1. Who we are:
Our principal address is 9 Portman Street, London, W1H 6DZ, UK and our contact details can be located at https://hblbankuk.com/.
We are committed to protecting your Personal Information from unauthorised access, use and disclosure.
3. What is Personal Information?
When we refer to “Personal Information” we mean information about a living individual who can be identified from that information (either by itself or when it is combined with other information).
Personal Information may include (by way of example only):
• basic personal information including name, address, date of birth and contact details;
• financial information including account and transactional information and history;
• information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
• information about your financial circumstances including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
• education and employment information;
• services provided;
• visual images and personal appearance (such as copies of passports or CCTV images); and
• online profile based on your interaction with us, our websites and applications, including for example, your banking profile and login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns.
4. The information we process:
We use the Personal Information that we collect from you to process requests or orders, identify personal preferences and match your needs with relevant products and services.
We may also process certain special categories of information such as the country where you are resident for tax purposes, source of wealth, source of income etc. for specific and limited purposes, such as detecting and preventing unlawful activities or to make our services accessible to customers. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so due to regulatory guidance, or to comply with obligations not to facilitate tax evasion and to prevent other criminal activities.
Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect criminal activities and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may involve investigating and gathering information on suspected financial crimes, fraud and sharing data with law enforcement and regulatory bodies.
5. Where do we get our information from?
Your Personal Information is made up of all the financial and personal information we collect and hold about you/ your business and information about the proprietors, officials, directors and beneficial owners of that business, and your transactions. It includes:
• information you give to us;
• information that we receive from third parties including third parties who provide services to you or us, and credit reference, fraud prevention or government agencies, and other banks (where permitted by law);
• information that we learn about you through our relationship with you and the way you operate your accounts and/ or services, such as the payments made to and from your accounts;
• information that we gather from the technology which you use to access our services (for example location data from your mobile phone, or an IP address or telephone number) and how you use it (for example pattern recognition); and
• information that we gather from publicly available sources such as the press, the electoral register, company registers and online search engines.
By providing you with products or services, we are legally required to create records that contain your information, such as customer account records, activity records, tax records, lending and credit account records, information that we gather from technology which you use to access our services (for example IP address, location data from your phone), and information we gather from public sources such as the press, the electoral register, company register and online search engines. Records can be held on a variety of media (physical or electronic) and in different formats. We manage our records to help us to serve our customers better and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to archive as evidence of our business activities in the event of future disputes that require the bank to provide transactional and other information to the courts.
6. Changes to the way we use your Personal Information:
From time to time we may change the way we use your Personal Information. Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
7. How we use and share Personal Information with others in the Habib Bank Limited group companies (“HBL Group companies”):
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. Your information may be shared with and processed by other HBL Group companies.
8. Sharing with third parties:
We will not share your information with anyone outside HBL Group companies except:
• where we have your permission;
• where required for your product or service requested by you;
• where we are required by law and/or by law enforcement agencies, courts and judicial authorities, government entities, tax authorities or regulatory bodies around the world;
• with other banks and third parties where required by law to help recover funds that have been credited to your account in error by such a third party;
• with third parties providing services to us, such as correspondent banks processing payments, and agents and sub-contractors acting on our behalf, such as the companies who provide us cheque book and statement printing services, debit card processing services etc ;
• with other banks to facilitate investigations where you are a victim of suspected fraud and you have agreed for us to do so, or where we suspect funds have been credited to your account as a result of a financial crime;
• with debt collection agencies;
• with credit reference and fraud prevention agencies;
• with third-party guarantors or other companies that provide you with benefits or services (such as
insurance cover) associated with your product or service;
• where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal
or other transaction relating to our business and/or assets held by our business;
• in anonymised form as part of aggregated data for statistical or reporting purposes; or
• where permitted by law, it is necessary for the protection of our legitimate interests or those of a third party.
If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third-party provider to provide you with account information or payment services, you are allowing that third party to access information relating to your account. We are not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
If any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
9. Transferring information outside the UK:
The data we collect from you may be transferred to and stored with organisations (including other HBL Group companies), third party suppliers and agents at a destination(s) outside the European Economic Area.
If we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
• the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately; and/or
• we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure your information is adequately protected.
10. Marketing information:
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting your branch or calling us.
11. Communications about your account:
We will contact you with information relevant to the operation and maintenance of your account (including updated information about how we process your Personal Information), by a variety of means including via email, text message, post and/or telephone.
If at any point in the future you change your contact details you should tell us promptly about those changes.
We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for purposes such as contractual necessity, legal obligations and/or the legitimate interest of the bank.
12. Credit reference and fraud prevention organisation:
We may access and use information from credit reference and fraud prevention agencies and share information with them when you open your account and periodically, for example, to:
• manage and take decisions about your accounts, including assessing your creditworthiness and checks to avoid customers becoming over-indebted;
• prevent criminal activity, fraud and money laundering;
• check your identity and verify the accuracy of the information you provide to us; and
• trace debtors and recover debts.
If you would like a copy of your information held by the credit reference and fraud prevention agencies we use (for details contact our Data Protection Officer, via email at [email protected]) or if you want further details of how your information will be used by the credit reference agencies, please visit their websites or contact them directly.
