Privacy Policy

We, (Monmouthshire Building Society) take your privacy very seriously and always treat your personal data with the greatest care. Holding it safely and securely.

Legally, we must explain how we look after, use, or share your personal data which is in this Notice.

We are the “Data Controller” as we decide how and why we use your personal data.

When we say “we,” “us” and “our”, we mean Monmouthshire Building Society.

If you are unsure of anything in this Notice or have any questions, please get in touch.

We need to collect data about you to

• open and run your savings or mortgage account.
• provide you with our services.
• contact you about our other products, services, promotions, offers or events that we think may be of interest to you (but, only if this is what you want).
• refer you to trusted organisations to provide other services (if you have given us permission to do this).

We collect your personal data in several ways. The amount and type of data we collect depends on the products you have with us or are applying for. We will only collect the data we need, and we do this in the following ways:

The data we collect depends upon the products you have or wish to have with us and can include:

• Name (current & previous).
• Address (current & previous).
• Contact Details (telephone number/ email address/ social media names/IP address.
• Date of Birth.
• Marital Status.
• Identifier & Account Numbers.
• Passport/Driving licence Numbers.
• Bank Details.
• Payment Details (Debit/credit card).
• Credit and Debt information.
• Employment Details/Salary information.
• Insurance policy details.
• Pension Details.
• Mortgage Details (Existing/new).
• Benefit details.
• Individual voluntary Agreement/Bankruptcy details.
• Tax residency.
• Fraud Prevention Agency information.

Depending upon the products you hold with us, we may collect special categories of personal data including:

• Health/medical history
• Criminal offence data

Under Data Protection law, we can only use your personal data if we have a ‘legal basis’ (genuine legal reason) for doing so.

The table below explains each legal basis we rely on to use your personal data.

We will always have an appropriate legal basis to use your data.

We can’t provide mortgages or savings products and services, or process your application without your personal data. If we already hold some of the personal data that we need, for instance if you are already a customer, we may not need to collect it again. If providing personal data is optional, we’ll let you know.

To provide you with our products and services and comply with the law, we sometimes need to share your personal data with other trusted organisations.

Whenever we share your data, we require organisations to protect your personal data and to treat it in accordance with the law.

Some of the organisations we share your personal data with (such as IT service providers that support our business) will act as “Processors.” Processors are only allowed to use your personal data in line with our instructions.  

We also need to share your personal data with other people and organisations who act as “Controllers.”  This means they need to decide how to lawfully use your personal data.

Examples of Controllers are Credit Reference and Fraud Prevention Agencies (see below), Individual Voluntary Agreement/Bankruptcy administrators, insurance companies, tax authorities, financial regulators, and law enforcement agencies. As Controllers, these organisations have their own privacy notices which will affect how they manage your personal data.

We may also need to share your personal data with organisations  if we sell, transfer, or merge parts of our business. If this happens, there won’t be any changes to how your personal data is used.

Fraud Prevention Agencies

Before we can open a mortgage or savings product for you, we must prove your identity and make  checks with fraud prevention agencies. We do this to prevent fraud and money laundering. We need to use your personal data to do this.

We, and Fraud Prevention Agencies, may allow law enforcement agencies e.g., the Police and HMRC, to access and use your personal data to detect, investigate and prevent crime. Fraud Prevention Agencies can hold your personal data for different periods of time. If you’re considered to be a fraud or money laundering risk, your data can be held for up to six years.

You can get the details of the Fraud Prevention Agencies we use by getting in touch.

Consequences of Processing

If we, or a Fraud Prevention Agency, decide you are a fraud or money laundering risk, we may refuse to provide you with our products or services, including any accounts you may already have with us. A record of any fraud or money laundering risk is kept by the Fraud Prevention Agencies and may result in other organisations refusing to provide services, finance, or employment to you.

If you have any questions about this, please get in touch.

Credit Reference Agencies

To process a mortgage application, we carry out credit and identity checks on you with one or more Credit Reference Agencies (CRAs). If you already have a mortgage with us, we may carry out searches with CRAs to run your account. To do this, we will supply your personal data to CRAs, and they will give us additional data about you. This will include data from your credit record about your financial situation and history. CRAs will also supply us with public (including the electoral register), shared credit, and fraud prevention data.

We will use this data to:

• Assess if you can afford to take out the mortgage.
• Verify the accuracy of the data you have provided.
• Prevent criminal activity, fraud, and money laundering.
• Manage your account(s).
• Trace and recover debts.
• Ensure any mortgage offer provided to you is appropriate.

We will continue to exchange your personal data and account information with CRAs while you are a customer. We also inform the CRAs when you pay off your mortgage. If you borrow money and do not repay it in full and on time, CRAs will record the outstanding debt amount. CRAs may supply this information to other organisations.

When CRAs receive a search request from us, they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application and tell us that you have a spouse or financial partner, we will link your records together. This means you should discuss this with them and share the information in this section with them before making an application. CRAs will also link your records together. These links will remain on your and their files until you or your partner successfully requests the CRAs to break that link.

Credit Reference Agency Information Notice (CRAIN)

Please note that the Society is not responsible for external links.

