Data Privacy Notice

We use the data in the list below to understand your circumstances and needs, assess the suitability of the products and services you apply for or have with us, support financial crime and fraud prevention and meet regulatory requirements:

• Property details and occupancy status, for example, current and previous properties you have lived at, other properties you own, whether you are an owner, tenant or living with parents.
• Employment details including your salary, other income and status, for example, employed, self-employed, retired. We also use this to verify the data you provide.
• Additional financial details relating to other income, outgoings and spending habits, for example, benefit entitlement and income, rental income, credit, loans, debts, savings and investments. We also use this to assess how you manage account payments and credit.
• Criminal convictions, pending convictions, bankruptcy/receivership, county court judgements, court records and pending orders.
• Gender, to help locate your credit reference file. We do not use gender to inform lending decisions.

We use the data in the list below to understand your circumstances and needs, assess the suitability of products and services you apply for or have with us, support financial crime and fraud prevention and meet regulatory requirements and provide financial advice and recommendations.

• Property details and occupancy status, for example, owner, tenant, living with parents.
• Employment details including your salary, other income and status, for example, employed, self-employed, retired. We also use this to verify the data you provide.
• Additional financial details relating to your financial position. This includes details of any pensions, investments, life policies, your spending habits, debts and regular and income and outgoings etc.
• Estate planning arrangements you have in place, for example, will, power of attorney, funeral plan and trust.
• Details relating to your financial attitudes and aspirations including attitude to risk, investment goals, plans and priorities.
• Lifestyle, social and family circumstances, for example, location, marital status, next of kin, dependants, health, medical and smoker history.

We use the data in the list below to understand your circumstances and identify your demands and needs in relation to products and services you apply for or have with us:

• Property details and occupancy status, for example, owner, tenant, living with parents.
• Family details, for example, marital status, next of kin, dependents.
• Medical history, drinking, smoking and health related questions where necessary, in connection with life insurance.

If you are a Treasury counterparty, we will ask for your position in the organisation, which we use to:

• identify you.
• process, manage and administer your applications, enquiries, deposits and transactions with us.
• provide colleague training to help improve the quality of our service and for general quality assurance and communication monitoring.
• prevent crime, money laundering, counter terrorist financing, carry out sanction screening, protect you and others from fraud, provide security and for public safety.
• communicate with you about the deposits you hold with us.
• meet our legal, regulatory, auditing, tax and accounting obligations.

• Your authorised representatives. This includes family members, attorneys, operators, mortgage guarantor, executors and beneficiaries to:
  • manage our business relationship with them and to enable them to manage your accounts, products and services in line with your authorisation. Personal data may also be shared with the account holder about these authorised representatives (e.g. communications, transactions).
• Other adults living in your mortgaged property
  • for them to confirm they have no claim on the property.
• Employers, lenders and landlords to:
  • obtain data about your relationship with them.

We collect, use and hold personal data about the following people, in order to identify them and to manage our business relationship:

• Brokers and financial advisers etc.
• Solicitors, licensed conveyancers, and other professional advisers.
• Voluntary and charitable organisations and their representatives/members.
• Field agents, debt collection agents, appointed receivers and trustees in bankruptcy.
• Individuals cited as the source of funds for deposits into any products held with us.

Fund providers, managers, insurance companies and platforms

• provide the products and services we’ve recommended.
• enable the effective and efficient management of your investments, funds, accounts and chosen products and services.
• help manage your ongoing relationship with us and them.
• enable the ongoing correct charging of products and services.

Insurance Companies

• assist with enquiries, assessments, quotes, the provision of insurance and to administer claims.

Claims Management Companies

• assist with enquiries and the assessment of compensation claims.

Social Media platforms & providers

• communicate with you and answer your queries.
• show you targeted advertising.

Meta

If you accept use of the social media cookies on our website, information about the actions you take on our website will be shared with Meta following interaction with our ads on Facebook. This enables us to show you and people like you more relevant ads next time you visit Facebook. If you don’t accept the cookies then you will still see ads on Facebook but they might not be as relevant.

Meta Ireland is a joint controller of the collection and transmission of this information to the Facebook platform. We have entered into an Agreement with Meta to determine the respective responsibilities for compliance with the obligations under data protection law in respect of the collection and transmission of this data. The essence of this agreement with Metaopens in a new tab is that we are responsible for informing you of the collection and transmission of information to Meta. Once the information has been transferred, Meta Ireland is solely responsible for the protection information and enabling your rights under data protection law in respect of this information.

Further information on how Meta Ireland processes Personal Data, including the legal basis they rely on and the ways to exercise Data Subject rights, can be found in Meta Ireland's Data Policyopens in a new tab.

