• Personal and business data

    How your personal information is used by Lloyds Banking Group companies.  

    Last updated June 2016

    Looking after your information  

    The Data Protection Act does not generally apply to companies but it does cover personal information relating to sole traders, partnerships and key account parties. Key account parties means individuals who are sole traders, proprietors, partners, directors, members, beneficial owners, trustees or other controlling officials of the business or organisation including signatories to the account. The Data Protection Act requires Lloyds Banking Group companies and associated companies to manage personal information in accordance with the Data Protection Principles. In particular, our Group of companies is required to process your personal information fairly and lawfully. This means that you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide the product or service that you require. All our employees are personally responsible for maintaining customer confidentiality. We provide training and education to all employees to remind them about their obligations. In addition, our policies and procedures are regularly audited and reviewed.

    Who we are  

    When your business applies for products provided by us, or banks with us, we may acquire personal information about you. Your personal information will be held by Bank of Scotland plc which is part of the Lloyds Banking Group.

    Our Group  

    More information on the Group can be found at http://www.lloydsbankinggroup.com/our-group/ - For these purposes "associated companies" includes any subsidiary, affiliate or other firm directly or indirectly controlled from time to time by either Lloyds Banking Group plc or us.

    Where we obtain your information  

    Your personal information will be held securely in Lloyds Banking Group systems and archives so that we and any other companies in our Group that you have dealings with, either now or in the future, can manage your relationship with us. This will include information you provide when you apply to us, and any additional information provided by you or others in various ways, including:

    (a) in applications, emails and letters, during telephone calls, at face to face meetings, and conversations in branch, when registering for services, in customer surveys, when you participate in competitions and promotions, when using Lloyds Banking Group company websites, and during financial reviews and interviews, and at events you may attend.
    (b) from analysis (for example, the amount frequency, location, origin, and recipient) of your businesses payments and other transactions, and your use of services involving other Lloyds Banking Group companies and what they know from operating your account (including the creation of profiles used to uniquely identify you when you use our online, mobile and telephony services) which are used to help us combat fraud and other illegal activity; and
    (c) information Lloyds Banking Group companies receive from each other, from our business partners, or through other organisations (for example card associations, credit reference agencies, insurance companies, retailers, comparison websites, social networks, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise, and from information we gather from your use of and interaction with our internet and mobile banking services and the devices you use to access them.

    We will not retain your personal information for longer than is necessary for the maintenance of your account, or for legal or regulatory requirements.

    How we share your information  

    We may share the personal information we hold about you across the Lloyds Banking Group and our agents for the following administrative activities: (a) providing you or your business with products and services and notifying you about either important changes or developments to the features and operation of those products and services; (b) responding to your enquiries and complaints; (c) administering offers, competitions, and promotions; (d) undertaking financial reviews; (e) facilitating the secure access to online platforms; and also for the following data sharing activities: (f) updating, consolidating, and improving the accuracy of our records; (g) undertaking transactional analysis; (h) arrears and debt recovery activities; (i) testing new systems and checking upgrades to existing systems; (j) crime detection, prevention, and prosecution; (k) evaluating the effectiveness of marketing, and for market research and training; (l) customer modelling, statistical and trend analysis, with the aim of developing and improving products and services; (m) assessing lending and insurance risks across the Lloyds Banking Group; (n) managing your relationship with Lloyds Banking Group companies. By sharing this information it enables us, and other companies in the Lloyds Banking Group, to better understand you and your businesses' needs and run your accounts in the efficient way that you expect. Your personal information may also be used for other purposes for which you give your specific permission, or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998.

