We take your privacy very seriously and will always treat your personal details with the utmost care, holding them safely and securely.
A summary of our full Privacy Notice is contained in our leaflet “Important Information About Your Personal Data”. This is available to download or from any of our Branch or Agency offices.
Our Customer Privacy Notice describes how we deal with your personal information, and is detailed below. Alternatively, this is available to download or from any of our Branch or Agency offices.
Monmouthshire Building Society is committed to protecting your privacy and ensuring it is secure.
When we use terms such as we, us and our in this notice, we mean Monmouthshire Building Society.
This notice describes how we deal with your personal information. Personal information is data which relates to a person who has been, or could be, identified from it. Examples may include a person’s name, address, email address and other personal details. We are the data controller of this information under relevant data protection laws because in the context of our business relationship with you we decide how and why it is processed in the ways explained in this notice.
Our address is: Monmouthshire House, John Frost Square, Newport, South Wales, NP20 1PX.
If you have questions about this notice or wish to exercise any of the rights mentioned in it, please visit one of our branches, telephone Savings Customer Services on 01633 844 340 or Mortgage Customer Services on 01633 844 370, send us a secure message using our ‘My Accounts’ service or email firstname.lastname@example.org.
We collect personal data about you in a variety of ways. In each case we will only collect the data we need to provide you with our services, we do this in the following ways:
|From you, when;||From;|
The data we routinely collect depends upon the relationship we have with you and can include:
We also sometimes, again, depending upon the relationship we have with you, collect special categories of personal data, which include;
Under data protection law, we can only use your personal data if we have a ‘legal basis’ (genuine legal reason) for doing so. The table below sets out and explains each legal basis we rely on and the purpose of using your personal data. More than one legal basis could apply when we use your personal data for a particular purpose, so the table explains the relevant ones:
|Setting up a mortgage or savings account||Contract – we need to use your data to provide these services to you in line with that contract|
|Administering a mortgage or savings account||Contract – we may need to use your data to update your records, deal with enquiries, contact you about your account, trace your whereabouts or recover a debt|
|Carrying out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies||Legal obligation – prevention of financial crime|
|Carrying out searches with Credit Reference Agencies||Legitimate interests – to ensure we are lending responsibly|
|To contact you when your mortgage/savings product is coming to an end||Legitimate interests – to ensure we are providing you with the best service, enabling us to offer you new products once your product has ended.|
|Dealing with complaints and giving you the opportunity to provide reviews of our services||Legitimate interests – we may need to use your data to help us deal with enquiries and complaints raised by you or someone else|
|For some of our profiling and other automated decision making||
Contract – we use this as part of our affordability assessment for mortgagesLegitimate interests - for the monitoring of both mortgage and savings transactions
|For market research and analysis and developing statistics||Legitimate interests – to help us provide you with the products and service you require|
|Complying with laws that apply to the Society and establishment, defence, and enforcement of our legal rights||Legal obligation|
|To carry out monitoring and to retain records, including the use of CCTV on our premises||Legitimate interests|
|To deal with requests from you to exercise your rights||Legal obligation – e.g., the right to be forgotten|
To administer our good governance requirements including internal reporting, compliance obligations or administration for Annual General Meeting processes
To test and monitor the performance of our products, services, internal processes and operations
Providing data to Regulatory Bodies and HM Government to adhere to guidance and best practice
|Legal obligation and legitimate interests – UK Government, Financial Conduct Authority, Prudential Regulatory Authority, Financial Ombudsman, Information Commissioner’s Office and under the Financial Services Compensation Scheme have a legitimate interest to collect and use this data, and we have a legal obligation and legitimate interest to support them.|
Marketing our products and services to existing customers This may include:
Legitimate interests– We may need to use your data to send you marketing information about our products and services.You always have the right to opt out of receiving marketing information sent specifically to you.
Marketing our products and services to potential customers
Consent - we will ask for your permission before sending you marketing.You always have the right to opt out of receiving marketing information sent specifically to you.
For direct marketing communications with details of products and services available in conjunction with selected third parties for both existing and potential customers
Consent – we will only send marketing communications about 3rd party products if you have given your consent.
You always have the right to opt out of receiving marketing information sent specifically to you.
Preventing fraud and money laundering and taking action against fraudsters and other criminals. This includes:
Legal obligation – We sometimes need to use data to protect rights, property and personal safety.
Prevention, detection and investigation of crime, including using CCTV to protect our customers, employees and property.
Legal obligation and legitimate interests – We sometimes need to use personal data to:
To process information about a crime or offence, and proceedings related to that
|Legal obligation - This will be relevant if we know or suspect fraud or a financial crime|
When we share your personal information with other organisations to help prevent and detect fraud or financial crime
|Legitimate interest – this applies to Fraud Prevention Agencies|
When we share your personal information with these people or organisations:
When we share your personal information with these people or organisations;
· Any guarantor;
· Joint account holders, trustees and beneficiaries and any person with control of your affairs e.g. power of attorney, court appointed deputy, someone with parental responsibility etc;
· Other payment services providers such as when you ask us to share information about your account with them;
· Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;
· The broker or other intermediary who introduced you to us;
· Our legal and other professional advisers, insurers and auditors;
· Financial institutions and trade associations;
· Tax authorities who are overseas, for instance if you are subject to tax in another jurisdiction, we may share your personal information directly with relevant tax authorities overseas (instead of via HMRC);
· Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions;
· Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
· Credit Reference Agencies (see below where we explain more and refer to the Credit Reference Agency Information Notice (‘CRAIN’) which has been provided separately or refer to www.monbs.com/privacy for more information); and
· Market research organisations that help us to develop and improve our products and services.