Skipton can offer or introduce you to a number of products and services provided by our third party partners. If you enquire or request details about these products and services we will share your personal data with our partner so they can answer your queries, provide you with illustrations and complete your application. They will also share data with us so we can identify all your relevant holdings and improve the experience you have with us. Where we introduced you to a partner who we no longer do business with, in limited circumstances we might share or receive data about you with these providers to assist with ongoing administration and management.

Our current third party partners and the product or service provided/introduced are:

LV=, part of the Liverpool Victoria General Insurance Group

• Home and Landlords insurance and claims administration.

Aviva

• Life insurance and claims administration.

Uinsure

• Home and Landlords insurance and claims administration.

Dynamo Mortgages, part of Connells Group

• Life insurance and other protection products.
• Mortgage applications.

Scottish Widows Limited

• Stock market based investments for our financial advice service.

Ascot Lloyd Financial Services Limited

Financial advice in relation to:

• defined benefit and other pension options.
• Life Time Allowance and Annual Allowance.

Skipton Trustees Ltd

• Skipton Building Society partners with Skipton Trustees Ltd (STL) which is a trust corporation. STL is a wholly-owned subsidiary of the Society. If you wish to contact STL for any purpose, please use the Society’s contact details.

Estate Administration

• STL’s Third Party - abrdn Financial Planning and Advice Ltd.
• Relationship - Provided by STL and administered by abrdn.

We will continue to assess the ongoing performance of your mortgage once you have taken it out.

After the redemption of your mortgage, we will continue to use, share and hold your personal data for as long as required to meet our legal, regulatory or other lawful requirements and to deal with any potential claims or complaints. In addition, it’s in our legitimate interests to use that data for ongoing modelling to support future business decisions such as ensuring the business has appropriate capital reserves for future lending and changes in the economic environment.

Transfer of mortgage

If you make a transfer of mortgage application, any borrower who is to be removed from the mortgage account, with our agreement, will remain on the account until our legal adviser sends us written confirmation that the transfer of the mortgaged property has been legally completed. Until we receive that confirmation, all borrowers will still be liable under the mortgage and can have access to the account details, including details of any additional lending.

Until the transfer of mortgage application has been completed, we will share data about the mortgage account, the progress of the application and the existing and new borrowers, and any guarantors, with each of them.

Guarantors

Where a guarantor has been agreed on your mortgage account, we will share details of your account, including balance outstanding, interest rate(s) applicable, early repayment charges and monthly payments with them. The guarantor will also be advised of any additional borrowing or further application while they remain a guarantor.

If you are appointed as a guarantor on a mortgage account, your data and payments made will be shared with the current and any future potential borrowers. This will include if one of them requests to add or remove a name from the account in the future.

Adult occupiers

If there are other adults living in the property who are not party to any mortgage or additional borrowing application you make, we will contact them to inform them of your application and ask them to confirm that they have no claim on the property.

Second charge

If you take a second or subsequent mortgage or loan with another lender and secure it against the property you have in mortgage to us, this is known as a second charge. If we receive an application or request to postpone a charge on your property from another charge holder, we will share data about your account, including projected balance and projected monthly payments with them.

Debt recovery

We have a legitimate interest to recover debt and to the extent necessary for this purpose we share data about you and how you conduct your account (including defaults, arrears and repossession hearings) with credit reference agencies, fraud prevention agencies, solicitors, debt collection agencies and/or tracing agents acting on our behalf to assist in recovering the debt and to locate you if we have been unable to contact you via our usual communication channels.

Commercial mortgages

For commercial mortgage accounts, we have a legitimate interest in holding data about the named contacts on the account, including company directors and authorised employees. This is so that we can effectively manage the account and are able to contact the relevant business owner where necessary.

Government initiatives

Where the application relates to a government initiative mortgage, the Society will share details of the mortgage account including application, payment history, requests for variation and all other relevant matters relating to the conduct of the account with the relevant body which holds an interest in the property.

When you take out a savings product with us, the purposes for which we process your data include verifying your identity; opening your account; processing payments; calculating and applying interest and government Lifetime ISA bonuses (if applicable).

ISA transfers

If you request an ISA transfer between us and another provider we will share your data with the other provider in order to meet your request and comply with ISA regulations.

Payment services

If you choose to use payment services to make or receive electronic payments between us and another service provider, we will share your personal data with that service provider to administer and manage your request and to comply with payment services regulations.

Tax reporting

We will deal with tax and government bonuses as required by legislation and following HMRC guidance. Your account information will be reported to HMRC where legally required. HMRC may share this information with the government of another territory.

