Legal information


Santander Personal Banking

Company registration details

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks.

Jurisdiction for use

This website is intended for use only by those who can access it from within the UK - other than for the purpose of accessing USA Patriot Act certifications. Products advertised on these pages are only intended for sale to UK residents and mortgages are only available on properties in the UK.

Governing law

This site is governed by the laws of the country of the UK within which you reside and any dispute or action arising out of this site shall be determined in accordance with such laws.

Contracts

Santander (and its third parties and associated companies) will keep a copy of your contract once it is signed and returned. This will be available on request (though there may be a charge for this service).

All contracts and applications are written in English.

USA Patriot Act

The USA PATRIOT Act 2001 (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) was passed in October 2001. It includes a number of provisions intended to combat money laundering and the financing of terrorism.

U.S. Financial institutions are required by the USA PATRIOT Act to obtain certain information about foreign banks that maintain relationships with them.

Please follow the link below to access the Santander global USA PATRIOT Act Certificate.

Global Patriot Act Certification (pdf) (160 KB)

Contacts

If you believe any information on this site is inaccurate or have any suggestions on how the content of this site could be improved please contact us

If you have questions on a particular product or service please use the contact details shown for that product or service.

Changes

We will update the content of this notice from time to time. Please ensure that you visit this page regularly and refresh your browser to ensure your information is up to date.

You can check our authorisations with the Financial Conduct Authority at www.fca.org.uk/register or by calling them on 0800 111 6768

Santander UK plc is a member of the Financial Ombudsman Service, contact details: Financial Ombudsman Service, South Quay Plaza, 183 Marsh Wall, London E14 9SR. Telephone: 0800 0234 567. www.financial-ombudsman.org.uk

Financial services compensation scheme

Santander UK plc is a member of the Financial Services Compensation Scheme established under the Financial Services and Markets Act 2000. This replaces previous compensation schemes. For further information please contact us or visit the Financial Services Compensation Scheme website at: www.fscs.org.uk

The Standards of Lending Practice

Santander in the UK adheres to The Standards of Lending Practice which are monitored and enforced by the LSB: www.lendingstandardsboard.org.uk

View call charges

We are Santander UK plc, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions. 

This is our Privacy Policy which explains how we obtain, use and keep your personal data safe in relation to the Santander website (santander.co.uk), Santander Online Banking website and Santander mobile app(s) for Personal, Business and Corporate customers, Santander Investing website (https://www.santander.co.uk/personal/savings-and-investments/investments) and Santander Investment Hub website (investmenthub.santander.co.uk). 

Your personal data is data which by itself or with other data available to us can be used to identify you. 

We're committed to keeping your personal information safe in accordance with applicable data protection laws.

The types of personal data we collect and use

The types of personal data we capture and use will depend on what you are doing on the website or mobile apps. We’ll use your personal data for some or all of the reasons set out in this Privacy Policy. If you become a customer we’ll also use it to manage the account, product or service you’ve applied for and we’ll provide you with a separate data protection statement specifically in relation to that as part of the online application journey. Some of the information relevant to that is included in this Privacy Policy for consistency. Examples of the personal data we collect and use in relation to our website and mobile app may include: 

  • Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers); 
  • Date of birth and/or age (e.g. to make sure that you are eligible to apply for a product or service); 
  • Financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us); 
  • Records of products and services you’ve obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address); 
  • Information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us; 
  • Family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependants you have); 
  • Education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us; and 
  • Personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Policy and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf.
  • Special category data, including data about your health and biometric data (e.g. facial ID,  fingerprints, keystrokes, and voice recordings for Touch ID and voice recognition); 

Providing your personal data

We’ll tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your application, query or service request. We’ll collect this personal data directly from you when you use this website. Where you go through an application process with us, we may collect some of your personal data indirectly, from other sources. We will tell you about the sources of the personal data in the data protection statement relevant to the specific product. If you provide personal data about another individual, you must have their authority to provide their personal data to us and you must share this Privacy Policy and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf. 

Monitoring of communications

Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.

Using your personal data: the legal basis and purposes

We’ll process your personal data: 
1. As necessary to perform your contract with you for the relevant account, product or service: 

a) To take steps at your request prior to entering into it;

b) To decide whether to enter into it;

c) To manage and perform that contract;

d) To update our records; and

e) To trace your whereabouts to contact you about your account.

2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.: 

a) For good governance, accounting, and managing and auditing our business operations;

b) To search at credit reference agencies at your home and business address (if you are a business customer) if you’re over 18 and apply for credit;

c) To monitor emails, calls, other communications, and activities on your account;

d) For market research, analysis and developing statistics;

e) To trace your whereabouts to contact you about your account, and to recover debt you owe us; 

f) For establishment and defence of legal rights; 

g) for the prevention, detection and investigation of financial crime, including fraud, money laundering, and terrorism financing; and

h) To send you marketing communications and for marketing to you in-branch, including automated decision making relating to this. 

3. As necessary to comply with a legal obligation, e.g.: 

a) When you exercise your rights under data protection law and make requests;

b) For compliance with legal and regulatory requirements and related disclosures

c) For establishment and defence of legal rights;

d) For activities relating to the prevention, detection and investigation of crime;

e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and

f) To monitor emails, calls, other communications, and activities on your account. 

4. Based on your consent, e.g.: 

a) When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;

b) When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and

c) To send you marketing communications where we’re required to ask for your consent to do so. 

You're free at any time to change your mind and withdraw your consent. The consequence might be that  we can’t do certain things for you. To the extent that action has already been taken based on your consent, withdrawal of your consent will not apply to the processing of your personal data that has already occurred, based on your consent.

Sharing of your personal data

Subject to applicable data protection law we may share your personal data: 

  • with the Santander group of companies* and associated companies in which we have shareholdings; 
  • with sub-contractors and other persons who help us provide our products and services; 
  • with companies and other persons providing services to us; 
  • with our legal and other professional advisors, including our auditors; 
  • with fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management; 
  • with other organisations who use shared databases to do income verification and affordability checks and to manage/collect arrears; 
  • with law enforcement bodies; 
  • with government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office); 
  • with courts, to comply with legal requirements, and for the administration of justice; 
  • with the Financial Services Ombudsman and the Business Banking Resolution Service; 
  • with other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing
  • in an emergency or to otherwise protect your vital interests; 
  • to protect the security or integrity of our business operations; 
  • with other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions; 
  • when we restructure or sell our business or its assets or have a merger or re-organisation; 
  • with market research organisations who help to improve our products or services; 
  • with payment systems providers (e.g. Visa or MasterCard) if we issue cards linked to your account; they may transfer your personal data to others to process transactions, resolve disputes and for statistical purposes, including by sending your personal data overseas; this is necessary to operate your account and for regulatory purposes; and 
  • with anyone else where we have your consent or where we have another lawful basis for doing so.

