Starling Privacy Notice

Privacy Notice
Version 2.0, Effective 18 May 2018
PLEASE READ THIS PRIVACY POLICY VERY CAREFULLY

SETTING THE SCENE

At Starling, service is our no.1 priority. This includes respecting your privacy and protecting your information. This has always been the case and so we have updated this notice to build on what we are already doing and to make sure it works with the new data protection law, GDPR.

Part of the updates include trying to make this notice even easier to understand. To help us do this, we use some straightforward words throughout the notice that are detailed at the bottom of it – so if you need to check what one of these words means, scroll down to the bottom.

The notice describes how we collect and use your information and it covers all the ways you can interact with us….and there are lots of ways! For example: you visit any of our websites, you use the App, you have an account with us, you get in touch with us, you apply for a job or you use a service that integrates with us.

Please note that you don’t have to transfer your information to us; however, if you don’t, it will severely limit your ability to use our services – in particular, you will not be able to have a bank account with us.

The notice has the following sections, so it’s best to look there first:
– What information do we collect;
– How do we use your information and what is the lawful basis;
– Who do we share your information with;
– Some specific information about credit reference and fraud prevention agencies;
– Where do we process and store your information or transfer it;
– Your rights;
– Other information that we need to give you or we think you’ll find useful;
– Meanings of some of the terms we use.

Each section has two parts:
In short – this sets out a brief, easy to read summary of that section; and
If you want more detail – this is a more comprehensive explanation of that section.

Our websites and the App may, from time to time, contain links to and from the websites or other links or apps of our partner networks and our affiliates. If you follow one of these links, please note that these links and destinations have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any of your information via these links or destinations.

1. WHAT INFORMATION DO WE COLLECT?

In short, we collect and use information about you that is picked up when you interact with us such as through our websites, when you use the App, if you have an account with us, if you get in touch with us, if you apply for a job or if you use a service that integrates with us. We also collect and use information about you that is provided by third parties.

If you want more detail, here is the information that we may collect about you:

1.1. information you give us when you get in touch with us (through the App, or by phone (and we monitor and record calls), email or otherwise) such as the information you provide when you download the App, register or use our websites, transact or use our banking service, when you engage in customer research or similar, participate in discussion boards or other social media platforms, when you report a problem with our websites or the App. Examples of this information are your name, address and previous addresses, email addresses and phone number, financial and credit and debit card information, personal description and photographs, videos or audio files;

1.2. transactional information in relation to banking and financial services including from our debit card provider;

1.3. information from Marketplace partners where you integrate services between us and them;

1.4. technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;

1.5. information about your visit, including the full Uniform Resource Locators clickstream to, through and from our websites (including date and time), products you viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;

1.6. telephone log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls, any phone number used to call us and the content of those calls;

1.7. information about the device you are using including information relating to your mobile phone network, which operating system you use and the version of that operating system, information which enables the identification of that device. If you download the App, we will link your mobile number with that device;

1.8. information about where you are located which is provided through our technology by using details like your IP address or GPS sensors;

1.9. our websites and the App use cookies and other applications which have similar technologies. This is to distinguish you from other users of our websites and the App, to identify your browser or your device. This helps us to provide you with a good experience when you browse our websites or are using the App. It also allows us to improve our website, the App and to customise information. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy – https://www.starlingbank.com/legal/cookie-policy/;

1.10. the App collects certain information when you install it or uninstall it and it may periodically contact our servers automatically and we may collect and store information (including information about you) on your device itself;

1.11. information you provide when applying for a job or to provide us with services;

1.12. we also work closely with third parties (including, for example, business partners, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.

2. HOW DO WE USE YOUR INFORMATION AND WHAT IS THE LAWFUL BASIS?

In short, we use your information in order to carry out our operation as a bank and provide banking and financial services, to make sure we don’t breach any contracts, to keep Starling and you secure, to give people information about services and to comply with the law.

