About the Melton

 

We’re the Melton, a group of companies that includes Melton Building Society. The Melton is the controller for the
personal information we use, unless otherwise stated. Wherever you see “we,” “us” or “our” it means the Melton.

Introduction

 

This Privacy Notice tells you what to expect us to do with your personal information when you use our products or services. It also outlines the steps we take to ensure that your personal data is protected and describes the rights you have in relation to the data we use.

Your right to privacy is very important to us. We take the security of your information seriously and have strict policies and processes in place to ensure it remains safe. This notice describes the way we collect information, how we use it and how we protect it.

If you have any questions about the information in this Privacy Notice, don’t hesitate to get in touch, we’ll be more than happy to help!

 

Our Data Protection Officer

 

If you have any questions about this notice, you can contact our Data Protection Officer:

 

By email

We would encourage you, if possible, to contact us by email to reduce the environmental impact, you can email us at DPO@mmbs.co.uk

 

By phone

Alternatively, you can call our Customer Service Centre on 01664 414141.

 

By post

Or you can write to us at:

Melton Building Society
Mutual House
Leicester Road
Melton Mowbray
Leicestershire
LE13 0DB

 

Personal information we collect from you

 

We collect your personal information when you:

• Apply for our products or services in branch, online or on the phone
• Update your information online, in branch or over the phone (such as when you change your address)
• Visit us in branch
• Speak to us on the phone
• Visit our website, use our online web chat services and any digital or mobile app we may offer now or in the future
• Send us letters, emails or other documents.

The types of personal information we collect from you are:

• Identity details which includes your full name, title, date of birth, age, unique personal identifier and account number
• Contact details which includes your home address, email address and phone number
• Financial data which includes your bank account number, credit/debit card number, earnings, income, expenditure, spending habits, transaction history, tax reference number and source of funds
• Personal information about your family which includes your marital status, next of kin, dependents and emergency contact details
• Profile data about you which includes your sex, occupation, employment status, citizenship status, residential status, property details, occupancy status and insurance information
• Identification data which includes your driving licence, passport, National Insurance number and other national identifiers
• How you interact with us which includes call recordings or any other form of communication.
• Technical data which includes internet protocol (IP) address, location data, operating system, time zone etc.

We also collect special categories of personal data which includes:

• Health data which includes any physical disability, mental disability, or any medical condition
• Criminal data which includes information about criminal convictions and offences, allegations (proven or unproven) and investigations, penalties and restrictions, County Courts Judgements, and insolvency details as well as information relating to the absence of convictions
• Sensitive data Information about your race or national or ethnic origin, religion or beliefs, sexual orientation, and political affiliations

It is important that the personal information we hold about you is accurate and up to date. Please keep us informed of any changes to your personal information, such as change of contact details etc.

 

Personal information we collect from others

 

Sometimes we work with carefully selected third parties and we may receive your personal information from them. The third parties include:

• Business partners
• Suppliers
• Sub-contractors
• Advertisers
• Referrers
• Public sources (such as the electoral register)
• Credit Reference Agencies (CRAs) are used to perform credit, identity and fraud prevention checks against public (electoral register) and shared credit information. For more information see the ‘Credit reference checks, fraud and money laundering’ section.

We may obtain personal information relating to you from other individuals as part of the application process for one of our products or services. This can include individuals who are:

• A joint applicant on an account you hold or are applying for
• A trustee on an account
• A parent
• A guardian
• A nominated representative
• Acting under a Power of Attorney or similar authority
• A mortgage broker or mortgage intermediary (such as Accord Mortgages) who are acting on your behalf.

If someone acting on your behalf provides this information, we’ll record what’s been provided and who gave it to us. When you provide personal information about another individual, we’ll assume that you have told them that you are sharing their details and where they can find more information on how we process their personal information. We also collect information from public sources as part of our investigations and due diligence checks.

 

Purposes of the processing

 

We must have a lawful basis to collect, use, share and keep your personal data. The different lawful bases we use and how these affect you, include:

 

Legal obligation

At times we are required by law to collect, use, share or hold personal data. As we operate in a regulated industry, we must comply with the laws and regulations set by government bodies and our regulators. Our regulators include the Financial Conduct Authority, Prudential Regulation Authority, and the Information Commissioner’s Office.

 

Contract

This is where you choose to enter into an agreement with us or make an enquiry with the intention of entering into an agreement. It includes the collection, use and sharing of personal data necessary for the opening and ongoing administration of your accounts, products and services.