International transfers

In some instances your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place or requiring the recipient to subscribe to or be certified with an ‘international framework’ for the protection of personal data. More details can be found in our 'Using My Personal Data’ booklet (1.40 MB)

Online applications 

If you apply for an account online, before you enter any personal details into the online form, we'll tell you how your information will be used in our data protection statement relevant to that account, in the 'Using My Personal Data’ booklet (1.40 MB) and sometimes in the relevant terms and conditions. You’ll be asked to confirm that you have read these and you’ll be asked to agree to our terms and conditions before your application can proceed.

The data protection statement, in conjunction with the 'Using My Personal Data’ booklet (1.40 MB), includes details of the uses we may make of your data, the legal bases we are relying upon to carry out that processing, and who we may share your personal data with. For instance, for credit account applications like loans and bank accounts, we may pass your details to a recognised credit reference agency to help process your application.

We may occasionally send you information about accounts and services which we think would be of interest to you but only where we have your consent or if this is within our legitimate interests (see above for more details about lawful bases). You can choose to stop receiving information at any time by contacting us.

Contacting us by phone

Contact us 

To help us improve our service we may record or monitor phone calls, as explained in the monitoring of communications section, as necessary to comply with any legal obligations and for our legitimate interests.

View call charges

Contacting us by email

When you contact us, we may need to collect some personal details like your name, address and phone numbers. Email isn't 100% secure so you shouldn’t send personal data such as your account information using normal email. Please consider another method, such as using chat in Online Banking or calling us, if you need to share personal information.

Emails are stored on our standard internal contact systems which are secure and can't be accessed by external parties. We store this information to identify trends, and for the purposes set out in the monitoring of communications section, as necessary to comply with any legal obligations and for our legitimate interests. For more information on the criteria we use to determine our retention periods, see below.

Automated decision making and processing

We may automatically process your personal information, without human intervention, to evaluate certain personal aspects about you (known as profiling).

In particular, we may analyse or predict (among other things) your economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you using your personal information. For example, we might analyse certain customer demographics, account holdings and account behaviours (such as Direct Debits you have set up on your accounts including those which identify accounts and products such as credit cards and store cards which you hold with other providers/elsewhere) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries.

In some instances we’ll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you, as well as to produce a personalised price for insurance products, to provide an indication of the price prior to an application being made (please note, publicly available information about you and information about you from third party data sources such as, credit reference agencies, will also be used to provide you with an indication of the price). The personalised price would be presented to you in marketing communications and during contacts with Santander that might be suitable. We’ll look at the types of accounts that you already have with us, as well as your age, where this is relevant to the product, we think you might be interested in. We’ll also conduct behavioural scoring, including by looking at the accounts and products you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your credit report, but they will not affect your ability to get credit.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.

For some insurance products we may use automated decision making to assist the insurer in determining your final insurance premium. The insurer will use an automated underwriting engine to process your personal information and to better assess insurance risk which will generally provide a more accurate price that is relevant to your individual circumstances and needs. The automated underwriting engine will use information including personal information that you provide as well as other information about you held by us, the insurer and other parties. Where the insurer is carrying out any automated decision making it will do so on the basis that is necessary in order for the insurer to enter into the insurance contract with you. You have the right to contest that decision, express your point of view and ask for a human review. Where we carry out any automated decision making for your insurance product, we will ask for your consent during the application process to allow us to do so. You may withdraw your consent at any time by contacting us. Further details can be found in the 'Using My Personal Data’ booklet  (1.40 MB)

Using our calculators, decision tools, guides and budget planners

To use our range of calculators, tools, guides and budget planners, you'll have to give us details of your financial situation and needs. The information we ask for will depend on what type of product or account you're interested in. By providing any personal data you do so on the basis of your consent. You’re free at any time to withdraw your consent but if you do you won’t be able to use these services. 

When you use a calculator, guide, decision tool or budget planner all of the details you provide are anonymous - and once you leave we never store your details, unless, for example, you decide to save a quote.

Using our video services

You can apply for some of our products and services using a video session from your mobile device where you see and hear your Santander adviser in high quality two-way video.

If you use our video services, both the images and the audio will be recorded and may be used for training and monitoring purposes. We’ll use any personal data captured about you for the performance of a contract or/with a view to entering into a contact with you as well as for our legitimate interests for good governance, accounting, managing and auditing our business operations, and to monitor emails, calls, other communications in relation to your dealings with us. Please see the monitoring of communications section for more information and the criteria for retention periods section for more information on the criteria we use to determine our retention periods.

You’re entitled to record your video session only for your own personal use, and you should avoid sharing any footage with third parties or posting it on any websites. For your own privacy and protection, please ensure that your location doesn't include items and images that you don't wish to be recorded.

Using your personal information for direct marketing

We’ll tell you if we intend to use your information for marketing purposes and we'll give you the opportunity to opt out if you want to (unless we need a consent to use your information for marketing purposes – if we do we’ll seek one). If you receive marketing emails and don't want to in future, please use the unsubscribe link within the email and we’ll remove you from future campaigns. Ways to opt out of marketing communications that we send you via other channels, can be found in the 'Using My Personal Data’ booklet (1.40 MB)

Surveys and competitions

We'll treat any survey or competition information you provide with the same high standard of care as we do all other customer information, using any details provided strictly within the terms of the competition and this Privacy Policy.

Cookies

Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

  • collect information that will help us understand visitors' browsing habits on our website;
  • compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
  • temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
  • in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services e.g. if you use the 'Remember my ID' tool when logging on to Online Banking.

We use cookies to enable us to perform our contract with you (e.g. if you apply for a product online or are an Online Banking customer) and for our legitimate interests (e.g. to help us improve our service). We’ll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy you can read our cookie policy

Criteria used to determine retention periods (whether or not you become a customer)

The following criteria are used to determine data retention periods for your personal data:

  • Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
  • Retention in case of claims. We’ll retain your personal data for as long as legal claims can be brought and defended.
  • Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, product or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

Your rights under applicable data protection law

Your rights are as follows (noting that these rights don’t apply in all circumstances):

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

For more details on all the above you can contact our DPO, view the ‘Using My Personal Data’ booklet’ (1.40 MB) or ask for a copy in branch.

Find your nearest branch or contact us

Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data, which can’t be used to identify you. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated. 

Group companies

For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet (1.40 MB)

Changes to this Privacy Policy

We’ll notify you if there are any material changes to this Privacy Policy if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.

Legal statement about this Privacy Policy

This Privacy Policy is not designed to form a legally binding contract between Santander and users of our website or online services.

Links to other websites

Certain hypertext links in this website may lead you to websites which are not under the control of Santander UK plc. When you activate these, you may leave the santander.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Santander UK plc.

We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

No liability for unavailability

We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.

Contacting us about our Privacy Policy

Contact us, or write to our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

Customer responsibility

It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.

Easy ways to protect yourself from danger

There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:

  1. Never share a One Time Passcode (OTP) with another person, not even a Santander employee.
  2. Do not log on using a public computer.
  3. Always access Online Banking by typing https://www.santander.co.uk into your web browser and logging on via our website.
  4. Never enter your Online Banking details after clicking on a link in an email or text message.
  5. Do not send confidential information by email as it’s not secure and there is always a risk it could be intercepted.
  6.  If you’re logged into any online service, do not leave your computer unattended. Close down your internet browser once you’ve logged off.
  7.  Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

For more information about staying safe online you can visit Fraud & Security

Secure online services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

All information passed between you and Santander when using our online services is sent using secure industry standard encryption.

