Privacy Notice

Latest updates

In October 2024 we updated our Privacy Notice with the following information:

  • Advising of our new UK Registered Address which came into effect from August 2024
  • Updates to the categories of personal data collected, providing further clarity on how we use your data
  • Inclusion of a specific section on how we use personal data for marketing purposes
  • Updates to the wording in relation to international transfers of personal data to account for post-Brexit changes

While we were making these changes, we also thought it would be a good time to clarify some elements, make some grammatical changes, provide some more examples of how we use your personal information and generally make other sections of the Privacy Notice easier to understand.

Our updated Data Privacy Notice and out Data Privacy Summary is effective from 1 November 2024.

Should you wish to review earlier versions of our privacy notice, these can be accessed here:
Privacy Notice December 2022
Privacy Notice December 2020
Privacy Notice May 2018

Your Personal Information

At Bank of Ireland UK we take protecting your personal information seriously. Full details about how your personal information will be used by us, as well as your rights can be found in our Privacy Notice.

It provides details about what information is collected, how it is used, who it is shared with and how you can control the use of your personal information.

Credit Reference Agencies

In order to process your application and manage your account we exchange information with Credit Reference Agencies. Further details can be found in our Privacy Notice. Credit reference agencies share information with third parties in the form of credit reports that include your financial information from earlier years. You may wish to request a copy of the credit reference agencies’ privacy notices – contact details are provided in a table below.

Fraud Prevention Agencies

The personal information we collect from you is shared with fraud prevention agencies, who use it to prevent and detect crime such as fraud and money-laundering and to verify your identity. Further details can be found in our Privacy Notice. You may also wish to request a copy of the Privacy Notice from these fraud prevention agencies – contact details are provided in a table below.

Other Privacy Notices you should read

If you were introduced to us by a broker or other intermediary, ask your broker or intermediary for a copy of their own Privacy Notice if you have not already seen it. You should also ask for a copy of the Privacy Notice of any third party product and service providers you contract with, including any you may ask us to share your information with.

Our Data Protection Officer (DPO) 

If you have questions about how we use your information, you can reach our Data Protection Officer by writing to:

Bank of Ireland UK – Data Protection Officer
PO Box 3191
1 Temple Quay
Bristol
BS1 9HY

Our products are also offered through our business partnership with Post Office Limited. To read our Privacy Notice for our partnership with Post Office, please visit our dedicated partner pages: Post Office.

Privacy Notice

At Bank of Ireland (UK) plc we recognise that the way we use personal information plays an essential role in enabling our customers and communities to thrive. We take our management of your information very seriously and would like to make sure that you know what personal information we collect, how we use it and that you are aware of your rights in relation to its use. We therefore encourage you to read this privacy notice carefully.

If you provide us with personal information relating to another individual, for example when making an application for a joint account or whilst providing information relating to your business partner or any other third party, you must also show them a copy of this privacy notice to ensure that they know what we are doing with their personal information.

If you have questions or queries about how we use your personal information our Data Protection Officer will be happy to help – please see our ‘Contacting our Data Protection Officer’ section for further details.

This privacy notice was last updated on October 2024

  • Who we are and what we do

    Bank of Ireland (UK) plc (which we’ll call ‘Bank of Ireland UK’) is owned completely by The Governor and Company of the Bank of Ireland that, in turn is a part of, the Bank of Ireland Group plc (which we’ll call ‘the Group’). Bank of Ireland UK is established in the United Kingdom and is the principal United Kingdom retail and commercial banking business of the Governor and Company of the Bank of Ireland. We work closely with members of the Group and its key partners to provide a range of financial products and services in the United Kingdom.

    Frequently used trading names of Bank of Ireland (UK) plc include Bank of Ireland UK, Bank of Ireland Commercial Finance, Bank of Ireland Mortgages and Banking 365. In addition, Bank of Ireland UK has a wholly owned subsidiary, NIIB Group Limited, which in turn uses the trading name Northridge Finance and Marshall Leasing.