    When we may share your information  

    We will treat your personal information as private and confidential, but may share it with each other and disclose it outside the Lloyds Banking Group if: (a) allowed by this Privacy Notice or any other agreement between us; (b) you consent; (c) if needed by our agents, advisers or others involved in running accounts and services for you and your business or collecting what you or your business owe Group companies; (d) needed by subcontractors to help us manage your records; (e) HM Revenue & Customs or other authorities require it; (f) the law, regulatory bodies (including for research purposes), or the public interest permits or requires it; (g) required by us or others to investigate or prevent crime; (h) needed by market research companies to assist us in improving our products and services; (i) to any other parties connected with your account (including guarantors); (j) required as part of our duty to protect your accounts; or (k) you use price comparison websites or other similar services to research or purchase financial products and services. These providers will use information about you and your relationship with us to help ensure you get the best results from their services, enabling you to make an informed choice. We will always ensure your personal information remains safe and secure.

    Sharing your information with other companies  

    If you were 'introduced' to us by a third party we will give them your contact details and sufficient information about you to help with their accounting and administration. Introducers may use these details to contact you about products and services unless you have asked them not to do so.

    Using your information to help prevent terrorism and crime  

    The Government also requires us to screen applications that are made to us to ensure we are complying with the international fight against terrorism and other criminal activities. As a result of this we may need to disclose information to government bodies.

    Sharing your information to assist with asset buying or selling  

    Lloyds Banking Group companies may in the future wish to sell, transfer or merge part or all of their business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it. If so, and unless otherwise agreed between us, they may disclose your personal information to a potential buyer, transferee, or merger partner or seller and their advisers so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the buyers, transferee or merger partner may use or disclose your personal information in the same way as set out in this notice.

    Sharing your personal information with credit and debit card providers  

    If you hold a credit, debit, charge or pre-payment card with us, we will share transaction details with our scheme providers (e.g. Visa or Mastercard).

    Sharing personal information between joint applicants  

    When you open a business account or take a business product with Lloyds Banking Group, this may mean that your personal information will be shared with the other people connected to that business. For example, transactions made by you may be seen by other people connected with your account in the business.

    How we manage sensitive personal information  

    The Data Protection Act defines certain information as 'sensitive' (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal proceedings and offences). In certain limited circumstances we may record and use 'sensitive' information about you. We will only do so if it is required to allow us to manage your accounts or meet any legal or regulatory requirements. As a customer, there may be times when you give us sensitive information. We may share it with other parts of the Group and our subcontractors to keep your records up to date.

    How we manage information collected on credit and Debit card statements  

    Some transactions that you or other card holders make on your businesses' card account may cause sensitive or confidential details to appear on your statement. By using your card to make such transactions you give us your consent to process this information.

    Using companies to process your information outside the EEA  

    All countries in the European Economic Area (EEA), which includes the UK, have similar standards of legal protection for your personal information. We may run your accounts and provide other services from centres outside the EEA (such as the USA and India) that do not have a similar standard of data protection laws to the UK. If so, we will require your personal information to be protected to at least UK standards. We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation if, for example, you make a CHAPS payment or a foreign payment. Those external organisations may process and store your personal information abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. If these are based outside the EEA, your personal information may not be protected to standards similar to those in the UK.

    Using credit scoring  

    When you apply for credit, an automated system known as credit scoring may be used when considering whether to agree the borrowing. It is a method of assessing your likely conduct of an account based on a range of data, including the conduct of previous similar accounts. It is a system widely used by credit providers to help make fair and informed decisions on lending. Credit scoring takes account of information from three sources - the information you provide on your application, information provided by credit reference agencies and information that may already be held about you by companies in the Lloyds Banking Group. A credit scoring system will consider information from these sources, to make an overall assessment of your application. The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased. Using a credit scoring system helps Lloyds Banking Group companies to lend responsibly. If you submit an application and it is declined through this automated process, you can contact us within 21 days to have the decision reconsidered. You also have the right to ask that the decision is not made based solely using a credit scoring system.

    How we use Credit Reference Agencies  

    Credit Reference Agencies (CRAs) collect and maintain information about consumers' and businesses' credit behaviour. This includes the Electoral Register, fraud prevention, and credit information - including details of previous applications and the conduct of your accounts and public information such as County Court Judgements, decrees, and bankruptcies.

