Privacy Statement

Whether or not the Intermediary becomes an Intermediary, we’ll use the Intermediary’s Personal Data for the reasons set out below and if the Intermediary becomes an Intermediary we’ll use it to manage the relationship with the Intermediary. We’ll collect most of this directly during the registration process. The sources of Personal Data collected indirectly are mentioned in this statement. The Personal Data we use may include:

1. Full name and personal details including contact information (e.g. home and/or business address and address history, email address, home, business and/or mobile telephone numbers);
2. Date of birth;
3. Records of products and services the Intermediary has obtained or applied for, how the Intermediary uses them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
4. Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates the Intermediary may have;
5. Education and employment details/employment status for credit and fraud prevention purposes; and
6. Personal Data about other named applicants. The Intermediary must have their authority to provide their Personal Data to us and share this Data Protection Statement with them beforehand together with details of what the Intermediary has agreed on their behalf.

We’ll tell the Intermediary if providing some Personal Data is optional, including if we ask for consent to process it. In all other cases the Intermediary must provide their Personal Data so we can process the registration request.

Subject to applicable laws, we’ll monitor and record the Intermediary’s calls, emails, text messages, social media messages and other communications in relation to the Intermediary’s dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. We may also monitor activities on the Intermediary’s account where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.

We’ll process the Intermediary’s Personal Data:

1. As necessary to perform our contract with the Intermediary for the relevant account or service:
   1. To take steps at the Intermediary’s request prior to entering into it;
   2. To decide whether to enter into it;
   3. To manage and perform that contract;
   4. To update our records; and
   5. To contact the Intermediary about the account and recovering debt.
2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
   
   1. For good governance, accounting, and managing and auditing our business operations;
   2. To search at credit reference agencies;
   3. To monitor emails, calls, other communications, and activities on the Intermediary’s account;
   4. For market research, analysis and developing statistics; and
   5. To send the Intermediary marketing communications relating to this.
   6. In order to comply with our Anti-Bribery and Corruption and regulatory responsibilities we will record any gifts and hospitality received or offered by you. This will include your name, organisation and costs of gifts and hospitality. We will hold this information on the Santander Gifts and Hospitality Register.
3. As necessary to comply with a legal obligation, e.g.:
   
   1. When the Intermediary exercises their rights under data protection law and makes requests;
   2. For compliance with legal and regulatory requirements and related disclosures;
   3. For establishment and defence of legal rights;
   4. For activities relating to the prevention, detection and investigation of crime;
   5. To verify the Intermediary’s identity, make credit, fraud prevention and anti-money laundering checks; and
   6. To monitor emails, calls, other communications, and activities on the Intermediary’s account.
4. Based on the Intermediary’s consent, e.g.:
   
   1. when the Intermediary requests us to disclose the Intermediary’s Personal Data to other people or organisations such as a company handling a claim on the Intermediary’s behalf, or otherwise agree to disclosures.
   2. To send the Intermediary marketing communications where we’ve asked for consent to do so.

The Intermediary is free at any time to change their mind and withdraw their consent. The consequence might be that we can’t do certain things for the Intermediary.

Subject to applicable data protection law we may share the Intermediary’s Personal Data with:

1. The Santander group of companies* and associated companies in which we have shareholdings;
2. Sub-contractors and other persons who help us provide our products and services;
3. Companies and other persons providing services to us;
4. Our legal and other professional advisers, including our auditors;
5. Fraud prevention agencies and credit reference agencies when the Intermediary registers with us and periodically during their relationship with us;
6. Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulation Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
7. Courts, to comply with legal requirements, and for the administration of justice;
8. In an emergency or to otherwise protect the Intermediary’s vital interests;
9. To protect the security or integrity of our business operations;
10. To other parties connected with the Intermediary e.g. other owners/partners/directors/ shareholders including administrators who may see intermediary transactions;
11. When we restructure or sell our business or its assets or have a merger or re-organisation;
12. Market research organisations who help to improve our products or services; and
13. Anyone else where we have the Intermediary’s consent or as required by law.

The Intermediary’s Personal Data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for Personal Data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. Further details can be found in the  Using my personal data booklet.

