Privacy & Cookies Notice
Who we are
1 This privacy notice (the “Privacy Notice”) applies to all personal information processing activities carried on by the Commercial Banking business of The Royal Bank of Scotland plc.
2 The Royal Bank of Scotland is a data controller in respect of personal information that we process in connection with our business (including the products and services that we provide). In this notice, references to “we”, “us” or “our” are references to The Royal Bank of Scotland.
3 Our principal address is 36 St. Andrew Square, Edinburgh EH2 2YB and our contact details can be located at https://www.business.rbs.co.uk/business/business-services/entrepreneur-accelerator.html
4 We are a member of The NatWest Group PLC (“NatWest group”). More information about the NatWest group can be found at www.rbs.com by clicking on ‘About Us’.
5 We respect individuals’ rights to privacy and to the protection of personal information. The purpose of this Privacy Notice is to explain how we collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information).
The information we process
1 We collect and process various categories of personal information at the start of and for the duration of your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. Personal information may include:
- basic personal information, including name, gender, address, and contact details;
- information about you that will help us assess your suitability for the Programme. This includes details about your business, your involvement in the business and behavioural strengths and characteristics.
2 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to customers. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the purposes and activities set out at Schedule A for which the information is provided). This may include:
- information about racial or ethnic origin; and
- Information about your health.
3 Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data with law enforcement and regulatory bodies.
How we obtain information
1 Your information is made up of all the personal information we collect and hold about you and your business. It includes:
- information you give to us;
- information that we receive from third parties (including other NatWest group companies, third parties who provide services to you or us, and credit reference, fraud prevention or government agencies);
- information that we learn about you through our relationship with you on the programme; and
- information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines).
1 We want to make sure you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in the table below.
You have a right to get access to the personal information we hold about you.
You have a right to get access to the personal information we hold about you.
|If you would like a copy of the personal information we hold about you, please write to: The Centre Manager, Subject Access Requests, The Royal Bank of Scotland Group Plc, Business House B, Ground Floor, Gogarburn, PO Box 1000, Edinburgh EH12 1HQ. A fee may be payable.|
You have a right to object to direct marketing
|You have a right to object at any time to processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing.|
You have a right to lodge a complaint with the regulator
|If you wish to raise a complaint on how we have handled your personal information, you can contact our Data Protection Officer who will investigate the matter. We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit https://ico.org.uk/, write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or ring 0303 123 1113.|
Changes to the way we use your information
From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change, we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
How we use and share your information with other NatWest group companies
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. Your information may be shared with and processed by other NatWest group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in Schedule A below.
Sharing with third parties
1 We will not share your information with anyone outside the Royal Bank of Scotland except:
- where we have your permission;
- where required in order to process your application;
- where required in order to ensure you receive the service you have applied for
- where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
- with third parties providing services to us, such as market analysis and benchmarking, and agents and sub-contractors acting on our behalf, such as the companies which print our account statements;
- with credit reference and fraud prevention agencies;
- where required for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
- in anonymised form as part of statistics or other aggregated data shared with third parties; or
- where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
2The Royal Bank of Scotland will not share your information with third parties for their own marketing purposes without your permission.
Transferring information overseas
1 We may transfer your information to organisations in other countries (including to other NatWest group companies) on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
2 In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
- the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
- the transfer has been authorised by the relevant data protection authority; and/or
- we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure you information is adequately protected.
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us or other NatWest group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by contacting us by emailing firstname.lastname@example.org.
Communications about your account
1 We will contact you with information relevant to the operation and maintenance of your application and if successful your tenancy by a variety of means including via mobile banking, email, text message, post and/or telephone. If at any point in the future, you change your contact details you should tell us promptly about those changes.
2 We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for the purposes outlined in Schedule A below.
How long we keep your information
1 By providing you with products or services, we create records that contain your information, such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
2 We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities
3 Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which the relevant Royal Bank of Scotland company is located and the applicable local legal or regulatory requirements. We (and other NatWest group companies) normally keep customer account records for up to seven years after your relationship with the bank ends, whilst other records are retained for shorter periods, for example ninety days for CCTV records or twelve months for call recordings. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
4 We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that the bank will be able to produce records as evidence, if they're needed.
We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf.
Privacy & Cookies Notice
1 Your online privacy
You can visit our website without telling us who you are or revealing any information about yourself. We promise to treat any personal information about you securely, fairly and lawfully. We are committed to protecting your privacy. When we ask you for personal information online it will only be in response to you actively applying for or using one of our online products or services. You can find full details of how we use customer information here.