If you want more detail, we use your information in the following ways:

2.1. for our operation as a bank and to provide banking and financial services including:

2.1.1. to operate bank accounts, make payments (including through digital services like GooglePay, ApplePay, SamsungPay, GarminPay, FitBitPay), to comply with obligations to our debit card partner, run our Marketplace and let you use all these services and to allow you to participate in interactive features of our service and the Marketplace, when you choose to do so;
2.1.2. to ensure the App, our websites, content and services are as effective and relevant as possible and give you the best experience they can;
2.1.3. to administer our business, including troubleshooting, data analysis, testing, research, statistical and survey purposes and to keep our business, websites, the App, bank accounts and our systems safe and secure;
2.1.4. to ensure that we comply with the law and regulations, for regulatory purposes generally as well as to help detect or prevent fraud or other crimes, and for tax, legal, reporting and auditing obligations;
2.1.5. in case we need to check we have carried out your instructions correctly or to resolve queries or issues;
2.1.6. for staff training purposes where we may monitor or record conversations;
2.1.7. in connection with agreements with credit reference agencies and fraud prevention agencies – please see section “CREDIT REFERENCE AGENCIES, CREDIT SCORING AND FRAUD PREVENTION AGENCIES” below in particular;
2.1.8. to assess if you are suitable to work with or for us.

We process your information for the purposes set out above on the following grounds: given our legitimate interest in providing banking and financial services, operating and improving Starling and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

2.2. to carry out our obligations arising from any contracts entered into between you and us;

We process your information for the purposes set out above on the following grounds: where it is necessary for the adequate performance of contracts with you and to take steps requested by you prior to you entering into contracts with us.

2.3. to operate our Marketplace and to provide information about you to Marketplace partners and businesses that integrate with our APIs that you choose to integrate with;

We process your information for the purposes set out above on the following grounds: your consent to do so where you choose to share your information with Marketplace partners and any other third parties and where it is necessary for the adequate performance of contracts with you and to take steps requested by you prior to you entering into contracts with us where Marketplace partners share it with us and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

2.4. to provide information, products and services that are requested from us, or other products and services we offer or our business partners offer or to provide and to notify you about changes to our services;

We process your information for the purposes set out above on the following grounds: given our legitimate interest in undertaking activities to offer you products or services that may be of interest to you or that you have expressed an interest in hearing about, given our legitimate interest in providing banking and financial services, operating and improving Starling and being as efficient as we can about complying with legal duties, obligations and regulations that apply to us and keeping our records up to date.

2.5. to measure or understand the effectiveness of any functionality or access to, or the commerciality of, any products or services we offer or to which we provide access and we use analytics and search engine providers to assist us in the improvement and optimisation of our websites, the App and our business generally.

We process your information for the purposes set out above on the following grounds: given our legitimate interest in operating and improving Starling and providing banking and financial services.

3. WHO DO WE SHARE YOUR INFORMATION WITH?

In short, sometimes we share your information with our affiliates, with those we do business with, with credit reference and fraud prevention agencies, with law enforcement bodies and regulators or if the information is aggregated (and so cannot identify you specifically).

If you want more detail, we may share your information in certain circumstances, including:

3.1. with our affiliates to ensure we can do the things set out above in the section “HOW DO WE USE YOUR INFORMATION AND WHAT IS THE LAWFUL BASIS?”;

3.2. with business partners, suppliers and subcontractors, with companies, organisations or individuals outside Starling for the performance of any contract we enter into with them or you or for the uses set out in the section “HOW DO WE USE YOUR INFORMATION AND WHAT IS THE LAWFUL BASIS?”;

3.3. other third parties where you ask us to, including with Marketplace partners, those who have integrated with Starling through our API or in connection with banking and financial services we offer like Settle Up;

3.4. with credit reference agencies and fraud prevention agencies – please see the section “CREDIT REFERENCE AGENCIES, CREDIT SCORING AND FRAUD PREVENTION AGENCIES” below. Sometimes this is a condition of us entering into a contract with you;

3.5. if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply any agreement with you or our suppliers, to protect the rights, property or safety of Starling, our customers or others. This includes:

3.5.1. exchanging information with the Financial Services Compensation Scheme and with other companies and organisations for the purposes of fraud protection and credit risk reduction – again please see the section “CREDIT REFERENCE AGENCIES, CREDIT SCORING AND FRAUD PREVENTION AGENCIES” below;
3.5.2. with tax authorities;
3.5.3. with the police and other law enforcement bodies;

3.6. we may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual) and non-personally identifiable information for industry and market analysis, demographic profiling, marketing and advertising and other business purposes;

3.7. the App can use Google Maps/Earth services, including the Google Maps APIs and users of this are bound by the Google Maps/Earth Additional Terms of Use (including the Google Privacy Policy) – see https://policies.google.com/privacy.

4. CREDIT REFERENCE AGENCIES, CREDIT SCORING AND FRAUD PREVENTION AGENCIES

In short, we use credit reference and fraud prevention agencies for a number of matters including when you apply for an account with us and in relation to lending. Some of the ways we use them is through automated decision making but you can contact us if this happens and you want us to look at an application again.

If you want more detail:

4.1. We use credit reference agencies and fraud prevention agencies. For a detailed explanation of what they do and what they do with information about you, please click here https://www.callcredit.co.uk/crain, here, https://www.equifax.co.uk/crain or here http://www.experian.co.uk/crain/index.html.

4.2. We use systems to make automated decisions in the following areas:

4.2.1. whether to give you an account or check a product or service is relevant for you;
4.2.2. detecting fraud or money-laundering and taking action (e.g. closing or freezing accounts);
4.2.3. additionally, if you apply for an overdraft or want to extend an overdraft, we use a credit scoring system. Please note the following:
4.2.3.1. this is an automated system which most lenders use to make fair and informed decisions on whether to lend money to certain people and how much. This helps us to lend responsibly. The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased;
4.2.3.2. if you apply to borrow money, the system takes account of different information, including that of the credit reference agencies and the information we already hold about you. The system applies the information to look at your application and whether it is responsible to agree to lend to you.

4.3. If your application is declined via the system, you can still contact us if you want to have your application looked at again.

4.4. Ongoing reports may also be provided by credit reference or fraud agencies.

5. WHERE DO WE PROCESS AND STORE YOUR INFORMATION OR TRANSFER IT?

In short, we generally process your information through servers in the EEA and normally store it for six years. Sometimes the information goes outside the EEA but we try and keep this to a minimum and we put safeguards in place as far as possible.

If you want more detail:

5.1. We process your information and store it on servers managed by our hosting providers.

5.2. Those servers are located across a number of secure data centres in the EEA. Our server environment is highly secure and there is very limited personnel access. Any information will be encrypted “at rest” (in other words, on being stored).

5.3. We try to ensure that we do not send your information outside the EEA. However, this is not possible in all cases:

5.3.1. in relation to a very small number of our suppliers, your information may be transferred to, and stored at, a destination outside the EEA as well as processed by staff operating outside the EEA who work for them. We often rely on the EU-U.S. and Swiss U.S. Privacy Shield Framework to safeguard the transfer of your information outside the EEA. We will ensure that suitable safeguards are in place before your information is transferred outside the EEA as required by law and we will take all steps reasonably necessary to ensure that information about you is treated securely and in accordance with this notice;
5.3.2. if you are outside the EEA and make payments or send messages, or you are in the EEA and make payments or send messages outside the EEA, we may process payments through other institutions and payment systems. They may have to process and store information about you in connection with their own regulations; please note that the standards to which they adhere may not be as stringent as those in the EEA.

5.4. Unfortunately, the transmission of your information via the Internet can never be 100% secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

6. YOUR RIGHTS

In short, you have certain rights under the law and under this notice to request access to your information, to manage it and to request us to delete or transfer information about you or restrict the way it is used. You also have a right to complain.

If you want more detail:

6.1. Accessing information about you: You may access information held about you. Your right of access can be exercised as follows:

6.1.1. if you are a customer of Starling, please make a request through the App;
6.1.2. if you are not a customer, please email Starling at [email protected].