The Personal Data we’ve collected from the Intermediary at registration or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify the Intermediary’s identity. If fraud is detected, the Intermediary could be refused certain services, finance or employment in future. We may also search and use our internal records for these purposes. Further details on how the Intermediary’s Personal Data will be used by us and these fraud prevention agencies, and the Intermediary’s data protection rights, can be found in the Using my personal data booklet.

In order to process the Intermediary’s registration request, we’ll perform credit and identity checks on the Intermediary at the Intermediary’s home and/or business addresses with one or more credit reference agencies. To do this we’ll supply the Intermediary’s Personal Data to the credit reference agencies and they’ll give us information about the Intermediary. When we carry out a search at the credit reference agencies they’ll place a footprint on the Intermediary’s credit file. This search will not affect the intermediary’s ability to gain credit. We may also continue to exchange information about the Intermediary with credit reference agencies while they have a relationship with us. The credit reference agencies may in turn share the Intermediary’s personal information with other organisations. The Personal Data shared with the credit reference agencies will relate to the Intermediary and their business. Records remain on file for six years after they are closed, whether settled by the Intermediary or defaulted. A financial association link between joint applicants or between the Intermediary and any named business partner or individual will be created at the credit reference agencies. This will link the financial records and be taken into account in all future applications by any or all individuals with the financial association until either of them apply for a notice of disassociation with the credit reference agencies. The identities of the credit reference agencies, and the ways in which they use and share personal information is explained in more detail in the Using my personal data booklet, or via the Credit Reference Agency Information Notice (CRAIN) document which can be accessed via any of the following links:

• experian.co.uk/crain
• equifax.co.uk/crain
• transunion.co.uk/crain

If the Intermediary is a director we will seek confirmation from the credit reference agencies that the residential address that the Intermediary provides is the same as that shown on the restricted register of directors’ usual addresses at Companies House.

The following criteria are used to determine data retention periods for your personal data:

• Retention in case of queries. We'll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
• Retention in case of claims. We'll retain your personal data for as long as you might legally bring claims against us; and
• Retention in accordance with legal and regulatory requirements. We'll retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

The Intermediary’s rights are as follows (noting that these rights don’t apply in all circumstances):

1. The right to be informed about our processing of the Intermediary’s Personal Data;
2. The right to have the Intermediary’s Personal Data corrected if it’s inaccurate and to have incomplete Personal Data completed;
3. The right to object to processing of the Intermediary’s Personal Data;
4. The right to restrict processing of the Intermediary’s Personal Data;
5. The right to have the Intermediary’s Personal Data erased (the ‘right to be forgotten’);
6. The right to request access to the Intermediary’s Personal Data and information about how we process it;
7. The right to move, copy or transfer the Intermediary’s Personal Data (‘data portability’); and
8. Rights in relation to automated decision making including profiling.

The Intermediary has the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

For more details on all the above the Intermediary can contact our DPO or view the Using my personal data booklet.

The Intermediary’s Personal Data may be converted into statistical or aggregated data which can’t be used to identify the Intermediary, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.

For more information on the Santander group companies, please see the Using my personal data booklet.

Contact us

To help us improve our service we may record or monitor phone calls as explained in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests. View our call charges

Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

• collect information that will help us understand visitors' browsing habits on our website;
• compile statistical reports on website activity, e.g. number of visitors and the pages they visit; and
• temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website.

We use cookies for our legitimate interests (e.g. to help us improve our service). We’ll also ask the visitor's consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing the browsing history, read our cookie policy

We'll notify the Intermediary if there are any material changes to this Privacy Statement if required by applicable law or where we intend to process the Intermediary's personal data for a new purpose before we start that new processing activity.

This Privacy Statement is not designed to form a legally binding contract between Santander UK plc and users of our website.

Certain hypertext links in this website may lead users to websites which are not under the control of Santander UK plc. When they activate these, they may leave the santanderforintermediaries.co.uk website. These links are provided solely for the users convenience and do not represent any endorsement or recommendation by Santander UK plc.

We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.

Contact us, or write to our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN if there are any questions.

It's the Intermediary's responsibility to ensure that their computer is virus protected. We accept no responsibility for any loss they may suffer as a result of accessing and downloading information from this site.