Privacy Policy of Arvest Modern Bank

1. Introduction

This Privacy Policy explains how Arvest Modern Bank ("Arvest", "we", "us", or "our"), a banking institution operating in England, collects, uses, stores, and protects your personal data when you use our banking services, visit our branches, access our websites or mobile applications, or otherwise interact with us.

We are committed to safeguarding your privacy and handling your information in a transparent and lawful manner, in accordance with applicable data protection laws in England, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Contact Details

Arvest Modern Bank acts as the data controller in relation to your personal data. This means we decide how and why your data is processed.

If you have questions, requests, or concerns about this Privacy Policy or our handling of your personal data, you can contact our Data Protection Officer (DPO) using the contact details provided in our official customer communications or on our website.

3. Types of Personal Data We Collect

The types of personal data we collect and process depend on your relationship with Arvest and the products or services you use. We may collect and process the following categories of data:

3.1 Identification and Contact Details

• Full name, title, date of birth, and nationality
• Home and mailing address
• Email address, telephone number, and other contact details
• Identification documents (e.g., passport, driving licence, national ID number)

3.2 Financial and Account Information

• Bank account numbers and sort codes
• Account balances and transaction history
• Credit and debit card details (including card number, expiry date, and security code, stored and processed in accordance with applicable security standards)
• Loan, mortgage, and credit information
• Income, employment details, and financial circumstances relevant to our services

3.3 Regulatory and Compliance Data

• Information required for anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions screening
• Know Your Customer (KYC) checks, including information obtained from public sources, credit reference agencies, and fraud prevention agencies
• Records relating to suspicious activity reports or other legal compliance activities

3.4 Technical and Usage Data

• IP address, browser type and version, device identifiers, operating system, and platform
• Information about how you use our websites, mobile apps, and online banking services
• Log data relating to your access, authentication, and activity in our digital channels

3.5 Communication and Interaction Data

• Records of your communications with us (e.g., telephone calls, emails, chat messages, in-branch interactions), which may be recorded or monitored for quality, training, and regulatory purposes
• Feedback, complaints, surveys, and responses to customer satisfaction enquiries

3.6 Special Categories of Data We generally do not seek to collect special categories of personal data (such as information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership). However, in certain circumstances, such data may be processed where:

• You voluntarily provide it to us (for example, health information to support requests for financial difficulty assistance), and
• Processing is lawful under applicable data protection rules, and appropriate safeguards are in place.

4. How We Collect Your Personal Data

We collect personal data from a variety of sources, including:

4.1 Directly from You

• When you open an account or apply for a product or service with Arvest
• When you use our banking services, including payments, transfers, and card transactions
• When you contact us by phone, email, online chat, in writing, or in person at a branch
• When you use our websites, mobile or online banking platforms
• When you participate in surveys, promotions, or customer feedback initiatives

4.2 From Third Parties

• Credit reference agencies, fraud prevention agencies, and identity verification providers
• Public databases and registers (e.g., Companies House, electoral roll, sanctions lists)
• Other financial institutions, payment service providers, and card networks involved in transactions
• Professional advisers and intermediaries acting on your behalf (e.g., lawyers, accountants, mortgage brokers)

4.3 Through Automated Means

• Cookies, analytics tools, and similar technologies when you use our digital services
• Automated monitoring systems for fraud detection, security, and service performance

5. Legal Bases for Processing

We process your personal data only when we have a valid legal basis under UK GDPR. The main legal bases we rely on are:

5.1 Performance of a Contract To take steps at your request before entering into a contract and to perform our obligations under a contract with you, for example:

• Opening, managing, and maintaining your bank accounts
• Processing payments, transfers, and card transactions
• Providing and administering loans, mortgages, and other credit facilities

5.2 Legal and Regulatory Obligations To comply with laws and regulations that apply to Arvest as a bank in England, including:

• Anti-money laundering, counter-terrorist financing, and sanctions regulations
• Banking, consumer protection, and financial services regulations
• Tax reporting and accounting obligations

5.3 Legitimate Interests Where necessary for our legitimate business interests, provided these interests are not overridden by your rights and freedoms, such as:

• Managing and improving our products, services, and customer experience
• Preventing, detecting, and investigating fraud, financial crime, and security incidents
• Conducting risk management, internal audits, and governance activities
• Performing analytics and reporting to understand and enhance our operations

5.4 Consent Where we rely on your consent, for example:

• Sending you certain types of marketing communications by email, SMS, or other electronic means where consent is required by law
• Using certain cookies or similar technologies where consent is mandatory

You can withdraw your consent at any time, where consent is the legal basis for processing, by following the instructions provided in our communications or contacting us using the details provided on our website.