2 Cookies – what are they?
A "cookie" is a small text file that's stored on your computer, smartphone, tablet, or other device when you visit a website or use an app. Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor. This website uses session and persistent cookies.
3 How to control and delete cookies.
If you want to restrict or block the cookies we set, you can do this through your browser settings. The ‘help’ function within your browser should tell you how. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.
4 Cookies – how we use them
- Provide products and services that you request and to provide a secure online environment
- Manage our marketing relationships
- Give you a better online experience and track website performance
- Help us make our website more relevant to you
5 Essential Cookies
Cookies that are essential for us to provide a product or service you have requested and to provide a secure online environment. Without cookies we are unable to provide some products or services that you might request. Other 'essential' cookies keep our website secure. Even if you say “No” to cookies on this website we'll continue to use these 'essential' cookies.
Essential cookies are used to deliver interactive services, such as:
- online banking
- product applications
- web chat
- maintain online security and protect against online fraud
6 Performance Cookies: Tracking website performance
These cookies collect aggregated information and are not used to identify you. We use this type of cookie to understand and analyse how visitors use our online services and look for ways to improve them. For example, a cookie might tell us that lots of people give up on an application process at a particular step – so we can try to make that step easier to complete.
The analytics cookies we use include:
- IBM NetInsight, to analyse how our visitors use our sites. NetInsight uses both session and persistent cookies.
- Adobe Analytics, to improve our websites and services. This service and the cookies it uses help us understand the popularity of our content and make better consumer experiences.
7 Functionality Cookies: Giving you a better online experience
These cookies remember your preferences and tailor the website to provide enhanced features. Without these cookies, we cannot remember your choices or personalise your online experience.
We use this type of cookie to:
- Make online banking login faster by remembering you between visits on your personal devices
- Simplify online transactions by remembering the last account you used and showing it as the default for your next transaction
- Display your mini-statements as you like them by remembering which panels you’ve expanded and collapsed
- Remembering relevant information as you browse from page to page to save you re-entering the same information repeatedly
- Provide enhanced features, such as playing videos or allowing you to post a comment.
8 Targeting Cookies
These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. These cookies can track your browsing history across websites. If you wish to prevent this type of cookie, you may do so through your device’s browser security settings. The third-party companies we partner with include:
- Impact Radius
- Google Search Adwords
9 Cookies in emails
10 How to control and delete cookies
If you don't want to accept cookies in emails, you can set your browser to restrict or reject cookies, or you can close the email before downloading any images or clicking on any links.
Schedule A - Schedule of Purposes of Processing
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other NatWest group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:
A. Contractual necessity
We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide you with Programme services. This may include processing to:
- assess and process your application for the Programme.;
- manage and maintain our relationships with you and for ongoing provision of the Programme service. This may involve sharing your information with other NatWest group companies to improve the Programme
- communicate with you about your application and Programme services we provide to you.
B. Legal obligation
When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
- perform checks for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies;
- share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with production and court orders;
- communicate updates to Programme service terms and conditions.
- investigate and resolve complaints;
- conduct investigations into breaches of conduct and corporate policies by our employees;
- manage contentious regulatory matters, investigations and litigation;
- perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality;
- provide assurance that the bank has effective processes to identify, manage, monitor and report the risks it is or might be exposed to;
- investigate and report on incidents or emergencies on the bank’s properties and premises;
- coordinate responses to business disrupting incidents and to ensure facilities, systems and people are available to continue providing services; and
C. Legitimate interests of the bank
We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
- We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:
- monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;
- ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;
- ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;
- provide assurance on the bank's material risks and reporting to internal management and supervisory authorities on whether the bank is managing them effectively;
- perform general, financial and regulatory accounting and reporting;
- protect our legal rights and interests;
- manage and monitor our properties and branches (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and
- enable a sale, reorganisation, transfer or other transaction relating to our business.
- It is in our interest as a business to ensure that we provide you with the most appropriate level of service within the Programme and that we continually develop and improve The Programme. This may require processing your information to enable us to:
- identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;
- send you relevant marketing information (including details of other products or services provided by us or other RBS group companies which we believe may be of interest to you).
- understand our customers’ actions, behaviour, preferences, expectations, feedback and business in order to improve the Programme, develop new Programme offerings, monitor the performance and effectiveness of Programme services;
- assess the quality of our Programme services and to provide staff training.
- perform analysis on complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers;
- combine your information with third party data, such as economic data in order to understand customers’ needs better and improve our services.