Privacy PoIicy
We, (Monmouthshire Building Society) take your privacy very seriously and always treat your personal data with the greatest care. Holding it safely and securely.
Legally, we must explain how we look after, use, or share your personal data which is in this Notice.
We are the “Data Controller” as we decide how and why we use your personal data.
When we say “we,” “us” and “our”, we mean Monmouthshire Building Society.
If you are unsure of anything in this Notice or have any questions, please get in touch.
Our Customer Privacy Notice describes how we deal with your personal information and is detailed below. Alternatively, this is available from any of our Branch or Agency offices.
We need to collect data about you to
- open and run your savings or mortgage account.
- provide you with our services.
- contact you about our other products, services, promotions, offers or events that we think may be of interest to you (but, only if this is what you want).
- refer you to trusted organisations to provide other services (if you have given us permission to do this).
We collect your personal data in several ways. The amount and type of data we collect depends on the products you have with us or are applying for. We will only collect the data we need, and we do this in the following ways:
| From you, when you; | From; |
|
- open a savings account. - apply for a mortgage. - update your information. - make an enquiry. - contact us. - enter a competition. - complete a survey. - supply us with additional information. - are an executor/administrator of a Will for a deceased customer. - receive monies from the account of a deceased customer. |
- someone who is applying for a mortgage or savings account with you (with your agreement). - Mortgage broker or other intermediary. - Fraud Prevention Agencies. - Credit Reference Agencies. - Third parties, with your permission e.g., employer/accountant. - HMRC, DWP and the Land Registry - Public available information e.g., voter roll. - Debt recovery, IVA/Bankruptcy and/or tracing agents. - Organisations to assist in prevention and detection of crime. - Power of Attorney/Court of Protection documentation for you/ your attorneys/deputies when registered. |
The data we collect depends upon the products you have or wish to have with us and can include:
- Name (current & previous).
- Address (current & previous).
- Contact Details (telephone number/ email address/ social media names/IP address.
- Date of Birth.
- Marital Status.
- Identifier & Account Numbers.
- Passport/Driving licence Numbers.
- Bank Details.
- Payment Details (Debit/credit card).
- Credit and Debt information.
- Employment Details/Salary information.
- Insurance policy details.
- Pension Details.
- Mortgage Details (Existing/new).
- Benefit details.
- Individual voluntary Agreement/Bankruptcy details.
- Tax residency.
- Fraud Prevention Agency information.
We may collect special categories of personal data including:
- Health/medical history
- Criminal offence data
Under Data Protection law, we can only use your personal data if we have a ‘legal basis’ (genuine legal reason) for doing so.
The table below explains each legal basis we rely on to use your personal data.
We will always have an appropriate legal basis to use your data.
|
Consent You give us permission to use your personal data which offers you choice and control over what we know. Explicit consent – you must give permission specifying the type of data we collect and how we use it. |
- Using special category personal data e.g., health or, criminal convictions (with explicit consent to help us understand your circumstances and provide support where needed). - Sharing data with a third party you request. - Marketing our products and services to existing customers and potential customers aged over 18 only. - Marketing other companies’ products and services to our existing and potential customers. - Taking and publishing photographs for competitions, events and sponsorship. |
|
Contract To provide you with our products or services |
- Setting up and running your savings or mortgage account/s. |
|
Legal Obligation To use your data in line with the law |
- Carry out identity and anti-money laundering checks. - Preventing fraud and money-laundering. - Prevention, detection, and investigation of crime. - Deal with requests from you to exercise your rights. - Provide data to Regulatory Bodies, HM Government, and overseas tax authorities e.g. amount of interest paid on your savings accounts. |
|
Legitimate Interests Where we use your data in a way that you would expect |
- Sharing data with trusted third parties including - someone who has legal control of your affairs. - providers of services to us e.g., IT maintenance. - legal and professional advisers. - Carry out searches with credit reference agencies. - When your savings or mortgage product ends. - Dealing with complaints. - Monitoring transactions in order to meet our legal obligations. - Internal reporting and administration for our Annual General Meeting. - Analysis and developing statistics. - Test and monitor the performance of our products, services, and processes. - Use of CCTV on our premises. - Prevention, detection, and investigation of crime. |
We can’t provide mortgages or savings products and services or process your application without your personal data. If we already hold some of the personal data that we need, for instance if you are already a customer, we may not need to collect it again. If providing personal data is optional, we’ll let you know.
