Data Protection Notice
Personal data is information which directly or indirectly identifies you. We at Investec Bank plc are committed to processing your personal data in accordance with UK data protection laws. For the purposes of UK data protection laws, Investec Bank plc is the data controller. It may be necessary for you to give us personal data so that we can provide you with the requested products and services, fulfil any contractual relationship with you, as a result of applicable laws, regulations and/or codes of practice and for the other purposes as set out in this notice where in our legitimate interests.
Collecting your personal data
We may collect your personal data in a number of ways, including from:
- you, for example, when you:
- apply for and use our products and services
- call us, we will monitor and/or record your telephone calls
- enter into any agreement with us
- contact and interact with us
- ask us to contact you
- attend events, participate in surveys, prize draws or competitions
- someone else for example, if a person applies for a joint account with you they may share your personal data with us or if you are a stakeholder in or manager of a business, and the business applies for products or services or enters into an agreement or interacts with us, we may obtain personal data about you to carry out checks against the business
- third parties such as credit reference agencies, fraud prevention agencies, financial advisors, introducers
- public sources for example, Companies House
- you, for example, when you:
What personal data we collect
Types of information we may collect includes:
Type of information Examples of information Personal details
- date of birth
- contact details
- tax details
- employment details
- regulatory history (where applicable)
- income and outgoings
- assets and liabilities
- bank details
- account information and history
- account activity
- credit history and information (where applicable)
- shareholdings (where applicable)
Information we have from our dealings with you or from anyone acting on your behalf
- recordings of telephone calls with us
- records of our interactions/correspondence with you
- details of your transactions
Sensitive personal data (we will only collect this with your explicit consent or where the processing is specifically authorised by a regulatory body or required by law)
- biometric data, such as voice or fingerprint information
If you give us information about somebody else
You must make sure that if you give us personal data about someone else, you have their consent and they are happy for you to share their personal data with us. You should make sure they read this Data Protection Notice and understand how we will use and disclose their information, in the ways described in this Data Protection Notice.
Where you give us information about someone else, we will assume you have their consent. However, we may still ask them to confirm they have consented.
Where you give us information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal data.
How we will use your personal data
We will use your personal data for the following reasons:
- to verify your identity
- to verify the accuracy of the data you have provided to us
- provide products and/or services requested by you
- to manage your accounts
- to manage any contractual relationship with you
- to make credit decisions (where applicable)
- to trace and recover debts
- to detect and prevent fraud and money laundering
- to administer surveys, prize draws or competitions
- to manage events
- analysis and market research, for example, to identify trends in the use of our products and services so that we can:
- improve the products and services we provide to you
- improve our business
- keep you up to date with our products and services
- to comply with applicable laws, regulations and/or codes of practice
How we will use your personal data to make automated decisions
Detecting and preventing fraud
We use real time fraud detection systems to help us to identify whether your account may be being used fraudulently. These systems make automated decisions for us and take account of information such as fraud patterns. Your personal data may be used to make these decisions. For example, fraudulent activity may be suspected where there is unusual activity on your account. If we suspect a risk of fraud, we may stop any activity on the account, for example, we may stop a card payment by declining it, or refuse access to the account. You have the right to object to an automated decision, and ask for someone to review the decision.
How we will disclose your personal data
We may disclose certain personal data as follows:
- to other affiliates in the Investec Group. Investec Group consists of Investec Bank plc (a company registered in the UK) and Investec Limited (a company registered in South Africa) and any of their direct or indirect subsidiaries and/or holding companies.
- to our professional advisors, receivers and administrators (where applicable), and service providers (including for example, information technology systems providers) who may help us provide products or services
- to courts, governmental and non-governmental agencies, regulators and ombudsmen
- law enforcement agencies
- relevant tax authorities
- to any relevant third party in the course of an acquisition, sale, transfer, reorganisation or merger of parts of our business or our assets
- as required or permitted by law or regulation, where we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property, or safety of the Investec Group, our clients, or others
- where you have been introduced to us by an introducer (e.g. an independent financial adviser), unless you have told us not to, we will inform the introducer of the outcome of the enquiry including whether we have agreed to provide you with the relevant product or service
- to credit reference agencies (CRAs). See CRA section below
- to fraud prevention agencies (FPAs). See FPA section below.
You may also ask us for details of the CRAs and FPAs we have used for your searches. If there are any errors in the information we hold about you, please tell us so we can correct the information we hold about you.
Credit Reference Agencies (CRAs)
In order to process your application, we will perform credit checks (where applicable) and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history (where applicable). CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- assess your creditworthiness and whether you can afford to take the product (where applicable);
- verify the accuracy of the data you have provided to us;
- prevent criminal activity, fraud and money laundering;
- manage your account(s);
- trace and recover debts; and
- ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – clicking on any of these three links will take you to the Credit Reference Agency Information Notice (CRAIN document):
Call credit www.callcredit.co.uk/crain
Fraud Prevention Agencies
FPAs use your personal data to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be viewed at https://www.investec.com/en_gb/legal/UK/fraud-prevention-notice.html
Transfer of Personal Data Outside the United Kingdom (“UK”)
We may transfer your personal data to recipients who may carry out services on our behalf (including affiliates in the Investec Group) located in countries outside of the UK, including in South Africa. If we transfer your personal data to a country where the data privacy laws are not equivalent to those in the UK, we will take all necessary steps to protect your personal data in accordance with applicable data privacy laws.
You have the right to:
- request access to and rectification or erasure of your personal data
- obtain restriction of processing or to object to processing of your personal data
- data portability (i.e. to request the transfer of personal data from one data controller to another in certain circumstances).
If you wish to exercise any of these rights you should contact the Data Protection Officer as described below. You also have the right to lodge a complaint about the processing of your personal data with your local data protection authority.
We may contact you periodically to provide information regarding events, products, services and content that may be of interest to you and to invite you to participate in market research. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent.
If you wish to stop receiving marketing or market research communications from Investec Bank plc you can click on the unsubscribe link in the marketing communication or contact the Data Protection Officer as described below.
Security and Data Retention
We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held. Subject at all times to applicable laws, we will retain your personal data for a period up to 7 years from the end of the relationship.
Changes to this Data Protection Notice
We may revise or supplement our Data Protection Notice from time to time to reflect for example, any changes in our business, law, markets, the introduction of any new technology. We will publish the updated Data Protection Notice on our website at www.investec.com/en_gb/legal/UK/data-protection-notice/private-bank.html.
Enquiries, Requests or Concerns
All enquiries, requests or concerns regarding this Notice or relating to the processing of personal data, should be sent to the Data Protection Officer at Investec Bank plc, 30 Gresham Street, London, EC2V 7QP or by email to [email protected].