What we do with the data | Ulster Bank Republic of Ireland

The purposes for which your information may be used

We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other RBS companies.  We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail  below:

This guide contains
the following sections:

Overview
Information we hold
What we do with the data
Sharing data outside Ulster Bank
Your rights

Contractual necessity

We may process your information where it is necessary to enter into a contract with you for the provision of our products or services or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:
 

(a)    assess and process applications for products or services;

(b)    provide and administer those products and services throughout your relationship with us, including opening, setting up or closing your accounts or products, collecting and issuing all necessary documentation, executing your instructions, processing transactions, including transferring money between accounts, making payments to third parties, resolving any queries or discrepancies and administering any changes. Calls to our service centre and communications to our mobile and online helplines may be recorded and monitored for these purposes.

(c)    manage and maintain our relationships with you and for ongoing customer service. This may involve sharing your information with other RBS companies to improve the availability of our services, for example enabling customers to visit branches of other RBS companies;

(d)    administer any credit facilities or debts, including agreeing repayment options; and

(e)
    communicate with you about your account(s) or the products and services you receive from us.

Legal obligation

When you apply for a product or service (and throughout your relationship with us), we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to operate your account and/or provide products and services to you. This may include processing to:

a) 
  confirm your identity, including using biometric information and voice-recognition technology and other identification procedures, for example fingerprint verification;

b)    validate your Personal Public Service Number (PPSN) and Tax Reference Number (TRN);

c)
    perform checks and monitor transactions and location data for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies;

d)    assess affordability and suitability of credit for initial credit applications and throughout the duration of the relationship, including analysing customer credit data for regulatory reporting;

e)    share data with other banks and third parties to help recover funds that have entered your account as a result of a misdirected payment by such a third party;

f)    share data with police, law enforcement, tax authorities or other government and fraud prevention agencies where we have a legal obligation, including reporting suspicious activity and complying with production and court orders;

g)    deliver mandatory communications to customers or communicating updates to product and service  terms and conditions;

h)    investigate and resolve complaints;

i)    conduct investigations into breaches of conduct and corporate policies by our employees;

j)    manage contentious regulatory matters, investigations and litigation;

k)    perform assessments and analyse customer data for the purposes of managing, improving and fixing data quality;

l)    provide assurance that we have effective processes to identify, manage, monitor and report the risks it is or might be exposed to;

m)    investigate and report on incidents or emergencies on the bank’s properties and premises; and

n)    coordinate responses  to business disrupting incidents and to ensure facilities, systems and people are available to continue providing services.

Legitimate interests of the bank

We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
 

a)    We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. This may include processing your information to:


(i)
    monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services;

(ii)    ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies;

(iii)    ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data;

(iv)    provide assurance on the bank's material risks and reporting to internal management and supervisory authorities on whether the bank is managing them effectively;

(v)    perform general, financial and regulatory accounting and reporting;

(vi)    protect our legal rights and interests;

(vii)    manage and monitor our properties and branches (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training; and

(viii)    enable a sale, reorganisation, transfer, financial arrangement, sub participation, asset disposal, including, without limitation loan portfolio sales, securitisations or other transaction relating to our business and/or assets held by our business where information may be shared with any relevant third party.



 

b)    It is in our interest as a business to ensure that we provide you with the most appropriate products and services and that we continually develop and improve as an organisation. This may require processing your information to enable us to:

(i)    identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you;

(ii)    send you relevant marketing information (including details of other products or services provided by us or other RBS companies which we believe may be of interest to you);

(iii)    understand our customers’ actions, behaviour, preferences, expectations, feedback and financial history in order to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by RBS companies;

(iv)    monitor the performance and effectiveness of products and services;

(v)    assess the quality of our customer services and to provide staff training. Calls to our service centres and communications to our mobile and online helplines may be recorded and monitored for these purposes;

(vi)    perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers;

(vii)    compensate customers for loss, inconvenience or distress as a result of services, process or regulatory failures;


(viii)    identify our customers’ use of third party products and services in order to facilitate the uses of customer information detailed above; and


(ix)    combine your information with third party data, such as economic data in order to understand customers’ needs better and improve our services.


We may perform data analysis, data matching and profiling to support decision making with regards to the activities mentioned above. It may also involve sharing information with third parties who provide a service to us.



c) 
  It is in our interest as a business to manage our risk and to determine what products and services we can offer and the terms of those products and services. It is also in our interest to protect our business by preventing financial crime. This may include processing your information to:

(i)    carry out financial, credit and insurance risk assessments;

(ii)    manage and take decisions about your accounts;


(iii)    carry out checks (in addition to statutory requirements) on customers and potential customers, business partners and associated persons, including performing adverse media checks, screening against external databases and sanctions lists and establishing connections to politically exposed persons;


(iv)    share data with the Central Credit Register, credit reference, fraud prevention agencies and law enforcement agencies;


(v)    trace debtors and recovering outstanding debt;


(vi)    for risk reporting and risk management.

 

Application decisions may be taken based on solely automated checks of information from the Central Credit Register, credit reference agencies and internal RBS records. For more information on how we access and use information from the Central Credit Register, credit reference and fraud prevention agencies see Section 11 Central Credit Register, credit reference and fraud prevention agencies in this document.

Add your signposting title here… Changes to the way we use your information

From time to time we may change the way we use your information.  Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made.  However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide certain products and services to you.

Add your signposting title here… How we use and share your information within RBS

We will only use and share your information within RBS where it is necessary for us to lawfully carry out our business activities. We want to be sure that you understand how your information may be used by us – for more information download our full Privacy Notice document

Add your signposting title here… Security

We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf.  For more information about the steps we are taking to protect your information, visit Security Centre today.

Set Tab for lightbox