IF YOU HAVE ANY QUESTIONS, PLEASE EMAIL US AT [email protected]
Starling Bank Limited (“we”, “us”, “our”) are committed to protecting and respecting your privacy. To provide outstanding customer service we need accurate customer information. You can help by informing us whenever your circumstances change.
This policy (together with other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website www.starlingbank.com (“our website”), or downloading the Starling App (the “App”), or having an account with us you are accepting and consenting to the practices described in this policy.
For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is Starling Bank Limited company number 090902149 and we have our registered office at Norfolk House, 31 St James’s Square, London SW1Y 4JR.
1. INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
1.1. Information you give us: You may give us information about you by filling in forms on our website by corresponding with us via the App, by phone (and we monitor and record calls), e-mail or otherwise. This includes information you provide when you download the App, register to use our website, subscribe to our service, transact or use our banking service in any way, scan documents or transmit other personal data to us such as photos, videos, or audio files, engage in customer research or similar, participate in discussion boards or other social media functions on our website, when you call us or when you report a problem with our website or the App. The information you give us may include your name, address and previous addresses, e-mail addresses and phone number, financial and credit and debit card information, personal description and photograph.
1.2. Information we collect about you: When using the App, or when visiting our website, or when otherwise in contact with you (for example by phone), we may automatically collect and store information including:
1.2.1. technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
1.2.2. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page;
1.2.3. telephone log information, such as your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls, any phone number used to call us and the content of those calls;
1.2.4. information about the device you are using including information relating to your mobile phone network, which operating system you use and the version of that operating system, information which enables the identification of that device. If you download the App, we will link your mobile with that device;
1.2.5. information about where you are located which is provided through our technology by using details like your IP address or GPS sensors;
1.2.7. the App collects certain information when you install it or uninstall it and it may periodically contact our servers automatically;
1.2.8. we may collect and store information (including personal information) on your device itself.
1.3. Sensitive Personal Information: The Act defines certain information as “sensitive” (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal proceedings and offences). As a customer, there may be times when you give us sensitive information. We will only use this information in accordance with the law. We may share it with the Starling Group (and “Starling Group” means our holding companies, subsidiary companies and all the subsidiary companies of such holding companies) and our suppliers and subcontractors to keep your records up to date.
1.4. Information we receive from other sources: As well as via the App or our website, we may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
2. USES MADE OF THE INFORMATION
We use information held about you in the following ways:
2.1. for internal operations including:
2.1.1. to operate any account you have with us;
2.1.2. to ensure the App, our website, content and services we offer to our customers are presented in the most effective manner, is relevant and gives you the best experience;
2.1.3. as part of our efforts to keep our website, the App, your account and our systems are safe and secure;
2.1.4. to administer the App and our website, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
2.1.5. to ensure that we comply with the law and regulations and for regulatory purposes generally as well as to help detect or prevent fraud or other crimes;
2.1.6. in case we need to check we have carried out your instructions correctly, to resolve queries or issues,
2.1.7. for staff training purposes where we may monitor or record conversations;
2.2. to carry out our obligations arising from any contracts entered into between you and us, including with our debit card partner, with credit reference agencies and fraud prevention agencies – please see section “Credit reference agencies, credit scoring and fraud prevention agencies” below in particular;
2.3. to provide you with the information, products and services that you request from us, or other goods and services we offer or our business partners offer or to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you;
2.4. to notify you about changes to our service;
2.5. to allow you to participate in interactive features of our service, when you choose to do so;
2.6. to measure or understand the effectiveness of any functionality of access to, or the commerciality of, any products we offer or to which we provide access;
2.7. in connection with the matters set out in the section “Sharing information” below;
2.8. to combine information for the purposes set out above (depending on the types of information we receive).
3. SHARING INFORMATION
We may share your information in certain circumstances, including:
3.1. across the Starling Group to ensure we can do the things set out above in the section “Uses made of the Information”;
3.3. with business partners, suppliers and subcontractors companies, organisations or individuals outside Starling for the performance of any contract we enter into with them or you;
3.4. with analytics and search engine providers that assist us in the improvement and optimisation of our website, the App and our business generally;
3.5. with the credit reference agencies and fraud prevention agencies – please see the section “Credit reference agencies, credit scoring and fraud prevention agencies” below. Sometimes this is a condition of us entering into a contract with you;
3.6. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreement with you or our suppliers, to protect the rights, property, or safety of Starling our customers, or others. This includes exchanging information with the Financial Services Compensation Scheme and with other companies and organisations for the purposes of fraud protection and credit risk reduction – again please see the section “Credit reference agencies, credit scoring and fraud prevention agencies” below;
3.7. whilst unlikely, we may at some time want to sell or merge our business or transfer shares in it to a potential partner. If so, we may disclose your personal information to a potential partner and its advisers if they agree to keep it confidential and to use it only to consider and/or negotiate a possible transaction.
4. CREDIT REFERENCE AGENCIES, CREDIT SCORING AND FRAUD PREVENTION AGENCIES
4.1. We use credit reference agencies and fraud prevention agencies. For a detailed explanation of what they do and what they do with your data, please click here.
4.2. Additionally, if you apply for an overdraft or want to extend an overdraft, we use a credit scoring system. Please note the following:
4.2.1. this is an automated system which most lenders use to make fair and informed decisions on whether to lend money to certain people and how much. This helps us to lend responsibly. The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased;
4.2.2. if you apply to borrow money, the system takes account of different information, including that of the credit reference agencies and the information we already hold about you. The system applies the data to look at your application and whether it is responsible to agree to lend to you;
4.2.3. if your application to borrow is declined via the system, you can still contact us to have your application looked at again if you want this can be without the use of the system;
4.2.4. ongoing reports may also be provided.
5. WHERE WE STORE YOUR PERSONAL DATA
5.1. We process data and store it on servers managed by our hosting provider. Those servers are located across a number of secure data centres in the European Economic Area (EEA). Our server environment is highly secure, and there is very limited personnel access. Any data will be encrypted “at rest” (in other words, on being stored).
5.2. We try to ensure that we do not send data outside the EEA. However, this is not possible in all cases:
5.2.2. also, if you are outside the EEA and make payments or send messages or you are in the EEA and make payments or send messages outside of the EEA we may process payments through other institutions and payment systems. They may have to process and store data about you in connection with their own regulations and the standards to which they adhere may not be as stringent as those in the EEA.
5.3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
5.4. Unfortunately, the transmission of information via the internet can never be 100% secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
5.5. Generally, we will store your data for five years. In certain circumstances, such as regulatory requirements, we may have to store this for a longer period.
6. YOUR RIGHTS
6.1. You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or via the App. You can also exercise the right at any time by contacting us at [email protected]
6.2. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the forms or on the App.
6.3. Our website and the App may, from time to time, contain links to and from the websites or other links or apps of our partner networks, advertisers and affiliates. If you follow one of these links, please note that these links and destinations have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data via these links or destinations.
7. ACCESS TO INFORMATION AND UPDATING YOUR DATA
7.1. The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
7.2. If you wish to update information about you which is inaccurate or incorrect, we will try to give you the way to do so as quickly and easily as possible. However, we need to be proportionate about this and so we may not be able to help if it involves developing whole new ways of doing things or it is a repetitive request. Information may be impossible to permanently delete.