PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS SITE
Who we are and how to contact us
Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk is a site operated by Santander UK plc. Telephone 0330 9 123 123. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks.
By using our site you accept these terms
By using our site, you confirm that you accept these terms of use and that you agree to comply with them.
If you do not agree to these terms, you must not use our site.
We recommend that you print a copy of these terms for future reference.
There are other terms that may apply to you
These terms of use refer to the following additional terms, which also apply to your use of our site:
- Our Privacy Policy which can be found at: https://www.santander.co.uk/personal/support/customer-support/legal-information. See further under the paragraph headed “How we may use your personal information” below.
Users of our online banking services will be subject to our online banking terms and conditions as detailed on our site.
If you purchase goods and services from our site, our terms and conditions applicable to such goods and services will apply as detailed on our site.
We may make changes to these terms
We amend these terms from time to time. Every time you wish to use our site, please check these terms to ensure you understand the terms that apply at that time. These terms were most recently updated on 29 July 2024.
We may make changes to our site
We may update and change our site from time to time to reflect changes to our products, our regulatory requirements, our users' needs and our business priorities. We do not need to give you notice of this.
We may suspend or withdraw our site.
Our site is made available free of charge.
We do not guarantee that our site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of our site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal.
You are also responsible for ensuring that all persons who access our site through your internet connection are aware of these terms of use and other applicable terms and conditions, and that they comply with them.
We may transfer this agreement to someone else
We may transfer our rights and obligations under these terms to another organisation.
Our site is only for users in UK
Our site is directed to people residing in the UK other than for the purpose of accessing USA Patriot Act certifications. Products advertised on these pages are only intended for sale to UK residents and mortgages are only available on properties in the UK. We do not represent that content available on or through our site is appropriate for use or available in other locations.
How you may use material on our site
We are the owner or the licensee of all intellectual property rights in our site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved.
You may print off one copy, and may download extracts, of any pages from our site for your personal use and you may draw the attention of others within your organisation to content posted on our site.
You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of content on our site must always be acknowledged (except where the content is user-generated).
You must not use any part of the content on our site for commercial purposes without obtaining a licence to do so from us or our licensors.
If you print off, copy, download, share or repost any part of our site in breach of these terms of use, your right to use our site will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.
No text or data mining, or web scraping
You shall not conduct, facilitate, authorise or permit any text or data mining or web scraping in relation to our site or any services provided via, or in relation to, our site. This includes using (or permitting, authorising or attempting the use of):
- Any "robot", "bot", "spider", "scraper" or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the site or any data, content, information or services accessed via the same.
- Any automated analytical technique aimed at analysing text and data in digital form to generate information which includes but is not limited to patterns, trends and correlations.
The provisions in this clause should be treated as an express reservation of our rights in this regard, including for the purposes of The Copyright, Designs and Patents Act 1988.
This clause shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.
Do not rely on information on this site
The content on our site is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. We are not liable for any damage or losses caused by your reliance on the content of our site.
Although we make reasonable efforts to update the information on our site, we make no representations, warranties or guarantees, whether express or implied, that the content on our site is accurate, complete or up to date.
We are not responsible for websites we link to
Where our site contains links to other sites and resources provided by Third Parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them.
We have no control over the contents of those sites or resources.
We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.
The use of Third Parties is in line with their terms and conditions. Third Party content and services aren’t in our control. We can’t accept any responsibility for services you get from them.
We might need to share data with Third Parties. If we need to, we’ll do so using the appropriate legal basis. We may need your consent for this. Please see our Privacy Policy for details.
We provide links to third-party websites to make services easy to use. We have no control over those sites. We don’t control any content, products or services available on Third Party sites. We don’t guarantee that the sites or services will be available.
Third Party sites might have different privacy, security and access standards. When you visit a Third Party site, we suggest that you check their terms and conditions, Privacy Policy and security policy.
We’re not liable for services, or parts of the services, provided by Third Parties or parties they work with.
We’re not responsible for any financial products shown to you by any Third Party.
“Third Party” or “Third Parties” means the third parties we work with to provide services.
Our responsibility for loss or damage suffered by you
Whether you are a consumer or a business user:
- We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.
- Different limitations and exclusions of liability will apply to liability arising as a result of the supply of any products to you, which will be set out in our terms and conditions of supply as available on our website.
If you are a business user:
- We exclude all implied conditions, warranties, representations or other terms that may apply to our site or any content on it.
- We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
- loss of profits, sales, business, or revenue;
- business interruption;
- loss of anticipated savings;
- loss of business opportunity, goodwill or reputation; or
- any indirect or consequential loss or damage.
If you are a consumer user:
- Please note that we only provide our site for domestic and private use. You agree not to use our site for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
- We will not be liable for damage that you could have avoided by following our advice to apply an update offered to you free of charge or for damage that was caused by you failing to correctly follow installation instructions or to have in place the minimum system requirements advised by us.
How we may use your personal information
We will only use your personal information as set out in our Privacy Policy which can be found at: https://www.santander.co.uk/personal/support/customer-support/legal-information.
Users' responsibility for information security
We do not guarantee that our site will be secure or free from bugs or viruses.
You are responsible for updating and securing your technology systems, software and platforms from which you access our sites and applications. You should use your own fully updated anti-virus software to protect you from any potential threat.
You must not misuse our site by knowingly introducing any malicious or technologically harmful pieces of code or software. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
Rules about linking to our site
You may link to our home page, provided you do so in a way that complies with the following conditions and is fair and legal and does not damage our reputation or take advantage of it.
You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
You must not misrepresent your relationship with us nor present any other false information about us.
You must not establish a link to our site in any website that is not owned by you.
Our site must not be framed on any other site, nor may you create a link to any part of our site other than the home page.
You must not remove, distort, or otherwise alter the size or appearance of any images or logos.
You must not use any trademarks displayed on the site without our express written permission.
You must not have any content on your website that is distasteful, defamatory, offensive or controversial, infringes any intellectual property rights or other rights of any other person or otherwise does not comply with all applicable laws and regulations.
We reserve the right to withdraw linking permission without notice.
Which country's laws apply to any disputes?
These terms of use, their subject matter and their formation, are governed by the laws of England and Wales. You and we both agree that the courts of England and Wales will have exclusive jurisdiction in respect of any dispute arising hereunder except that if you are a resident or incorporated in Northern Ireland proceedings may also be brought in Northern Ireland, and if you are resident or incorporated in Scotland, proceedings may also be brought in Scotland.
Financial services compensation scheme
Santander UK plc is a member of the Financial Services Compensation Scheme established under the Financial Services and Markets Act 2000. This replaces previous compensation schemes. For further information please contact us or visit the Financial Services Compensation Scheme website at: www.fscs.org.uk.
The Standards of Lending Practice
Santander UK plc in the UK adheres to The Standards of Lending Practice which are monitored and enforced by the LSB: www.lendingstandardsboard.org.uk.
