we process it;
- The right to move, copy or transfer your personal information (“data portability”);
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
ICO - Guide to your data protection rights
Exercising your rights
If you wish to exercise any of your rights against the CRAs, the Fraud Prevention Agencies, or a broker or other intermediary who is a data controller, you should contact them separately.
Your right to complain
You have the right to complain at any time if you are unhappy with the way that we have used your personal data to the Information Commissioner’s Office which enforces data protection laws. You can contact the ICO by clicking here.
You can also complain to the Society directly by contacting our Data Protection Officer on 01538 381451, complaining via our website or contacting your local branch.
Data privacy notices from other organisations
We have mentioned that we share your personal information with Fraud Prevention Agencies and CRAs. They require us to pass on to you information about how they will use your personal information to perform their services or functions as data controllers. These notices are separate to our own.
Understanding Data Protection Terms
The meaning of some terms that we use in this Privacy Notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, using a computer based and automated system without a person being involved in making that decision (at least first time around).
Profiling means any form of automated processing of your personal information to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Process or processing includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying, transferring it overseas.
Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights, and freedoms. Those laws call this the legitimate interest’s legal ground for personal data processing.