Privacy and Cookie Policy

The following provides detail about UBL UK’s Privacy and Cookies Policy. We are committed to protecting your personal information from unauthorised access, use and disclosure. We use the personal information that we collect from you to process requests or orders, identify personal preference and match your needs with relevant products and services.

We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device.

Customer Privacy Statement and Cookie Policy

Our Information

The ‘Data Controller’* is United National Bank Limited. Our registered office is 2 Brook Street, London W1S 1BQ, which is registered with the Registrar of Companies in England and Wales as a limited liability company, Company Number 4146820.

In this document, ‘UBL UK’, ‘Bank’, ‘we’, and ‘us’ refers to United National Bank Limited and ‘you’ refers to the Bank’s customers and website.

Privacy Statement

This privacy statement sets out our current policies and demonstrates our commitment to your privacy. We are obliged to inform you that any personal information we have about you has a high level of protection against any unauthorised or accidental disclosure, access or deletion. We have strict security procedures covering the storage and disclosure of your information to prevent unauthorised access to comply with the General Data Protection Regulation. The Bank will only process personal data for the purpose it was collected for. If we intend to process data other than for specified use, we will contact you before undertaking further processing.

Personal Information We Collect

The Bank may obtain the following personal information about an individual:

We can collect identity data which may include your title, first name, last name, maiden name, marital status, date of birth, title and gender.
Contact data which could include billing address, delivery address, email and telephone numbers.
Financial data that may contain bank account and payment card details and the products and services you have with us.
Information that we are required to obtain by law such as tax residency.
Transaction data that includes details about payments made through us and other details of purchases made by you.
Usage data may comprise of information about how you use the Bank’s website, products and services.
Marketing and Communications data may include preferences in receiving marketing communications from the Bank, subject to your consent.
Open Data and Public Records which may provide any information that is openly available on the Internet.
The Bank does not collect any sensitive data about its customers. Sensitive data refers to data that includes details about race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.

Source of Information

The Bank can collect personal data through a variety of sources:

A ‘Data Subject’* can provide information through direct interactions by completing forms, applications, or contacting the Bank by email, post or telephone.
Information provided to the Bank when it conducts identity and address checks.
Data received from companies that provide fraud prevention and credit reference services.
Companies that verify immigration status.
Agents and brokers that introduce you to the Bank.
Companies that provide the Bank with Debit Card and other service facilities.
Payments and remittances received by the Bank.

Use of Information

We process personal information about a Data Subject for the following reasons to:

Manage our relationship with our customers.
Deliver products and services.
Make and manage customer payments.
Manage fees, charges, interest and debt recovery.
Detect, investigate and prevent financial crime.
Comply with the laws and regulations that apply to the Bank.
Respond to complaints and in seeking to resolve them.
Ensure that it carries out its business in an effective and efficient manner.
Undertake marketing activities.

Legal Basis of Processing

The Bank applies the following legal basis in its processing of personal data:

When it has obtained clear consent from the Data Subject for a specific purpose i.e. Marketing.
When it takes specific steps to enter into a contract or performs its contractual obligations such as providing banking products to its customers.
When it performs its legal or statutory obligations such as reporting to regulators or sanction screening.
The Bank does not rely on legitimate interest as a lawful basis for processing personal data under the GDPR.

Disclosure of Information

The Bank may decide to share personal information with other external organisations. This is essential in the delivery of its products and services, to conduct its business and to comply with all regulations. Also where:

We can share personal information to authorities that can include HMRC, FSCS, Government agencies and other regulators based in the United Kingdom.
Other relevant jurisdictions which may require reporting in certain circumstances.
Professional advisers including lawyers, auditors and insurers who provide consultancy, legal, insurance and accounting services.
Companies that provide us with the identity verification of customers.
Credit reference and fraud prevention agencies.
Financial Service companies that help us to prevent, detect and report fraudulent and criminal activities.
Companies that provide us with information about immigration status.
Agents and brokers that provide business to the Bank.
Companies that help provide Debit Card and standard clearing such as cheques, Direct Debit and Direct Credit services.
Head Office reporting as necessary for the Bank.
Banks and other financial services companies that provide payment or remittances services.
Companies that provide marketing services to the Bank.

Credit Reference Agencies (CRAs)

To process your application we will perform credit and identity checks on you with one or more credit reference agencies. To do this, we will share your personal information with CRAs. This will include:

Your identity data such as your name and date of birth
Your contact details such as your home address and post code
Your financial information such as the terms of your loan
Your business information (for commercial loans), such as your company name and address

We may also perform periodic searches on your financial circumstances to help us manage your account with us. Information held about you by any CRA will be shared to us and we will use this information to manage your loan.

Any searches will be recorded against your name by using a credit reference agency. Any searches will be recorded against your name by a CRA, and further data on this is provided by the main CRAs:

Sending data outside the EEA

Personal data about individuals can be transferred to locations outside the European Economic Area (EEA). When this is done, the Bank ensures that this transfer is lawful. We also make every effort to ensure that there is an appropriate level of protection and safeguards in place, in accordance with the GDPR.