    Bank of Ireland UK is a trading name of Bank of Ireland (UK) plc which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. It is registered in England & Wales at 45 Gresham Street, London, EC2V 7EH under the no. 7022885.

    Bank of Ireland UK is a Controller of personal information under data protection laws is registered with the Information Commissioner’s Office under the primary registration number Z2076174. Bank of Ireland UK also processes personal information on behalf of the Group and when it does, it acts as a Processor.

  • Personal information held

    We get most of our information from you directly, but sometimes we also get information about you from other places like credit reference agencies. We also produce some information ourselves, for example, information about how you use our products and services. The information we collect depends on the relationship you have with us. We only collect what’s necessary to meet our contractual, legal and regulatory obligations, where it’s is in our legitimate business interests or where you’ve consented to it.

    The information we may hold about you falls into the categories set out in Table 1.

    Categories Examples of the information we collect
    Personal details Information to enable us to identify you such as name, date of birth, national insurance number, nationality, photo identification, marital status, gender, biometric data, unique numbers provided by other organisations, for example HMRC, login and subscription data, for example login credentials for phone and online banking and mobile banking apps.
    Contact details Information to enable us to contact you throughout the duration of your relationship with us. This may include postal address, telephone numbers, email address.
    Financial To provide you with our products and services and to fulfil our regulatory obligations we process your financial information such as account details including account number and sort code, International Bank Account Number (IBAN), transaction history including payee references and Direct Debits, financial or other associations, employment status, income details, source of funds.
    Marital status and/or financial associations: If you are married or are financially linked to another person in the context of a particular product or service, a financial association may be created between your records and their records, including any previous and subsequent names used by you (for example, if you apply jointly or one is guaranteeing the debts of another). This means that we may treat your financial affairs as affecting each other. These links will remain on your and their files until you or they break that link. We may make searches on all joint applicants, and evidence of
    that search will be left on all applicants’ records.
    Behavioural Details about how you use our products and services, including payments you make and receive and details about which ATMs and branches you use.
    Technical Details on the devices you use, including IP address, technical specification and uniquely identifying data. We may also collect other online identifiers – please see our cookie policy for further details – bankofireland.com/legal/cookies
    Social Relationships In some cases we may collect information on your family, friends, and other relationships, for example, to help us manage your account where you are not able to do so.
    Screening and Investigation For example, due diligence checks, sanction applicability, anti-money laundering checks, detection of any suspicious and unusual activity and details relating to National Asset Management Agency.
    Credit Information Credit related information including credit reference details and risk rating, including credit scores.
    Publicly available information or received from other sources On occasion we may collect and use information which is in the public domain, for example, to help verify your address or to trace you via trade directories, online forums, websites, Facebook, X (formerly Twitter), YouTube or other social media. We also collect information you’ve asked us to, for example details about other accounts or holdings with other companies, information from your credit broker as well as information that helps us combat fraud.
    Call recordings, online chats and other communications On occasion we monitor and record our conversations when we speak on the telephone or through any online webchat. We will have information that you have provided to us when filling in forms, making a claim or when communicating to us whether that is in person, by letter, email, online or otherwise
    CCTV We monitor Group assets for the safety of our staff and customers, through the use of CCTV.
    Special category/ sensitive data & criminal convictions On occasion we collect and use sensitive or special category information. This may include information about your race, ethnic origin, political views, religious beliefs, trade union membership, biometrics, health, or sexual orientation or any criminal convictions.
    Marketing Your contact details and marketing preferences are used to share news about relevant product and services.
    Other preferences Any permissions, consents or preferences that you give us. This includes preferences such as how you want us to contact you or if you prefer large-print formats.

    Table 1

  • Joint or multiple account holders

    If you make an application with others, including an application on behalf of a business or other organisation, we will also collect the personal information mentioned throughout this privacy notice for all other applicants/parties. You must provide a copy of this privacy notice to all applicants/parties before sharing their information with us to ensure they also know what we are doing with their personal information.

