We take your privacy very seriously and will always treat your personal details with the utmost care, holding them safely and securely.
A summary of our full Privacy Notice is contained in our leaflet “Your Personal Data". This is available to download or from any of our Branch or Agency offices.
Our Customer Privacy Notice describes how we deal with your personal information, and is detailed below. Alternatively, this is available to download or from any of our Branch or Agency offices.
We, (Monmouthshire Building Society) take your privacy very seriously and always treat your personal data with the greatest care. Holding it safely and securely.
Legally, we must explain how we look after, use, or share your personal data which is in this Notice.
We are the “Data Controller” as we decide how and why we use your personal data.
When we say “we,” “us” and “our”, we mean Monmouthshire Building Society.
If you are unsure of anything in this Notice or have any questions, please get in touch.
We need to collect data about you to
We collect your personal data in several ways. The amount and type of data we collect depends on the products you have with us or are applying for. We will only collect the data we need, and we do this in the following ways:
From you, when you:
The data we collect depends upon the products you have or wish to have with us and can include:
Depending upon the products you hold with us, we may collect special categories of personal data including:
Under Data Protection law, we can only use your personal data if we have a ‘legal basis’ (genuine legal reason) for doing so.
The table below explains each legal basis we rely on to use your personal data.
We will always have an appropriate legal basis to use your data.
You give us permission to use your personal data which offers you choice and control over what we know.
Explicit consent – you must give permission specifying the type of data we collect and how we use it.
To provide you with our products or services
· Setting up and running your savings or mortgage account/s.
To use your data in line with the law
· Carry out identity and anti-money laundering checks.
· Preventing fraud and money-laundering.
· Prevention, detection, and investigation of crime.
· Deal with requests from you to exercise your rights.
· Provide data to Regulatory Bodies, HM Government, and overseas tax authorities.
· Sharing data with a third party.
Where we use your data in a way that you would expect
· Sharing data with trusted third parties including
· Carry out searches with credit reference agencies.
· When your savings or mortgage product ends.
· Dealing with complaints.
· Monitoring transactions.
· Internal reporting and administration for our Annual General Meeting.
· Market research, analysis and developing statistics.
· Provide data to Regulatory Bodies and HM Government.
· Test and monitor the performance of our products, services, and processes.
· Use of CCTV on our premises.
· Prevention, detection, and investigation of crime.
· Marketing our products and services to existing customers.
We can’t provide mortgages or savings products and services, or process your application without your personal data. If we already hold some of the personal data that we need, for instance if you are already a customer, we may not need to collect it again. If providing personal data is optional, we’ll let you know.
To provide you with our products and services and comply with the law, we sometimes need to share your personal data with other trusted organisations.
Whenever we share your data, we require organisations to protect your personal data and to treat it in accordance with the law.
Some of the organisations we share your personal data with (such as IT service providers that support our business) will act as “Processors.” Processors are only allowed to use your personal data in line with our instructions.
We also need to share your personal data with other people and organisations who act as “Controllers.” This means they need to decide how to lawfully use your personal data.
Examples of Controllers are Credit Reference and Fraud Prevention Agencies (see below), Individual Voluntary Agreement/Bankruptcy administrators, insurance companies, tax authorities, financial regulators, and law enforcement agencies. As Controllers, these organisations have their own privacy notices which will affect how they manage your personal data.
We may also need to share your personal data with organisations if we sell, transfer, or merge parts of our business. If this happens, there won’t be any changes to how your personal data is used.
Fraud Prevention Agencies
Before we can open a mortgage or savings product for you, we must prove your identity and make checks with fraud prevention agencies. We do this to prevent fraud and money laundering. We need to use your personal data to do this.
We, and Fraud Prevention Agencies, may allow law enforcement agencies e.g., the Police and HMRC, to access and use your personal data to detect, investigate and prevent crime. Fraud Prevention Agencies can hold your personal data for different periods of time. If you’re considered to be a fraud or money laundering risk, your data can be held for up to six years.
You can get the details of the Fraud Prevention Agencies we use by getting in touch.
Consequences of Processing
If we, or a Fraud Prevention Agency, decide you are a fraud or money laundering risk, we may refuse to provide you with our products or services, including any accounts you may already have with us. A record of any fraud or money laundering risk is kept by the Fraud Prevention Agencies and may result in other organisations refusing to provide services, finance, or employment to you.
If you have any questions about this, please get in touch.
Credit Reference Agencies
To process a mortgage application, we carry out credit and identity checks on you with one or more Credit Reference Agencies (CRAs). If you already have a mortgage with us, we may carry out searches with CRAs to run your account. To do this, we will supply your personal data to CRAs, and they will give us additional data about you. This will include data from your credit record about your financial situation and history. CRAs will also supply us with public (including the electoral register), shared credit, and fraud prevention data.