13. How long do we keep your Personal Information – Retention periods:
Retention periods for records are determined by the type of record, the nature of the activity, product or service and the applicable local legal or regulatory requirements.
We normally keep customer account records for up to six years after your relationship with the bank ends, whilst other records are retained for shorter periods, for example CCTV records and call recordings may be kept for shorter durations. Retention periods may be changed from time to time based on business or legal and regulatory requirements. For specific retention periods please contact us via email at [email protected] and we would be happy to provide details specific to your needs.
We may by exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that the bank will be able to produce records as evidence, if they are needed.
14. Your rights:
We want to make sure you are aware of your rights as it relates to your Personal Information that we process and have described these rights briefly below for your convenience.
Please note in some cases, if you do not agree to the way we process your Personal Information, it may not be possible to operate your account or to offer a product or service that requires processing of that information.
If you wish to exercise any of these rights, if you have any queries about how we use your Personal Information that are not answered here, or if you wish to complain to our Data Protection Officer, please contact us via email at [email protected] or at our Call Centre number 03448094258.
You have rights under data protection laws that relate to the way we process your Personal Information. More information about this can be found on the Information Commissioners website.
The right to get access to the Personal Information we hold about you. If you would like a copy of the Personal Information we hold about you, please write to: HBL Bank UK Ltd, Data Protection Officer, Subject Access Requests, 9 Portman Street, London, W1H 6DZ, UK.
In the case of joint account holders then the letter must be signed by all joint account holders authorising release of requested information along with valid proof of ID. Also, please provide as much relevant information as possible to help us locate the specific information that is required.
The right to correct/rectify inaccurate Personal Information and to update incomplete Personal Information. If you believe that any of the information that we hold about you is inaccurate, you have a right to request or restrict the processing of that information and to rectify the inaccurate Personal Information. Please note that if you request us to restrict processing your Personal Information then we may have to suspend the operation of your account and/or products and services we provide to you.
The right to request that we delete your Personal Information. You may request that we delete your Personal Information if you believe that we no longer need to process your information for the purpose it was provided or you have withdrawn your consent or we are not using it in a lawful way (subject to the Bank not having a legal obligation or statutory or legal obligations to retain that information for a certain period of time). Please note that if you request us to delete your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
The right to request us to restrict the processing of your Personal Information. You may request us to restrict processing your Personal Information if you believe that any information we hold may be inaccurate, or we no longer need to process your information for the purposes for which it was provided or we are not using your information in a lawful manner. Please note that if you request us to restrict processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
Where we have requested your permission to process your Personal Information or you have provided us with information for the purposes of entering into a contract with us, you have a right to receive the Personal Information you provided to us in a portable format where it is technically feasible. For example, you may request us to provide it directly to a third party aggregator, if technically feasible. We are not responsible for any such third party’s use of your account information, and any breach of confidentiality, or misuse of this information for identity theft, which will be at your own risk and responsibility, and will be governed by their agreement with you and any privacy statement they provide to you.
You have a right to object to us processing your Personal Information (and to request us to restrict processing) unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests or where we need to process your information to investigate potential fraud, illicit or unlawful activities, including but not restricted to money laundering, sanctions screening, tax evasion, preventing financing of terrorism and to protect the Bank or others from legal claims. Depending on the circumstances, we may need to restrict or cease processing your Personal Information altogether or, where requested, delete your information. Please note that if you object to us processing your information, we may have to suspend the operation of your account and/or the products and services we provide to you.
You have a right to object at any time to processing of your Personal Information for direct marketing purposes, including profiling you for the purposes of direct marketing. You have a right to withdraw your consent. Where we rely on your permission to process your Personal Information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
h) Withdraw consent
Where we rely on your permission to process your Personal Information, you have a right to withdraw your consent at any time. We will always make it clear where we need your permission to undertake specific processing activities.
15. Questions and Making a complaint:
If you have any concerns about the way we process your Personal Information or are not happy with the way we have dealt with any request from you then you may contact our Data Protection Officer via email at [email protected] who will investigate the matter. We hope we can address any concerns that you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit https://ico.org.uk/
We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf at all times. We employ a variety of means to ensure this including but not restricted to data encryption, access control, multi factor authentication, and periodic destruction of data that is no longer required for the purpose for which it was originally collected.
A cookie is a piece of information that is deposited by our computer server when you visit our website, which is stored on your computer’s hard drive by your web browser. On revisiting this website, our computer server will recognise the cookies, giving us information about your last visit. Most browsers accept cookies automatically, but usually you can alter the settings of your browser to prevent automatic acceptance. If you choose not to receive cookies, you may still use most of the features of our website, but our computer server will not necessarily recognise you and your experience will not be personalised. This may mean you need to re-enter certain details even if you have already done so before.
HBL Bank UK Limited
(trading as HBL Bank UK)
Authorised by the Prudential Regulation Authority (PRA) and
regulated by the Financial Conduct Authority (FCA) and Prudential Regulation Authority
Registered in England and Wales – 01719649
Registered Office – 9 Portman Street, London, W1H 6DZ, UK