We are Santander UK plc, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
This is our Privacy Policy which explains how we obtain, use and keep your personal data safe in relation to the Santander website (santander.co.uk), Santander Online Banking website and Santander mobile app(s) for Personal, Business and Corporate customers, Santander Investing website (https://www.santander.co.uk/personal/savings-and-investments/investments) and Santander Investment Hub website (investmenthub.santander.co.uk).
Your personal data is data which by itself or with other data available to us can be used to identify you.
We're committed to keeping your personal information safe in accordance with applicable data protection laws.
The types of personal data we collect and use
The types of personal data we capture and use will depend on what you are doing on the website or mobile apps. We’ll use your personal data for some or all of the reasons set out in this Privacy Policy. If you become a customer we’ll also use it to manage the account, product or service you’ve applied for and we’ll provide you with a separate data protection statement specifically in relation to that as part of the online application journey. Some of the information relevant to that is included in this Privacy Policy for consistency. Examples of the personal data we collect and use in relation to our website and mobile app may include:
- Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers);
- Date of birth and/or age (e.g. to make sure that you are eligible to apply for a product or service);
- Financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us);
- Records of products and services you’ve obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
- Information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us;
- Family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependants you have);
- Education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us; and
- Personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Policy and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf.
- Special category data, including data about your health and biometric data (e.g. facial ID, fingerprints, keystrokes, and voice recordings for Touch ID and voice recognition);
Providing your personal data
We’ll tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your application, query or service request. We’ll collect this personal data directly from you when you use this website. Where you go through an application process with us, we may collect some of your personal data indirectly, from other sources. We will tell you about the sources of the personal data in the data protection statement relevant to the specific product. If you provide personal data about another individual, you must have their authority to provide their personal data to us and you must share this Privacy Policy and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf.
Monitoring of communications
Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.
Using your personal data: the legal basis and purposes
We’ll process your personal data:
1. As necessary to perform your contract with you for the relevant account, product or service:
a) To take steps at your request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract;
d) To update our records; and
e) To trace your whereabouts to contact you about your account.
2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
a) For good governance, accounting, and managing and auditing our business operations;
b) To search at credit reference agencies at your home and business address (if you are a business customer) if you’re over 18 and apply for credit;
c) To monitor emails, calls, other communications, and activities on your account;
d) For market research, analysis and developing statistics;
e) To trace your whereabouts to contact you about your account, and to recover debt you owe us;
f) For establishment and defence of legal rights;
g) for the prevention, detection and investigation of financial crime, including fraud, money laundering, and terrorism financing; and
h) To send you marketing communications and for marketing to you in-branch, including automated decision making relating to this.
3. As necessary to comply with a legal obligation, e.g.:
a) When you exercise your rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of crime;
e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
f) To monitor emails, calls, other communications, and activities on your account.
4. Based on your consent, e.g.:
a) When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
b) When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
c) To send you marketing communications where we’re required to ask for your consent to do so.
You're free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you. To the extent that action has already been taken based on your consent, withdrawal of your consent will not apply to the processing of your personal data that has already occurred, based on your consent.
Sharing of your personal data
Subject to applicable data protection law we may share your personal data:
- with the Santander group of companies* and associated companies in which we have shareholdings;
- with sub-contractors and other persons who help us provide our products and services;
- with companies and other persons providing services to us;
- with our legal and other professional advisors, including our auditors;
- with fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management;
- with other organisations who use shared databases to do income verification and affordability checks and to manage/collect arrears;
- with law enforcement bodies;
- with government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
- with courts, to comply with legal requirements, and for the administration of justice;
- with the Financial Services Ombudsman and the Business Banking Resolution Service;
- with other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing
- in an emergency or to otherwise protect your vital interests;
- to protect the security or integrity of our business operations;
- with other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions;
- when we restructure or sell our business or its assets or have a merger or re-organisation;
- with market research organisations who help to improve our products or services;
- with payment systems providers (e.g. Visa or MasterCard) if we issue cards linked to your account; they may transfer your personal data to others to process transactions, resolve disputes and for statistical purposes, including by sending your personal data overseas; this is necessary to operate your account and for regulatory purposes; and
- with anyone else where we have your consent or where we have another lawful basis for doing so.
International transfers
In some instances your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place or requiring the recipient to subscribe to or be certified with an ‘international framework’ for the protection of personal data. More details can be found in our 'Using My Personal Data’ booklet (PDF - 140 KB)
Online applications
If you apply for an account online, before you enter any personal details into the online form, we'll tell you how your information will be used in our data protection statement relevant to that account, in the 'Using My Personal Data’ booklet (PDF - 140 KB) and sometimes in the relevant terms and conditions. You’ll be asked to confirm that you have read these and you’ll be asked to agree to our terms and conditions before your application can proceed.
The data protection statement, in conjunction with the 'Using My Personal Data’ booklet (PDF - 140 KB), includes details of the uses we may make of your data, the legal bases we are relying upon to carry out that processing, and who we may share your personal data with. For instance, for credit account applications like loans and bank accounts, we may pass your details to a recognised credit reference agency to help process your application.
We may occasionally send you information about accounts and services which we think would be of interest to you but only where we have your consent or if this is within our legitimate interests (see above for more details about lawful bases). You can choose to stop receiving information at any time by contacting us.
Contacting us by phone
To help us improve our service we may record or monitor phone calls, as explained in the monitoring of communications section, as necessary to comply with any legal obligations and for our legitimate interests.
Contacting us by email
When you contact us, we may need to collect some personal details like your name, address and phone numbers. Email isn't 100% secure so you shouldn’t send personal data such as your account information using normal email. Please consider another method, such as using chat in Online Banking or calling us, if you need to share personal information.
Emails are stored on our standard internal contact systems which are secure and can't be accessed by external parties. We store this information to identify trends, and for the purposes set out in the monitoring of communications section, as necessary to comply with any legal obligations and for our legitimate interests. For more information on the criteria we use to determine our retention periods, see below.
Automated decision making and processing
We may automatically process your personal information, without human intervention, to evaluate certain personal aspects about you (known as profiling).
In particular, we may analyse or predict (among other things) your economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you using your personal information. For example, we might analyse certain customer demographics, account holdings and account behaviours (such as Direct Debits you have set up on your accounts including those which identify accounts and products such as credit cards and store cards which you hold with other providers/elsewhere) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries.
In some instances we’ll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you, as well as to produce a personalised price for insurance products, to provide an indication of the price prior to an application being made (please note, publicly available information about you and information about you from third party data sources such as, credit reference agencies, will also be used to provide you with an indication of the price). The personalised price would be presented to you in marketing communications and during contacts with Santander that might be suitable. We’ll look at the types of accounts that you already have with us, as well as your age, where this is relevant to the product, we think you might be interested in. We’ll also conduct behavioural scoring, including by looking at the accounts and products you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your credit report, but they will not affect your ability to get credit.
You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.
