Some background information
We are Commercial & Northern Ltd (“we”, “our”, “us”) and operate under the name B-North. We’re a company registered in England under company number 11030672 and you can contact us at our registered address - Suite 20A, Manchester One, 53 Portland Street, Manchester, M1 3LD.
This notice describes how we collect and use your information and personal data and outlines some of the measures we have taken to protect your privacy in accordance with data protection laws.
When we refer to “data protection laws” we mean the General Data Protection Regulation (EU 2016/679), Data Protection Act 2018, Electronic Communications Act 2000, or any substantially equivalent law enacted in the UK, as applicable.
Under data protection law, we are what is known as the “data controller” of your personal data. When we use the term “personal data”, we mean any information that relates to you and identifies you.
What information do we collect about you?
We will collect personal data from you through your use of our website, if you correspond with us, if you apply online, by post or in person for products or services with us, if you apply for a job vacancy at B-North, or through one of our affiliated intermediaries.
Examples of information that we collect about you include (but are not limited to):
- Information you give us when you get in touch with us for example, when you register with us or use our website, when you engage in customer research or similar, or when you report a problem to us;
- Technical information, including the internet protocol (IP) address used to connect your computer or device to the internet, your login information, browser type and version using analytic tools;
- Contact information including your telephone number and email address;
- Information you provide when applying for a job or provide us with services;
We also work with third parties (including, for example, subcontractors in technical, payment and delivery services, credit reference agencies) and may receive information about you from them;
- Information you provide to us when we need to confirm your identity as part of our lending application or online savings application processes, such as your name, date of birth, passport information (or other identification information), financial and employment information.
We have no requirement to collect or process any sensitive personal data to provide our services to you (for example personal data relating to your health or ethnic origin). However, if you do provide us with any information which constitutes sensitive personal data (as defined in the data protection laws) we will treat such personal data at all times in accordance with the data protection laws.
In circumstances where you provide us with information that is personal data about someone other than yourself, you agree that you will not provide this data to us unless you have ensured that you have obtained all necessary consents and provided any required notices, or that you are otherwise permitted to provide such information to us, so that such information you provide to us can be lawfully used or disclosed in the manner and for the purposes set out in this notice. You will also ensure that any such information you do provide to us is relevant for such purposes, and is reliable for its intended use, accurate, complete and current.
How do we use your personal data and what is our legal basis?
We use your personal data in order:
- to carry out our operation as a bank;
- to provide you with banking and financial products and services;
- to make sure we do not breach any contracts;
- to keep B-North and you secure;
- to give people information about products and services, and;
- to comply with the law.
We will also use your personal data to communicate with you about your account and to provide service-related updates and notifications.
We may use your information for marketing purposes, and this might include using your data to identify products and services which may be of use to you.
We must have a legal basis (a valid legal reason) for using your personal data. Generally, our legal basis will be one of the following:
Keeping to our contracts and agreements with you - We need certain personal data to provide our services and cannot provide them without this information.
Legal obligations - In some cases, we will have a legal responsibility to collect and store your personal data (for example under money laundering regulations we must hold certain information about our customers).
Legitimate interests - We sometimes collect and use your personal data, or share it with other organisations, because we or they have a legitimate reason to have it and this is reasonable when balanced against your right to privacy.
Consent - Where you’ve agreed to us collecting your personal data, for example when you have ticked a box to indicate you are happy for us to use your personal data in a certain way.
Who might we share your personal data with?
Sometimes we will share your personal data, including with the following:
Introducers and intermediaries -Third parties who introduce you to us.
Credit Reference Agencies - Organisations that securely hold data about you – including things like your credit applications, accounts, and financial behaviour.
Fraud prevention agencies - If we believe that fraud has been or might be committed, we may share data with fraud prevention agencies, who in turn may collect, maintain and share data on known and suspected fraudulent activity.
Third party organisations or processors - Some personal data, where we are permitted by law to disclose it or where it is public information, can be shared with other organisations that have a legitimate use for it. We may also use other companies to perform tasks on our behalf. For example, IT service providers or payroll services.
Public bodies, law enforcement and regulators - The police and other law enforcement agencies, as well as public bodies like local authorities and our regulators, can sometimes ask us to supply them with personal data. This can be for various reasons, like preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax, or investigating complaints.
Where do we keep your personal data and will it go overseas?
We are based in the UK. However, some organisations that help us to provide our services are based in the European Economic Area (EEA).Occasionally, we may need to send your personal data outside of the European Economic Area in order for us to provide our services.
For example, when a third-party service provider of ours is based overseas or uses data servers that are based overseas.
While countries in the EEA all ensure a high standard of privacy protection, some parts of the world may not provide the same level of legal protection when it comes to personal data. As a result, when we do send personal data overseas we will make sure there are suitable safeguards in place so that your personal data is protected.
