We are Santander UK plc, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
This is our Privacy Statement which explains how we obtain, use and keep your personal data safe in relation to the Santander for Intermediaries website (santanderforintermediaries.co.uk).
Your personal data is data which by itself or with other data available to us can be used to identify you.
We're committed to keeping your personal information safe in accordance with applicable data protection laws.
The types of personal data we capture and use will depend on what you are doing on the website. We’ll use your personal data for some or all of the reasons set out in this Privacy Statement. If you become an intermediary we’ll also use it to manage the relationship with you. Examples of the personal data we use in relation to our website may include:
- Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers);
- Date of birth and/or age;
- Records of products and services you’ve obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
- Biometric data (e.g. fingerprints and voice recordings for TouchID and voice recognition);
- Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have;
- Education and employment details/employment status for credit and fraud prevention purposes; and
- Personal data about other named applicants. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Statement and any related Data Protection Statement with them beforehand together with details of what you’ve agreed on their behalf.
We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your query or service.
Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. We may also monitor activities on your account where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.
We’ll process your personal data:
1. As necessary to perform our contract with you for the relevant account, policy or service:
a) To take steps at your request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract;
d) To update our records; and
e) To trace your whereabouts to contact you about your account and recovering debt.
2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
a) For good governance, accounting, and managing and auditing our business operations;
b) To search at credit reference agencies if you’re over 18 and apply for credit;
c) To monitor emails, calls, other communications, and activities on your account;
d) For market research, analysis and developing statistics; and
e) To send you marketing communications including automated decision making relating to this.
3. As necessary to comply with a legal obligation, e.g.:
a) When you exercise your rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of crime;
e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
f) To monitor emails, calls, other communications, and activities on your account.
4. Based on your consent, e.g.:
a) When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
b) When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
c) To send you marketing communications where we’ve asked for your consent to do so.
You’re free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Subject to applicable data protection law we may share your personal data with:
- The Santander group of companies and associated companies in which we have shareholdings;
- Sub-contractors and other persons who help us provide our products and services;
- Companies and other persons providing services to us;
- Our legal and other professional advisors, including our auditors;
- Fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management;
- Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators, e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
- Courts, to comply with legal requirements, and for the administration of justice;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations;
- To other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions;
- When we restructure or sell our business or its assets or have a merger or re-organisation;
- Market research organisations who help to improve our products or services; and
- Anyone else where we have your consent or as required by law.
In some instances your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. More details can be found in our Using my personal data booklet.
The personal data we’ve collected from you at application or at any stage will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment in future. We may also search and use our internal records for these purposes. Further details on how your personal data will be used by us and these fraud prevention agencies, and the Intermediary’s data protection rights, can be found in the Using My Personal Data booklet.
In order to process your application to be an Intermediary, we’ll perform credit and identity checks on you at your home and business addresses with one or more credit reference agencies. To do this we’ll supply your personal data to the credit reference agencies and they’ll give us information about you.
When we carry out a search at the credit reference agencies they’ll place a footprint on your credit file. This search will not affect your ability to gain credit. We’ll also continue to exchange information about you with credit reference agencies while you have a relationship with us. The credit reference agencies may in turn share your personal information with other organisations. The personal data shared with the credit reference agencies will relate to you and your business. Details about your application (whether or not it’s successful) will be recorded and we’ll give your details, the business and its proprietors, and your accounts and how you manage them to credit reference agencies. Records remain on file for six years after they are closed, whether settled by you or defaulted.
A financial association link between joint applicants or between you and any named business partner or individual will be created at the credit reference agencies. This will link the financial records and be taken into account in all future applications by either or both of you until either of you apply for a notice of disassociation with the credit reference agencies.
The identities of the credit reference agencies, and the ways in which they use and share personal information is explained in more detail in the Using My Personal Data booklet, or via the Credit Reference Agency Information Notice (CRAIN) document which can be accessed via any of the following links:
If you are a director we will seek confirmation from the credit reference agencies that the residential address that you provide is the same as that shown on the restricted register of directors’ usual addresses at Companies House.
- collect information that will help us understand visitors' browsing habits on our website;
- compile statistical reports on website activity, e.g. number of visitors and the pages they visit; and
- temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website.
The following criteria are used to determine data retention periods for your personal data:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.
Your rights are as follows (noting that these rights don’t apply in all circumstances):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision making including profiling.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more details on all the above you can contact our DPO or view the Using My Personal Data booklet.
Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.
For more information on the Santander group companies, please see the Using My Personal Data booklet.
We’ll notify you if there are any material changes to this Privacy Statement if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.
This Privacy Statement is not designed to form a legally binding contract between Santander UK plc and users of our website.
Certain hypertext links in this website may lead you to websites which are not under the control of Santander UK plc. When you activate these, you may leave the santanderforintermediaries.co.uk website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Santander UK plc.
We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.
We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.
Contact us, or write to our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.