For some insurance products we may use automated decision making to assist the insurer in determining your final insurance premium. The insurer will use an automated underwriting engine to process your personal information and to better assess insurance risk which will generally provide a more accurate price that is relevant to your individual circumstances and needs. The automated underwriting engine will use information including personal information that you provide as well as other information about you held by us, the insurer and other parties. Where the insurer is carrying out any automated decision making it will do so on the basis that is necessary in order for the insurer to enter into the insurance contract with you. You have the right to contest that decision, express your point of view and ask for a human review. Where we carry out any automated decision making for your insurance product, we will ask for your consent during the application process to allow us to do so. You may withdraw your consent at any time by contacting us. Further details can be found in the 'Using My Personal Data’ booklet (PDF - 140 KB)
Using our calculators, decision tools, guides and budget planners
To use our range of calculators, tools, guides and budget planners, you'll have to give us details of your financial situation and needs. The information we ask for will depend on what type of product or account you're interested in. By providing any personal data you do so on the basis of your consent. You’re free at any time to withdraw your consent but if you do you won’t be able to use these services.
When you use a calculator, guide, decision tool or budget planner all of the details you provide are anonymous - and once you leave we never store your details, unless, for example, you decide to save a quote.
Using our video services
You can apply for some of our products and services using a video session from your mobile device where you see and hear your Santander adviser in high quality two-way video.
If you use our video services, both the images and the audio will be recorded and may be used for training and monitoring purposes. We’ll use any personal data captured about you for the performance of a contract or/with a view to entering into a contact with you as well as for our legitimate interests for good governance, accounting, managing and auditing our business operations, and to monitor emails, calls, other communications in relation to your dealings with us. Please see the monitoring of communications section for more information and the criteria for retention periods section for more information on the criteria we use to determine our retention periods.
You’re entitled to record your video session only for your own personal use, and you should avoid sharing any footage with third parties or posting it on any websites. For your own privacy and protection, please ensure that your location doesn't include items and images that you don't wish to be recorded.
Using your personal information for direct marketing
We’ll tell you if we intend to use your information for marketing purposes and we'll give you the opportunity to opt out if you want to (unless we need a consent to use your information for marketing purposes – if we do we’ll seek one). If you receive marketing emails and don't want to in future, please use the unsubscribe link within the email and we’ll remove you from future campaigns. Ways to opt out of marketing communications that we send you via other channels, can be found in the 'Using My Personal Data’ booklet (PDF - 140 KB)
Surveys and competitions
We'll treat any survey or competition information you provide with the same high standard of care as we do all other customer information, using any details provided strictly within the terms of the competition and this Privacy Policy.
Cookies
Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:
- collect information that will help us understand visitors' browsing habits on our website;
- compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
- temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
- in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services e.g. if you use the 'Remember my ID' tool when logging on to Online Banking.
We use cookies to enable us to perform our contract with you (e.g. if you apply for a product online or are an Online Banking customer) and for our legitimate interests (e.g. to help us improve our service). We’ll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy you can read our cookie policy
Criteria used to determine retention periods (whether or not you become a customer)
The following criteria are used to determine data retention periods for your personal data:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
- Retention in case of claims. We’ll retain your personal data for as long as legal claims can be brought and defended.
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, product or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights don’t apply in all circumstances):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision making including profiling.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more details on all the above you can contact our DPO, view the ‘Using My Personal Data’ booklet’ (PDF - 140 KB) or ask for a copy in branch.
Find your nearest branch or contact us
Data anonymisation and aggregation
Your personal data may be converted into statistical or aggregated data, which can’t be used to identify you. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.
Group companies
For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet (PDF - 140 KB)
Changes to this Privacy Policy
We’ll notify you if there are any material changes to this Privacy Policy if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.
Legal statement about this Privacy Policy
This Privacy Policy is not designed to form a legally binding contract between Santander and users of our website or online services.
Links to other websites
Certain hypertext links in this website may lead you to websites which are not under the control of Santander UK plc. When you activate these, you may leave the santander.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Santander UK plc.
We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.
No liability for unavailability
We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.
Contacting us about our Privacy Policy
Contact us, or write to our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
Customer responsibility
It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.
Easy ways to protect yourself from danger
There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:
- Never share a One Time Passcode (OTP) with another person, not even a Santander employee.
- Do not log on using a public computer.
- Always access Online Banking by typing https://www.santander.co.uk into your web browser and logging on via our website.
- Never enter your Online Banking details after clicking on a link in an email or text message.
- Do not send confidential information by email as it’s not secure and there is always a risk it could be intercepted.
- If you’re logged into any online service, do not leave your computer unattended. Close down your internet browser once you’ve logged off.
- Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.
For more information about staying safe online you can visit Fraud & Security
Secure online services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
All information passed between you and Santander when using our online services is sent using secure industry standard encryption.
1. Introduction
1.1 We are Santander UK Plc (Santander, we, us our), the data controller. This event privacy notice sets out how we’ll collect, use, process and disclose your personal data. Your personal data is data which by itself, or with other data available to us can be used to identify you.
1.2 This privacy notice relates to our use of personal data obtained in relation to our prize draws, competitions, registration for events (this includes events organised and arranged by us and events arranged by a third party) as well as attendance at and participation in these events. Such events may include but is not limited to conferences, dinners, meetings, roadshows, recognition events etc. This includes personal data of our employees, guests, individual customers, B2B customer employees and children of those individuals (where applicable).
1.3 Please also refer to the following:
1.3.1 Photos and videos at event: The photo/video privacy notice in relation to attendance at a specific event;
1.3.2 External events: Where an event is organised or hosted by a third party, this third party will also be a data controller in relation to any data that third party collects or receives about you. Please see the third party’s privacy notice for further details of their processing of your personal data; and
1.3.3 CCTV: Our CCTV notice and any CCTV notice of third parties where the venue is third party operated in respect of CCTV in operation at the relevant event.
2. The types of personal data we collect and use
2.1 As part of your registration for and participation in an event we’ll use your personal data for the reasons set out below.
What personal data we collect | How we use your personal data | |
---|---|---|
1 | We will process personal data you provide when you register for an event or enter a prize draw or competition including:
This includes personal data about other named individuals such as guests and children that may accompany you to the event. If you provide this information on their behalf, you must have their authority to provide their personal data to us and share this privacy notice with them beforehand together with details of what you’ve agreed on their behalf. | Santander will use this personal data to:
|
2 | Date of birth and/or age | Santander will use this personal data to:
|
3 | Passport, driving licence or other forms of identification. | Santander will use this personal data to:
|
4 | Vehicle details such as vehicle registration. | Santander will use this personal data to:
|
5 | Next of kin/emergency contact information | Santander will use this personal data to:
|
6 | Information when you communicate with us whether by email, by phone, by social media or by any other means including:
| Santander will use this personal data in order to:
|
7 | Images and recordings captured by CCTV operating at the event. | Santander will use this personal data to:
Further details can be found by calling the number displayed on the CCTV signs displayed on our premises. Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation of their CCTV systems. For more information please contact the venue owner. |
8 | Photographs/pictures, presentations, testimonials, audio and video recording of speakers and participants and live web streaming whilst attending the event. | Santander will use this personal data to:
We will only process images and recordings of a minor with the consent of their parent or guardian. |
3. Special category personal data
3.1 Certain types of personal data are more sensitive than others. This special category personal data includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.