    The information that Lloyds Banking Group companies and other organisations provide to credit reference agencies about you, your financial associates and your business (if you have one) may be provided to other organisations and used by them and us to:

    1. help make decisions, for example when:
      1. checking details on applications for credit and credit-related or other facilities;
      2. managing credit and credit-related accounts or facilities;
      3. recovering debt;
      4. checking details on proposals and claims for all types of insurance;
      5. checking details of job applicants and employees;
    2. detect and prevent crime, fraud and money laundering.
    3. check your credit history;
    4. verify your identity if you, or someone financially linked with you, applies for services;
    5. trace your whereabouts;
    6. undertake research, statistical analysis and systems testing; and
    7. if the business does not repay its borrowing with us as agreed and we make demand for payment which is not met with satisfactory proposals, we may notify credit reference agencies who will record the outstanding debt. If we intend to do this we will give the business at least 28 days notice. If you are personally liable for debts of the business this could affect you.

    How we use Credit Reference Agencies  

    If a Lloyds Banking Group company needs to make a credit decision when you apply for a credit-based product or service (e.g. mortgage, personal loan, credit card, or current account) or to review the amount of credit it provides under an existing agreement, such as an overdraft, your records will be searched, along with those of anyone who is financially associated with you such as your spouse or partner. The CRA will keep a record of this search and place a "footprint" on your credit file, whether or not the application proceeds.

    We may give details of your account and how you conduct it to credit reference agencies, including if you borrow and do not repay in full and on time. If you fall behind with your payments and a full payment or satisfactory proposals are not received within 28 days of a formal demand being issued, then a default notice may be recorded with the CRAs. Similar information may also be given about your other lending/credit relationships with members of the group. Any records shared with CRAs will remain on file for 6 years after your account is closed, whether it has been settled by you or as a result of a default. Other organisations may see these searches and updates if you apply for credit in the future, and these may affect your ability to borrow from other lenders.

    If you apply for or hold an account in joint names, or tell us that you have a spouse or financial associate, a financial association will be created between your records, including any previous and subsequent names used by you. This means that your financial affairs may be treated as affecting each other. These links will remain on your and their files until such time as you or your partner is successful in applying for a disassociation with the CRAs to break that link. You must be sure that you have their agreement to disclose information about them. Searches may be made on all joint applicants, and search footprints will be left on all applicants' records.

    You have a right to apply to the credit reference agencies for a copy of your file.

    We carry out most of our credit searches using Experian, but details of how you have run your account(s) may be disclosed to all the credit reference agencies. The information they hold may not be the same and there is a small fee that you may need to pay to each agency that you apply to.

    Further information on how you can do this can be found at the following websites:
    Experian: www.experian.co.uk
    Equifax plc: www.equifax.co.uk
    Call Credit: www.callcredit.co.uk  

    Using Fraud Prevention Agencies  

    We have systems that protect our customers and ourselves against fraud and other crime. Customer information can be used to prevent crime and trace those responsible. We will share your personal information with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

    • Checking details on applications for credit and credit related or other facilities.
    • Managing credit and credit related accounts or facilities.
    • Recovering debt.
    • Checking details on proposals and claims for all types of insurance.
    • Checking details of job applicants and employees.

    Please contact 0345 603 7824 if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

    How we check your identity  

    We may ask you to provide physical forms of identity verification when you open your account. Alternatively, we may search credit reference agency files in assessing your application. Credit Reference Agencies also give us other details and information from the Electoral Register to verify your identity. The agency keeps a record of our search, whether or not your application proceeds. Our search is not seen or used by lenders to assess your ability to obtain credit.

    Credit searching Directors and Key account parties  

    The Data Protection Act does not generally apply to companies but it does cover personal information relating to sole traders and partnerships. When we receive an application from a business we may perform a search with a credit reference agency on the individual company directors and key account parties.

