In order to provide our services, there will be times when we will share your data. These include:
Sharing with other parts of Aldermore Bank
We may disclose your personal data to any member of the Aldermore Bank Group which means the Aldermore Group PLC standalone entity and its subsidiary undertakings, including its principal subsidiary, Aldermore Bank PLC.
Sharing with our contracted third-party suppliers
We may share your personal data with companies whom we have contracts in place for the supply of goods and services as part of providing service to our customers, such as our mailing house and website suppliers.
We may also disclose your personal data to our appointed representatives in connection with a contracted transaction between you and us. This includes solicitors, surveyors, valuers, insurers, loss adjusters and any party described in the terms and conditions of the individual products you hold with us. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data. If any service provider is based outside of the European Economic Area, we will ensure that the provider is either a current subscriber to the EU/US Privacy Shield, or we have an appropriate contract for the international transfer of personal data with them.
We may share your personal information with these organisations:
- Agents and advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business
- HM Revenue & Customs, regulators and other authorities
- UK Financial Services Compensation Scheme
- Credit Reference Agencies
- Fraud Prevention Agencies
- Any party linked with you or your business’s product or service
- Companies we have a joint venture or agreement to co-operate with
- Organisations that introduce you to us
- Companies that we introduce you to
- Market researchers
- Price comparison websites and similar companies that offer ways to research and apply for financial products and services
- Companies you ask us to share your data with
We may need to share your personal information with other organisations to provide you with the product or service you have chosen:
- If you use direct debits, we will share your data with the Direct Debit scheme
- If you have a secured loan or mortgage with us, we may share information with other lenders who also hold a charge on the property
Sharing where we are obliged under a legal obligation
We will disclose your personal data in order to comply with any legal regulations or good governance obligations, or to enforce or to protect our rights, property, or safety, or that of our customers or other persons with whom we have a business relationship. This includes exchanging information (which may include information relating to debts which are owed to you, and the related debtors) with other companies and organisations for the purposes of fraud protection, credit insurance and credit risk reduction.
Sharing information with Credit Reference Agencies
To process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (“CRAs”). Where you take products or services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product
- Verify the accuracy of the data you have provided to us
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Trace and recover debts and
- Ensure any offers provided to you are appropriate to your circumstances
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as Fraud Prevention Agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.com/privacy/
The CRAs also collect and use personal data for marketing and data profiling activities, to create data modelling tools. These tools are used to model customer behaviour to support marketing, research, brand and product communication campaigns.
You can find out more about how CRAs use your data and how you can opt out at www.experian.co.uk/privacy/consumer-information-portal/
TransUnion shall process such personal data in accordance with the notice displayed on the TransUnion website, at https://www.transunion.co.uk/legal/privacy-centre or such URL as is notified to the Client from time to time. The Client agrees to make the notice available to the Client Users in an appropriate manner so they are aware of TransUnion’s processing of such data.
Sharing information with Fraud Prevention Agencies (FPAs)
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
What we process and share
The personal data you have provided, we have collected from you, or we have received from third parties may include your:
- date of birth
- residential address and address history
- contact details such as email address and telephone numbers
- financial information
- employment details
- identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
- vehicle details
When we and Fraud Prevention Agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We, and Fraud Prevention Agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true
You have rights in relation to automated decision making: if you want to know more please contact us by any of the means listed in the Contact us section of our website.
Sharing under change of business ownership
In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Aldermore or substantially all of its assets are acquired by a third party, the personal data we hold about our customers will be one of the transferred assets.