3.2 We may collect and receive special category personal data about you. We have identified below the types of special category personal data we may collect or receive, how we will use it and why we will use it.
What personal data we collect | How we use your personal data | |
---|---|---|
1 | Dietary requirements and preferences such as allergies and intolerances of you and/or any child attending the event with you. | We will process this information to ensure any dietary requirements are catered for at the event and to ensure your safety whilst at the event. We will only process this personal data with your explicit consent. |
2 | Health and disability information about you and/or any child attending the event with you. | We will process this information to ensure any required access arrangements and other adjustments are in place and to ensure your safety whilst at the event. We need your explicit consent to process such information about you. |
3 | Health data relating to any symptoms of Covid-19 or recent Covid-19 test results or vaccination status. We continue to monitor UK government guidelines on Covid-19, and to align our own Covid-19 protocols accordingly. We will let you know about the specific Covid-19 protocols and requirements we or third-party venues we work with have in place in advance of the event you are attending. | We will use this personal data in order to determine whether or not you can attend the event. If you have Covid-19 symptoms or test Covid-19 positive you cannot attend the event. The lawful basis for this processing is:
|
4. Providing your personal data
4.1 Where the provision of personal data is optional, we will let you know. In all other cases you will need to provide the information if you want to register for and take part in the event.
5. Lawful basis of processing
5.1 We’ll process your personal data:
5.1.1 Based on your consent, e.g.:
(a) To send you marketing communications where we’ve asked for your consent to do so. Please see the Direct Marketing section below for further details.
5.2 As necessary to perform our contract or agreement with you for the relevant event:
(a) To take steps at your request prior to entering into it;
(b) To decide whether to enter into it; and
(c) To manage and perform that contract.
5.2.2 As necessary to comply with a legal obligation, e.g.:
(a) When you exercise your rights under data protection law and make requests;
(b) For compliance with legal and regulatory requirements and related disclosures; and
(c) For establishment and defence of legal rights.
5.2.3 Where necessary in order to protect your vital interests or the vital interests of another person, e.g.:
(a) Contacting your next of kin/emergency contact in a medical emergency.
5.2.4 As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
(a) For good governance, accounting, and managing and auditing our business operations;
(b) Ensure effective administration and management of the event;
(c) Administer and manage prize draws and competitions;
(d) Administer our operations and business in an efficient and effective way;
(e) Understand why individuals attend our events;
(f) Understand and respond to queries, complaints and feedback;
(g) Research and analyse the events and services our customers want;
(h) Send direct marketing to B2B contacts;
(i) Improve our events;
(j) Maintain a public profile;
(k) Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business and the acquisition of the business;
(l) To protect the security or integrity of our business operations and events; and
(m) Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.
6. Legal requirements
6.1 Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
7. Where your information will be held
7.1 If you are located in the UK or European Economic Area, we may transfer your personal data to locations outside of the UK and European Economic area (including to the US). However, to ensure your personal data is protected in accordance with EU and UK data protection law we will only transfer data outside the UK and European Economic Area where appropriate safeguards as required by applicable data protection law are in place. This includes where a jurisdiction has been deemed adequate by the EU Commission or, where there is no adequacy decision, by putting in place Standard Contractual Clauses. Please contact us at Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you would like further information on the specific safeguards used by us when transferring your personal data.
8. Sharing of your personal data
8.1 We may share your personal data with:
8.1.1 Group companies: The Santander group of companies and associated companies in which we have shareholdings. We will share personal data with Santander group companies in certain circumstances including where another group company is assisting in the organisation of an event, prize draw, or competition (such as arrangement of travel). For more information on the Santander group companies, please see the 'Using My Personal Data' booklet
8.1.2 Service providers – Third parties may process your personal data on our instructions. These include sub-contractors and other persons who help us provide our events, products and services including catering providers, security, transportation and events management companies, hotels and accommodation providers, IT suppliers (including software providers), cloud hosting providers, customer service, data analytics providers, professional advisors including legal advisors, auditors, marketing agencies, media outlets, database providers, backup and disaster recovery specialists and email providers.
Our suppliers and service providers will be required to meet appropriate standards on processing information and security when processing your personal data. The information we provide them, including your information, will only be processed in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy notice.
8.1.3 Your next of kin/emergency contact: We will disclose your personal data to your next of kin/emergency contact if required in relation to an event e.g. there is a medical emergency.
8.2 Your personal data may be transferred to other third party organisations in certain scenarios, such as:
8.2.1 If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
8.2.2 If we are reorganised or sold, or in the event of a merger, joint venture, assignment, transfer or disposition of all or any portion of Santander's business or operations (including without limitation in connection with bankruptcy or any similar proceedings) information may be transferred to a buyer;
8.2.3 If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
8.2.4 If we are exercising or defending a legal claim your information may be transferred as required in connection with defending such claim;
8.2.5 Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data; or
8.2.6 If we have your consent to the data sharing.
9. How long we retain your personal data
9.1 We will process and store personal data for as long as required by the relevant purposes of processing. For example:
9.1.1 Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event;
9.1.2 Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us;
9.1.3 Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements;
9.1.4 Retention of contact details: We retain relevant information in our events record for 10 years after the most recent visit or event you attend; and
9.2 Retention of identity documents (e.g. passport, driving license) and special category data (e.g. accessibility requirements): We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.
9.3 The criteria used to determine data retention periods for your personal data include:
9.3.1 the date of the event;
9.3.2 whether there are contractual or legal obligations that exist that require us to retain the data for a period of time;
9.3.3 whether there is an ongoing legal claim that relates to your relationship with us; and
9.3.4 whether any applicable law, statute, or regulation allows for a specific retention period.
10. Your rights under applicable data protection law
10.1 Your rights are as follows (noting that these rights don’t apply in all circumstances):
10.1.1 Withdraw consent at any time. The right to withdraw consent where you have previously given your consent to the processing of personal data. Please see the Direct Marketing section below for further details on how to withdraw consent to direct marketing;
10.1.2 The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
10.1.3 The right to object to processing of your personal data;
10.1.4 The right to restrict processing of your personal data;
10.1.5 The right to have your personal data erased (the “right to be forgotten”);
10.1.6 The right to request access to your personal data and information about how we process it;
10.1.7 The right to move, copy or transfer your personal data (“data portability”); and
10.1.8 Rights in relation to automated decision making including profiling.
10.2 You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
10.3 For more details on all the above you can contact our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN or request the ‘Using My Personal Data’ booklet by asking for a copy from the event co-ordinator or online at santander.co.uk.