Your data will also be used to meet our Foreign Account Tax Compliance Act (FATCA) reporting regulations where required.

When you contact us about financial advice we will collect data in order to get to know you and understand your needs, so we can offer personalised advice and provide financial planning recommendations tailored to your needs and circumstances.

If you choose to proceed with any of the recommendations given by our financial adviser we will share your data with external organisations such as fund providers and platforms, where needed, to:

• provide the products, services and investments you choose.
• communicate with you about your investments, products and services.
• manage your ongoing relationship.
• prevent crime and fraud.

Should you select an ongoing review service we will communicate with you about your investments, products and services in order to enable us to undertake these reviews.

If you take out Skipton Building Society Home Insurance and/or Life Insurance, we will share data about you and details of your policy and claims with:

• our third-party partner who provides and underwrites the insurance product.
• fraud prevention bodies.

These organisations will also share data directly with us and with each other when needed to manage your policy, renewal and claims.

This data will additionally be made available to other prospective lenders and insurers to assist with enquiries, investigations and to detect and prevent fraud.

In respect of insurance, we will use your data, including where necessary details of any criminal offences and proceedings, health and other relevant items to:

• understand your needs.
• assess the suitability of our products and services.
• verify your identity.
• contact you.
• prevent and detect fraud.
• comply with legal and regulatory requirements.
• undertake market research.
• provide marketing communications with your consent.

We process your personal data on the basis that it is necessary in the public interest for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.

More information about how we use this data is below.

Credit and identity checks

In order to process your application, we are required by law to identify you and assess the affordability of the products and services you apply for. We do this by using automated systems provided by one or more credit reference agencies. If you take products and services from us we may also make periodic searches at credit reference agencies to manage your account in future.

We will share your data with the credit reference agencies and they will give us data about you. This will include public data, for example, from the electoral register and other data, for example, from your credit applications about your financial situation, financial history, shared credit and specific fraud prevention data.

We will use this data to:

• identify you.
• assess your creditworthiness and whether you can afford to take the product.
• prevent criminal activity, fraud and money laundering.
• manage your accounts.
• trace and recover debts.
• ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange data about you with credit reference agencies while you have a relationship with us. We will also inform the credit reference agencies about your settled accounts. If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt. This data may be supplied to other organisations by credit reference agencies.

When credit reference agencies carry out a search they will place a footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together. You should make sure you share this information and discuss it with them before making an application. Credit reference agencies will also link your records together if they identify a link between you, joint applicants and/or any individual identified as your spouse or financial partner. These links will remain on the files until such time as you or your partner successfully files for a disassociation with the credit reference agencies to break that link.

Any documents requested or provided to help prove your identity may be checked with the issuing authority and/or anyone who has certified a copy.

The data from the credit reference agencies is used to automatically assess your application against the Society's lending criteria. If your application is declined based on this automatic assessment you have a right to challenge the decision. If you do not agree with the assessment you can contact us to challenge the decision and we will give you the opportunity to discuss this with us and review the results of the assessment for accuracy.

The information we obtain from credit reference agencies is managed by them and limited to what is needed for our own purposes. We will tell you if your application is rejected because of information we have received from credit reference agencies. You will need to contact the credit reference agencies directly to request a full credit report if you require details of what they hold about you.

More details about which credit reference agencies we use, their role as fraud prevention agencies, what personal data they hold (including how they use and share it), their retention periods and your data protection rights with the credit reference agencies, are explained in more detail in the Credit Reference Agency Information Notice (CRAIN).

The CRAIN is accessible from each of the three credit reference agencies – the three links below will take you to the same CRAIN document: TransUnionopens in a new tab, Equifaxopens in a new tab, Experianopens in a new tab.

Fraud prevention

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that it is necessary in the public interest or for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

We share your data with fraud prevention agencies such as Cifas and National Hunter and information about how they process your data can be found here: National Hunter Privacy Policyopens in a new tab and Fair Processing Notices for Cifas' Databasesopens in a new tab.

To support our legitimate interest and legal obligation to prevent fraud and money laundering, we may ask you about the source of any funds you deposit with us. If you are depositing funds given to you by another person we may ask for that person's details. We will keep a record of this information and provide it to law enforcement and fraud prevention organisations if necessary to support their investigations into alleged money laundering.

Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact the organisation that referred you to this page.

Data transfers

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place. Cifas has published more information about data transfers here: International transfers of personal dataopens in a new tab.

Crime prevention and public safety

Within our premises we have CCTV in operation. Footage is reviewed by us, and where necessary passed to police or law enforcement agencies upon request following any incidents relating to the security and/or safety of individuals and to assist with any ongoing crime investigations. These processes support our legitimate interest to prevent crime and assist with public safety in our premises.