Data Subject Rights

Data Subjects have certain rights in relation to their personal data:

The right to access and rectify the information the Bank holds about them.
The right to erase or restrict processing.
The right to object to processing.
The right to data portability.

Data Subjects can exercise their rights by contacting the DPO by email at dpo@ubluk.com or in writing to:

The DPO, UBL UK, 2 Brook Street, London W1S 1BQ.

When you choose to exercise your rights, it may delay or prevent the Bank from performing its contractual and legal obligations. It could also mean that the Bank will need to cancel a product or service that it may have with you. The Bank may still be able to process personal data if it has a lawful basis of doing so.

Request a copy of Personal Information

You have the right to request a copy of the personal information that the Bank holds. To do so, you may use this form, otherwise please either email your request at dpo@ubluk.com or write to The DPO, UBL UK, 2 Brook Street, London W1S 1BQ.

The Bank will not ask for a fee to access personal data. However, it may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, the Bank can refuse to comply with a request in such circumstances.

The Bank can request specific information to help confirm an identity and to ensure the right to access personal data. We may also contact you to ask for further information in relation to your request to speed up our response. The Bank will ensure that it provides the information in the commonly used electronic or written format.

The Bank reserves the right to withhold information if it has any adverse effects on the rights and freedoms of other Data Subjects. This means that disclosing that information can be against the public or business interest.

The Bank aims to respond to all legitimate requests within one month. Occasionally it may take an additional two months if the request is particularly complex or multiple requests have been made. In this case, UBL UK will notify you and explain why such an extension is necessary.

Withdraw Consent

You have the right to withdraw consent for something you have consented to earlier such as Marketing. This can be achieved in the following ways:

Using the Contact Us Form, through the website www.ubluk.com/contactus.
Telephoning our Main Contact Centre on +44(0) 121 753 6000 (between 9.15am and 5.15pm).
Unsubscribe from any promotional messages that you have opted in for.
By visiting the branch.
In writing to; UBL UK Central Operations, 2 Brook Street, London W1S 1BQ.

Please allow 10 working days for the systems update and the Bank’s records to reflect the request to change your preferences.

Complaints

Data subjects can report a concern on the Information Commissioners Office website at https://ico.org.uk/concerns/ or call their helpline on 0303 123 1113.

Accuracy

You need to ensure that you provide the Bank with accurate and relevant information as well as informing the Bank of any changes. The Bank reports, as part of its legal obligations, to the regulatory authority based on the information provided.

If inaccurate information is provided, the Bank may not be able to provide products and services to the data subject.

Automated Decision Making

The Bank, in its processes, does not rely on automated decision making and profiling.

Retention of Information

The Bank will retain personal information in line with its Data Retention Policy. The Bank will only retain personal data for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, it considers the amount, nature, and sensitivity of the personal data. If the personal information in no longer needed, the Bank may destroy, delete or anonymise it.

Third Party Sites and Social Media

Please note that this Privacy Statement does not extend to third party service providers. Any social media post/comments and any public reviews you send to us such as Facebook or LinkedIn, will be shared under the terms of the relevant platform and could be made public. We do not control these platforms and are not responsible for this kind of sharing.

Cookies Policy

What information do we capture in our cookies?

Cookies are small text files that are stored on a user’s computer to hold a packet of data. These are generally useful to track a user’s activities on a website. UBL UK uses cookies to store session ID’s, identify a logged in user, provide payment facilities and for third party analytics such as Google. Some information we collect is as follows:

Browser name and version.
IP address.
Most visited pages, etc.

Strictly necessary cookies:

We take your security very seriously and, therefore, must capture your Internet Protocol (“IP”) address for purposes of data and transaction integrity. An IP is an address consisting of a series of numbers that is unique to each device connected to the internet.

Our cookies will need to identify you to ensure that we can provide you with the website functionality to facilitate financial transactions. Additionally, we need to monitor your session to time you out if there has been no activity after a certain period of time. This will limit the possibility of unauthorised access. We also encrypt values in the cookies where possible

We store your IP address for the following reasons:

Monitor suspicious activity.
Session management.
Enable payment gateway to our payment processors.
Authentication token.

Performance cookies:

We utilise third-party services such as Google Analytics to improve our services. This helps us to better understand the way our customers use our website so that we can improve our web design and, ultimately, its performance. We do not collect any personal data in our performance cookies. Further, these cookies are not used for marketing purposes. Any data collected will be used in accordance with our own and Google Analytics' privacy policy.

To find out more about how Google Analytics processes data and how you can opt in or out of receiving these cookies, please refer to their privacy policy at https://support.google.com/analytics/answer/6004245?hl=en

Amendments

If you have any questions about this Privacy Statement or our data processing activities, please either email your request to dpo@ubluk.com or write to The DPO, United National Bank UK, 2 Brook Street, London W1S 1BQ. UBL UK reserves the right to modify sections of this Privacy Statement at any time.

Call Centre

UBL UK operates a Call Centre for customer services. We may record phone conversations to offer you additional security, resolve complaints and improve our service standards. Conversations may also be monitored for staff training purposes.

*The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

**The Data subject means an individual who is the subject of personal data. In other words, the data subject is the individual whom particular personal data is about.