    Undertaking Anti-Money Laundering checks  

    To comply with money laundering regulations, there are times when we need to confirm (or reconfirm) the name and address of our customers including directors and key account parties. This information may be shared with other group companies. For more information about identity checks, please refer to proving your identity.

    Using your details for service contact  

    Making sure we deliver excellent customer service is very important to us and to do this various methods of communication may be used when sending you information about your account. Most of the time you will be contacted by letter or telephone, but you may also be sent updates by text message, email, through our websites or by social media when it is believed to be appropriate. You can ask us to stop sending these messages at any time. Additionally, in extraordinary circumstances (such as natural disaster or civil unrest) we may also send you updates by text message or email. If we decide to use email to contact you, we will only do this if we have ensured that using email will not put your information at risk, or, if you have requested we email you, that we have explained the risks of sending an "insecure" email and that you are happy to accept that risk. In addition you may wish to choose a channel of communication that suits you when you need to contact us. If you need to email a Lloyds Banking Group company, we recommend you check their website to see if a secure email facility exists so that your email can be sent securely. If you send us emails in other ways, such as from your personal account, then remember that the message may not be secure and there is a risk that it could be intercepted. If you choose to send an "insecure" email, please keep the amount of confidential information you include to a minimum.

    Recording phone calls  

    We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.

    Using information on social networking sites  

    As part of our ongoing commitment to understanding our customers better, we may research comments and opinions made public on social networking sites such as Twitter, Facebook and Linked In.

    Obtaining a copy of your information  

    Under the Data Protection Act you have the right of access to your personal information. The Act allows us to charge a fee of £10 for this service. If anything is inaccurate or incorrect, please let us know and we will correct it.

    To request a copy of your personal information please write to:
    Commercial Data Privacy,
    Lloyds Banking Group,
    1st Floor East,
    Tower House,
    Charterhall Drive,
    CH88 3AN.

    Using your personal information to contact you about products and services  

    Lloyds Banking Group companies will use your personal information so we can provide you with product details and offers that are more relevant to you. This may include products and services from companies outside of our Group if we believe they may be of interest to you or benefit you financially. This contact may continue after your relationship with us ends.

    We might contact you by mail, telephone, email, or text message unless you have asked us not to. We may also display personalised messages when you use our internet banking service or mobile app. You can change your preferences at any time by calling us, writing to us, contacting your local branch or by updating them online.

    Using Cookies  

    In general, you can visit Lloyds Banking Group websites without identifying who you are or revealing any information about yourself. However, cookies are used to store small amounts of information on your computer, which allows certain information from your web browser to be collected. Cookies are widely used on the internet and do not identify the individual using the computer, just the computer being used. Cookies and other similar technology make it easier for you to log on to and use our websites during future visits.

    To access our cookie notice, please go to http://business.bankofscotland.co.uk/business-home/legal/cookie-policy/.

    Passing your information to other companies for their own direct marketing  

    Unless you have given us your consent, we will not provide information about you to companies outside our group to use for their own marketing purposes.

    Viewing notifications  

    Organisations must lodge a notification with their Regulator describing the purposes for which they process personal information. The details are publicly available from the Regulator's office and you can view ours at http://www.ico.org.uk/what_we_cover/register_of_data_controllers.

    Changes to Privacy Notice  

    We keep our Privacy Notice under regular review and we will reflect any updates within this notice.

    Further Information  

    For further information please write to:

    Commercial Data Privacy,
    Lloyds Banking Group,
    1st Floor East,
    Tower House,
    Charterhall Drive,
    CH88 3AN.

  • Contact us

    Phone_Negative dark blue

    Existing customers
    0345 300 0268

    New customers
    0345 300 1319

    Lost or stolen cards

    More information

  • Our commitment to Scottish business


    We're committed to helping Scottish businesses grow and develop by giving them the support they need – our Business Charter will tell you more.

    Find out more