 

Legitimate interest

This is where it is necessary to collect, use, hold or share personal data to pursue a legitimate aim that does not unduly affect you or cause you undue detriment, damage, or distress.

You have a right to challenge our legitimate interest, see the section ‘Your data subject rights and how to exercise them’ in this notice for further details.

 

Consent

This is where we ask for your consent to carry out certain activities such as marketing. You may withdraw or provide your consent at any time.

 

Explicit consent

This may be relied upon regarding sensitive (special category) data.

 

Vital interest

This is applied in very limited circumstances where we feel you or another individual may be at serious risk, for example, life or death circumstances and no other lawful basis can be applied.

 

Public interest

This may be relied on in the exercise of official authority or to perform a specific task in the public interest that is set out in law.

We’ll only ask for special category personal data when we absolutely need to and use it in limited circumstances.

 

Sharing your personal information

 

We may share your information where it’s lawful to do so. This includes sharing your information with:

• Companies within the Melton group and any sub-contractors, agents or service providers who work for us or provide services to us (including their employees, sub-contractors, service providers, directors, and officers)
• Business partners or agents who support us to deliver our products and services to you, or that we refer you to, or that refer you to us
• Any joint account holders, trustees, beneficiaries, or executors
• Anyone who provides instructions or operates any of your accounts on your behalf, for example, Power of Attorney, solicitors, intermediaries, brokers etc
• Third parties where you have asked us to share your information
• Third parties where it’s necessary to enter into or necessary for the performance of a contract
• People who give guarantees or other security for any amounts you owe us
• People you make payments to and receive payments from
• Other financial institutions, lenders, and holders of security over any property you charge to us, tax authorities, trade associations, payment service providers and debt recovery agents
• Any people or companies in connection with potential or actual corporate restructuring, merger, acquisition, or takeover, including any transfer or potential transfer of any of our rights or duties under our agreement with you
• Organisations that help us to run our Annual General Meeting (AGM)
• Organisations providing essential services to support us in managing our relationship with you and operating our business
• Credit reference agencies (see the ‘Credit reference checks, fraud and money laundering’ section, below)
• Third-party organisations that conduct research, analysis, and marketing activities on our behalf
• Law enforcement agencies, government, courts, dispute resolution bodies, our regulators, auditors, and any party appointed or asked for by our regulators to carry out investigations or audits of our activities
• Fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to confirm your identity
• If our relationship is because of an insurance policy we’ll also share your information with other parties involved in providing your insurance policy, for example, the insurer who provides your cover/policy
• The emergency services in exceptional circumstances when we believe it’s in your interests, such as in the case of accident or emergency

When selecting our business partners, we take appropriate steps to make sure that they have adequate protection in place and that they follow data protection legislation.

There are times when we engage third parties which involves them using data on our behalf. We refer to these third parties as processors. When this happens, we ensure that this is done in a way that meets legal requirements and that there is a written contract in place so that both parties understand their responsibilities and liabilities.

Marketing

 

We use marketing to let you know about products, services, and offers that you may want. This section tells you when we can use your personal information for marketing, how we decide what marketing to send you, how we send you marketing and your marketing choices.

 

When we can use your personal information for marketing

We can only use your personal information to send you marketing messages if we have either your consent or a ‘legitimate interest.’ That is when we have a business or commercial reason to use your personal information and it does not conflict unfairly with your own interests

 

How we decide what marketing may Interest you

The personal information we have for you is made up of what you tell us, and data we collect when you use our services, or from outside organisations we work with. From this information we consider what you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

 

How we send you marketing

We may show or send you marketing material online (on our own website and others including social media), in our own and other apps, by email, mobile phone, post, smart devices and other digital channels. You can also tell us not to collect data while you are using our websites or mobile apps. If you do, you may still see some marketing, but it may not be tailored or targeted to you. See our Cookies Policy for details about how we use this data to improve our websites and mobile apps.

 

Your marketing choices

You can tell us to stop sending you marketing at any time. Whatever you choose, we’ll still send you statements and other important information relating to your existing products and services. If you change your mind, you can contact us to update your choices at any time.

We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We’ll also ask you to do this if there are changes in the law, regulation, or the structure of our business.

 

WE DO NOT SELL THE PERSONAL INFORMATION WE HAVE ABOUT YOU TO OUTSIDE ORGANISATIONS.

