For the purposes of this privacy notice, the data controller of your personal information is Shawbrook Bank Limited of Lutea House, Warley Hill Business Park, The Drive, Great Warley, Brentwood, CM13 3BE (the Bank, we, us and our). This is because it is the person who (either acting alone or jointly with others) determines why and how your personal information is processed. By personal information, we mean information which, either by itself or when combined with other information that we hold or which is available to us, can be used to identify you, your principals, directors, shareholders or anyone employed or engaged by you who may access our online systems. For the purpose of this privacy notice, where we refer to “you” or “your” this will also include (where the context permits) your principals, directors, shareholders, employees, contractors and workers (together your “Key Persons”).
Please contact our Data Protection Officer at Lutea House, Warley Hill Business Park, The Drive, Great Warley, Brentwood, CM13 3BE or by telephone on 01277 751 110 if you have any queries about this privacy notice or if you wish to exercise any of the rights mentioned in it.
Whether or not you become one of our intermediary partners, we will process your personal information to administer the application you have made. The personal information we process in the application stage and if you join our intermediary partner panel may include some or all of the following:
We may process personal information relating to criminal charges and convictions if we have your consent to do so.
Depending on how you make your application, we may collect this personal information directly or indirectly. The sources of personal information collected indirectly are mentioned in this privacy notice and if these are from publicly accessible sources we will make this clear.
If any of the personal information you have given to us changes, such as your contact details, please inform us without delay by emailing us at firstname.lastname@example.org for Commercial Mortgages, email@example.com for Residential Mortgages and at HIL.Cust@shawbrook.co.uk for Consumer Lending. For Business Finance, please email firstname.lastname@example.org (for Asset Finance) or contact your relationship director (for Working Capital Solutions). You will provide us with any reasonable information which we may reasonably and properly request.
We are unable to consider your application to join our intermediary partner panel unless we collect your personal information as part of your application and we have to use it in connection with your application.
Subject to applicable laws, we will monitor and record calls, email, text messages, social media messages and other communications. We will do this for compliance with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, and for quality control and staff training purposes.
For example, where we are required by the Financial Conduct Authority regulatory regime to record certain telephone lines (as relevant) we will do so. In addition, where appropriate and having regard to applicable data protection law our monitoring will be to check for obscene or profane content in communications. In very limited and controlled circumstances we may conduct short term carefully controlled monitoring of your activities where this is necessary for our legitimate interests or to comply with a legal obligation.
We may do this for instance where we have reason to believe that fraud or other crime is being committed or where we suspect non-compliance with anti-money laundering regulations to which we are subject.
In particular, telephone calls between us and you in connection with the application and any loan may be recorded for these purposes.
The legal basis which relates to our use and other processing of your personal information may include (as relevant):
We may share your personal information with the following parties:
a) Other companies within the Shawbrook Group (further details below);
b) Our legal and professional advisers, such as our auditors and external legal advisors in the event of, for example, sale or restructuring of our business;
c) Third party loan service and administration companies, such as those that undertake the day to day servicing of our business on our behalf as part of an outsourcing arrangement;
d) Other third parties and/or sub-contractors acting on our behalf, such as back up and server hosting providers, our IT software and maintenance providers;
e) Our applicants, customers, guarantors or other third parties involved in an application for finance in which you are involved;
f) Any entity providing funding to us or members of the Shawbrook Group either now or in the future, such as the Bank of England or third-party lenders, and their professional representatives;
g) Purchasers of any part of our business, and their professional representatives;
h) Credit reference agencies (see below);
i) Fraud prevention agencies (see below);
j) Law enforcement agencies and regulatory bodies if necessary such as HMRC, the Financial Conduct Authority and the Information Commissioner’s Office;
k) Courts and as may otherwise be necessary in order to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
Your personal information may be transferred outside the UK and the European Economic Area. Whilst some countries already have adequate protections for personal information under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to maintain the same levels of protection as are needed under data protection laws in the UK.
For more information about what are those appropriate safeguards and how to obtain a copy of them or to find out where they have been made available you can contact the Data Protection Officer at Lutea House, Warley Hill Business Park, The Drive, Great Warley, Brentwood, CM13 3BE or by telephone on 01277 751 110.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at www.shawbrook.co.uk/fair-processing-notice
In order to process your application to join our intermediary panel, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also undertake periodic searches of our own group records and CRAs to manage and monitor our relationship, including whether to retain you on our intermediary panel.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:
We will use this information to:
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.equifax.co.uk/crain. CRAIN is also accessible from each of the other two CRAs – the two following website addresses will also take you to the same CRAIN document: Callcredit www.callcredit.co.uk/crain; and Experian www.experian.co.uk/crain.
We need to keep your personal information for as long as necessary to fulfil the purposes for which it was collected (and those purposes are as described above). This includes retaining it in order to comply with legal and regulatory requirements and in case of claims. If you would like further information about our data retention policy, contact our Data Protection Officer.
The criteria we use to determine data retention periods for your personal information includes:
Your personal information is protected under data protection law and you have a number of rights which you can enforce against us as your data controller. You should be aware that these rights do not apply in all circumstances. If you seek to exercise one against us it will at that stage be explained to you whether or not the right does apply to you based on the facts. Your rights are as follows:
For more information about all of these rights and how to exercise them against us, you can contact our Data Protection Officer.
Your personal information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. It might be used to conduct research and analysis, including to produce statistical research and reports. This aggregated data may be shared in several ways, including with our group companies and for the same reasons as your personal information (see above).
The companies in the Shawbrook Group are Shawbrook Bank Limited, Shawbrook International Limited and Shawbrook Group Plc.