What are the legal grounds for our processing of your personal information (including when we share it with others)?


Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground may be relevant (except where we rely on your consent).  Here are the legal grounds that are relevant to us:

1.       Processing necessary to perform our contract with you or for taking steps prior to entering into it:

a.       Administering and managing your savings account, updating your records, tracing your whereabouts to contact you about your account;

b.       All stages and activities relevant to managing your savings account including enquiry, application, administration and management of accounts; and

2.       Where we consider that, on balance, it is appropriate for us do so, processing necessary for the following legitimate interests which apply to us and in some cases other organisations (who we list below) are:

a.       Administering and managing your savings account and services relating to that, updating your records, tracing your whereabouts to contact you about your account;

b.       To test the performance of our products, services and internal processes;

c.       To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme;

d.       For management and audit of our business operations including accounting;

e.       To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that.

f.        To carry out monitoring and to keep records (see below);

g.       To administer our good governance requirements, such as internal reporting and compliance obligations or administration required for AGM processes;

h.       For market research and analysis and developing statistics;

i.         For marketing communications from BIBS only, and only where we believe the information may be of interest to you. If you do not wish to receive marketing please let us know.

j.         When we share your personal information with these other people or organisations;

k.       Joint account holders, trustees and beneficiaries and any person with power of attorney over your affairs (in each case only if relevant to you);

l.         Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;

m.     Our legal and other professional advisers, auditors and actuaries;

n.       Financial institutions and trade associations;

o.       Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme; 

p.       Tax authorities who are overseas for instance if you are subject to tax in another jurisdiction we may share your personal information directly with relevant tax authorities overseas (instead of via HMRC);

q.       Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;

r.        Buyers and their professional representatives as part of any restructuring or sale of our business or assets;

s.        Credit Reference Agencies (see below where we explain more); and

3.       Processing necessary to comply with our legal obligations:

a.       For compliance with laws that apply to us; 

b.       For establishment, defence and enforcement of our legal rights;

c.       For activities relating to the prevention, detection and investigation of crime;

d.       To carry out identity checks and anti-money laundering checks, pre-application, at the application stage, and periodically after that.

e.       To carry out monitoring and to keep records (see below);

f.        To deal with requests from you to exercise your rights under data protection laws;

g.       To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and

h.       When we share your personal information with these other people or organisations:

i.         Joint account holders, Trustees and beneficiaries, and the person with power of attorney over your affairs;

j.         Other payment services providers such as when you ask us to share information about your account with them;

k.       Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;

l.         Law enforcement agencies and governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme (depending on the circumstances of the sharing); and

m.     Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

4.       Processing with your consent:

a.       When you request that we share your personal information with someone else and consent to that;

b.       For direct marketing communications; 

c.       For some of our processing of special categories of personal information such as about your health or if you are a vulnerable customer (and it will be explained to you when we ask for that explicit consent what purposes, sharing and use it is for.)

5.       Processing for a substantial public interest under laws that apply to us where this helps us to meet our broader social obligations such as:

a.       Processing of your special categories of personal information such as about your health or if you are a vulnerable customer.   

b.       Processing that we need to do to fulfil our legal obligations and regulatory requirements. 

c.       When we share your personal information with other people and organisations if they need to know that you are a vulnerable customer and your relatives, social services, your carer, the person who has power of attorney over your affairs.