This privacy policy sets out how will look after your personal information. We know how important this is to you, so we have described how we will use your personal information as clearly as possible so that you can decide whether you want to give your personal information to us, so that we can give you the products and services that you want.

In this Privacy Policy “we” or “us” refers to “You” refers to anyone whose personal data we hold.

We may hold information about you even if we do not purchase a product the first time that you visit us, and we will continue to keep data about you after your account is closed. We will not hold information that is excessive, or where there is no reason to continue to hold the information.

We will keep your personal data confidential and secure and give it to others only for the purposes explained in this Privacy Policy.

All our employees are personally responsible for keeping your personal information confidential. We provide training to all employees to remind them about their obligations.

We may change this Privacy Policy from time to time and we will put any updates on our website.

Where we obtain your information

We get information about you from a number of sources. For example, information that:

  • you give us when you register with us
  • you give to us in emails, letters, during phone calls, when registering for services or in any other way; we may keep any phone number you call us from and details about the IP address, operating system and browser that you use
  • you give when you participate in customer surveys, promotions or competitions
  • we already hold about you
  • we receive when making a decision about your account, including information we receive from enquiries and searches made at credit reference and fraud prevention agencies, from our business partners, from publicly available sources, or anyone else who is allowed to give us information about you
  • we have about your account with us including details of transactions and payments
  • from insurers or other firms who provide services to you

Information we hold

We are the data controller and we will hold and use the following personal information about you, the retailer may also hold this information:

  • personal information such as your name, address, phone numbers, email address, date of birth, employment, banking and financial details
  • demographic and lifestyle information
  • details of your accounts and any products you have and how you use them
  • details of when we contact you and when you contact us
  • details of any authorised users on your account
  • information we receive when making a decision about you, which may include information about other credit products that you have
  • details of other services you have through us or insurance

We may also hold any other information we reasonably need to operate your account, make decisions about you, or fulfil our regulatory obligations.

We may keep details of any phone number that you call us from and use it to contact you.

When we are managing your account we may be given sensitive information, such as information about your health or medical information, which we may hold and process to provide you with the services that you require.

Information we disclose

We will keep your information confidential and only share it with others for the purposes explained below and elsewhere in this policy. We have trusted relationships with carefully selected third parties who carry out services on our behalf. All these third parties have a contract with us and have agreed to keep your personal information confidential and secure, only using it for the purposes that we allow.

We may share information about you with the following people and organisations to:

Operate your account and provide services

  • Any person working for
  • Any firm, organisation or person that we use to help us to operate our business, to provide services, to collect payments and to recover debts
  • Any firm, organisation or person together with whom we provide products and services
  • Any payment system we may use
  • Any firm that provides analytical, market research or similar services to us
  • Any insurers with whom you have any policy related to your credit card

Manage your account

  • Any person who has told us that they are, and who we reasonably believe to be, your close relative, carer or helper, where you are unable to handle your own affairs because of mental capacity, ill health or other similar issues
  • Any additional cardholder on your account

Prevent crime and terrorism

  • Certain authorities in order to detect and prevent terrorism (including authorities outside the UK)
  • Regulators, including the OFT and the FCA, ombudsmen and other authorities including tax authorities (including those overseas), where we are requested by them to do so

Credit Reference Agencies and Insurance

  • Credit reference agencies and fraud prevention agencies or any similar
  • We will exchange information about you and your Account with the insurer who provides the product that you have chosen, so that they may administer your policy

Business Transfers

  • We may in the future wish to sell, transfer or merge part or all of our business or assets, or any associated rights or interests, or to acquire another business. If we do so, we may disclose your personal information to a potential buyer, transferee, merger partner or seller and their advisers with whom we are in talks, so long as they agree to keep your information confidential and to use it only in relation to possible transactions. If the transaction goes ahead, the purchaser, transferee or merger partner may use your personal information in the same way as set out in this notice
  • We may sell your debt to a third party, but if we do, we will require them to keep your personal information secure

How we use your information

We will use your information to:

