Bira Bank privacy
This revised notice is to be read in conjunction with the Bira Group Members Privacy Notice shared through the bira website and reflects how bira bank respects your privacy following the new data protection legislation which comes into force on 25th May 2018.
As your bank there are things we need to know about you – from your name and address to the payments in and out of your account.
Keeping all of your information safe is a responsibility we take very seriously and that is why we have a Privacy Notice that spells out exactly what you can expect from us when it comes to your information.
Who we are
Bira Bank Limited is a wholly owned subsidiary of The British Independent Retailers Association (bira) and any data obtained through any other entities of the trade association (which includes bira direct Ltd, bira Publishing Limited and Oxford Summer School Limited) can at times be shared with each other as per the ‘How we process your data’ section of this notice.
If you want to get in touch with us on this matter our Data Compliance Officer is David Wilson and he can be contacted by:email on firstname.lastname@example.org or by post to our registered address at 225 Bristol Road, Edgbaston, Birmingham B5 7UB
Your Rights and how you are protected+
Your privacy is protected by law. This section explains how this happens and sets out your rights.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This include sometimes sharing it outside bira. The law says we must have one or more of these reasons:
• To fulfil a contract we have with you, or
• When it is our legal duty, or
• When it is our legitimate interest, or
• When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information although even then it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what it is.
Your rights are as follows:
• The right to be informed about processing of your personal data
• The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
• The right to object to processing of your personal data
• The right to restrict processing of your personal data
• The right to have your personal data erased (the ‘right to be forgotten’)
• The right to request access to your personal data and information about how we process it
• The right to move, copy or transfer your personal data (‘data portability’)
• Rights in relation to automated decision making including profiling (NB. At the present time bira bank to not undertake any automated decision making in their internal processes)
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk
For more details on the above you can contact our Data Compliance Officer based at 225 Bristol Road.
How we gather your personal information+
Your personal information will be held securely by Bira systems so that we and other companies in our Group that you have dealings with, both now and in the future, can manage your relationship with us. This will include information you provide when you apply to us and any additional information provided by you or others thereafter in various ways including:
i) In applications, emails and letters, during telephone calls and conversations with the Bank and other Bira subsidiaries
ii) From analysis of any payments and other transactions, and your use of services involving other Bira Group companies and what they know from your interaction with them
iii) Information Bira Group companies receive from each other and from other organisations such as credit reference agencies and fraud prevention agencies
We will not retain your personal information for longer than is necessary for the maintenance of your account during your relationship with us or for legal or regulatory requirements.
A more detailed explanation of all the information we collect about you is located in the relevant section ‘Information we collect about you’ in the Group Privacy Notice
How we process your data+
GDPR law is clear in stating that we can only use your personal information if we have a proper valid reason to do so and this does sometimes include sharing your data with third parties.For a full detailed schedule of when we may process your personal data please refer to the Group Privacy Notice. In addition, please also refer to the following section on Credit Reference Agencies
Credit Reference Agencies –
When you apply for credit, an automated system known as credit scoring may be used when considering whether to agree the borrowing, although all lending decisions at bira bank are currently made by the Directors of the bank without using automated decision tools.
Credit Scoring is a method of assessing your likely conduct of an account based on a range of data, including the conduct of previous similar accounts. It is a system widely used by credit providers to help make fair and informed decisions on lending. Credit scoring takes account of information from three sources – the information you provide on your application, information provided by credit reference agencies and information that may already be held about you by companies in the Bira Group. A credit scoring system will consider information from these sources, to make an overall assessment of your application. The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased and helps Bira Bank to lend responsibly.
Credit Reference Agencies collect and maintain information about consumers’ and businesses’ credit behaviour. This includes Electoral Register, fraud prevention, and credit information – including details of previous applications and the conduct of your accounts – and public information such as County Court Judgements, decrees and bankruptcies. The information that Bira Bank and other organisations provide to credit reference agencies about you, your financial associates and your business (if you have one) may be provided to other organisations and used by them and us to:
a) Help make decisions, for example when
I) Checking details on applications for credit and credit-related or other facilities;
II) Managing credit and credit-related accounts or facilities;
III) Recovering debt;
IV) Checking details on proposals and claims for all types of insurance;
V) Checking details of job applicants and employees;
b) Detect and prevent crime, fraud and money laundering
c) Check your credit history
d) Verify your identity if you, or someone financially linked with you, applies for services
e) Trace your whereabouts
f) Undertake research, statistical analysis and systems testing
If a Bira Group company needs to make a credit decision when you apply for a credit-based product or service or to review the amount of credit it provides under an existing arrangement, such as a vehicle loan, your records will be searched, along with those of anyone who is financially associated with you such as your spouse or partner or associated businesses. The CRA will keep a record of this search and place a ‘footprint’ on your credit file, whether or not the application proceeds.
We may give details of your account and how you conduct it to credit reference agencies, including if you borrow and do not repay in full and on time. If you fall behind with your payments and a full payment or satisfactory proposals are not received within 30 days of a formal demand being issued then a default notice may be recorded with the CRAs. Any records shared with CRAs will remain on file for 6 years after your account is closed whether it has been settled by you or as a result of a default. Other organisations may see these searches and updates if you apply for credit in the future, and these may affect your ability to borrow from other lenders.