11. Direct Marketing
11.1 If you are a B2B contact (i.e. an employee of a customer of Santander), Santander may send direct marketing to you (in relation to marketing aimed at your employer) by email. B2B contacts can opt-out of receiving these communications at any time.
11.2 If you are a B2C contact (i.e. an individual customer of Santander), Santander may send direct marketing, if you have given your consent:
11.2.1 to marketing relating to invitations to take part in prize draws, competitions and promotions and invitations to attend events, hospitality and networking opportunities; and/or
11.2.2 to marketing relating to identified third party products or services that may be of interest.
11.3 If you do not want us to use your personal data for the purposes of direct marketing you can withdraw your consent at any time by contacting the relevant team using the contacts details in our “Using my personal data” booklet:
11.4 Please note that if you choose not to consent to direct marketing or withdraw your consent to direct marketing we will still communicate with you in relation to any contract you have with us and other service and event related messages. For example, messages relating to your attendance at the event. You may not opt out of receiving communications regarding your dealings with Santander and attendance at an event you are attending. In addition, even if you choose not to receive prize draw, competition, promotional and events related communications from us, we will still contact you regarding any products or services you have already purchased from us including marketing relating to our similar products and services unless you decide to opt-out of receiving these separate marketing communications. Please see the relevant Santander Privacy Policy for further details in relation to our marketing of similar products and services.
12. Changes to the Privacy Notice
12.1 Should the privacy notice be revised, Santander will post the changes on the Santander website which will be effective immediately upon posting. You can determine when the privacy notice was last revised by referring to the “Last Revised” date at the top of this page.
12.2 If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email. Where required by applicable law, any material changes to the terms of the privacy notice will apply only to information collected thereafter.
13. Contact us
13.1 You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
At Santander we work with a number of Partners and Santander Group Affiliates, please see the list below. Sometimes we may send you information about one or more of our Partners. This will only happen if you have agreed to receive information from us. We will not share any of your personal information without your consent.
A list of Santander Group Entities and Partners:
Group Entities
Banco Santander
Cahoot
Cater Allen
Cater Allen Limited
Cater Allen Private Bank
Santander Consumer Finance
Santander Universities
Partners
Alzheimer's Society
Ansco Arena (02 Arena corporate tickets)
Anyvan
AOK Events Limited (corporate hospitality)
Aviva Insurance Limited
Aviva Life & Pensions UK Limited
AXA Insurance UK plc
AXA PPP healthcare Ltd
BISL Limited
British Gas
British Museum
Bupa Insurance Limited
Chubb European Group SE (CEG)
Debt Charity
Ferrari
Formula One
GamCare
Irwin Mitchell
L&G (home finance)
Macmillan Cancer Support
Make my house green
Mastercard
Mind
Money Advice trust
Money Helper
Myenergi
National Parks Partnership
Octopus Energy
PayPlan
Priceless
(Red), a division of The ONE Campaign
Riot Games (League of Legends)
Rugby Football Union (Twickers corporate box)
Santander Boosts - Including those brand specific offers i.e., Costa, Adidas, Nike etc.
Sign Video
Silverstone Circuits Limited
Sky
Step Change
Surviving Economic Abuse
Tado
Ten Lifestyle Management Limited
Tier Operations Limited (MK cycles scheme)
Transport for London
Turn 2 Us
Twinkl
UCAS
ufurnish.com
Vibrant
Zappi
This list is correct as October 2023. Subject to change.
Company registration details
Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks.
Changes
We will update the content of this notice from time to time. Please ensure that you visit this page regularly and refresh your browser to ensure your information is up to date.
You can check our authorisations with the Financial Conduct Authority at www.fca.org.uk/register or by calling them on 0800 111 6768.
Santander UK plc is a member of the Financial Ombudsman Service, contact details: Financial Ombudsman Service, South Quay Plaza, 183 Marsh Wall, London E14 9SR. Telephone: 0800 0234 567. www.financial-ombudsman.org.uk
Links to other websites
Certain hypertext links in this website may lead you to websites which are not under the control of Santander UK plc. When you activate these, you may leave the santander.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Santander UK plc.
We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.
No liability for unavailability
\We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.
Customer responsibility
It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.
Easy ways to protect yourself from danger
There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:
- Never share a One Time Passcode (OTP) with another person, not even a Santander employee.
- Do not log on using a public computer.
- Do not send confidential information by email as it’s not secure and there is always a risk it could be intercepted.
- If you’re logged into any online service, do not leave your computer unattended. Close down your internet browser once you’ve logged off.
- Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.
For more information about staying safe online you can visit santander.co.uk/securitycentre
Secure Online Services
You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
All information passed between you and Santander when using our online services is sent using secure industry standard encryption.
Cookies
Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:
- collect information that will help us understand visitors' browsing habits on our website;
- compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
- temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
- in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services e.g. if you use the 'Remember my ID' tool when logging on to Online Banking.
We use cookies to enable us to perform our contract with you (e.g. if you apply for a product online or are an Online Banking customer) and for our legitimate interests (e.g. to help us improve our service). We’ll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy.
We are Santander UK plc, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
This is our data protection statement which explains how we obtain, use and keep your personal data safe in relation to the Santander Corporate and Commercial website and Santander Connect.
Your personal data is data which by itself, or with other data available to us, can be used to identify you.
We're committed to keeping your personal data safe in accordance with applicable data protection laws.
The types of personal data we collect and use
The types of personal data we capture and use will depend on what you are doing on the website. We’ll use your personal data, or the personal data of your related persons, for some or all of the reasons set out in this data protection statement. If you become a customer we’ll also use it to manage the account, policy or service you’ve applied for and we’ll provide you with our Information Booklet (PDF - 179 KB) which includes the full data protection statement as part of the online application journey. Examples of the personal data we use in relation to our websites and online application process include:
- Full name and personal details including contact information (e.g. home and business address and address history, email address, home, business and mobile telephone numbers);
- Date of birth and/or age (e.g. to confirm eligibility to apply);
- Financial details (e.g. salary and details of other income, and details of accounts held with other providers);
- Records of products and services you have obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
- Information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources, as well as information on any financial associates you or any of your related persons may have;
- Family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependents you or any of your related persons have);
- Education and employment details/employment status for credit and fraud prevention purposes;
- Personal data about other named applicants. You must have their authority to provide their personal data to us and share the Information Booklet (PDF - 179 KB) with them beforehand together with details of what you’ve agreed on their behalf; and
- Contact details and information about your business if you are a prospective customer.
- Special category data, including data about your health and biometric data (e.g. fingerprints, keystrokes and voice recordings for TouchID and voice recognition);
Providing your personal data
We’ll tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases you must provide your or your related person’s personal data so we can process your application or respond to query or service request (unless you’re already a customer and we already hold your or your related person’s details). We’ll collect this personal data directly from you when you use this website. Where you go through an application process with us, we may collect some of your personal data indirectly, from other sources. We will tell you about the sources of the personal data in the data protection statement relevant to the specific product. If you provide personal data about another individual, you must have their authority to provide their personal data to us and you must share this Privacy Policy and any related the data protection statement with them beforehand together with details of what you’ve agreed on their behalf.