 

Credit reference checks, fraud and money laundering

 

Credit reference and identity checks

If you apply for new products or services, we may carry out credit and identity checks on you with one or more of our trusted partner credit reference agencies (CRAs) and digital identity and screening providers. When you use our banking services, we may also make periodic searches to manage your account with us. To do this, we will supply your personal information to the trusted partners, and they will give us details about you. They will supply us with both public (including the electoral register) and shared credit information, financial situation, history, and fraud prevention information. We may use this information to:

• Assess whether you can afford the product you applied for
• Verify the accuracy of the data you’ve given us
• Prevent criminal activity, fraud, and money laundering
• Manage your account(s)
• Trace and recover debts
• Ensure any offers provided to you are appropriate to your circumstances
• Personalise and improve our products and services
• Make statistical reports for business purposes

Whilst you have a relationship with us, we will continue to exchange information about you with our trusted partners. We will also inform the CRAs about your repayment history. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search request from us they will place a marker on your credit file that may be seen by other lenders.

If you’re making a joint application or tell us that you have a spouse or financial associate, we’ll link your records together. You should discuss this with them and share this information with them before submitting the application.

The identities of the CRAs, digital identity and screening providers, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on their websites.

 

Credit reference agencies

 

CRAs have created a joint document called the Credit Reference Agency Information Notice (CRAIN) which is available from each of the three CRAs – going to any of these three links will take you to the same CRAIN document:

 

 

Identity verification and screening providers

 

Our identity verification and screening partners are listed here. More information may be obtained from their websites:

 

Consequences of using information in this way

 

If we, or a fraud prevention agency, have reason to believe there’s a fraud or money laundering risk, we may refuse to provide the services and credit you’ve requested. We may also stop providing existing products and services to you. A record of any fraud or money laundering risk will be kept by the fraud prevention agencies. This may also be used to enhance fraud detection models and may also result in others refusing to provide services to you. The information we hold about you could make it easier or harder for you to get credit in the future.

Fraud prevention agencies

 

We’ll carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering, and to confirm your identity before we provide products and services to you.

We, and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

To find out more about our fraud prevention agencies and how they manage your information, visit www.synecticssolutions.com/privacy

 

Confirmation of Payee (CoP)

 

When you set up a new payment, we use CoP to check that the account details and name match. If you have an account with us, we’ll do this automatically.

Opting out of Confirmation of Payee

You can’t opt out of CoP when you’re making a payment to someone else, but you can ask to stop your details being checked when other people try to pay you. They’ll see a message saying that your details can’t be confirmed. We use CoP to help you make sure your payment isn’t sent to the wrong account by mistake. It also helps us to protect you from fraud. If you’d still like to opt out, you can call our Customer Service Centre on 01664 414141. Please note that not all accounts can opt-out.

Opting back into Confirmation of Payee

If you’ve previously asked for your details not to be checked when someone pays you, you can decide to opt back in. To opt back in, you can call our Customer Service Centre on 01664 414141.

Transfer outside the UK and EEA

 

Certain suppliers, applications, and systems that we use to support the provisions of our services rely upon transfers of data outside the United Kingdom (UK), European Economic Area (EEA).

When we use third party systems, application support and cloud-based providers that are either based outside of or send or access data outside of the UK or EEA, we will, where necessary, impose contractual obligations on the recipients to help safeguard your rights in respect of your data.

Whenever fraud prevention agencies transfer your personal data outside of the UK or EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK or EEA as applicable dependent upon their location. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

If you would like more information on this, please feel free to contact us by using the details provided in this notice.

 

Keeping your personal information

 

We keep personal information for as long as it is required by us:

• For the purposes described in ‘How we use personal information’ section above
• To meet our legal or regulatory obligations
• For the exercise and/or defence of any legal claims

When determining retention periods, we consider the following:

• The maximum or minimum retention periods identified by the law or regulatory guidance
• Our contractual rights and obligations
• Customer expectations, the nature of your relationship with us, your membership status and the types of accounts, products and services you have with us
• Current or future operational requirements
• Forensic requirements, for example, the potential need to access data no longer actively used in order to manage or respond to complaints and disputes
• The risks involved in retention, deletion and removal
• The cost of maintaining, storing, archiving and retrieving data
• The capability or restraints of our systems and technology

Profiling

There may be some circumstances where we use your personal information for profiling (processing of personal information to evaluate certain things about you). For example, to ensure that we’re providing a consistent service and giving people the best products and advice at the right times.