If you apply for or hold an account in joint names, or tell us that you have a spouse or financial associate, a financial association will be created between your records, including any previous and subsequent names used by you. This means that your financial affairs may be treated as affecting each other. These links will remain on your and their files until such time as you or your partner is successful in applying for a disassociation with the CRAs to break that link. You must be sure that you have their agreement to disclose information about them. Searches may be made on all joint applicants, and search footprints will be left on applicants’ records.
You have a right to apply to credit reference agencies for a copy of your file.
We carry out credit searches using Equifax, but details of how you have run your account(s) may be disclosed to all credit reference agencies. The information they hold may not be the same and there is a small fee that you may need to pay to each agency that you apply to. Their address is:Equifax PLC, Credit File Advice Centre, PO Box 1140, Bradford BD1 5US or log on to www.myequifax.co.uk
The credit reference agencies have produced a standard Credit Reference Agency Information Notice (CRAIN) which sets out how data will be processed by the three Credit Reference Agencies this information is available at www.equifax.co.uk/crain
How we use your personal information+
Data is stored securely within bira’s systems to prevent unauthorised access. No data held by bira will be supplied outside the European Economic Area (EEA) or with any companies that are not signed up to the Privacy Shield as referenced in GDPR regulation.Bira has various data and security policies that it adheres to, to ensure the safe keeping of the data that we collect.
Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.
Where we have given you a password to access certain services or areas of the website then you are responsible for keeping this password confidential. You should not share these passwords with anyone.
All members of committees established by bira in order to carry out our objectives on behalf of the membership will have been signed up to this privacy notice and are therefore bound by its requirements.
If we share data with other companies we never give personal data to any of these except where we need to by law. The laws in this section are mainly appropriate for bira bank and for sharing data with its regulatory bodies. The sharing of data with such third parties is carried out to further enhance your membership, in following your instructions or to comply with other laws outside of GDPR. These companies will be partners of the Trade Association and recognised as service providers or suppliers.
We have contracts in place with third parties to ensure they are adhering to the relevant requirements of GDPR or have signed up to the Privacy Shield which sets up standards for data being sent between the EU and the US.
Please be aware that our website may have external links on it to other sites and downloads. We look to include quality, relevant and safe external links but you are advised to adopt a policy of caution when clicking on links. Also, be aware that these external sites will have their own privacy statements and notices.
When we may share your personal information+
We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of the Bira Group of companies if:
a) Allowed by this agreement
b) You consent
c) Needed by our agents, advisers or others involved in running accounts and services for you or collecting what you owe to other companies
d) Needed by third parties to help us manage your records (such as our IT suppliers and IT support function who run our computer systems) – please note we will have appropriate separate service contracts in place with these firms that we feel are compatible with the new GDPR requirements
e) HM Revenue & Customs or other authorities require it
f) The Law, Regulatory Bodies, or the public interest permits and requires it
g) Required by us or others to investigate or prevent crime
h) Required as part of our duty to protect your accounts, for example we are required to disclose your information to the UK Financial Services Compensation Scheme (FSCS).
Keeping Personal Information+
We keep your personal information securely for as long as we need to for the purposes for which it was provided initially.
There are various lengths of time that data is kept for depending on how long we have a reasonable business need (ie. In order to satisfactorily manage our business relationship with you) and other regulatory laws that we adhere to. Unless we explain otherwise to you, we will hold your personal information based on the following retention periods for personal data:
• Bira bank loan agreements and all related documentation – 6 years after completion of the loan
• Related company accounts required in connection with lending agreements – 3 years (assuming these have been updated on an ongoing basis)
• Bira bank depositors and all related documentation – 5 years after account closure
• Credit reports and warning notices – 6 years
• Any other Retention periods in line with legal and regulatory requirements or guidance that may be introduced from time to time.
Fraud Prevention Agencies (and Anti-Money Laundering checks)+
We will need to confirm your Identity before we provide products or services to you or your business. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use Fraud Prevention Agencies to help us with this. Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so.
It must be needed either by us to obey the law, or for a legitimate interest. A ‘legitimate interest’ is when we have a business or commercial reason to use your information and this must not go against what is right and best for you.We will use the information to:
• Confirm identities
• Help prevent fraud and money-laundering
• To fulfil any contracts either you or your business has with us
We or an FPA may allow law enforcement agencies to access your personal information in order to support their duty to detect, investigate, prevent and prosecute crime. FPAs can keep personal information for different lengths of time and they can keep data up to six years if they find a risk of fraud or money-laundering.
An example of the personal information we/they may use is:
Name; Date of birth; Residential address; History of where you have lived; Contact details, such as email addresses and personal phone numbers; Financial data; Data relating to your or your business products or services; Employment details; Vehicle details
How to get a copy of your personal information+
Changes to Privacy Notice+
Any changes to this privacy notice for bira bank will in the future be communicated to you via email, letter or the bira magazine.
The full bank privacy notice will be available on the website and a copy will be supplied on request.