We have a legal obligation under the Building Societies Act to hold an AGM. We will use your information to identify if you are eligible to vote in the AGM and, if so, to send you your voting pack. You can choose how you prefer to receive your voting pack at any time by visiting a branch, logging in to Skipton Online and going to 'Preferences AGM Voting’ (if you're registered for Skipton Online), via the Skipton App, calling us on 0345 850 1733 or writing us at FREEPOST SKIPTON BUILDING SOCIETY (please use block capitals). We use an external scrutineer to issue the voting packs and to undertake the vote count.

How you vote is confidential to our external scrutineer. If you vote, we'll receive data after the AGM to say you've done so, so we can update your record. We will only know if you have voted, but not whether your votes were 'For', 'Against' or 'Withheld'. We will be aware of your method of voting, whether it's online, by post, through a live stream, or in person, and whether you voted through a representative or by attending the meeting yourself. We'll also receive a copy of any comments you've made so we can contact you if needed. Your response is viewed as an interaction with the Society, which is important because it shows us your account is not dormant.

If you join the live stream of the AGM, we'll receive data after the AGM to say you've done so, so we can ensure the AGM is quorate.

We will use any of the contact details we hold for you to communicate with you about the products and services you hold with us, contact you as requested and to send you information we are required to provide you with by law or that is necessary for the provision of our services, for example, account statements, notification of annual and extraordinary general meetings.

Marketing

We may use your information to provide details about our products, services, news and offers that we believe may be of interest to you. The communications sent to you will be based on a range of factors including what products you already have with us, whether you are a member of the Society, where you live, data received from third parties, for example, customer lifestyle information from external research and insight agencies and other information gained about your behaviours and dealings with us.

We will only get in touch with these types of communication if you have given your consent to be contacted for marketing purposes, and only contact you by the methods you have agreed to, for example, post, telephone, email or text.

You can change your marketing preferences at any time by visiting a branch, logging in to Skipton Online and going to 'Preferences' (if you're registered for Skipton Online), via the Skipton App, calling us on 0345 266 7754. or writing us at FREEPOST SKIPTON BUILDING SOCIETY (please use block capitals). Where you have chosen to receive 'Life & Money Email Updates', you can either use the 'unsubscribe' at the bottom of email updates or you can change your preferences at our preference centre.

Personalisation

If you've provided your consent to the use of cookies for 'measurement and personalisation' purposes, these cookies will collect data about how you use our website. We'll use this, in combination with information about the products you hold or services you use from us, as well as data from research and insight agencies to allow us to provide personalised content for you on our website and in our marketing and service communications to make them more relevant.

For example, if you have a savings account that is due to mature, then the information you see on our website or that you receive via your chosen marketing channels may be about our latest savings offers. Or, if you have viewed a page on our website then we may show personalised content on our homepage for your next visit so it’s easier for you to find what you were looking for.

You can update your cookie preferences at any time by visiting the cookies settings on our Cookie Policy. If you didn’t accept these cookies then your website experience or communications you receive might not be as relevant.

Social Media

We have a presence across a range of social media channels. When you use any of our channels we may record and retain personal data and other information about you including your social media handle, the frequency, dates and times of your visits, and any information you share on our social media pages or as direct messages to us.

Any information you provide through our social media channels may be shared with other Skipton Building Society Group companies, and any third parties who provide services on our behalf to enhance our social media services, presence and your customer experience. Where necessary your comments, opinions and messages will be used so that we can pursue our legitimate interest to better understand our customers and improve our products, services and overall customer offering.

Market Research and customer relationship management

We have a legitimate interest to provide you with the best products, services and experience. To do this, we need to understand what you and other customers’ needs and circumstances are, what you like about Skipton and any improvements you think could be made.

Market Research

We use external agencies including market research companies to help us gain such insights, carry out market research, and obtain feedback about products, services and experiences. We will pass your contact details to the agencies so they can contact you. They will share the data they obtain from you with us, this can be at an individual customer level, at group level or anonymised. This supports a wide range of business decision making such as product development. If you are contacted by our market research companies you can choose not to participate and we will not contact you again for market research.

Customer Relationship Management

We use data for profiling and customer segmentation to create a broad understanding of our customers. This helps shape our communications, products and other activity. We also carry out behaviour and trend analysis, including the use of financial, behavioural and other models. In this way we can understand not only what is important to our customers now, but also predict future behaviours and needs. This includes looking at information we hold about you, or that we may have received from other sources, such as credit reference agencies.