1. Introduction

1.1 We are Santander UK Plc (Santander, we, us our), the data controller. This event privacy notice sets out how we’ll collect, use, process and disclose your personal data. Your personal data is data which by itself, or with other data available to us can be used to identify you.

1.2 This privacy notice relates to our use of personal data obtained in relation to our prize draws, competitions, registration for events (this includes events organised and arranged by us and events arranged by a third party) as well as attendance at and participation in these events. Such events may include but is not limited to conferences, dinners, meetings, roadshows, recognition events etc. This includes personal data of our employees, guests, individual customers, B2B customer employees and children of those individuals (where applicable). 

1.3 Please also refer to the following:

1.3.1 Photos and videos at event: The photo/video privacy notice in relation to attendance at a specific event;

1.3.2 External events: Where an event is organised or hosted by a third party, this third party will also be a data controller in relation to any data that third party collects or receives about you. Please see the third party’s privacy notice for further details of their processing of your personal data; and

1.3.3 CCTV: Our CCTV notice and any CCTV notice of third parties where the venue is third party operated in respect of CCTV in operation at the relevant event.

2. The types of personal data we collect and use

2.1 As part of your registration for and participation in an event we’ll use your personal data for the reasons set out below.

 What personal data we collectHow we use your personal data
1

We will process personal data you provide when you register for an event or enter a prize draw or competition including:

  • Full name;
  • Contact information including home and business address, email and telephone number; 
  • Job role; and
  • Name of your employer.

This includes personal data about other named individuals such as guests and children that may accompany you to the event. If you provide this information on their behalf, you must have their authority to provide their personal data to us and share this privacy notice with them beforehand together with details of what you’ve agreed on their behalf.

Santander will use this personal data to:

  • Register your attendance at the event;
  • Communicate with you for the purposes of:
    • responding to your queries and other requests; 
    • sending you the event ticket or prize if you have won a prize draw or competition;
    • managing and administrating the event, prize draw, or competition;
  • Organise and administer the event visit, booking and provision of necessary and preferred services. Prize draws, and competitions;
  • Arrange accommodation and catering; 
  • Maintaining clear contact information for the event should we need to get in touch with you;
  • Manage and administer the contract with you, including for payment, invoicing and refund purposes;
  • Manage any complaints or issues; 
2Date of birth and/or ageSantander will use this personal data to:
  • Check that you’re eligible to take part in the event, prize draw, or competition.
3Passport, driving licence or other forms of identification.

Santander will use this personal data to:

  • Verify your identity; and
  • Fulfil any entrance permissions and access control requirements required for the event. 
4Vehicle details such as vehicle registration. 

Santander will use this personal data to:

  • Arrange parking at the event.
5Next of kin/emergency contact information

Santander will use this personal data to:

  • Contact your next of kin/emergency contact in the event of an emergency; and
  • Ensure compliance with health and safety requirements.
6

Information when you communicate with us whether by email, by phone, by social media or by any other means including:

  • Your contact details (name, email address, address, phone number and social media handle or user name); and
  • The details of your communications with us; and 
  • The details of our messages to you.

Santander will use this personal data in order to:

  • Respond to requests for information about our events or services;
  • Answer any questions, issues or concerns;
  • Deal with complaints; 
  • Monitor communications for quality and training purposes;
  • Develop and improve our events and services.
7Images and recordings captured by CCTV operating at the event.

Santander will use this personal data to:

  • Ensure the safety of our staff and visitors; and
  • assist with the prevention and detection of crime.

Further details can be found by calling the number displayed on the CCTV signs displayed on our premises. 

Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation of their CCTV systems. For more information please contact the venue owner.

8Photographs/pictures, presentations, testimonials, audio and video recording of speakers and participants and live web streaming whilst attending the event. 

Santander will use this personal data to:

  • promote the Santander brand in Santander’s internal and external marketing campaigns including on our website and intranet, on social media and email campaigns as well as publications, press and TV broadcast; 
  • promote a prize draw or competition (for example if you are the winner of the prize draw or competition); and
  • maintain a public profile.

We will only process images and recordings of a minor with the consent of their parent or guardian. 

3. Special category personal data

3.1    Certain types of personal data are more sensitive than others. This special category personal data includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion. 

3.2    We may collect and receive special category personal data about you. We have identified below the types of special category personal data we may collect or receive, how we will use it and why we will use it.

 What personal data we collectHow we use your personal data
1Dietary requirements and preferences such as allergies and intolerances of you and/or any child attending the event with you. 

We will process this information to ensure any dietary requirements are catered for at the event and to ensure your safety whilst at the event.

We will only process this personal data with your explicit consent. 

2Health and disability information about you and/or any child attending the event with you.

We will process this information to ensure any required access arrangements and other adjustments are in place and to ensure your safety whilst at the event. 

We need your explicit consent to process such information about you.

3

Health data relating to any symptoms of Covid-19 or recent Covid-19 test results or vaccination status. 

We continue to monitor UK government guidelines on Covid-19, and to align our own Covid-19 protocols accordingly. We will let you know about the specific Covid-19 protocols and requirements we or third-party venues we work with have in place in advance of the event you are attending.

We will use this personal data in order to determine whether or not you can attend the event. If you have Covid-19 symptoms or test Covid-19 positive you cannot attend the event. 

The lawful basis for this processing is: 

  • legitimate interest in ensuring the health and safety of our workforce and customers and other event attendees and complying with Government guidelines and legislation relating to the Covid-19 pandemic; and either 
  • Employment law– where processing is for the purposes of protecting the health and safety of our employees and customers; or
  • Public health to help combat the spread of COVID-19.

 

4. Providing your personal data

4.1    Where the provision of personal data is optional, we will let you know. In all other cases you will need to provide the information if you want to register for and take part in the event.

5. Lawful basis of processing

5.1    We’ll process your personal data:

5.1.1 Based on your consent, e.g.:

(a) To send you marketing communications where we’ve asked for your consent to do so. Please see the Direct Marketing section below for further details. 

5.2    As necessary to perform our contract or agreement with you for the relevant event:

(a) To take steps at your request prior to entering into it; 

(b) To decide whether to enter into it; and 

(c) To manage and perform that contract.

5.2.2    As necessary to comply with a legal obligation, e.g.:

(a) When you exercise your rights under data protection law and make requests;

(b) For compliance with legal and regulatory requirements and related disclosures;  and

(c) For establishment and defence of legal rights.

5.2.3    Where necessary in order to protect your vital interests or the vital interests of another person, e.g.:

(a) Contacting your next of kin/emergency contact in a medical emergency. 