6. How We Use Your Personal Data

We use your personal data for the following purposes, as relevant to your relationship with Arvest:

6.1 Provision of Banking Services

• Opening and managing accounts
• Processing payments, transfers, direct debits, and standing orders
• Providing debit and credit cards, including authorising and processing transactions
• Offering and managing loans, mortgages, overdrafts, and other credit facilities

6.2 Risk Management and Security

• Assessing creditworthiness and affordability
• Monitoring transactions to detect fraud, money laundering, and other financial crime
• Ensuring the security of our systems, networks, and physical premises
• Authenticating your identity and access to our digital services

6.3 Regulatory Compliance

• Conducting KYC checks and verifying your identity
• Complying with anti-money laundering, sanctions, and financial crime regulations
• Meeting our reporting obligations to regulators and authorities

6.4 Customer Support and Communication

• Responding to your enquiries, requests, and complaints
• Providing you with information about your accounts, transactions, and services
• Sending service-related notifications, including changes to terms, system updates, and security alerts

6.5 Marketing and Service Improvement

• Informing you about products, services, offers, or events that may be of interest to you, in line with your preferences and applicable law
• Conducting surveys, feedback requests, and analytics to improve our services and customer experience
• Developing new products and services and enhancing existing ones

7. Sharing Your Personal Data

We may share your personal data with third parties where permitted by law, always ensuring that appropriate safeguards are in place. These third parties include:

7.1 Within Arvest Modern Bank

• Internal departments, branches, and staff who require access to your data for legitimate business purposes (e.g., customer service, risk, compliance, operations, IT)

7.2 Service Providers and Processors

• IT, cloud, and data hosting providers
• Payment processors, card schemes, and clearing and settlement systems
• Communication and mailing providers
• Professional and operational support services (e.g., document storage, archiving, customer support)

7.3 Other Financial and Business Partners

• Other banks and financial institutions to process payments and transactions
• Credit reference agencies, fraud prevention agencies, and identity verification services
• Insurance providers associated with products you hold with us

7.4 Public Authorities and Regulators

• Regulators and supervisory authorities
• Law enforcement agencies, courts, and other public bodies when required by law or to protect our rights, customers, or the public

7.5 Corporate Transactions In the event of a reorganisation, merger, acquisition, or sale of all or part of our business, your personal data may be transferred as part of that transaction, subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data to third parties.

8. International Transfers

Where your personal data is transferred outside the United Kingdom or the European Economic Area (EEA), we ensure an adequate level of protection by:

• Transferring to countries that have been formally recognised as providing an adequate level of data protection, or
• Using appropriate safeguards such as standard contractual clauses approved by relevant authorities or equivalent legal mechanisms.

You may request further information about the safeguards in place for international transfers by contacting us using the details provided on our website.

9. Data Retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

• Meeting our contractual obligations and providing services to you
• Complying with legal and regulatory requirements, including retention periods set by financial and tax regulations
• Resolving disputes and enforcing our agreements

Retention periods vary depending on the nature of the data and our legal obligations. When personal data is no longer required, we will securely delete, anonymise, or otherwise dispose of it.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

• Encryption and secure transmission of data where appropriate
• Access controls, authentication, and logging for systems containing personal data
• Regular security assessments, monitoring, and incident response procedures
• Staff training and policies on data protection and confidentiality

While we take all reasonable steps to protect your information, no system can be completely secure. You are also responsible for keeping your banking credentials, passwords, and devices secure and for notifying us promptly of any suspected unauthorised use of your accounts.

11. Your Data Protection Rights

Under data protection laws applicable in England, you have a number of rights regarding your personal data, subject to certain conditions and exceptions:

11.1 Right of Access You have the right to request confirmation as to whether we process your personal data and to obtain a copy of that data, along with information about how it is used.

11.2 Right to Rectification You can request the correction of inaccurate or incomplete personal data.

11.3 Right to Erasure In certain circumstances, you may request the deletion of your personal data, for example where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent (where consent is the legal basis). However, we may be required to retain some data to comply with legal obligations or for other lawful reasons.

11.4 Right to Restriction of Processing You may request that we restrict the processing of your personal data in specific situations, such as while we verify its accuracy or where you object to processing.

11.5 Right to Data Portability Where processing is based on consent or contract and is carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.

11.6 Right to Object You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing. If you object to marketing, we will stop processing your data for that purpose.

11.7 Rights Relating to Automated Decision-Making If we use automated decision-making, including profiling, that has legal or similarly significant effects on you, you have the right to request human intervention, express your point of view, and contest the decision, unless applicable law provides otherwise.

To exercise your rights, please contact us using the details on our website or in your account documentation. We may need to verify your identity before responding to your request.

12. Marketing Preferences

We may use your personal data to inform you about Arvest products, services, offers, or events that may be relevant to you, in accordance with your marketing preferences and applicable law.

You can manage your marketing preferences or opt out of receiving marketing communications at any time by following the unsubscribe instructions in our messages or by contacting us directly. Even if you opt out of marketing, we will continue to send you service-related communications that are necessary for the operation of your accounts and services.

13. Cookies and Similar Technologies

Our websites and digital services may use cookies and similar technologies to:

• Enable core site functionality and secure login
• Remember your preferences and improve your user experience
• Analyse how our services are used and improve performance

Where required by law, we will request your consent before placing non-essential cookies. Further details are provided in our separate Cookie Policy, available on our website.

14. Third-Party Websites and Services

Our websites or services may contain links to third-party sites, applications, or services that are not operated by Arvest. We are not responsible for the privacy practices, content, or security of those third parties. We encourage you to review the privacy policies of any third-party services you use.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will take appropriate steps to inform you, such as posting a notice on our website or contacting you directly, where required by law.

The date of the latest version will be indicated in the policy. Your continued use of Arvest services after any changes become effective will constitute your acknowledgement of the updated Privacy Policy.

16. How to Contact Us and Lodge a Complaint

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the contact details provided on the official Arvest Modern Bank website or in your account documentation.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

You can find details on how to contact the ICO on its official website.