Personal data

Typically we collect and process the following personal data about you:

• name
• address
• date of birth
• details of your current and previous countries of residence/citizenship
• a copy of your identification document (passport; ID card or driving licence);
• e-mail address and contact telephone numbers
• financial statements, i.e. bank statements, net worth statements and other financial documents
• username when you register and use our Internet Banking services i.e. if you wish your username to be your name and surname.

The legal bases for our processing of your personal information is one or more of the following, depending on the information concerned and the purpose for which we process it (as described elsewhere in this Notice):

• we need to process the information to comply with our legal obligations;
• we need to process the information to perform a contract with you or to take steps at your request before entering into a contract; and/or
• it is necessary to process the personal information either for our or someone else’s legitimate interests, where this does not override your interests, rights or freedoms – this can include where it is in our interests to contact you about products or services, market to you, collaborate with others to improve our services, to prevent fraud or ensure network and information security;
• occasionally, where we have your specific freely given consent (if consent is needed) having first informed you of the purpose of the processing.

Where we have your consent, you have the right to withdraw it. We shall let you know how to do that at the time we gather your consent or it can be done by sending an email to compliance@qib-uk.com headed Opt-out. This will not affect processing before withdrawal or which is based on another lawful basis of processing.

Criminal information

We may use information about criminal proceedings relating to you to make lending decisions (for example we shall not lend to you if you are a subject of criminal prosecution), for fraud prevention/anti-money laundering purposes and to fulfil our legal and regulatory obligations, to the extent authorised by applicable law.

We shall use your personal information for the following general purposes:

• to assess and provide the products or services that you have requested;
• to communicate with you;
• to inform you about our products and services , including by direct marketing;
• to authenticate your identity;
• to manage our relationship with you;
• to comply with legal obligations and prevent fraud;
• for administrative purposes;
• for purposes related to our proposed corporate activities, such as a sale or merger
• to analyse the way you use our Internet Banking services including information about payments you make or receive

We set these out in more detail below.

Providing you with products and services

To administer payments to and from you, we shall use:

• your contact details and the payment details that you have provided to us; and
• your location data to enable us to verify locations at which payments are made for fraud prevention purposes.

We may give this information to our third party payment providers to process the payment to you.

To comply with our legal obligations, to prevent financial crime including fraud and money laundering

we shall use:

• any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
• this information shall include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, and information about any criminal convictions.

We shall give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators.

To make credit decisions about you we shall use:

• information you give to us about your credit history;
• information about those you are financially linked to (such as your partner);
• information about how you have used other products and services offered by us or other members of QIB Group;
• information we may receive from third party credit reference agencies.

For this purpose, we share the information with credit reference and fraud prevention agencies.

For corporate customers, we shall use personal information about key individuals in the business, so we can operate and administer the products and services which we provide to the business – to do this we shall use:

• personal information about key individuals who are either a sole trader of the business or are a proprietor, director, company secretary, shareholder, partner, member, committee member, trustee, controller, beneficial owner or authorised signatory to the account of the business;
• the personal information about key individuals as set out in this section, and we may use it for any of the purposes described in this section. We may hold personal information on key individuals for the purposes of operating and administering products and services which we provide to the business, as well as for the purposes of fraud prevention and anti-money laundering, for debt recovery purposes, and to make credit decisions about the business.

Personal information on key individuals is obtained directly from the key individual, from the business to which the key individual is linked with, from the key individual’s dealings with any member of QIB Group, and from fraud prevention and credit reference agencies. Such information may include information relating to criminal convictions to the extent authorised by applicable law, for example relating to fraud prevention.

Direct Marketing

We may take the opportunity to:

• contact you about products that are closely related to those you already hold with us;
• provide additional assistance or tips about these products or services.

We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below

In addition to the information you provide to us directly, we collect personal information in a number of ways for example from third parties for the purpose of verifying any international sanctions that can be imposed by the UN Security Council, the European Union (EU) and individual states, PEP checks and negative media reports.

In some cases we won’t be able to provide products and services to you if we don’t have all the personal information we need.

Sometimes for your safety and for legal reasons we also may obtain some personal information from monitoring or recording calls, or through CCTV. We shall record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We also use CCTV on our premises to ensure the safety and security of our staff and customers.

When you use QIB (UK) Internet Banking services we will store information about the device you use (i.e. your device ID), your username and location.

We share personal information internally where we must to make products and services available to you, market products and services to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. See section above on ‘How we use your personal information’ for more information about how we do this. We shall only share your personal information to the extent needed for those purposes.  

We share your personal information with our solicitors, surveyors, valuers and other similar third parties where needed to provide you with the best service.

We also share your personal information with third parties who help us to deliver our products and services, such as our service providers for Debit Cards – PSI-Pay Limited, FIS Payments (UK Ltd), Idemia; ATMs and payment processing third parties.  

We can also share your personal information to comply with law obligations and enforce our legal rights (including debt recovery). We use your information in this way because it is necessary to perform our contract with you and to meet our legal commitments.

We share your personal information with our parent company QIB S.A.Q. which is located outside of the EU in a country which does not have a similar standard of data protection laws. We have put in place our own measures to ensure adequate personal data protection, namely by entering into specific contracts with QIB S.A.Q in a form approved by the European Commission.

Where we transfer your personal information to any other recipients (as described in various places in this notice) located outside the EU, then except where necessary to perform a contract with you or to implement pre-contract measures at your request or perform or conclude a contract with a third party (including your associated business) in your interest, we will ensure at least one of the following safeguards is implemented:

• we will only transfer the data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• where we transfer the data to third parties, we will use specific contracts between us and the recipient in a form approved by the European Commission.

We keep your personal information securely for seven years after closure of your account or from the date you last used one of our services.

In some circumstances we shall hold personal information for longer for such period as is necessary for resolving active legal proceedings or for the limitation period of any potential proceedings, to resolve or defend claims, and for the purpose of making remediation payments.

You have the Right to Object to how we use your personal information. You also have the Right to Access what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else.

You have the right to complain to QIB (UK), through the nominated Data Protection Manager provided above, or directly to the Data Protection Regulator – Information Commissioner’s Office.

You can contact us via your Relationship Manager, by phone, e-mail, post or in person by visiting our branch to exercise any of the following privacy rights:

Right to object: You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.

Access to your personal information: You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for.

Please make all requests for access in writing, and provide us with evidence of your identity.

Right to withdraw consent: If you have given us your consent to use personal information, you can withdraw your consent at any time and update your marketing preferences.  This will not affect any use of your personal information before your consent was withdrawn or affect any other lawful basis of our processing it.

Rectification: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

Erasure: You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

Portability: You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.