  • search Credit Reference Agencies and Fraud Prevention Agencies
  • make, or assist in making, credit decisions about you, assess lending risks and to check the details that you have let us and others have
  • operate and manage your account and manage any application, agreement or correspondence you may have with us and to conduct financial reviews
  • perform other administrative and operational purposes including the testing of systems
  • monitor and analyse our business, including to carry out customer modelling and statistical, trend and transactional analysis
  • form a view of you as an individual and to identify, develop or improve products that may be of interest to you and to carry out market research
  • provide you with products and services and tell you about changes to these products and services
  • contact you by email, SMS, post or phone or in any other way about our products and services unless you tell us that you prefer not to receive marketing
  • carry out audits
  • trace your whereabouts
  • recover any debt you owe us
  • provide information to independent external bodies such as government departments and agencies, universities and similar to carry out research
  • comply with our regulatory obligations and to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes

Your data may also be used for other purposes for which you give your permission, or where we are permitted to do so by law, or it is in the public interest to disclose the information, or is otherwise permitted under the terms of the Data Protection Act 1998.


We know how important it is to keep your personal information secure. We protect that information using strong encryption when data is both being transferred and when at rest. Access to data is strictly controlled. We use firewalls and other security measures to protect our servers and networks from external attack. Our security systems meet or exceed industry standards.


Protecting and managing your online privacy is committed to protecting you and any data (anonymous or otherwise that we collect about you online). This section tells you how we use cookies, why, and how this allows us to improve our service. It also tells you how you can manage the cookies stored on your device. We call it our “Cookies Policy”.

By using our websites (through any device) you agree that this Cookies Policy applies in addition to any other terms and conditions.

We reserve the right to make changes to our Cookies Policy. Any such changes shall appear here and become effective immediately. Your continued use of our websites is taken as meaning that you agree to any such changes.

What is a cookie?

Cookies are files containing small amounts of information which are downloaded to the device you use whenever you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience.

There are different types of cookies. They all work in the same way but have minor differences:

Session cookies

Session cookies last only for the duration of your visit and are deleted when you close your browser. These facilitate various tasks, such as allowing a website to identify that a user of a particular device is navigating from page to page, for supporting website security, or basic functionality.

Many of the cookies we use are session cookies. For example, they help us to ensure the security of your Online Account Manager servicing session and can also keep you signed in while you move between pages or service your account.

Our session cookies used for security are designed to be very difficult to read, change, access or use except by us when you have an active Internet Banking session. They contain no personal information that can be used to identify an individual. Their names typically start with the letters IB e.g. IBSESSION, IBCOOKIE01, IBCOOKIE02.

Persistent cookies

Persistent cookies last after you have closed your browser and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites to provide targeted advertising based upon the browsing history of the device. uses persistent cookies in a few ways, for example, to remember your username for log in so you don’t have to (cookie named IBUserID). We also use persistent cookies to allow us to analyse customer visits to our site, for example our cookie named WT_fpc. These cookies help us to understand how customers arrive at and use our site, so we can improve the Internet Banking service.

First and third party cookies

Whether a cookie is a first or third party cookie depends on which website the cookie comes from. First party cookies are those set by, or on behalf of, the website visited. All other cookies are third party cookies. We use both first party and third party cookies.

Strictly necessary cookies

These cookies are essential in order to enable you to move around the website, use its features and ensure the security of your online banking experience. Without these cookies, services you have asked for, such as applying for products and managing your accounts, cannot be provided. These cookies don’t gather information about you for the purposes of marketing.

Performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor, although they may collect the IP address of the device used to access the site. All information these cookies collect is anonymous and is only used to improve how a website works, the user experience and to optimise advertising.

By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.

Functionality cookies

These cookies allow the website to remember choices you make (such as your username). They may also be used to provide services you have requested such as watching a video. The information these cookies collect is anonymised (i.e. it does not contain your name, address, account details, etc.) and they do not track your browsing activity across other websites.

By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.

Targeting cookies

These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks. They remember that you have visited a website and this information is shared with other organisations such as media publishers. These organisations do this in order to provide you with targeted advertising more relevant to you and your interests. This type of advertising is called online behavioural advertising and those companies providing this advertising are working with the UK’s Internet Advertising Bureau to deliver more information to consumers. To highlight this information, publishers of advertising will, in the future, look to place an icon in the top right hand corner of an advert. This icon when clicked, will take you through to the website where there is more help and guidance. In addition, seeks to only use advertising networks which are signed up to the IASH code of conduct for the placement of advertising. This code requires members to have their processes audited by a third party to ensure compliance. For more information on IASH please visit

By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.