Monitoring of communications
Subject to applicable laws, we’ll monitor and record your and your related person’s calls, emails, text messages, social media messages and other communications in relation to your and your related persons’ dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on your account where necessary for these reasons, and this is justified by our legitimate interests or our legal obligations.
Using your personal data: the legal basis and purposes
We’ll process your or your related persons’ personal data:
1. As necessary to perform our contract with you for the relevant account, product or service, including:
a) To take steps at your request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract;
d) To assess credit risk; and
e) To update our records.
2. As necessary for our own legitimate interests or those of other persons and organisations, including:
a) For good governance, accounting, and managing and auditing our business operations;
b) To search at credit reference agencies if you as an individual are over 18;
c) To monitor emails, calls, other communications, and activities on your account, product or service;
d) For market research, analysis and developing statistics;
e) To send you marketing communications, including automated decision making relating to this;
f) To assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to your account, product or service where we are permitted to do so pursuant to the terms of the relevant contract or as a matter of law;
g) To identify and contact potential customers using publicly available information and internal insight;
h) To monitor your or their transactions to assess credit risk, and for the detection and prevention of crime;
i) To trace your whereabouts;
j)To contact you about your account;
k) For the purposes of recovering debt owed by you;
l) For establishment and defence of legal rights; and
m) For the prevention, detection and investigation of financial crime, including fraud, money laundering, and terrorism financing.
3. As necessary to comply with a legal obligation, including:
a) When you or any of your related persons exercise your or their rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of crime;
e) To verify your or any of your related persons’ identity, make credit, fraud prevention and anti-money laundering checks; and
f) To monitor emails, calls, other communications, and activities on your account, product or service.
4. Based on your consent, including:
a) When you request us to disclose your or any of your related persons’ personal data to other people or organisations, such as a person or company handling a claim on your behalf, or otherwise agree to disclosures;
b) When we process any special categories of personal data about you or your related persons at your request (e.g. your or any of your related persons’ racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
c) To send you marketing communications where we're required to ask for your consent to do so.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you. To the extent that action has already been taken based on your consent, withdrawal of your consent will not apply to the processing of your personal data that has already occurred, based on your consent.
Sharing of your personal data
Subject to applicable data protection law, we may share your personal data or the personal data of any of your related persons with:
- Members of the Banco Santander group of companies and associated companies in which we have shareholdings and directors, employees, officers, agents or professional advisors of such members and associated companies;
- Sub-contractors and other persons who help us or our affiliates provide accounts, products and services;
- Companies and other persons providing services to us;
- Our legal and other professional advisors, including our auditors;
- Fraud prevention agencies, credit reference agencies, and debt collection agencies when we open your account, product or service and periodically during your account, product or service management;
- Other organisations who use shared databases for income verification and affordability checks and to manage/collect arrears;
- Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
- Courts, to comply with legal requirements, and for the administration of justice;
- Other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing;
- Other persons where necessary in an emergency or to otherwise protect your or your related persons’ vital interests;
- Other persons where necessary to protect the security or integrity of our business operations;
- Other persons connected with your account e.g. your related persons;
- Other persons when we restructure or sell any of our business or assets or have a merger or re-organisation (including persons and prospective persons to whom we may assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to your account, product or service);
- Market research organisations who help to improve our products or services;
- Payment systems providers (including Visa or Mastercard if we issue cards linked to your account) and correspondent banks, who may transfer such personal data to others, as necessary to operate your account, product or service and for regulatory purposes, to process transactions, resolve disputes and for statistical purposes, including sending such personal data overseas;
- External sources of publicly available information such as Companies House, Dun and Bradstreet and credit reference agencies and other internal insight; and
- Anyone else where we have your consent, or where we have another lawful basis for doing so.
International transfers
Your personal data or the personal data of any of your related persons may be transferred the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries, additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place, or requiring the recipient to subscribe to or be certified with, an ‘international framework’ for the protection of personal data. Further details can be found in the ‘Using My Personal Data’ booklet (PDF - 312 KB).
International corridors
Where you may have international business needs, we will share information relating to you and your products and accounts, including transactional information, with Banco Santander S.A., Banco Santander group members and other partner banks who may be based in other countries, to better support your international operations and decide whether to offer you other products and services.
For more information on who those other Banco Santander group members or other partner banks are, you can ask your relationship contact point. The data shared will include information on your financial position, auditable accounts, your related persons and any information held about you or your related persons by us, such as information about transactions carried out on your accounts, products and services with us and information regarding any other products and services that you receive from us. We will do this on the basis of your legitimate interests. If you do not want us to share your or your related persons’ data in this way, you can speak to us.
Data anonymisation and aggregation
Your personal data or the personal data of any of your related persons may be converted into statistical or aggregated data which can’t be used to identify you or any of your related persons. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.
Identity verification and fraud prevention checks
The personal data we’ve collected from you at application or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your or any of your related persons’ identity. If fraud is detected, you could be refused certain services or finance in future. We may also search and use our internal records for these purposes. Further details on how your personal data or the personal data of any of your related persons will be used by us and these fraud prevention agencies, and your and your related persons’ data protection rights can be found in the ‘Using My Personal Data’ booklet (PDF - 312 KB). We may also hold all personal data and other information you give to us to undertake periodic due diligence and identification checks which banks are required to undertake to comply with UK legislation and regulation.
Credit reference checks
If you are an individual and apply for any products and services (including as part of a periodic review of your business) or if any of your related persons is to guarantee or provide any other assurance in relation to any product for which you apply we’ll perform credit and identity checks on you or your applicable related person at your or his/her home and business address with one or more credit reference agencies. To do this we’ll supply your or his/her personal data to the credit reference agencies and they’ll give us information about you or your related person.
When we carry out a search at the credit reference agencies, they’ll place a footprint on your or his/her credit file. A search may either be:
a) a quotation search where a soft footprint is left. This has no effect on your or his/her credit score, and lenders are unable to see this;
b) a hard footprint where you’ve agreed/requested us to proceed with your application for credit. (This footprint will be viewable by other lenders and may affect your or your related person’s ability to get credit elsewhere. Please note that a credit search is not carried out if you or your related person are under 18.); or
c) an identity check where a record of this search is left.
We’ll also continue to exchange information about you or your related person with credit reference agencies while you have a relationship with us. The credit reference agencies may in turn share your or your related persons’ personal information with other organisations. The personal data shared with the credit reference agencies will relate to you, your business and/or your related person.