We are based in the UK but sometimes your personal data may be transferred outside the UK.

Where we use organisations that operate outside the UK, if your personal data is processed within the European Union (EU), it is protected by the EU General Data Protection Regulation (EU GDPR).

Some countries outside the EU also have protection for personal data under EU GDPR. We will make sure your personal data is safe before we transfer it to countries outside the EU which do not have suitable protection under laws that apply to us or the EU.

Safeguards include the company receiving your personal data to protect it to the standard required in the UK. Safeguards may also include the receiving company subscribing to ‘international frameworks’ to enable secure data sharing.

You have the following rights in relation to your personal data.

• The right to be informed.

We will be clear about how we collect and use your personal data when we get it from you (for example, when you open an account or apply for a service) and through this Privacy Notice.

• The right to access your personal data.

You have the right to access and get a copy of the personal data we hold about you.

• The right to have your personal data corrected.

You have the right to have your data corrected if it is wrong or incomplete.

We will do our best to make sure your personal data is accurate and up to date. However, we rely on you to help us with this.

• The right to have your data deleted (the ‘right to be forgotten’)

You have the right to ask that your personal data is deleted where there is no reason for us to continue using it. Data we hold with your consent will be deleted when requested. Data we hold under other legal basis (see Section 5) will be kept for the period in our Retention Schedule.

• The right to limit how we use your data.

You have the right to ask that we limit the way we use your data if you are worried about its accuracy or how it is being used. If necessary, you can stop us from deleting your data.

• The right to object.

You have the right to ask us to stop using your personal data at any time. However, this only applies in certain circumstances. If the law allows us to continue using your data, we may do so.

• The rights relating to decisions made without human

This right allows you to request human input or challenge a decision that has been made in this way. (See section 15 for more details).

• The right to data portability.

This allows you to ask for your personal data held in our IT system, to reuse in another organisations IT system.

Please get in touch so we can update your records.

We only keep your personal data for as long as we need to use it. This will depend on the product or service you have. There are legal requirements for us to keep your data for a certain length of time.

If you only have savings accounts with us, we will keep your personal data for a maximum of 6 years after you are no longer a customer.

If you have a mortgage, we will keep your personal data for a maximum of 15 years after you are no longer a customer.

If you have both savings and a mortgage(s), we will keep your personal data for a maximum of 15 years after you are no longer a customer.

If you are an existing customer, you may receive marketing information from us about our products or services. However, if you have asked us not to send you marketing, we will not contact you in this way.

You can choose whether you want to receive marketing and can stop at any time, just get in touch.

If you are not yet a customer or we want to provide other companies’ marketing information, we will require your permission to do this.

Yes, cookies are small text files that are placed on your computer by websites that you visit. They are used to make websites work, and to provide data to the owners of the site.

We use cookies to help you navigate our website, to secure some of the online services and track visitors to monitor and improve our service. We do not get personal data from your device unless you give us your data through our website.

You may disable cookies by selecting the appropriate settings on your internet browser, however please note that if you do this you may not be able to use all of our website.

To disable the storage of cookies and remove any that have already been set, please click this link:
Remove & Disable Cookies.

For more information about cookies, visit allaboutcookies.orgor www.aboutcookies.org

Please see the table below for a full explanation on the cookies we use and why.

Yes.

We listen to, record, view, and keep records of calls, emails, social media messages, visits to our branches or agencies, face to face meetings and other communications.

We monitor to:

• Comply with the law and regulatory rules.
• Prevent or detect crime.
• Protect the security of our communications systems and procedures.
• To have a record of what we have discussed with you.
• Use for quality control and staff training purposes.
• Check for rude or offensive content.

This section is relevant where we make decisions about you without any human involvement.

We do this when:

• Assessing affordability for mortgages.
• Monitoring transactions.
• Deciding what marketing communications are suitable for you (if applicable).
• Analysing statistics (including understanding the type of customers we have).
• Assessing lending and insurance risks.

Your personal data may be turned into a collection of data which cannot be used to identify you. It can then be used to produce statistical research and reports. This minimises the personal data we use.

We review our privacy notice regularly. This privacy notice was last updated in July 2023.

You can contact us in any of the following ways,

In person: Visit one of our branches or agencies.

By phone:

Savings Customer Services 01633 844 340 or Mortgage Customer Services on 01633 844 370.

By secure message: Using our ‘My Accounts’ service.

Email: dataprotection@monbs.com

In writing:

Monmouthshire Building Society, Monmouthshire House, John Frost Square, Newport, NP20 1PX.

If you are unhappy with how we use your personal data or want to complain about how we have handled a request, please get in touch.

You also have the right to complain to the Information Commissioner’s Office which enforces data protection laws:

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

The meaning of some terms that we use in this privacy notice:

Automated decision making means a process where we make decisions about you, such as your suitability for a product, without a person being involved.

Profiling means any form of processing without human involvement of your personal data to understand your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

Process or processing includes everything we do with your personal data from its collection, right through to its destruction or deletion when we no longer need it. This includes collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying or if applicable transferring it overseas.