To provide you with our products and services and comply with the law, we sometimes need to share your personal data with other trusted organisations.
Whenever we share your data, we require organisations to protect your personal data and to treat it in accordance with the law.
Some of the organisations we share your personal data with (such as IT service providers that support our business) will act as “Processors.” Processors are only allowed to use your personal data in line with our instructions.
We also need to share your personal data with other people and organisations who act as “Controllers.” This means they need to decide how to lawfully use your personal data.
Examples of Controllers are Credit Reference and Fraud Prevention Agencies (see below), Individual Voluntary Agreement/Bankruptcy administrators, insurance companies, tax authorities, financial regulators, and law enforcement agencies. As Controllers, these organisations have their own privacy notices which will affect how they manage your personal data.
We may also need to share your personal data with organisations if we sell, transfer, or merge parts of our business. If this happens, there won’t be any changes to how your personal data is used.
Fraud Prevention Agencies
Before we can open a mortgage or savings product for you, we must prove your identity and make checks with fraud prevention agencies. We do this to prevent fraud and money laundering. We need to use your personal data to do this.
We, and Fraud Prevention Agencies, may allow law enforcement agencies e.g., the Police and HMRC, to access and use your personal data to detect, investigate and prevent crime. Fraud Prevention Agencies can hold your personal data for different periods of time. If you’re considered to be a fraud or money laundering risk, your data can be held for up to six years.
You can get the details of the Fraud Prevention Agencies we use by getting in touch.
Consequences of processing
If we, or a Fraud Prevention Agency, decide you are a fraud or money laundering risk, we may refuse to provide you with our products or services, including any accounts you may already have with us. A record of any fraud or money laundering risk is kept by the Fraud Prevention Agencies and may result in other organisations refusing to provide services, finance, or employment to you.
If you have any questions about this, please get in touch.
Credit Reference Agencies
To process a mortgage application, we carry out credit and identity checks on you with one or more Credit Reference Agencies (CRAs). If you already have a mortgage with us, we may carry out searches with CRAs to run your account. To do this, we will supply your personal data to CRAs, and they will give us additional data about you. This will include data from your credit record about your financial situation and history. CRAs will also supply us with public (including the electoral register), shared credit, and fraud prevention data.
We will use this data to:
• Assess if you can afford to take out the mortgage.
• Verify the accuracy of the data you have provided.
• Prevent criminal activity, fraud, and money laundering.
• Manage your account(s).
• Trace and recover debts.
• Ensure any mortgage offer provided to you is appropriate.
We will continue to exchange your personal data and account information with CRAs while you are a customer. We also inform the CRAs when you pay off your mortgage. If you borrow money and do not repay it in full and on time, CRAs will record the outstanding debt amount. CRAs may supply this information to other organisations.
When CRAs receive a search request from us, they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial partner, we will link your records together. This means you should discuss this with them and share the information in this section with them before making an application. CRAs will also link your records together. These links will remain on your and their files until you or your partner successfully requests the CRAs to break that link.
Credit Reference Agency Information Notice (CRAIN)
Please note that the Society is not responsible for external links.
We are based in the UK but sometimes your personal data may be transferred outside the UK.
Where we use organisations that operate outside the UK, if your personal data is processed within the European Union (EU), it is protected by the EU General Data Protection Regulation (EU GDPR).
Some countries outside the EU also have protection for personal data under EU GDPR. We will make sure your personal data is safe before we transfer it to countries outside the EU which do not have suitable protection under laws that apply to us or the EU.
Safeguards include the company receiving your personal data to protect it to the standard required in the UK. Safeguards may also include the receiving company subscribing to ‘international frameworks’ to enable secure data sharing.
You have the following rights in relation to your personal data.
- The right to be informed.
We will be clear about how we collect and use your personal data when we get it from you (for example, when you open an account or apply for a service) and through this Privacy Notice.
- The right to access your personal data.
You have the right to access and get a copy of the personal data we hold about you.
- The right to have your personal data corrected.
You have the right to have your data corrected if it is wrong or incomplete.
We will do our best to make sure your personal data is accurate and up to date. However, we rely on you to help us with this.
- The right to have your data deleted (the ‘right to be forgotten’).