Details about your application (whether or not it’s successful) will be recorded and we’ll give details of you, the business and its proprietors, and your accounts and how you manage them to credit reference agencies. If you or your related person do not repay any debt in full or on time, the credit reference agencies will record the outstanding debt and supply this information to others performing similar checks, to trace your or his/her whereabouts and to recover debts that you or your related person owe or owes. Records remain on file for 6 years after they are closed, whether settled by you or defaulted. A financial association link between joint applicants or between you and any named business partner or individual will be created at the credit reference agencies. This will link your and their financial records and be taken into account in all future applications by either or both of you until either of you apply for a notice of disassociation with the credit reference agencies. For more information, a leaflet called ‘Your application and credit scoring’ is available on request. We will seek confirmation from the credit reference agencies that the residential address of any director that you provide is the same as that shown on the restricted register of directors’ usual addresses at Companies House.
If you apply for a secured product, we may pass any information and documentation relating to this secured product to any persons with a legal or equitable interest in the security, whilst the product remains open.
The identities of the credit reference agencies, and the ways in which they use and share personal information is explained in more detail in the Credit Reference Agency Information Notice (‘CRAIN’) document which can be accessed via any of the following links:
Automated decision making and processing
Automated decision making involves processing your or your related persons’ personal data without human intervention, to evaluate certain personal aspects about you or them (known as profiling). In particular, we may analyse or predict (among other things) your or their economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you or them using your or their personal information. For example, we might analyse certain customer demographics, accounts, products or services and account behaviours (such as payments to other providers) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries. In some instances we’ll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you.
We’ll also conduct behavioural scoring, including by looking at the accounts, products or services you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your or their credit report, but they will not affect your or their ability to get credit. You or they may have a right to certain information about how we make these decisions. You or they may also have a right to request human intervention and to challenge the decision.
Using our calculators, decision tools, guides and budget planners
To use our range of calculators, tools, guides and budget planners, you'll have to give us details of your financial situation and needs. The information we ask for will depend on what type of product or account you're interested in. By providing any personal data you do so on the basis of your consent. You’re free at any time to withdraw your consent but if you do you won’t be able to use these services.
When you use a calculator, guide, decision tool or budget planner all of the details you provide are anonymous - and once you leave we never store your details, unless, for example, you decide to save a quote.
Open Banking
Where you have opted in for this service, we may use your or your related persons’ personal data to link your accounts from other providers to Santander Mobile Banking, in order to provide you with an aggregated view of your accounts. As part of this service, we may collect and display personal information from your Santander banking relationship that you have requested to be visible to you within Santander Mobile Banking. This personal information may include your name, address, email address and phone number, biometric data, and information relating to your financial circumstances (including your bank account details and details of your banking transactions). We may also collect and display your personal information from your other banking and financial providers as well as other providers that we may introduce into the service that you have requested to be visible to you within Santander Mobile Banking. This may also include information relating to your financial circumstances (including your bank account details and details of your banking transactions with those providers).
Your marketing preferences and related searches
We’ll use your business address, phone numbers, and email address to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting us.
If you are an individual and over 18, we may search the files at credit reference agencies before sending marketing communications to you about credit. The credit reference agencies don’t record this particular search or show it to other lenders and it won’t affect your credit rating. We do this as part of our responsible lending obligations which is within our legitimate interests.
As part of our anti-bribery and corruption checks we may conduct an adverse media search on you using publicly available information prior to contacting you.
You confirm that you have been asked about your marketing preferences as part of this application, and if you wish to change these options you can do so at any time.
Criteria used to determine retention periods (whether or not you become a customer)
The following criteria are used to determine data retention periods for your personal data or the personal data of your related persons:
- Retention in case of queries. We’ll retain personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful);
- Retention in case of claims. We’ll retain personal data for as long as legal claims can be brought and defended; and
- Retention in accordance with legal and regulatory requirements. We’ll retain personal data after your account, product or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.
Rights under applicable data protection law
Your or, if applicable, your related persons’ rights are as follows (noting that these rights don’t apply in all circumstances):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision making including profiling.
You or any of your related persons have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk
For more details on all the above, including Banco Santander group members, you can contact our DPO or view the ‘Using My Personal Data’ booklet (PDF - 312 KB).
1. Introduction
1.1 We are Santander UK Plc (Santander, we, us, our), the data controller. This event privacy notice sets out how we’ll collect, use, process and disclose your personal data. Your personal data is data which by itself, or with other data available to us can be used to identify you.
1.2 This privacy notice relates to our use of personal data obtained in relation to our prize draws, competitions, registration for events including hospitality (this includes events organised by us, on our behalf by a third party, and those organised by providers which are made accessible via our services, unless otherwise stated) as well as attendance at and participation in these events. Such events may include but are not limited to conferences, dinners, meetings and virtual events. Personal data may relate to employees of our corporate clients, employees of Santander and their respective guests (where applicable).
1.3 Please also refer to the following:
1.3.1 Photos and videos at event: The photo/video privacy notice in relation to attendance at a specific event.
1.4 External events: Where an event is organised by a third party or provider, and made accessible via our services, the third party or provider will also be a data controller in relation to any data that they collect or receive about you. Please see the third party or provider’s privacy notice for further details.
1.4.1 CCTV: Our CCTV notice and any CCTV notice of third parties where the venue is third party operated in respect of CCTV in operation at the relevant event.
2. The types of personal data we collect and use
2.1 As part of your registration for and participation in an event we’ll use your personal data for the reasons set out below.
What personal data we collect | How we use your personal data | |
---|---|---|
1 | We will process personal data you provide when you register for an event or enter a prize draw or competition including:
This includes personal data about other named individuals such as guests that may accompany you to the event. If you provide this information on their behalf, you must have their authority to provide their personal data to us and share this privacy notice with them beforehand together with details of what you've agreed on their behalf. | Santander will use this personal data to:
|
2 | Passport, driving licence or other forms of identification. | Santander will use this personal data to:
|
3 | Vehicle details such as vehicle registration. | Santander will use this personal data to:
|
4 | Next of kin/emergency contact information | Santander will use this personal data to:
|
5 | Information when you communicate with us whether by email, by phone, by social media or by any other means including:
| Santander will use this personal data in order to:
|
6 | Images and recordings captured by CCTV operating at the event. | Santander will use this personal data to:
Further details can be found by calling the number displayed on our premises. Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation for their CCTV systems. For more information, please contact the venue owner. |
7 | Photographs/pictures, presentations, testimonials, audio and video recording of speakers and participants and live web streaming whilst attending the event. | Santander will use this personal data to:
|
3. Special category personal data
3.1 Certain types of personal data are more sensitive than others. This special category data includes information about health, disability, race or ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.
3.2 We may collect and receive special category personal data about you. We have identified below the types of special category personal data we may collect or receive, how we will use it and why we will use it.