5.2.4    As necessary for our own legitimate interests or those of other persons and organisations, e.g.:

(a) For good governance, accounting, and managing and auditing our business operations; 

(b) Ensure effective administration and management of the event;

(c) Administer and manage prize draws and competitions;

(d) Administer our operations and business in an efficient and effective way; 

(e) Understand why individuals attend our events;

(f) Understand and respond to queries, complaints and feedback;

(g) Research and analyse the events and services our customers want;

(h) Send direct marketing to B2B contacts;

(i) Improve our events; 

(j) Maintain a public profile;

(k) Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business and the acquisition of the business; 

(l) To protect the security or integrity of our business operations and events; and 

(m) Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.

6. Legal requirements

6.1    Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim.  We will not delete personal data if relevant to an investigation or a dispute.  It will continue to be stored until those issues are fully resolved.

7. Where your information will be held

7.1    If you are located in the UK or European Economic Area, we may transfer your personal data to locations outside of the UK and European Economic area (including to the US). However, to ensure your personal data is protected in accordance with EU and UK data protection law we will only transfer data outside the UK and European Economic Area where appropriate safeguards as required by applicable data protection law are in place. This includes where a jurisdiction has been deemed adequate by the EU Commission or, where there is no adequacy decision, by putting in place Standard Contractual Clauses. Please contact us at Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you would like further information on the specific safeguards used by us when transferring your personal data.

8. Sharing of your personal data

8.1    We may share your personal data with:

8.1.1 Group companies: The Santander group of companies and associated companies in which we have shareholdings. We will share personal data with Santander group companies in certain circumstances including where another group company is assisting in the organisation of an event, prize draw, or competition (such as arrangement of travel). For more information on the Santander group companies, please see the 'Using My Personal Data' booklet

8.1.2 Service providers – Third parties may process your personal data on our instructions. These include sub-contractors and other persons who help us provide our events, products and services including catering providers, security, transportation and events management companies, hotels and accommodation providers, IT suppliers (including software providers), cloud hosting providers, customer service, data analytics providers, professional advisors including legal advisors, auditors, marketing agencies, media outlets, database providers, backup and disaster recovery specialists and email providers.

Our suppliers and service providers will be required to meet appropriate standards on processing information and security when processing your personal data.  The information we provide them, including     your information, will only be processed in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy     notice.

8.1.3 Your next of kin/emergency contact: We will disclose your personal data to your next of kin/emergency contact if required in relation to an event e.g. there is a medical emergency.

8.2    Your personal data may be transferred to other third party organisations in certain scenarios, such as:

8.2.1 If we're discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;

8.2.2 If we are reorganised or sold, or in the event of a merger, joint venture, assignment, transfer or disposition of all or any portion of Santander's business or operations (including without limitation in connection with bankruptcy or any similar proceedings) information may be transferred to a buyer;

8.2.3 If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;

8.2.4 If we are exercising or defending a legal claim your information may be transferred as required in connection with defending such claim;

8.2.5 Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data; or

8.2.6 If we have your consent to the data sharing. 

9. How long we retain your personal data

9.1    We will process and store personal data for as long as required by the relevant purposes of processing. For example: 

9.1.1 Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event;

9.1.2 Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; 

9.1.3 Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements; 

9.1.4 Retention of contact details: We retain relevant information in our events record for 10 years after the most recent visit or event you attend; and

9.2 Retention of identity documents (e.g. passport, driving license) and special category data (e.g. accessibility requirements): We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.

9.3 The criteria used to determine data retention periods for your personal data include:

9.3.1 the date of the event;

9.3.2 whether there are contractual or legal obligations that exist that require us to retain the data for a period of time;

9.3.3 whether there is an ongoing legal claim that relates to your relationship with us; and

9.3.4 whether any applicable law, statute, or regulation allows for a specific retention period.

10. Your rights under applicable data protection law

10.1    Your rights are as follows (noting that these rights don’t apply in all circumstances):

10.1.1 Withdraw consent at any time. The right to withdraw consent where you have previously given your consent to the processing of personal data. Please see the Direct Marketing section below for further details on how to withdraw consent to direct marketing;

10.1.2 The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;

10.1.3 The right to object to processing of your personal data;

10.1.4 The right to restrict processing of your personal data;

10.1.5 The right to have your personal data erased (the “right to be forgotten”);

10.1.6 The right to request access to your personal data and information about how we process it;

10.1.7 The right to move, copy or transfer your personal data (“data portability”); and

10.1.8 Rights in relation to automated decision making including profiling.

10.2 You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

10.3 For more details on all the above you can contact our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN or request the ‘Using My Personal Data’ booklet by asking for a copy from the event co-ordinator or online at santander.co.uk.

11. Direct Marketing

11.1 If you are a B2B contact (i.e. an employee of a customer of Santander), Santander may send direct marketing to you (in relation to marketing aimed at your employer) by email. B2B contacts can opt-out of receiving these communications at any time.

11.2 If you are a B2C contact (i.e. an individual customer of Santander), Santander may send direct marketing, if you have given your consent: 

11.2.1 to marketing relating to invitations to take part in prize draws, competitions and promotions and invitations to attend events, hospitality and networking opportunities; and/or

11.2.2 to marketing relating to identified third party products or services that may be of interest.

11.3 If you do not want us to use your personal data for the purposes of direct marketing you can withdraw your consent at any time by contacting the relevant team using the contacts details in our “Using my personal data” booklet:

11.4 Please note that if you choose not to consent to direct marketing or withdraw your consent to direct marketing we will still communicate with you in relation to any contract you have with us and other service and event related messages. For example, messages relating to your attendance at the event. You may not opt out of receiving communications regarding your dealings with Santander and attendance at an event you are attending. In addition, even if you choose not to receive prize draw,  competition, promotional and events related communications from us, we will still contact you regarding any products or services you have already purchased from us including marketing relating to our similar products and services unless you decide to opt-out of receiving these separate marketing communications. Please see the relevant Santander Privacy Policy for further details in relation to our marketing of similar products and services.  

12. Changes to the Privacy Notice

12.1 Should the privacy notice be revised, Santander will post the changes on the Santander website which will be effective immediately upon posting. You can determine when the privacy notice was last revised by referring to the “Last Revised” date at the top of this page.

12.2 If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email. Where required by applicable law, any material changes to the terms of the privacy notice will apply only to information collected thereafter.

13. Contact us

13.1 You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

At Santander we work with a number of Partners and Santander Group Affiliates, please see the list below.  Sometimes we may send you information about one or more of our Partners. This will only happen if you have agreed to receive information from us. We will not share any of your personal information without your consent.