When you request that we share your personal information with someone else and consent to that
For some of our processing of special categories of personal data such as about your health, or criminal convictions, or if you require any additional support (and it will be explained to you when we ask for that explicit consent what purposes, sharing and use it is for)
|Consent – We may sometimes need to record and process information about your health or personal circumstances to provide you with the support you require.|
When we share your personal information with other people and organisations, such as your relatives, social services, your carer, the person who has control of your affairs e.g., power of attorney, court appointed deputy, someone with parental responsibility etc, if they need to know that you require additional support
|Legitimate Interests – this helps us to provide you any additional support|
We would like to keep in touch with you, by post, email, phone, social media or online, about our products, services and offers that might interest you. You can choose whether you want to receive these communications and can opt out at any time. You can also opt out of receiving marketing via certain channels for example if you didn’t want to receive marketing by post. The individual channels are; post, telephone or email.
We have a legitimate interest in promoting our products and services to our existing customers, but if you ask us not to send you marketing communications, we won't send them. In particular, when we collect contact information that we would like to use to send you marketing, we will give you the opportunity, at that time, to tell us not to send it.
For any marketing to potential customers and, offering 3rd party products or services to our existing customers we will require your consent to carry this out.
Changing your marketing preferences
You can change your marketing preferences at any time. You can do this by:
If you say you do not want to receive marketing information from us, this will prevent you from receiving offers or hearing about other products which may be of interest to you.
In order to provide you with our products and services and comply with our legal obligations, we sometimes need to share your personal data with other trusted organisations.
Wherever we share your data, we require all third parties to protect the security of your personal data and to treat it in accordance with the law.
Some of the organisations we share your personal information with (such as IT service providers that support our business) will act as “processors” of your information. These processors are not allowed to use your personal data for their own purposes and can only process your personal data for limited purposes and in accordance with our instructions.
We also need to share your personal information with other people and organisations who act as “controllers” of your information. This means they will need to determine themselves how to use your personal information lawfully.
Examples of controllers are Credit Reference Agencies and Fraud Prevention Agencies (as explained below), IVA/Bankruptcy administrators, brokers and intermediaries who provide insurance services on our behalf, insurance companies, tax authorities, financial regulators, and law enforcement agencies. As controllers of your personal information, these organisations have their own privacy notices which will apply to the way in which they treat your personal information.
We may also need to share your personal information with third parties to whom we may choose to sell, transfer, or merge parts of our business. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then your personal information may only be used in the same way as set out in this privacy notice.
Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest and legal obligation in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. You can obtain the details of the Fraud Prevention Agencies we use by contacting us as detailed above.
Consequences of processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
In order to process your mortgage application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). Where you have a mortgage with us, we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us additional information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation, financial history and fraud prevention information.
We will use this information to:
We will continue to exchange personal and account information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them the information in this section, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Please note that the Society is not responsible for external links.
We are based in the UK but sometimes your personal information may be transferred outside the UK. This might be because we are legally obliged to report details of your accounts e.g., if you are resident in an overseas country with which the UK Government has an agreement to share tax and financial information, or where we contract with IT service providers that operate internationally.
Where we contract with such providers then if your personal information is processed within the EEA then it is protected by European data protection regulation. Some countries outside the EEA do have adequate protection for personal information under laws that apply to us. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA which do not have adequate protection under laws that apply to us.
Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the EEA. Safeguards may also include requiring the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.
You should tell us without delay, by visiting a branch or agency, calling Savings Customer Services on 01633 844 340 or Mortgage Customer Services on 01633 844 370 or sending us a secure message using our ‘My Accounts’ service, so that we can update our records.
If you were introduced to us by a broker or other intermediary, and you want to advise them as well, you should contact them separately.
We are unable to provide you with mortgage or savings products or to process your application without having personal information about you. Your personal information is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us. If we already hold some of the personal information that we need – for instance if you are already a customer – we may not need to collect it again when you make your application. In cases where providing some personal information is optional, we will make this clear.
In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, emails, social media messages, visits to our branches including the use of CCTV, in person face to face meetings and other communications.
We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone calls or in person meetings (as relevant) we will do so.
Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.
Some of our monitoring may check for obscene or profane content in communications.
We may conduct short term carefully controlled monitoring of your activities on your mortgage or savings account where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, were we suspect fraud, money laundering or other crimes.
Telephone calls and/or in person meetings between us and you in connection with your application and your mortgage or savings products may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for quality control and staff training purposes.