We’ll always make sure the way we process your information is safe and not unfair to you. Where possible, we’ll keep your details anonymous and use your information only to produce statistical reports. This way, you will not be identifiable from the data.

You have the right to object to us using your personal information for profiling activities. Please refer to the ‘Your data subject rights and how to exercise them’ section below for more information.

 

Automated decision making

 

There may be circumstances where we use automated decision making using your personal information. Automated processing means a decision making process that is automated and excludes any human influence on the outcome.

If we are carrying out solely automated decision making that has legal or similarly significant effects on you, we can only carry out this type of decision making where the decision is:

• Necessary for us to enter into a contract. For example, we may decide not to offer our services to you based on your credit history and other financial information we have collected about you
• Required or authorised by law (for example, to prevent financial crime)
• Based on your explicit consent

Examples of automated decision making include:

Credit and affordability assessments

We will consider several factors, including information about your income, your outgoings and how well you have kept up on payments in the past. This will be used to work out the amount we could lend you and you could comfortably afford to pay back.

Protecting you and your account against criminal or fraudulent activity

We will assess your transactions to identify any that are unusual. This may stop us from making a payment that is potentially fraudulent.

Protecting us against criminal or fraudulent activity

We will assess several factors such as whether you have provided false information in the past, where you might be at the time and other information about your credit history to decide whether you are a fraud or financial-crime risk (for example, whether offering services to you may break or not be in line with our legal obligations).

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services you have requested, to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us.

You have certain rights over your personal information when using automated decision making. If you would like more information on this, please see the ‘Your data subject rights and how to exercise them’ section below.

 

Your data subject rights and how to exercise them

 

You have rights relating to the personal information we hold about you, however, they may be subject to various exceptions and limitations.

You can request to exercise your rights at any time by contacting us using the details in this Privacy Notice.

Right to be informed

We are obliged to provide clear and transparent information about our processing activities of your personal information.

Right to request access to your personal information (commonly known as a “Data Subject Access Request”)

You have the right to understand what personal information we hold about you and why.

Right to request correction of the personal information

If you believe that we hold inaccurate or incomplete personal information, you have the right to request us to rectify or correct your personal information

Right to request erasure of your personal information

You may ask us to delete or remove personal information where there is no good reason for us to continue to process it. Please note, that we may not always be able to comply with your request of erasure for specific legal reasons.

Right to request restriction of processing of your personal information

You may ask us to stop processing your personal information. We will still hold the data but will not process it any further. You may exercise the right to restrict processing when one of the following conditions applies:

• The accuracy of the personal information is contested
• Processing of the personal information is unlawful
• We no longer need the personal information for processing, but the personal information is required for part of a legal process
• The right to object has been exercised and processing is restricted pending a decision on the status of the processing

Right to data portability

You may request your personal information be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means, and if the processing is based on the fulfilment of a contractual obligation.

Right to withdraw consent

You may withdraw consent at any time if we are relying on your consent to process your personal information. This won’t affect any processing already carried out before you withdraw your consent or processing under other grounds.

Right to Object

You have the right to object to our processing of your personal information where:

• Processing is based on legitimate interest
• Processing is for the purpose of direct marketing

We may need specific information from you to help us confirm your identity before we can review your request

Data protection complaints

 

If you have any questions or you are unhappy about this notice, how we use your information or any of your rights, you can contact our Data Protection Officer.

By email

We would encourage you, if possible, to contact us by email to reduce the environmental impact, you can email us at DPO@mmbs.co.uk

By phone

Alternatively, you can call our Customer Service Centre on 01664 414141.

By post

Or you can write to us at:

Melton Building Society
Mutual House
Leicester Road
Melton Mowbray
Leicestershire
LE13 0DB

If you’re not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office. See www.ico.org.uk for details.

Changes to this notice

 

We keep this notice under regular review and may change it from time to time. When we make changes, the date at the bottom of this notice will be updated accordingly. Any modification or amendment to this notice will be applied as of that revision date. We encourage you to check this from time to time for any updates or changes.

In some cases, we may provide additional notice (like adding a banner/statement to our homepage, sending you a notification by e-mail or through signposting in our branches).

 

• Privacy Notice

 

Last Updated: October 2024