A list of Santander Group Entities and Partners:
Group Entities
Banco Santander
Cahoot
Cater Allen
Cater Allen Limited
Cater Allen Private Bank
Santander Consumer Finance
Santander Universities

Partners
Alzheimer's Society
Ansco Arena (02 Arena corporate tickets)
Anyvan
AOK Events Limited (corporate hospitality)
Aviva Insurance Limited
Aviva Life & Pensions UK Limited
AXA Insurance UK plc
AXA PPP healthcare Ltd
BISL Limited
British Gas
British Museum
Bupa Insurance Limited
Chubb European Group SE (CEG)
Debt Charity 
Ferrari
Formula One
GamCare
Irwin Mitchell
L&G (home finance)
Macmillan Cancer Support
Make my house green
Mastercard
Mind
Money Advice trust
Money Helper
Myenergi
National Parks Partnership
Octopus Energy
PayPlan
Priceless
(Red), a division of The ONE Campaign
Riot Games (League of Legends)
Rugby Football Union (Twickers corporate box)
Santander Boosts - Including those brand specific offers i.e., Costa, Adidas, Nike etc. 
Sign Video
Silverstone Circuits Limited
Sky
Step Change
Surviving Economic Abuse 
Tado
Ten Lifestyle Management Limited
Tier Operations Limited (MK cycles scheme)
Transport for London
Turn 2 Us 
Twinkl
UCAS
ufurnish.com
Vibrant
Zappi

This list is correct as October 2023. Subject to change.

Santander Corporate Banking

Company registration details

Santander UK plc. Registered Office: 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks.

Changes

We will update the content of this notice from time to time. Please ensure that you visit this page regularly and refresh your browser to ensure your information is up to date.

You can check our authorisations with the Financial Conduct Authority at www.fca.org.uk/register or by calling them on 0800 111 6768

Santander UK plc is a member of the Financial Ombudsman Service, contact details: Financial Ombudsman Service, South Quay Plaza, 183 Marsh Wall, London E14 9SR. Telephone: 0800 0234 567. www.financial-ombudsman.org.uk

Links to other websites

Certain hypertext links in this website may lead you to websites which are not under the control of Santander UK plc. When you activate these, you may leave the santander.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Santander UK plc.

We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

No liability for unavailability

\We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.

Customer responsibility

It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.

Easy ways to protect yourself from danger

There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:

  1. Never share a One Time Passcode (OTP) with another person, not even a Santander employee.
  2. Do not log on using a public computer.
  3. Do not send confidential information by email as it’s not secure and there is always a risk it could be intercepted.
  4. If you’re logged into any online service, do not leave your computer unattended. Close down your internet browser once you’ve logged off.
  5. Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

For more information about staying safe online you can visit santander.co.uk/securitycentre

Secure Online Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

All information passed between you and Santander when using our online services is sent using secure industry standard encryption.

Cookies

Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

  • collect information that will help us understand visitors' browsing habits on our website;
  • compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
  • temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
  • in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services e.g. if you use the 'Remember my ID' tool when logging on to Online Banking.

We use cookies to enable us to perform our contract with you (e.g. if you apply for a product online or are an Online Banking customer) and for our legitimate interests (e.g. to help us improve our service). We’ll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy.

We are Santander UK plc, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

This is our data protection statement which explains how we obtain, use and keep your personal data safe in relation to the Santander Corporate and Commercial website and Santander Connect.

Your personal data is data which by itself, or with other data available to us, can be used to identify you.

We're committed to keeping your personal data safe in accordance with applicable data protection laws.

The types of personal data we collect and use

The types of personal data we capture and use will depend on what you are doing on the website. We’ll use your personal data, or the personal data of your related persons, for some or all of the reasons set out in this data protection statement. If you become a customer we’ll also use it to manage the account, policy or service you’ve applied for and we’ll provide you with our Information Booklet (353 KB) which includes the full data protection statement as part of the online application journey. Examples of the personal data we use in relation to our websites and online application process include:

  • Full name and personal details including contact information (e.g. home and business address and address history, email address, home, business and mobile telephone numbers);
  • Date of birth and/or age (e.g. to confirm eligibility to apply);
  • Financial details (e.g. salary and details of other income, and details of accounts held with other providers);
  • Records of products and services you have obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
  • Information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources, as well as information on any financial associates you or any of your related persons may have;
  • Family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependents you or any of your related persons have);
  • Education and employment details/employment status for credit and fraud prevention purposes; 
  • Personal data about other named applicants. You must have their authority to provide their personal data to us and share the Information Booklet (353 KB)  with them beforehand together with details of what you’ve agreed on their behalf; and
  • Contact details and information about your business if you are a prospective customer.
  • Special category data, including data about your health and biometric data (e.g. fingerprints, keystrokes and voice recordings for TouchID and voice recognition);

Providing your personal data

We’ll tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases you must provide your or your related person’s personal data so we can process your application or respond to query or service request  (unless you’re already a customer and we already hold your or your related person’s details). We’ll collect this personal data directly from you when you use this website. Where you go through an application process with us, we may collect some of your personal data indirectly, from other sources. We will tell you about the sources of the personal data in the data protection statement relevant to the specific product. If you provide personal data about another individual, you must have their authority to provide their personal data to us and you must share this Privacy Policy  and any related the data protection statement with them beforehand together with details of what you’ve agreed on their behalf.

Monitoring of communications

Subject to applicable laws, we’ll monitor and record your and your related person’s calls, emails, text messages, social media messages and other communications in relation to your and your related persons’ dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what has been said. We may also monitor activities on your account where necessary for these reasons, and this is justified by our legitimate interests or our legal obligations.

Using your personal data: the legal basis and purposes

We’ll process your or your related persons’ personal data:

1. As necessary to perform our contract with you for the relevant account, product or service, including:
a) To take steps at your request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract;
d) To assess credit risk; and
e) To update our records.

2. As necessary for our own legitimate interests or those of other persons and organisations, including:
a) For good governance, accounting, and managing and auditing our business operations;
b) To search at credit reference agencies if you as an individual are over 18;
c) To monitor emails, calls, other communications, and activities on your account, product or service;
d) For market research, analysis and developing statistics; 
e) To send you marketing communications, including automated decision making relating to this;
f) To assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to your account, product or service where we are permitted to do so pursuant to the terms of the relevant contract or as a matter of law;
g) To identify and contact potential customers using publicly available information and internal insight;
h) To monitor your or their transactions to assess credit risk, and for the detection and prevention of crime;
i) To trace your whereabouts;
j)To contact you about your account;
k) For the purposes of recovering debt owed by you;
l) For establishment and defence of legal rights; and
m) For the prevention, detection and investigation of financial crime, including fraud, money laundering, and terrorism financing.

3. As necessary to comply with a legal obligation, including:
a) When you or any of your related persons exercise your or their rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of crime;
e) To verify your or any of your related persons’ identity, make credit, fraud prevention and anti-money laundering checks; and
f) To monitor emails, calls, other communications, and activities on your account, product or service.

4. Based on your consent, including:
a) When you request us to disclose your or any of your related persons’ personal data to other people or organisations, such as a person or company handling a claim on your behalf, or otherwise agree to disclosures;
b) When we process any special categories of personal data about you or your related persons at your request (e.g. your or any of your related persons’ racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
c) To send you marketing communications where we're required to ask for your consent to do so.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you. To the extent that action has already been taken based on your consent, withdrawal of your consent will not apply to the processing of your personal data that has already occurred, based on your consent.