What personal data we collect | How we use your personal data | |
---|---|---|
1 | Dietary requirements and preferences such as allergies and intolerances of you and/or any child attending the event with you. | We will process this information to ensure any dietary requirements are catered for at the event and to ensure your safety whilst at the event. We will only process this personal data with your explicit consent. |
2 | Health and disability information about you. | We will process this information to ensure any required access arrangements and other adjustments are in place and to ensure your safety whilst at the event. We need your explicit consent to process such information about you. |
4. Providing your personal data
4.1 Where the provision of personal data is optional, we will let you know. In all other cases you will need to provide the information if you want to register for and take part in the event.
5. Lawful basis of processing
5.1 We’ll process your personal data:
5.1.1 Based on your consent, e.g.:
(a) To send you marketing communications where you are an existing client, and we have your consent to do so. Please see the Direct Marketing section below for further details;
(b) Research and analyse the events and services our customers want, where you have consented to receiving surveys and feedback requests; and
(c) To ensure any dietary and access requirements are catered for at the event.
5.2 As necessary to perform our contract or agreement with you for the relevant event:
(a) To take steps at your request prior to entering into it;
(b) To decide whether to enter into it; and
(c) To manage and perform that contract.
5.2.2 As necessary to comply with a legal obligation, e.g.:
(a) When you exercise your rights under data protection law and make requests;
(b) For compliance with legal and regulatory requirements and related disclosures; and
(c) For establishment and defence of legal rights.
5.2.3 Where necessary in order to protect your vital interests or the vital interests of another person, e.g.:
(a) Contacting your next of kin/emergency contact in a medical emergency.
5.2.4 As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
(a) For good governance, accounting, and managing and auditing our business operations;
(b) Ensure effective administration and management of the event;
(c) Administer and manage prize draws and competitions;
(d) Administer our operations and business in an efficient and effective way;
(e) Understand why individuals attend our events;
(f) Understand and respond to queries, complaints and feedback;
(g) Research and analyse the events and services our customers want;
(h) Send direct marketing to prospective clients;
(i) Improve our events;
(j) Maintain a public profile;
(k) Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business or the acquisition of the business;
(l) To protect the security or integrity of our business operations and events; and
(m) Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.
(n) To identify and contact potential customers using publicly available information and internal insight.
6. Legal requirements
6.1 Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.
7. Where your information will be held
7.1 We may transfer your personal data to locations outside of the UK and European Economic Area. However, to ensure your personal data is protected in accordance with UK data protection law we will only transfer data outside the UK and European Economic Area where appropriate safeguards as required by applicable data protection law are in place. This includes where a jurisdiction has been deemed adequate by the UK Government or, where there is no adequacy decision, by putting in place contractual protection. Please contact us at Data Protection Officer, Santander, Sunderland, SR43 4GP if you would like further information on the specific safeguards used by us when transferring your personal data.
8. Sharing of your personal data
8.1 We may share your personal data with:
8.1.1 Group companies: The Santander group of companies and associated companies in which we have shareholdings. We will only share personal data with Santander group companies in certain circumstances including where another group company is assisting in the organisation of an event, prize draw, or competition (such as arrangement of travel). For more information on the Santander group companies, please see the 'Using My Personal Data' booklet;
8.1.2 Service providers – Third parties may process your personal data on our instructions. These include sub-contractors and other persons who help us provide our events, products and services including catering providers, security, transportation and events management companies, hotels and accommodation providers, IT suppliers (including software providers), cloud hosting providers, customer service, data analytics providers, professional advisors including legal advisors, auditors, marketing agencies, media outlets, database providers, backup and disaster recovery specialists and email providers.
Our suppliers and service providers will be required to meet appropriate standards on processing information and security when processing your personal data. The information we provide them, including your information, will only be processed in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy notice.
8.1.3 Your next of kin/emergency contact: We will disclose your personal data to your next of kin/emergency contact if required in relation to an event e.g. there is a medical emergency.
8.2 Your personal data may be transferred to other third-party organisations in certain scenarios, such as:
8.2.1 If we restructure or sell our business or its assets or have a merger or re-organisation;
8.2.2 If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
8.2.3 If we are exercising or defending a legal claim your information may be transferred as required in connection with defending such claim;
8.2.4 Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data; or
8.2.5 If we have your consent to the data sharing.
9. How long we retain your personal data
9.1 We will process and store personal data for as long as required by the relevant purposes of processing. For example:
9.1.1 Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event;
9.1.2 Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us;
9.1.3 Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements;
9.1.4 Retention of contact details: We retain relevant information in our events record for 10 years after the most recent visit or event you attend; and
9.2 Retention of identity documents (e.g. passport, driving license) and special category data (e.g. accessibility requirements): We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.
10. Your rights under applicable data protection law
10.1 Your rights are as follows (noting that these rights don’t apply in all circumstances):
10.1.1 Withdraw consent at any time. The right to withdraw consent where you have previously given your consent to the processing of personal data. Please see the Direct Marketing section below for further details on how to withdraw consent to direct marketing;
10.1.2 The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
10.1.3 The right to object to processing of your personal data;
10.1.4 The right to restrict processing of your personal data;
10.1.5 The right to have your personal data erased (the “right to be forgotten”);
10.1.6 The right to request access to your personal data and information about how we process it;
10.1.7 The right to move, copy or transfer your personal data (“data portability”); and
10.1.8 Rights in relation to automated decision making including profiling.
10.2 You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
10.3 For more details on all the above you can contact our DPO at Data Protection Officer, Santander, Sunderland, SR43 4GP or request the ‘Using My Personal Data’ booklet by asking for a copy from the event co-ordinator or online at santander.co.uk.
11. Direct Marketing
11.1 If you are an employee of a Santander corporate client, Santander may send direct marketing to you (in relation to marketing aimed at your employer) by email where you have consented to this previously or at the time of signing up for the event. You can withdraw your consent at any time by contacting with your Relationship Manager or Client Services.
11.2 If you are an employee of a prospective corporate client, Santander may send direct marketing to you under our legitimate interests. You can opt out of receiving further communications of this type at any time by clicking the marketing preference link on the email or our website.
11.3 Categories of Marketing include:
- Insight, thought leadership and broader macroeconomic content
- Invitations to business and sector events, sponsorships and hospitality and global connectivity collateral
- Information on Santander UK solutions and wider services
- Solutions and services from the wider Santander Group
- Solutions and services from our third party partners
- Requesting your feedback and participation in research on service, solutions and third-party products.
11.4 Please note that if you choose not to consent to direct marketing or withdraw your consent to direct marketing we will still communicate where necessary to provide legal and regulatory messages or information related to provision of products or services you have with us. We will also communicate with you regarding any event you have registered to attend, unless you tell us you no longer wish to attend.
12. Changes to the Privacy Notice
12.1 If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email. Where required by applicable law, any material changes to the terms of the privacy notice will apply only to information collected thereafter, unless you provide consent.
13. Contact us
13.1 You can contact our Data Protection Officer (DPO) at Data Protection Officer, Santander, Sunderland, SR43 4GP if you have any questions.
For more information on how we use your personal data, take a look at our Using my personal data booklet (PDF - 312 KB).
Take a look at our Cookie policy