    When you open an account with others, this will mean that your information will be shared with the other applicant(s). For example, transactions made by you can be seen by your joint account holder and vice versa.

    In respect of joint accounts (or business/other organisational accounts) and products, we will treat any instruction or consent received from an individual account holder as an instruction or consent on behalf of all account holders, until such time as we are told otherwise. If any consent provided in respect of a joint account is withdrawn, it will be withdrawn on behalf of all of you.

    For this reason, we suggest that all account holders/parties discuss any decisions related to the account(s) together prior to making any changes, so that you each maintain full awareness of the treatment of all your personal information.

  • How we use your information and the legal basis for doing so

    Before we use your information we always make sure we have a reasonable need to, this is known as a ‘lawful basis’. We’ve set out the different lawful bases we have for using your information below and explained why we use them.

    Consent:

    This means that you’ve given us your permission. When we have your consent we will:

    • Send you marketing materials by email or text;
    • Undertake profiling of your information using machines to automatically predict your behaviour and preferences. For more information about this, please see the ‘Automated decision making & profiling’ section;
    • Use data analytics solutions to help us make informed business decisions. For example, how to improve a service we provide to you, your financial needs, and preventing and investigating fraud;
    • Process sensitive or special category data if we cannot rely on any other lawful basis. This is data that needs a higher level of protection. Before we ask for your consent, we’ll explain how we would like to use your information and what we’ll do with it.

    Contractual:

    Before and during our agreement we will use your information to assess and provide the products and services you’ve requested. This includes:

    • Providing a quote;
    • Assessing and processing applications you’ve made. We may also create a profile of you when we do this;
    • Setting up and managing the products or services you have with us;
    • Providing servicing communications to you such as changes in the terms and conditions of our products and services. These communications are different from marketing communications. We will only send you marketing communications by email or text if we have your permission;
    • Carrying out credit reviews when you’ve applied for one of our credit products . We use Credit Reference Agencies to search for your credit history. The Credit Reference Agencies may keep a record of the search even if your application does not go ahead. This record will be available to other organisations. It could make it harder for you to borrow in future. More details can be found in our ‘Automated decision making & profiling’ section.

    If you make a joint application your information will be linked to the other applicants by the Credit Reference Agencies. The association created between applicants will remain in place until you or another applicant ask the Credit Reference Agency for the link to be removed.

    Details of the credit reference agencies we use are provided in Table 2.

    Credit Reference Agencies Contact Details Privacy Notice
    Equifax Ltd www.equifax.co.uk Customer Service Centre, PO Box 10036, Leicester, LE3 4FS www.equifax.co.uk/crain
    Experian Ltd www.experian.co.uk Consumer Help Service, PO BOX 8000, Nottingham, NG80 7WE www.experian.co.uk/crain
    TransUnion International UK
    www.transunion.co.uk    		 One Park Lane, Leeds, West Yorkshire, LS3 1EP www.transunion.co.uk/crain

    Table 2

    Legitimate interest:

    We use your information to help run our business and to find and explore new business opportunities. This includes:

    • Stopping and investigating fraud or suspicious activities;
    • Telling Credit Reference Agencies about your account, any credit you have and your credit history with us. We can also tell them of any missed payments, defaults and any change of address;
    • Reviewing and contacting you about other services which may be helpful. This may include a financial health check, help with budgeting, or a discussion with one of our specialist teams;
    • Recording and using information relevant to any support needs required to assist individuals who are vulnerable or have certain disabilities;
    • Contacting you for well-being purposes. For example, if you need extra, support, adjustments, or a change in products. We may put protections in place if we have concerns about vulnerability;
    • Carrying out marketing;
    • To communicate with you about your product or service, for regulatory and servicing purposes;
    • Contacting you for regulatory and servicing purposes;
    • Developing and improving our products and services. This may include looking at customer feedback and how you use our products and services;
    • Recording call , online chats and other business activity to use for quality assurance, training and to check our level of service ;
    • Testing products, services and system improvements ;
    • Carrying out audit, statistical or research activities. This includes anonymising your information so you cannot be identified from it. These activities help us understand our customers’ behaviour which helps us:
      • Improve our products and services we offer our customers, colleagues and communities;
      • Develop products and services that better meet our customers’ needs ; and
      • Manage our risks better.
    • Collecting and managing debt;
    • Tracing you where we have a legitimate reason. For example, when you owe us money or where we have money to return to you ;
    • Managing and monitoring Group assets. This includes using CCTV to:
      • Keep our staff and customers safe
      • Investigate suspected illegal activity or misconduct within our property
    • Creating a profile of you, as long as it does not have a legal or other significant effect on you. Please see the ‘Automated decision making & profiling’ section for more details;
    • Sharing your information with another organisation if they’re interested in buying, merging or acquiring the Group’s assets. They must agree to keep it confidential and only use it to decide whether to go ahead with the transaction. If it goes ahead, they can use your personal information in the same way as set out in this notice;
    • Managing the Group’s legal affairs;
    • Supporting the Group’s strategic planning and portfolio management through activities such as financial, regulatory and risk reporting;
    • Managing designated accounts on behalf of the National Asset Management Agency;
    • Supporting the management of our information security and network controls. The aim of this is to prevent cyber-attacks, unauthorised access and other criminal or malicious activities;
    • Combining information from different sources to better understand any risks to the Group, serve your needs and understand more about you;
    • Where it is in the legitimate interest of someone other than you.

    Legal obligations:

    Where we need  to use your personal information to follows laws and regulations, for example:

    • Checking your identity;
    • Sharing your information with law enforcement agencies, tax authorities and other regulators;
    • Dealing with legal claims. These may be yours, ours or someone else’s;
    • Recording and using information relevant to any support needs required to assist individuals who are vulnerable or have certain disabilities (for example, meeting our obligations under the Equality Act 2010);
    • Providing access to your account information to an Account Information Service Provider (AISP), a Payment Initiation Service Provider (PISP), or Credit Based Payment Instrument Issuer (CBPII). We will only do this if you, or your joint account holders, have asked for this to happen;
    • Checking applications and accounts for criminal activity such as fraud, terrorist financing, bribery, corruption, and money laundering. We will pass your information to fraud prevention agencies and/or law enforcement if our searches, or searches done by fraud detection services, show potential fraudulent activity. These agencies will use your personal information to prevent fraud and money laundering and to check your identity. If fraud is detected you can be refused certain services, finance, or employment. Appendix A sets out how fraud prevention agencies will use your information, as well as your data protection rights.

    The Fraud Prevention Agencies we use are detailed in Table 3 below.

    Fraud Prevention Agencies Contact Details Privacy Notice
    Cifas
    www.cifas.org.uk    		 Consumer Affairs, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT www.cifas.org.uk/fpn
    National Hunter www.nhunter.co.uk PO Box 4744, Stone, Staffordshire, ST15 9FE www.nhunter.co.uk/privacypolicy

    Table 3

    Public interest:

    On occasion we may process your information where it is necessary for reasons of substantial public interest. If something is done in the public interest, it means it’s for the benefit of the wider community. We may use your information where it’s in the public interest to do so or for employment, social care and social protection such as:

    • Where we need to provide support for individuals who are vulnerable or have certain disabilities or medical conditions;
    • Safeguarding children and adults at risk including safeguarding economic well-being;
    • Protecting the public against dishonesty, including unlawful acts;
    • Following Government and regulatory Codes of Practice;
    • We may share your personal information with other people and organisations such as members of our Group, your relatives, social services or your carer. If someone has power of attorney over your affairs or a court of protection order, we may share your information with them.

    Vital interests:

    This means protecting interests that are essential for your life or someone else’s life. In rare situations, we’ll use or share information we hold about you to protect your vital interests or those of someone else.

  • How we use your information for marketing

    This section explains how we work out what products or services you may be interested in and what marketing messages to send to you.