Sharing of your personal data

Subject to applicable data protection law, we may share your personal data or the personal data of any of your related persons with:

  • Members of the Banco Santander group of companies and associated companies in which we have shareholdings and directors, employees, officers, agents or professional advisors of such members and associated companies;
  • Sub-contractors and other persons who help us or our affiliates provide accounts, products and services;
  • Companies and other persons providing services to us;
  • Our legal and other professional advisors, including our auditors;
  • Fraud prevention agencies, credit reference agencies, and debt collection agencies when we open your account, product or service and periodically during your account, product or service management;
  • Other organisations who use shared databases for income verification and affordability checks and to manage/collect arrears;
  • Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
  • Courts, to comply with legal requirements, and for the administration of justice;
  • Other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing;
  • Other persons where necessary in an emergency or to otherwise protect your or your related persons’ vital interests;
  • Other persons where necessary to protect the security or integrity of our business operations;
  • Other persons connected with your account e.g. your related persons;
  • Other persons when we restructure or sell any of our business or assets or have a merger or re-organisation (including persons and prospective persons to whom we may assign, transfer, sub-participate or otherwise dispose of our rights and/or obligations in relation to your account, product or service);
  • Market research organisations who help to improve our products or services;
  • Payment systems providers (including Visa or Mastercard if we issue cards linked to your account) and correspondent banks, who may transfer such personal data to others, as necessary to operate your account, product or service and for regulatory purposes, to process transactions, resolve disputes and for statistical purposes, including sending such personal data overseas;
  • External sources of publicly available information such as Companies House, Dun and Bradstreet and credit reference agencies and other internal insight; and
  • Anyone else where we have your consent, or where we have another lawful basis for doing so.

International transfers

Your personal data or the personal data of any of your related persons may be transferred the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries, additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place, or requiring the recipient to subscribe to or be certified with, an ‘international framework’ for the protection of personal data. Further details can be found in the ‘Using My Personal Data’ booklet (121 KB).

International corridors

Where you may have international business needs, we will share information relating to you and your products and accounts, including transactional information, with Banco Santander S.A., Banco Santander group members and other partner banks who may be based in other countries, to better support your international operations and decide whether to offer you other products and services.

For more information on who those other Banco Santander group members or other partner banks are, you can ask your relationship contact point. The data shared will include information on your financial position, auditable accounts, your related persons and any information held about you or your related persons by us, such as information about transactions carried out on your accounts, products and services with us and information regarding any other products and services that you receive from us. We will do this on the basis of your legitimate interests. If you do not want us to share your or your related persons’ data in this way, you can speak to us.

Data anonymisation and aggregation

Your personal data or the personal data of any of your related persons may be converted into statistical or aggregated data which can’t be used to identify you or any of your related persons. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.

Identity verification and fraud prevention checks

The personal data we’ve collected from you at application or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your or any of your related persons’ identity. If fraud is detected, you could be refused certain services or finance in future. We may also search and use our internal records for these purposes. Further details on how your personal data or the personal data of any of your related persons will be used by us and these fraud prevention agencies, and your and your related persons’ data protection rights can be found in the ‘Using My Personal Data’ booklet (121 KB). We may also hold all personal data and other information you give to us to undertake periodic due diligence and identification checks which banks are required to undertake to comply with UK legislation and regulation.

Credit reference checks

If you are an individual and apply for any products and services (including as part of a periodic review of your business) or if any of your related persons is to guarantee or provide any other assurance in relation to any product for which you apply we’ll perform credit and identity checks on you or your applicable related person at your or his/her home and business address with one or more credit reference agencies. To do this we’ll supply your or his/her personal data to the credit reference agencies and they’ll give us information about you or your related person.

When we carry out a search at the credit reference agencies, they’ll place a footprint on your or his/her credit file. A search may either be:

a) a quotation search where a soft footprint is left. This has no effect on your or his/her credit score, and lenders are unable to see this;

b) a hard footprint where you’ve agreed/requested us to proceed with your application for credit. (This footprint will be viewable by other lenders and may affect your or your related person’s ability to get credit elsewhere. Please note that a credit search is not carried out if you or your related person are under 18.); or

c) an identity check where a record of this search is left.

We’ll also continue to exchange information about you or your related person with credit reference agencies while you have a relationship with us. The credit reference agencies may in turn share your or your related persons’ personal information with other organisations. The personal data shared with the credit reference agencies will relate to you, your business and/or your related person.

Details about your application (whether or not it’s successful) will be recorded and we’ll give details of you, the business and its proprietors, and your accounts and how you manage them to credit reference agencies. If you or your related person do not repay any debt in full or on time, the credit reference agencies will record the outstanding debt and supply this information to others performing similar checks, to trace your or his/her whereabouts and to recover debts that you or your related person owe or owes. Records remain on file for 6 years after they are closed, whether settled by you or defaulted. A financial association link between joint applicants or between you and any named business partner or individual will be created at the credit reference agencies. This will link your and their financial records and be taken into account in all future applications by either or both of you until either of you apply for a notice of disassociation with the credit reference agencies. For more information, a leaflet called ‘Your application and credit scoring’ is available on request. We will seek confirmation from the credit reference agencies that the residential address of any director that you provide is the same as that shown on the restricted register of directors’ usual addresses at Companies House.

If you apply for a secured product, we may pass any information and documentation relating to this secured product to any persons with a legal or equitable interest in the security, whilst the product remains open.

The identities of the credit reference agencies, and the ways in which they use and share personal information is explained in more detail in the Credit Reference Agency Information Notice (‘CRAIN’) document which can be accessed via any of the following links:

Automated decision making and processing

Automated decision making involves processing your or your related persons’ personal data without human intervention, to evaluate certain personal aspects about you or them (known as profiling). In particular, we may analyse or predict (among other things) your or their economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you or them using your or their personal information. For example, we might analyse certain customer demographics, accounts, products or services and account behaviours (such as payments to other providers) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries. In some instances we’ll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you.

We’ll also conduct behavioural scoring, including by looking at the accounts, products or services you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your or their credit report, but they will not affect your or their ability to get credit. You or they may have a right to certain information about how we make these decisions. You or they may also have a right to request human intervention and to challenge the decision.

Using our calculators, decision tools, guides and budget planners

To use our range of calculators, tools, guides and budget planners, you'll have to give us details of your financial situation and needs. The information we ask for will depend on what type of product or account you're interested in. By providing any personal data you do so on the basis of your consent. You’re free at any time to withdraw your consent but if you do you won’t be able to use these services.

When you use a calculator, guide, decision tool or budget planner all of the details you provide are anonymous - and once you leave we never store your details, unless, for example, you decide to save a quote.

Open Banking

Where you have opted in for this service, we may use your or your related persons’ personal data to link your accounts from other providers to Santander Mobile Banking, in order to provide you with an aggregated view of your accounts. As part of this service, we may collect and display personal information from your Santander banking relationship that you have requested to be visible to you within Santander Mobile Banking. This personal information may include your name, address, email address and phone number, biometric data, and information relating to your financial circumstances (including your bank account details and details of your banking transactions). We may also collect and display your personal information from your other banking and financial providers as well as other providers that we may introduce into the service that you have requested to be visible to you within Santander Mobile Banking. This may also include information relating to your financial circumstances (including your bank account details and details of your banking transactions with those providers).

