Savings privacy policy

Who we are

Hodge Bank is made up of several different parts, some of which are legally separate from each other. We will let you know which entity you have a relationship with when you take out a product or service with us.

You can find out more about us at https://hodgebank.co.uk/.

This notice applies across our savings offering, and the relevant Hodge entity will act as a controller of the personal information that it collects from you.

Contact Details

If you have any questions or queries about this notice, please get in touch with us:

• Email: [email protected]
• Post: One Central Square, Cardiff, CF10 1FS
• Telephone: 02920803079

What data do we collect?

The personal data we may collect from you includes:

• Data about who you are as an individual: Name, date of birth, gender, and identification numbers
• Data that will help us get in contact with you: Address, email, and phone numbers
• Data about your finances and financial history: Bank account details and credit information
• Data about your history: marital status, dependents
• Data about how you interact with us digitally: IP address, browser type, and usage data from our website

Further support

We understand that circumstances can change, and you may need extra support. If you have specific needs, please let us know – we’re here to help. We’ll do our best to tailor our services to you and make using our services as straightforward as possible.

Depending on your personal circumstances, we may process what is known as special category data. Most commonly, this type of data relates to your health, but other categories relate to:

• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic data
• Biometric data for the purpose of unique identification
• Sex life or sexual orientation

We don’t routinely process this data, but during the course of your relationship with us we may record it. Under most circumstances you will provide this data to us directly and we will normally request your explicit consent before recording anything.

Lawful bases

Data Protection Law sets out specific requirements for when we are allowed to process your personal data:

• Consent – this is when we ask your permission to process particular personal data. This will always be specific, and you will be asked before this processing begins
• Contract – if you have an agreed product with us, and/or expressed an interest in one of them, we will need to process your personal data for us to provide it
• Legal obligation – under certain circumstances we are required to process your personal data to fulfil legal and regulatory requirements. These can range from, but are not limited to, fraud prevention and anti-money laundering, to rules from the Financial Conduct Authority and the Prudential Regulation Authority
• Legitimate interest – as an organisation we sometimes have a justification for processing your personal data that does not fit into any of the other bases. In these cases, we must balance that interest with your individual interests, fundamental rights, and freedoms. These interests are:
  • To protect our organisation and the general public from financial crime
  • To improve our products and services, this may include, but is not limited to, audit activities and quality assurance, which feed into training and development work
  • To administer our website, and analyse customer journeys and interactions
  • To handle queries and complaints we receive directly from you, or via your appointed representative
  • To consider and handle legal claims, including extraordinary account handling beyond our normal retention period
  • To conduct research activities that help us to better understand our existing and future customers
  • To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, and corporate governance

Where does your data come from?

We may source your personal data from a few different places. This can be from yourself directly or from your appointed representative, depending on what stage of the journey you are on with us.

Data may also come from third parties, such as the credit reference agencies, fraud prevention agencies, public information sources, and government/law enforcement agencies.

We are obliged to maintain accurate and up-to-date records; therefore, these checks may occur throughout your relationship with Hodge.

If you make a joint application for any of our products, we will need to collect personal information relating to your coapplicant too. In this case you must ensure that you share this document with them and that they know and understand what personal data is being provided about them.

Who do we share your data with?

Sometimes we might need to share your personal data with other organisations for the following reasons: management, accounting, audit, compliance, digital services, legal, logistics, and with other corporate colleagues who need access to your data to fulfil their roles within Hodge Group. These organisations are all under contract to provide such services as we request.

When you apply for a product with us, your data may be shared with Credit Reference Agencies and Fraud Prevention Agencies to enable them to perform their respective checks.

We may provide specific personal data when presented with a lawful request from a government/law enforcement agency, where required or permitted by law.

Credit Reference Agencies (CRAs) – We carry out credit and identity checks when you apply for a product or service for you or your business. We may use Credit Reference Agencies to help us with this.

We may also search information that the CRAs hold to help us manage any accounts you have with Hodge. More information is available here and directly via each of the three main Credit Reference Agencies:

Callcredit

Equifax

Experian

Fraud Prevention Agencies (FPAs) – The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found here.

Your personal data may also be shared in the event of an organisational restructure or in the event that the business or relevant assets are to be sold.

We will never sell your personal data, unless through part of a restructuring or asset sale by the company. In some cases, our services involve sharing your data with suppliers who are either outside the UK or who might transfer your personal information outside the UK, such as those hosted in the cloud. There are several ways we ensure your personal data remains safe and secure, as permitted by law. Most often this will be via an adequacy decision; a country, sector, or scheme means the regulator has specified that they have equivalent rules in place. Or via our contract with a supplier,
we will require them to meet the same standards of protection as required in the UK.

What rights do you have under data protection law?

You have the right to ask us:

• For a copy of the personal data we hold about you
• To delete your personal data
• To limit how we use your personal data
• To transfer your personal data to another organisation
• To correct incorrect or incomplete personal data
• To withdraw your consent, where that is the lawful basis

How long will we keep your personal data?

Our working practice for savings products and services is that we will hold your personal data for as long as you are a Hodge customer, plus seven additional years. If for some reason you have applied for a product or service with us, but do not become a customer, we will hold it for three years after your application is closed.

In both scenarios there may be reasons why account details are required for longer, but these will always be by exception. Examples of this include scenarios where there is an ongoing complaint, legal/regulatory considerations, or for research and statistical analysis purposes.

Do you make automated decisions using my personal data?

Automated decisions are decisions made by Hodge using your personal data undertaken without someone being involved in the process.

No, for our savings products no automated decisions are involved.

What about cookies?

Cookies are a separate topic that have a dedicated policy. If you want to find out more about how we use cookies, please click here.

What if I want to know more, or am unhappy with the way my data has been handled?

Hopefully we have answered any questions you might have, but if you have a query or concern, please let us know. You can contact us using the details available here. Alternatively, you can contact our Data Protection Officer directly by writing to One Central Square, Cardiff, CF10 1FS, or emailing [email protected]. You also have the right to complain to the Information Commissioner’s Office. You can find out how to do this on their website https://ico.org.uk/concerns/.

Changes to this Document

This document is reviewed and updated regularly. Occasionally, we may make changes to it to explain changes in our business practices, data handling, or if there is a change in the law. When this happens, the version control information on this document will be updated. Due to this, we encourage you to revisit this page periodically to view any changes that may have been made. In some circumstances we will update you of any significant changes using the contact details you have provided.