Competitions/Prize Draws

We sometimes run competitions/prize draws for customers, members and the wider public. When we collect personal data for this reason, we use it to administer the competition and notify the winner. If we wish to use the data for any other purpose this information will be provided at the time.

Seminars, talks, information events

We sometimes run seminars, talks or information events for customers, members and the wider public. When we collect personal data for this reason, we use it to administer the event including contacting you to confirm attendance and notifying you of any changes to the event. If we wish to use the data for any other purpose this information will be provided at the time.

Promotional material

From time to time, we may use case studies, video footage and/or photographic images of our customers in promotional content for the Society, both internally and externally. We will let you know how we would like to use these when we ask for your consent prior to the collection and use of this type of content. If the use of it changes we will notify you and re-obtain your consent for the new usage.

You can withdraw your consent for the use of your information in case studies and promotional material by emailing marketingpromotions@skipton.co.uk or by telephoning 0345 266 7754.

If you withdraw your consent we will not use your case studies, video footage and/or photographic images in any future promotional material and will remove them from any existing material already made public at the next update/re-print. We will not be able to remove items already printed and distributed to third parties such as newspapers, direct mail or social media where images have been shared.

Quality assurance and communication monitoring

We sometimes access your data as part of our internal quality assurance processes. We have a legitimate interest, to ensure that you have received the best and correct outcome for your situation. These monitoring activities also allow us to carry out ongoing training with our colleagues.

We will record and monitor some of your contact with us, this includes telephone calls, email and, where you use Skipton Link, the verbal content of the meeting, as well as visual and audio recording of a limited number of face to face interactions in Branch. This is to help us in our continuous attempts to improve customer service and to offer additional protection and security. We also retain information for evidential purposes and to meet legal and regulatory requirements. Telephone calls, Skipton Link and other electronic communications may also be monitored for reasons of staff training.

We provide free WiFi in some of our offices. Where you choose to use this we will use your IP/MAC address to:

• process your registration in order to provide you with connectivity to the Wi-Fi service.
• meet our legal, regulatory and government reporting obligations (e.g. Ofcom, court order).
• understand the total number of users of the Wi-Fi service, which we have a legitimate interest in.

We take our responsibilities to our customers seriously, especially those who may be vulnerable including the families and loved ones of bereaved customers.

Adjustments for customers needing help

Everyone needs a little help sometimes and we want to ensure that you get the best experience with us. With your consent, we will add notes to your records about any adjustments we need to make, such as using large print when we communicate with you, to ensure it’s easier for you to interact with us.

Bereavement

If you’re named as an executor in the Will or there is no Will and you’re the legal next of kin, and can show us proof of this, we can tell you the account balance(s) and interest due up to the date of death.

At the request of the executor(s) we will share data with solicitors, HMRC and the customer’s beneficiaries.

If you inform us about the death of one of our customers, we may tell the executor(s) who has informed us of the death.

For more details about this please visit the Bereavement Support information on our website.

• If we sell or transfer all or part of our business, we may share or transfer customer records and data as part of the proposed/actual sale or transfer. Before we do this we will ensure there is adequate protection in place by imposing contractual obligations on the buyer/seller to ensure the security and confidentiality of your data.
• Windfall benefits: Should the Society demutualise, we will provide the selected charity with certain information about you (including your name and account number) in order for such benefit to be processed. Any processing of your personal data will be in accordance with our Data Privacy Notice and that of the selected charity.

Where necessary we will occasionally use elements of your information to test new systems or features in a controlled environment in accordance with our internal security standards. Testing with real information helps us to pursue our legitimate interest to maintain the confidentiality, integrity and availability of our systems.

Some of the suppliers, applications, and systems that we use to support the provision of our services make transfers of data outside the United Kingdom (UK), and European Economic Area (EEA), and to countries such as the USA, that are not on an approved list for having adequate data protection laws in place.

We have a subsidiary company called Jade Software Corporation Limited based in New Zealand, which provides us with systems and technical support. New Zealand is on a list of countries deemed as having adequate security controls in place.

When we use third party systems, application support and cloud-based providers that are either based outside of or send or access data outside of the UK or EEA, we will, as the situation warrants, either put in place or check that the third party has in place appropriate contractual obligations or other measures to help safeguard your rights in respect of your data.

Whenever fraud prevention agencies transfer your personal data outside of the UK or EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK or EEA as applicable dependent upon their location. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

We store data about you using Cookies. Cookies are small files that are stored on your device when you visit our website. Some help us improve our site, like remembering your preferences, personalising content, and help it to work better for you. Others make sure adverts are about things you're interested in.

For full information relating to our use of cookies and similar technologies please read our Cookie Policy.