For example, these safeguards might include:
- Sending your personal data to a country that has been approved by the European authorities as having a suitably high standard of data protection law. For example, the Isle of Man, Switzerland and Canada.
- Putting in place a contract with the individual or organisation receiving the personal data which contains terms that are approved by the European authorities as providing a suitable level of protection.
- Sending your personal data to an organisation which is a member of a scheme that has been approved by the European authorities as providing a suitable level of protection. One example is the Privacy Shield scheme agreed between the European and US authorities. Another example is the use of Binding Corporate Rules.
Unfortunately, the transmission of your personal data via the internet can never be 100% secure. Although we will do our best to protect your information, we cannot guarantee the security of information about you transmitted to us and so any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long will we keep your personal data for?
We will keep most of your personal data for as long as you’re using our services, and generally for six years after that to comply with the legal or regulatory requirements. In some circumstances, like cases of anti-money laundering or fraud, we may keep data longer if we need to (that’s in our legitimate interest) and/or the law says we have to.
To work out how long we keep different categories of personal data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
Will we use your personal data in automated decision making or profiling?
We may sometimes use technology to make decisions. We may do this for deciding if:
- we can give you a loan based on information we hold about you or your business, and information we receive from credit reference agencies. This includes details on whether you’ve kept up to date with payments on any credit accounts, and if you’ve been to court.
- we need to take action, like freeze a transaction or an account, because we suspect fraud or money laundering against us or a customer. The technology we use may decide this based on patterns in our data like an account being used in a way that is unusual.
We may also use automated checks to make decisions about applications.
What are your rights?
You have the right to be told about how we use your personal data.
We provide this privacy notice to explain how we use your personal data.
You can ask to see the personal data we hold about you (this is called making a ‘data subject access request’, or DSAR for short). You can also ask for information about what information we process and why.
If you make a DSAR, we will provide a copy of the personal data we hold about you. We can’t give you any information about other people, information which is linked to an ongoing criminal or fraud investigation, or information which is linked to settlement negotiations with you. We also won't provide you with any communication we've had with our legal advisers.
You can ask us to correct your personal data if you think it's wrong.
You can have incomplete or inaccurate information corrected. Before we update your file, we may need to check the accuracy of the new information you have provided.
You can ask us to delete your personal data.
You can ask us to delete your personal data if:
- there are no longer valid reasons for us to continue using it;
- you gave us consent (permission) to use the data and you have now withdrawn that consent;
- you have objected to us using the data;
- we have used the data unlawfully; or
- the law requires us to delete the data.
Just to let you know, we may not be able to agree to your request as we must keep certain customer information for at least six years (we've explained this in more detail above). If you've closed your account, we may not be able to delete your entire file because these regulatory responsibilities take priority. We will always let you know if we can't delete your information.
You can object to us processing your personal data for marketing purposes.
You can tell us to stop using your personal data for marketing.
You can object to us processing other information (if we are using it for legitimate interests).
If our legal basis for using your personal information is 'legitimate interests' and you disagree with us using it, you can object.
However, if there is an overriding reason why we need to use the information (for example, legal reasons), we will not accept your request.
If you object to us using information which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services.
You can ask us to restrict how we use your personal data.
You can ask us to suspend using your personal data, for example:
- you want us to investigate whether it is accurate;
- we no longer need the information, but you want us to continue holding it for you in connection with a legal claim; or
- you have objected to us using your information, but we need to check whether we have an overriding reason to use it.
You can ask us to transfer personal data to you.
If we can, and are allowed to do so under regulatory requirements, we will provide your personal data in a structured, commonly used, machine-readable format.
You can withdraw your permission.
If you have given us any consent we need to use your personal data, you can withdraw your consent at any time by sending an email to email@example.com
Who do I contact to exercise my rights or if I have a complaint?
To exercise any of your rights set out above, you can contact us by sending an email to firstname.lastname@example.org or by writing to us at:
The Data Protection Officer, B-North, Suite 20A, Manchester One, 53 Portland Street, Manchester M1 3LD.
If we are unsure of your identity when we receive your request, we will ask for you to provide proof of this prior to completing any actions.
If you have a complaint about how we use your personal data, please contact us in the first instance by sending an email to the above email address and we will do our best to fix the issue.
If you are still not happy, you can refer your complaint to the UK’s supervisory authority, the Information Commissioner’s Officer (ICO). For more details, you can visit their website at ico.org.uk or phone them on 0303 123 1113.
Changes to this notice
We’ll post any changes we make to our privacy notice on this page and if they’re significant changes we’ll let you know by email.
Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.
How to control and delete cookies
If you want to restrict or block the cookies, you can do this through your browser settings. The ‘help’ function within your browser should tell you how. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.