What if I don’t want to accept cookies?

If you wish to restrict or block the cookies which are set by any website, including websites, you should do this through the browser settings for each browser you use and on each device you use to access the internet.

Please be aware that some of our services, for example Internet Banking, will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.

You may wish to visit which contains comprehensive information on how to do this on a wide variety of browsers.

Using companies to process your information outside the UK

We may transfer your personal information so that we can run your account and provide other services from:

  • countries within the EEA (where the same data protection standards apply as in the UK)
  • countries outside the EEA; if we do so, we will require that your personal information is handled and protected to at least EEA standards

We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation. These external organisations may process and store your personal information abroad and may have to disclose it to overseas authorities to help them to fight against crime and terrorism. If these authorities are outside the EEA, your personal information may not be protected to the same EEA standards.

Access to your information

Under the Data Protection Act 1998 you have a right to access certain personal records that we hold about you. This is called a ‘Data Subject Access Request’ and you can make a request by writing to Customer Services Team,, 50 Whittington Avenue, UB4 0AD. A fee is payable.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove any data that you think is no longer up to date.

You have a right under the Consumer Credit Act 1974, to request credit reference agencies to provide you with information that they hold about you. A fee is payable.

Contact from

As part of the registering process we ask whether we may contact you about our products and services. If you ticked ‘yes’, but no longer wish to receive such communications, please let us know by writing to, 50 Whittington Avenue, UB4 0AD

We want to make sure that we provide excellent customer service and we use various means of communication to do this, including phone, post, email and SMS.

We will not send you marketing communications if you ask us not to and we will not provide information about you to companies outside the group to use for their own marketing purposes.

If you do not want to receive marketing from us, please write to Customer Services Team,, 50 Whittington Avenue, UB4 0AD

Recording phone calls

We may monitor or record phone calls:

  • to check that we have carried out your instructions correctly
  • to resolve queries or issues, for regulatory purposes
  • to help improve the quality of our service
  • to help detect or prevent fraud or other crimes

Conversations may also be monitored for staff training purposes.

Social networking sites

As part of our commitment to understand our customers better, we may research comments and opinions made public on social networking sites, such as Twitter and Facebook.

A Guide to the use of your personal data by Credit Reference and Fraud Prevention Agencies.

Please read this section very carefully.

What we do

When you apply to us to open an account, we will:

1. Check our own records for information on:

any account you and, if you have one, your ‘financial associate’ may have or have had with us. A ‘financial associate’ is someone with whom you have a personal relationship that creates a joint financial unit in a similar way to a married couple. You will have been living at the same address at the time. It is not intended to include temporary arrangements such as students or rented flat sharers or business relationships. Credit reference agencies may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married, or have jointly applied for credit or have joint accounts. They may also link people together if they, themselves, state that they are financially linked.

2. Search at credit reference agencies for information on:

  • your personal accounts
  • and, if you have ever previously made joint applications or have joint accounts that are financially linked, we will check your financial associates’ personal accounts as well
  • very occasionally if there is insufficient information to enable us to assist you, we may also use information about other members of your family
  • if you are a director or partner in a small business, we may also check your business accounts

3. Search at fraud prevention agencies for information on you and any addresses at which you have lived, and on your business (if you have one)

What we do with the information you supply to us as part of the application:

1. Information that is supplied to us will be sent to the credit reference agencies

2. If you are making a joint application or tell us that you have a spouse or financial associate, we will:

  • search, link and/or record information at credit reference agencies about you both
  • link any individual identified as your financial associate, in our own records
  • take both your and their information into account in future applications made by either or both of you
  • continue this linking until the account closes and one of you notifies us that you are no longer linked

So you must be sure that you have their agreement to disclose information about them.

3. If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention.

What credit reference and fraud prevention agencies do

When credit reference agencies receive a search from us they will:

  • Place a search “footprint” on your credit file whether or not this application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.
  • Link together the records of you and anyone that you have advised is your financial associate including previous and subsequent names of parties to the account. Links between financial associates will remain on your and their files until such time as you or your partner successfully file(s) for a disassociation with the credit reference agencies. Financial associates may “break the link” between them if their circumstances change such that they are no longer a financial unit. They should apply for their credit file from a credit reference agency and file for a “disassociation”.