Your marketing preferences and related searches

We’ll use your business address, phone numbers, and email address to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting us.

If you are an individual and over 18, we may search the files at credit reference agencies before sending marketing communications to you about credit. The credit reference agencies don’t record this particular search or show it to other lenders and it won’t affect your credit rating. We do this as part of our responsible lending obligations which is within our legitimate interests. 

As part of our anti-bribery and corruption checks we may conduct an adverse media search on you using publicly available information prior to contacting you.

You confirm that you have been asked about your marketing preferences as part of this application, and if you wish to change these options you can do so at any time.

Criteria used to determine retention periods (whether or not you become a customer)

The following criteria are used to determine data retention periods for your personal data or the personal data of your related persons:

  • Retention in case of queries. We’ll retain personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful);
  • Retention in case of claims. We’ll retain personal data for as long as legal claims can be brought and defended; and
  • Retention in accordance with legal and regulatory requirements. We’ll retain personal data after your account, product or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

Rights under applicable data protection law

Your or, if applicable, your related persons’ rights are as follows (noting that these rights don’t apply in all circumstances):  

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

You or any of your related persons have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk

For more details on all the above, including Banco Santander group members, you can contact our DPO or view the ‘Using My Personal Data’ booklet (121 KB).

1. Introduction

1.1 We are Santander UK Plc (Santander, we, us our), the data controller. This event privacy notice sets out how we’ll collect, use, process and disclose your personal data. Your personal data is data which by itself, or with other data available to us can be used to identify you.

1.2 This privacy notice relates to our use of personal data obtained in relation to our prize draws, competitions, registration for events including hospitality (this includes events organised by us, on our behalf by a third party, and those organised by providers which are made accessible via our services, unless otherwise stated) as well as attendance at and participation in these events. Such events may include but are not limited to conferences, dinners, meetings and virtual events. Personal data may relate to employees of our corporate clients, employees of Santander and their respective guests (where applicable).

1.3 Please also refer to the following:

1.3.1 Photos and videos at event: The photo/video privacy notice in relation to attendance at a specific event.

1.4 External events: Where an event is organised by a third party or provider, and made accessible via our services, the third party or provider will also be a data controller in relation to any data that they collect or receive about you. Please see the third party or provider’s privacy notice for further details.

1.4.1 CCTV: Our CCTV notice and any CCTV notice of third parties where the venue is third party operated in respect of CCTV in operation at the relevant event.

2. The types of personal data we collect and use

2.1 As part of your registration for and participation in an event we’ll use your personal data for the reasons set out below.

 What personal data we collectHow we use your personal data
1

We will process personal data you provide when you register for an event or enter a prize draw or competition including:

  • Full name;
  • Contact information including home and business address, email and telephone number;
  • Job role; and
  • Name of your employer.

This includes personal data about other named individuals such as guests that may accompany you to the event. If you provide this information on their behalf, you must have their authority to provide their personal data to us and share this privacy notice with them beforehand together with details of what you've agreed on their behalf.

  • Santander will use this personal data to:
  • Register your attendance at the event;
  • Communicate with you for the purposes of:
    • responding to your queries and other requests;
    • sending you the event ticket or prize if you have won a competition; and
    • managing and administrating the event, prize draw, or competition.
  • Organise and administer the event visit, booking and provision of necessary and preferred services, prize draws and competitions;
  • Arrange accommodation and catering;
  • Maintain clear contact information for the event should we need to get in touch with you;
  • Manage and administer the contract with you, including for payment, invoicing and refund purposes;
  • Manage any complaints or issues;
  • and Send you direct marketing as described in the Direct Marketing section below.
2Passport, driving licence or other forms of identification.

Santander will use this personal data to:

  • Verify your identity; and
  • Fulfil any entrance permissions and access control requirements required for the event.
3Vehicle details such as vehicle registration.

Santander will use this personal data to:

  • Arrange parking at the event.
4Next of kin/emergency contact information

Santander will use this personal data to:

  • Contact your next of kin/emergency contact in the event of an emergency; and
  • Ensure compliance with health and safety requirements.
5

Information when you communicate with us whether by email, by phone, by social media or by any other means including:

  • Your contact details (name, email address, address, phone number and social media handle or username); and The details of your communications with us; and The details of our messages to you.

Santander will use this personal data in order to:

  • Respond to requests for information about our events or services;
  • Answer any questions, issues or concerns;
  • Deal with complaints; and
  • Develop and improve our events and services.
6Images and recordings captured by CCTV operating at the event.

Santander will use this personal data to:

  • Ensure the safety of our staff and visitors; and
  • Assist with the prevention and detection of crime.

Further details can be found by calling the number displayed on our premises.

Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation for their CCTV systems. For more information, please contact the venue owner.

7Photographs/pictures, presentations, testimonials, audio and video recording of speakers and participants and live web streaming whilst attending the event.

Santander will use this personal data to:

  • Promote the Santander brand in Santander's internal and external marketing campaigns including on our website and intranet, on social media and email campaigns as well as publications and press.

3. Special category personal data

3.1 Certain types of personal data are more sensitive than others. This special category personal data includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometrics or religion.

3.2 We may collect and receive special category personal data about you. We have identified below the types of special category personal data we may collect or receive, how we will use it and why we will use it.

 What personal data we collectHow we use your personal data
1Dietary requirements and preferences such as allergies and intolerances of you and/or any child attending the event with you.

We will process this information to ensure any dietary requirements are catered for at the event and to ensure your safety whilst at the event.

We will only process this personal data with your explicit consent.

2Health and disability information about you.

We will process this information to ensure any required access arrangements and other adjustments are in place and to ensure your safety whilst at the event.

We need your explicit consent to process such information about you.

3

Health data relating to any symptoms of Covid-19 or recent Covid-19 test results or vaccination status.

We continue to monitor UK government guidelines on Covid-19, and to align our own Covid-19 protocols accordingly. We will let you know about the specific Covid19 protocols and requirements we, or third-party venues we work with, have in place in advance of the even you are attending.

We will use this personal data in order to determine whether you can attend the event. If you have Covid-19 symptoms or test Covid-19 positive you cannot attend the event. 

The lawful basis for this processing is:

  • legitimate interest in ensuring the health and safety of our workforce and customers and other event attendees and complying with Government guidelines and legislation relating to the Covid-19 pandemic; and either
  • Employment law - where processing is for the purposes of protecting the health and safety of our employees and customers; or
  • Public health to help combat the spread of COVID-19.

 

4. Providing your personal data

4.1 Where the provision of personal data is optional, we will let you know. In all other cases you will need to provide the information if you want to register for and take part in the event.

5. Lawful basis of processing

5.1 We’ll process your personal data:

5.1.1 Based on your consent, e.g.:

(a) To send you marketing communications where you are an existing client, and we have your consent to do so. Please see the Direct Marketing section below for further details;

(b) Research and analyse the events and services our customers want, where you have consented to receiving surveys and feedback requests; and

(c) To ensure any dietary and access requirements are catered for at the event.