We will use this data to:
We will continue to exchange your personal data and account information with CRAs while you are a customer. We also inform the CRAs when you pay off your mortgage. If you borrow money and do not repay it in full and on time, CRAs will record the outstanding debt amount. CRAs may supply this information to other organisations.
When CRAs receive a search request from us, they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application and tell us that you have a spouse or financial partner, we will link your records together. This means you should discuss this with them and share the information in this section with them before making an application. CRAs will also link your records together. These links will remain on your and their files until you or your partner successfully requests the CRAs to break that link.
Please note that the Society is not responsible for external links.
We are based in the UK but sometimes your personal data may be transferred outside the UK.
Where we use organisations that operate outside the UK, if your personal data is processed within the European Union (EU), it is protected by the EU General Data Protection Regulation (EU GDPR).
Some countries outside the EU also have protection for personal data under EU GDPR. We will make sure your personal data is safe before we transfer it to countries outside the EU which do not have suitable protection under laws that apply to us or the EU.
Safeguards include the company receiving your personal data to protect it to the standard required in the UK. Safeguards may also include the receiving company subscribing to ‘international frameworks’ to enable secure data sharing.
You have the following rights in relation to your personal data.
We will be clear about how we collect and use your personal data when we get it from you (for example, when you open an account or apply for a service) and through this Privacy Notice.
You have the right to access and get a copy of the personal data we hold about you.
You have the right to have your data corrected if it is wrong or incomplete.
We will do our best to make sure your personal data is accurate and up to date. However, we rely on you to help us with this.
You have the right to ask that your personal data is deleted where there is no reason for us to continue using it. Data we hold with your consent will be deleted when requested. Data we hold under other legal basis (see Section 5) will be kept for the period in our Retention Schedule.
You have the right to ask that we limit the way we use your data if you are worried about its accuracy or how it is being used. If necessary, you can stop us from deleting your data.
You have the right to ask us to stop using your personal data at any time. However, this only applies in certain circumstances. If the law allows us to continue using your data, we may do so.
This right allows you to request human input or challenge a decision that has been made in this way. (See section 15 for more details).
This allows you to ask for your personal data held in our IT system, to reuse in another organisations IT system.
Please get in touch so we can update your records.
We only keep your personal data for as long as we need to use it. This will depend on the product or service you have. There are legal requirements for us to keep your data for a certain length of time.
If you only have savings accounts with us, we will keep your personal data for a maximum of 6 years after you are no longer a customer.
If you have a mortgage, we will keep your personal data for a maximum of 15 years after you are no longer a customer.
If you have both savings and a mortgage(s), we will keep your personal data for a maximum of 15 years after you are no longer a customer.
If you are an existing customer, you may receive marketing information from us about our products or services. However, if you have asked us not to send you marketing, we will not contact you in this way.
You can choose whether you want to receive marketing and can stop at any time, just get in touch.
If you are not yet a customer or we want to provide other companies’ marketing information, we will require your permission to do this.
Yes, cookies are small text files that are placed on your computer by websites that you visit. They are used to make websites work, and to provide data to the owners of the site.
You may disable cookies by selecting the appropriate settings on your internet browser, however please note that if you do this you may not be able to use all of our website.
To disable the storage of cookies and remove any that have already been set, please click this link:
Remove & Disable Cookies.
For more information about cookies, visit allaboutcookies.orgor www.aboutcookies.org
Please see the table below for a full explanation on the cookies we use and why.
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage. We use the information to compile reports and to help us improve the site.
_utma - expires 24 months - Persistent cookie used to track of the number of times a visitor has been to the site.
To identify that we are dealing with the same user from one request to another. This Session cookie is required for My Accounts to work.
We listen to, record, view, and keep records of calls, emails, social media messages, visits to our branches or agencies, face to face meetings and other communications.
We monitor to:
This section is relevant where we make decisions about you without any human involvement.
We do this when:
Your personal data may be turned into a collection of data which cannot be used to identify you. It can then be used to produce statistical research and reports. This minimises the personal data we use.
We review our privacy notice regularly. This privacy notice was last updated in July 2023.
You can contact us in any of the following ways,
In person: Visit one of our branches or agencies.
Savings Customer Services 01633 844 340 or Mortgage Customer Services on 01633 844 370.
By secure message: Using our ‘My Accounts’ service.
Monmouthshire Building Society, Monmouthshire House, John Frost Square, Newport, NP20 1PX.
If you are unhappy with how we use your personal data or want to complain about how we have handled a request, please get in touch.
You also have the right to complain to the Information Commissioner’s Office which enforces data protection laws:
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The meaning of some terms that we use in this privacy notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, without a person being involved.
Profiling means any form of processing without human involvement of your personal data to understand your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Process or processing includes everything we do with your personal data from its collection, right through to its destruction or deletion when we no longer need it. This includes collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying or if applicable transferring it overseas.