They will supply to us:

  • Credit information such as previous applications and the conduct of the accounts in your name and of your associate(s) (if there is a link between you) and/or your business accounts (if you have one)
  • Public information such as County Court Judgements (CCJs) and bankruptcies
  • Electoral Register information
  • Fraud prevention information

When information is supplied by us, to them, on your account(s):

  • Credit reference agencies will record the details that are supplied on your personal and/or business account (if you have one) including any previous and subsequent names that have been used by the account holders and how you/they manage it/them
  • If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt
  • Records shared with credit reference agencies remain on file for 6 years after they are closed, whether settled by you or defaulted

How your data will NOT be used by credit reference agencies:

  • it will not be used to create a blacklist
  • it will not be used by the credit reference agency to make a decision

How your data WILL be used by credit reference agencies:

1. The information which we and other organisations provide to the credit reference agencies about you, your financial associates and your business (if you have one) may be supplied by credit reference agencies to other organisations and used by them to:

  • prevent crime, fraud and money laundering by, for example, checking details provided on applications for credit and credit-related or other facilities
  • check the operation of credit and credit-related accounts
  • verify your identity if you or your financial associate applies for other facilities
  • make decisions on credit and credit-related services about you, your partner, other members of your household or your business
  • manage your personal, your partner’s and/or business (if you have one) credit, credit-related account or other facilities
  • trace your whereabouts and recover debts that you owe
  • undertake statistical analysis and system testing

How your data may be used by fraud prevention agencies:

1. The information which we provide to the fraud prevention agencies about you, your financial associates and your business (if you have one) may be supplied by fraud prevention agencies to other organisations and used by them and us to prevent crime, fraud and money laundering by, for example;

  • checking details provided on applications for credit and credit-related or other facilities
  • managing credit and credit-related accounts or facilities
  • cross checking details provided on proposals and claims for all types of insurance
  • checking details on applications for jobs or when checked as part of employment

2. Verify your identity if you or your financial associate applies for other facilities including all types of insurance proposals and claims

3. Trace your whereabouts and recover debts that you owe

4. Conduct other checks to prevent or detect fraud

5. We, and other organisations, may access and use from other countries the information recorded by fraud prevention agencies

6. Undertake statistical analysis and system testing

Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998

Your data may also be used to offer you other products, but only where permitted.

How to find out more

You can contact the CRAs currently operating in the UK. The information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.

  • Call Credit Limited, Consumer Services, P.O. Box 491, Leeds LS3 1WZ or call 0330 024 7574 or log onto (Consumer Help Section).
  • Equifax, Customer Relations, P.O. Box 10036, Leicester LE3 4FS or call 0844 335 0550 or log on to
  • Experian, Consumer Help Service, P.O. Box 8000, Nottingham NG80 7WF. Call 0344 481 8000 or log on to

Questions and Answers

Q: What is a credit reference agency?

Credit reference agencies (CRAs) collect and maintain information on consumers’ and businesses’ credit behaviour, on behalf of organisations in the UK.

Q: What is a fraud prevention agency?

Fraud prevention agencies (FPAs) collect, maintain and share information on known and suspected fraudulent activity. Some CRAs also act as FPAs.

Q: Where do they get the information?

From publicly available information:

  • the Electoral Register from Local Authorities
  • County Court Judgements from Registry Trust
  • bankruptcy (and other similar orders) from the Insolvency Service
  • fraud information may also come from fraud prevention agencies
  • credit information comes from information on applications to banks, building societies, credit card companies etc and also from the conduct of those accounts

Q: Why is my data used in this way?

We and other organisations want to make the best possible decisions, in order to make sure that you, or your business, will be able to repay us. Some organisations may also use the information to check your identity. In this way we can ensure that we all make responsible decisions. At the same time we also want to make decisions quickly and easily and, by using up to date information, provided electronically, we are able to make the most reliable and fair decisions possible.

Q: Who controls what such agencies are allowed to do with my data?

All organisations that collect and process personal data are regulated by the Data Protection Act 1998, overseen by the Information Commissioner’s Office. All credit reference agencies are in regular dialogue with the Commissioner. Use of the Electoral Register is controlled under the Representation of the People Act 2000.

Q: Can anyone look at my data held at credit reference agencies?

No, access to your information is very strictly controlled and only those that are entitled to do so may see it. Usually that will only be with your agreement or (very occasionally) if there is a legal requirement.