5.2 As necessary to perform our contract or agreement with you for the relevant event:

(a) To take steps at your request prior to entering into it;

(b) To decide whether to enter into it; and

(c) To manage and perform that contract.

5.2.2 As necessary to comply with a legal obligation, e.g.:

(a) When you exercise your rights under data protection law and make requests;

(b) For compliance with legal and regulatory requirements and related disclosures; and

(c) For establishment and defence of legal rights.

5.2.3 Where necessary in order to protect your vital interests or the vital interests of another person, e.g.:

(a) Contacting your next of kin/emergency contact in a medical emergency.

5.2.4 As necessary for our own legitimate interests or those of other persons and organisations, e.g.:

(a) For good governance, accounting, and managing and auditing our business operations;

(b) Ensure effective administration and management of the event;

(c) Administer and manage prize draws and competitions;

(d) Administer our operations and business in an efficient and effective way;

(e) Understand why individuals attend our events;

(f) Understand and respond to queries, complaints and feedback;

(g) Research and analyse the events and services our customers want;

(h) Send direct marketing to prospective clients;

(i) Improve our events;

(j) Maintain a public profile;

(k) Transfer personal data in relation to an actual or proposed sale, transfer or re-organisation of all or part of our business or the acquisition of the business;

(l) To protect the security or integrity of our business operations and events; and

(m) Enforce our legal rights and manage any dispute and legal claims and take legal or other professional advice.

6. Legal requirements

6.1 Your personal data may be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal data if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

7. Where your information will be held

7.1 If you are located in the UK or European Economic Area, we may transfer your personal data to locations outside of the UK and European Economic area (including to the US). However, to ensure your personal data is protected in accordance with EU and UK data protection law we will only transfer data outside the UK and European Economic Area where appropriate safeguards as required by applicable data protection law are in place. This includes where a jurisdiction has been deemed adequate by the EU Commission or, where there is no adequacy decision, by putting in place Standard Contractual Clauses. Please contact us at Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you would like further information on the specific safeguards used by us when transferring your personal data.

8. Sharing of your personal data

8.1 We may share your personal data with:

8.1.1 Group companies: The Santander group of companies and associated companies in which we have shareholdings. We will only share personal data with Santander group companies in certain circumstances including where another group company is assisting in the organisation of an event, prize draw, or competition (such as arrangement of travel). For more information on the Santander group companies, please see the 'Using My Personal Data' booklet;

8.1.2 Service providers – Third parties may process your personal data on our instructions. These include sub-contractors and other persons who help us provide our events, products and services including catering providers, security, transportation and events management companies, hotels and accommodation providers, IT suppliers (including software providers), cloud hosting providers, customer service, data analytics providers, professional advisors including legal advisors, auditors, marketing agencies, media outlets, database providers, backup and disaster recovery specialists and email providers.

Our suppliers and service providers will be required to meet appropriate standards on processing information and security when processing your personal data. The information we provide them, including your information, will only be processed in connection with the performance of their function. They will not be permitted to use your information for any purposes other than those outlined in this privacy notice.

8.1.3 Your next of kin/emergency contact: We will disclose your personal data to your next of kin/emergency contact if required in relation to an event e.g. there is a medical emergency.

8.2 Your personal data may be transferred to other third-party organisations in certain scenarios, such as:

8.2.1 If we restructure or sell our business or its assets or have a merger or re-organisation;

8.2.2 If we're required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;

8.2.3 If we are exercising or defending a legal claim your information may be transferred as required in connection with defending such claim;

8.2.4 Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data; or

8.2.5 If we have your consent to the data sharing.

9. How long we retain your personal data

9.1 We will process and store personal data for as long as required by the relevant purposes of processing. For example:

9.1.1 Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event;

9.1.2 Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us;

9.1.3 Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements;

9.1.4 Retention of contact details: We retain relevant information in our events record for 10 years after the most recent visit or event you attend; and

9.2 Retention of identity documents (e.g. passport, driving license) and special category data (e.g. accessibility requirements): We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.

9.3 The criteria used to determine data retention periods for your personal data include:

9.3.1 the date of the event;

9.3.2 whether there are contractual or legal obligations that exist that require us to retain the data for a period of time;

9.3.3 whether there is an ongoing legal claim that relates to your relationship with us; and

9.3.4 whether any applicable law, statute, or regulation allows for a specific retention period.

10. Your rights under applicable data protection law

10.1 Your rights are as follows (noting that these rights don’t apply in all circumstances):

10.1.1 Withdraw consent at any time. The right to withdraw consent where you have previously given your consent to the processing of personal data. Please see the Direct Marketing section below for further details on how to withdraw consent to direct marketing;

10.1.2 The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;

10.1.3 The right to object to processing of your personal data;

10.1.4 The right to restrict processing of your personal data;

10.1.5 The right to have your personal data erased (the “right to be forgotten”);

10.1.6 The right to request access to your personal data and information about how we process it;

10.1.7 The right to move, copy or transfer your personal data (“data portability”); and

10.1.8 Rights in relation to automated decision making including profiling.

10.2 You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

10.3 For more details on all the above you can contact our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN or request the ‘Using My Personal Data’ booklet by asking for a copy from the event co-ordinator or online at santander.co.uk.

11. Direct Marketing

11.1 If you are an employee of a Santander corporate client, Santander may send direct marketing to you (in relation to marketing aimed at your employer) by email where you have consented to this previously or at the time of signing up for the event. You can withdraw your consent at any time by contacting with your Relationship Manager or Client Services.

11.2 If you are an employee of a prospective corporate client, Santander may send direct marketing to you under our legitimate interests. You can opt out of receiving further communications of this type at any time by clicking the unsubscribe link on the email or informing Client Services.

11.3 Categories of Direct Marketing include:

  • Santander UK products and services
  • Third party products and services including those from the wider Santander Group
  • Market research including surveys and product feedback
  • Invitations to events and hospitality

11.4 Please note that if you choose not to consent to direct marketing or withdraw your consent to direct marketing we will still communicate where necessary to provide legal and regulatory messages or information related to provision of products or services you have with us. We will also communicate with you regarding any event you have registered to attend, unless you tell us you no longer wish to attend.

12. Changes to the Privacy Notice

12.1 Santander’s current privacy notices are available on santander.co.uk/corporate. Should a privacy notice be revised, we will post the changes on the Santandercb.com website. Changes will be effective immediately upon posting. You can determine when the privacy notice was last revised by referring to the “Last Revised” date at the top of this page.

12.2 If we make a change that significantly affects your rights or, to the extent we are permitted to do so, significantly changes how or why we use personal data, we will notify you by way of a prominent notice on our website or, if we have your email address, by email. Where required by applicable law, any material changes to the terms of the privacy notice will apply only to information collected thereafter, unless you provide consent.

13. Contact us

13.1 You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

For more information on how we use your personal data, take a look at our Using my personal data booklet (121 KB).

Take a look at our Cookie policy

Was this helpful?

Ask us a question

We'll help you get the
answers you need

Do your banking online

Ways for you to manage your
money without leaving home