6.2. Managing your information:

6.2.1. To provide outstanding customer service we need accurate customer information. You can help by informing us whenever your circumstances change.
6.2.2. If you wish to update information about you which is inaccurate or incorrect:
6.2.2.1. if you are a customer of Starling, please make a request through the App;
6.2.2.2. if you are not a customer, please email Starling at [email protected].
6.2.3. We may need to ensure that your information is accurate and correct and this may involve a number of further steps.

6.3. Deleting your information:

6.3.1. Generally, we will store your information for six years but in certain circumstances, including through regulatory requirements, we may have to store this for a longer period.
6.3.2. You may request that we delete your information and we will do so but:
6.3.2.1. only if we do not need to retain it for any of the matters set out in the section “HOW DO WE USE YOUR INFORMATION AND WHAT IS THE LAWFUL BASIS?” above;
6.3.2.2. your information may be impossible to permanently delete and where this is not possible we will put that information beyond reasonable use;
6.3.2.3. your information which you have shared with others (e.g. on our websites) may remain publicly available;
6.3.2.4. please note that your information which you have transmitted to others, e.g. Marketplace partners, will be subject to the privacy policies of those others.

6.4. Objecting to or restricting use of your information:

6.4.1. You can ask us to stop using all or some of your information or to limit our use of it:
6.4.1.1. if you are a customer of Starling, please make a request through the App;
6.4.1.2. if you are not a customer, please email Starling at [email protected].
6.4.2. We will do so but:
6.4.2.1. only if we do not need to retain or use it for any of the matters set out in the section “HOW DO WE USE THE INFORMATION AND WHAT IS THE LAWFUL BASIS?”
above;
6.4.2.2. your information which you have shared with others (e.g. on our websites) may remain publicly available;
6.4.2.3. please note that your information which you have transmitted to others, e.g. Marketplace partners, will be subject to the privacy policies of those others.

6.5. Transferring your information:

6.5.1. You can ask to have transferred elsewhere information about you that you have provided to us:
6.5.1.1. if you are a customer of Starling, please make a request through the App;
6.5.1.2. if you are not a customer, please email Starling at [email protected].
6.5.2. We will do so but:
6.5.2.1. we may also need to retain it for any of the matters set out in the section “HOW DO WE USE YOUR INFORMATION AND WHAT IS THE LAWFUL BASIS?” above;
6.5.2.2. we may be restricted from doing so for the same reasons.

6.6. You have the right to lodge a complaint with the Information Commissioner’s Office (go to https://ico.org.uk/).

7. OTHER IMPORTANT MATTERS

In short, please check frequently for updates to this notice and, if you need to contact us, details are below.

If you want more detail:

7.1. Updates: This notice may be updated from time to time. Any updates we make to this notice will become effective immediately on posting on our websites (and we will also send them by email to customers who have provided us with an email address). So, if you are not one of those customers, you will need to check the websites to see if there have been any updates.

7.2. Contact:

7.2.1. If you have any questions about this notice or suggestions on any ways it can be improved, please let us know at [email protected] or by getting in touch. Our Data Protection Officer can be contacted at [email protected].
7.2.2. For the purposes of GDPR, the data controller is Starling Bank Limited company number 09092149 and we have our registered office at 3rd Floor, 2 Finsbury Avenue, London EC2M 2PP.

8. WHAT THE WORDS MEAN

8.1. Unless they are defined specifically in here, words used in here have the same meaning as in the Starling personal current account terms and conditions, as amended from time to time.

8.2. The following terms have the meanings opposite them:

8.2.1. “affiliates” means from time to time our holding companies, subsidiary companies and all the subsidiary companies of such holding companies;
8.2.2. “EEA” means the European Economic Area;
8.2.3. “GDPR” means the General Data Protection Regulation (EU 2016/679);
8.2.4. “our websites” means www.starlingbank.com and all related sites;
8.2.5. ”we, “us”, “our” or “Starling” means Starling Bank Limited and all its affiliates;
8.2.6. “your information” or “information about you” means personal data (as defined in GDPR) about you.