You have the right to ask that your personal data is deleted where there is no reason for us to continue using it. Data we hold with your consent will be deleted when requested. Data we hold under other legal basis (see Section 5) will be kept for the period in our Retention Schedule.
- The right to limit how we use your data.
You have the right to ask that we limit the way we use your data if you are worried about its accuracy or how it is being used. If necessary, you can stop us from deleting your data.
- The right to object.
You have the right to ask us to stop using your personal data at any time. However, this only applies in certain circumstances. If the law allows us to continue using your data, we may do so.
- The rights relating to decisions made without human involvement.
This right allows you to request human input or challenge a decision that has been made in this way. (See section 15 for more details).
- The right to data portability.
This allows you to ask for your personal data held in our IT system, to reuse in another organisations IT system.
Please get in touch so we can update your records.
We only keep your personal data for as long as we need to use it. This will depend on the product or service you have. There are legal requirements for us to keep your data for a certain length of time.
We aim to keep your personal data for up to 15 years after your last account, product or service has closed or ended or 6 years if you are a savings only customer.
We may keep your data longer if we cannot delete it for any technical reasons. More information is available in the table below.
Some information may not be kept for the life of your account e.g. call recordings and paper savings application forms.
|
Your relationship with The Society |
|
| You are interested in taking out an account | Your personal data will be kept between 3 months and 6 years depending upon your contact method and type of query you have made to the Society. |
| You are a customer | Your personal data will be held for as long as you are a customer. |
| You are no longer a customer | Currently your personal data on our customer specific computer systems will be held forever. Once technical issues are resolved this will held like all other personal data for a maximum of 15 years after your last account is closed or 6 years for savings only customers. |
If you are a customer, you may receive marketing information from us about our products or services. However, you will only receive this if you are happy to receive it and have opted in. If you have not opted in, we will not contact you in this way.
You can change your decision and opt out at any time, just get in touch.
If you are not yet a customer but have given us your details and opted in to receive marketing information from us, we will provide you with this information until you choose to opt out. You can change your decision and opt out at any time, just get in touch.
We may also like to provide you with other trusted companies’ marketing information, but before we can, you must be happy to receive this and opt in.
Yes.
We listen to, record, view, and keep records of calls, emails, social media messages, visits to our branches or agencies, face to face meetings and other communications.
We monitor to:
• Comply with the law and regulatory rules.
• Prevent or detect crime.
• Protect the security of our communications systems and procedures.
• To have a record of what we have discussed with you.
• Use for quality control and staff training purposes.
• Check for rude or offensive content.
This section is relevant where we make decisions about you without any human involvement.
We do this when:
- Assessing affordability for mortgages.
- Monitoring transactions.
- Deciding what marketing communications are suitable for you (if applicable).
- Analysing statistics (including understanding the type of customers we have).
- Assessing lending and insurance risks.
Your personal data may be turned into a collection of data which cannot be used to identify you. It can then be used to produce statistical research and reports. This minimises the personal data we use.
We review our privacy notice regularly. This privacy notice was last updated in April 2025.
You can contact us in any of the following ways:
In person: Visit one of our branches or agencies.
By phone: Savings Customer Services 01633 844 340 or Mortgage Customer Services on 01633 844 370.
By secure message: Using our ‘My Accounts’ service.
Email: dataprotection@monbs.com or to exercise your rights, datarights@monbs.com
In writing: Monmouthshire Building Society, Monmouthshire House, John Frost Square, Newport, NP20 1PX.
If you are unhappy with how we use your personal data or want to complain about how we have handled a request, please get in touch.
You also have the right to complain to the Information Commissioner’s Office which enforces data protection laws:
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The meaning of some terms that we use in this privacy notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, without a person being involved.
Profiling means any form of processing without human involvement of your personal data to understand your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Process or processing includes everything we do with your personal data from its collection, right through to its destruction or deletion when we no longer need it. This includes collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying or if applicable transferring it overseas.
Our Children’s Privacy Policy details how we apply these same rights to children.
Website Access
By continuing to use this site you are considered as understanding and agreeing to the contents of this policy. Any information submitted to the Society via this website will be held and processed in line with our Privacy Policy.
Links within this website to external websites are not covered by our Privacy Policy. You should review the privacy policies of any third party websites you visit.