This section is relevant where we make decisions about you using only technology, and where none of our employees or any other individuals have been involved in the process. For instance, in relation to assessing affordability for mortgages and the monitoring of transactions on your accounts. We may do this to decide what marketing communications are suitable for you, to analyse statistics and assess lending and insurance risks.
We can do this activity based on either contract or legitimate interests (and they are listed in the section about legal grounds above) only where the profiling and other automated decision making does not have a legal or other significant effect on you.
In all other cases, we can do this activity only where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent. In those cases, you have the right to obtain human intervention to contest the decision.
Profiling for direct marketing can mean there is a separate right to object (see ‘rights to object’ below).
We only keep your data for as long as we need to use it. This will depend on the product or service we are providing. There may also be legal requirements for us to keep your data for a certain length of time, for example; legal and regulatory record keeping requirements such as those contained within FCA & PRA handbooks, the need to defend the Society against legal claims and complaints and business need.
You have the following rights in relation to your personal data.
The right to be informed
We have to be transparent with you about how we collect and use your personal data at the time we collect it from you (for example, when you open an account or apply for a service online), or through privacy notices such as this one.
The right to access your personal data
You have the right to get a copy of your personal data and details of how we use and store it.
You can ask for details of the personal data we hold about you by visiting one of our branches or agencies, calling Savings Customer Services on 01633 844 340 or Mortgage Customer Services on 01633 844 370, sending us a secure message using our ‘My Accounts’ service or emailing email@example.com. We may need proof of your identity.
The right to have your data corrected
You have the right to have your data corrected if it is wrong or incomplete.
We will do our best to make sure your personal data is accurate and up to date. However, we rely on you to check that some of the information we hold about you is accurate and up to date. Please let us know about any changes to your information (for example, by visiting a branch, calling Savings Customer Services on 01633 844 340 or Mortgage Customer Services on 01633 844 370, sending us a secure message using our ‘My Accounts’ service, so that we can update our records).
The right to have your data deleted (the ‘right to be forgotten’)
You have the right to request that your personal data is deleted where there is no reason for the Society to continue processing it. This depends on the legal basis under which the Society holds your data. In general, information we hold with your consent will be erased on your request, but information we hold under other legal grounds will be kept by the Society for the retention period in line with our Retention Schedule.
The right to limit how we use your data
You have the right to request that we limit the way in which we use your data if you are concerned with the accuracy of the data or how it is being used. If necessary, you can stop us from deleting your data.
The right to object
You have the right to object to us using your personal data at any time. This means that you can stop or prevent us from using your data. However, it only applies in certain circumstances, if the law allows us to continue using your data, we may do so.
If we use your data on the basis of consent you can withdraw this at any time by:
The rights relating to decisions made without human involvement
This right allows individuals to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention. The Society undertakes such processes in respect of mortgage applications and if they would result in your application being declined, we will explain that you have the right to obtain human intervention and an explanation of the decision. We also used this process for the monitoring of transactions.
The right to data portability
This allows individuals to request a copy of their personal data that is held in our IT system, in a machine readable format, for reuse in another IT system. This right applies to information that is being processed based on consent or for performance of a contract.
If you wish to exercise any of these rights against the Credit Reference Agencies, the Fraud Prevention Agencies, or a broker or other intermediary, you should contact them separately.
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This minimises the personal data we use and helps prevent against a data breach.
We have mentioned that we share your personal information with Fraud Prevention Agencies and Credit Reference Agencies. If you require any information on the agencies, we use please contact us by calling Savings Customer Services on 01633 844 340 or Mortgage Customer Services on 01633 844 370, sending us a secure message using our ‘My Accounts’ service or emailing firstname.lastname@example.org. and we will provide you with the relevant details.
We will review our privacy notice regularly and post any updates on this web page. This privacy notice was last updated in December 2021.
If you are unhappy with how we are using your personal information, or you want to complain about how we have handled a request, please raise your concerns with us using the contact details above. You also have the right to complain to the Information Commissioner’s Office which enforces data protection laws:
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The meaning of some terms that we use in this privacy notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, using a computer based and automated system without a person being involved in making that decision (at least first time around).
Profiling means any form of automated processing of your personal information to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Process or processing includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying, transferring it overseas.
Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights and freedoms. Those laws call this the legitimate interests legal ground for personal data processing.
Consent if we want to use this as the basis for using your data, we need to ask you for permission. We will ask you in a way that can be clearly understood, explains exactly what we will do, and is separate from our other terms and conditions. We will give you a free choice about whether to consent and make you aware that you can take away your consent at any time.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
To disable the storage of cookies and remove any that have already been set, please click this link:
Remove & Disable Cookies.
For more information about cookies visit www.allaboutcookies.org or www.aboutcookies.org
Please see the table below for a full explanation on the cookies we use and why.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. We use the information to compile reports and to help us improve the site.
_utma - expires 24 months - Persistent cookie used to track of the number of times a visitor has been to the site.
|My Accounts||ASP.NET_SessionId||To identify that we are dealing with the same user from one request to another. This Session cookie is required for My Accounts to work.
The cookie is stored in the memory and destroyed when the browser is closed.