    • We would like to be able to contact you to tell you about services, products and offers but only if we have your permission or where we have a legitimate interest. Some of the ways we may get in touch include email, phone, post, SMS and digital messaging. Digital messaging includes displaying relevant messages through other websites and social media platforms where you may have accounts. We may share your data with social media platforms (in a secure way) so that where you hold an account with them they can display messages from us to you.
    • We will send you marketing messages if we believe it can make your life easier, be of interest to you or offer you value for money. We can do this by using some of the personal information we hold about you to better understand your needs.
    • The personal information we collect about you is set out in our ‘Personal Information’ section . It includes information you tell us and information we collect when you use our products or services. This information helps us to understand which products, services and offers may be relevant for you based on your profile. It is in our and our customers’ interests to use personal information this way to better understand our customers’ needs and preferences so that we can create more tailored and suitable marketing messages. Some examples of how we use this information include:
      • We may use your product(s) and account balance information to identify products and services that better suit your needs, for example when you drawdown a mortgage, home insurance offers could be an important consideration, or a high balance on a current account might get a better return from a savings or investment account.
      • We may place you in groups or segments with similar customers. This helps us to design products, services and offers for different customer segments, to manage our relationships with them and tailor the marketing messages to ensure they are relevant to you.
  • Automated decision making & profiling

    When you apply for a credit product, or some other products we offer, we use automated decision making tools to help us with your application. This is often known as credit scoring. The tools help us to decide whether you are likely to be able to afford the product and if you’re likely  to make your payments on time.

    When assessing your application we will consider four sources:

    1. The information you provide on your application;
    2. Information provided by credit reference agencies;
    3. Information that may already be held about you by companies within the Group;
    4. Other information that is publicly available.

    If you submit an application to us and it is subsequently declined through this automated process, you can contact us within one month of your receipt of our decision and request we reconsider our decision. You also have the right to ask that the decision is not made based solely using a credit scoring system.

    Throughout the duration of your relationship with us we may also use another form of automated decision making known as profiling.

    Profiling the information we hold about you enables us to evaluate, analyse or predict your financial situation, preferences, reliability, behaviour and location. For example, we may profile your information:

    • To assess your transaction history and/or current repayments and/or account balances to predict when you might want to increase an existing credit facility or consider a new loan or savings product;
    • When you or any authorised user on your account uses a payment card or payment card information to perform a transaction, the information may be sent to us to evaluate and determine whether to approve, decline or refer a transaction for further review;
    • To analyse the frequency or your use of online services or mobile banking to tailor or understand the effectiveness of our methods of communication.

    With the exception of credit scoring that we use to enter into a contract with you or to monitor your ongoing credit status, we will not use profiling to make a decision about you that has a legal or other significant effect on you without your explicit consent or where otherwise permitted by law.

    You may ask us not to make decisions about you that are based solely on automated processing. If you do this, you may not be offered some products or services that we might otherwise have offered to you.

  • Who we share your information with

    Sometimes we might share your information with other members of the Group and external third parties. We only share your information where we have a legal basis to and only if the other party agrees to follow our data protection rules.

    The types of organisations we share your information with are outlined in Table 4.

    Categories Description
    Members of the Bank of Ireland Group We may share your information with other members of the Bank of Ireland Group.
    Our Business Partners We work in close partnership with the Post Office, and First Rate Exchange Services to offer a range of products. We therefore share your information with these organisations in line with our terms and conditions. From time to time we may also work with other organisations and if we do so we will let you know.
    Brokers and Dealers Some of our products are offered through a dealer or broker. If a dealer or broker is used, we will share your personal information with them but this will only be the minimum needed.
    Guarantors We will share your information with any Guarantor of your liabilities to us.
    Service Providers To support our business and the products and services we offer we use service providers to process information on our behalf. These include but are not limited to services such as:

    • Keepers of asset registers, for example where we record that there is a security interest held against a car or check if there is an existing interest
    • Document storage, destruction , archiving and printing facilities
    • Consultancy services for example legal advisors, medical advisors, property surveyors, conveyancers, researchers
    • Marketing, research and analysis companies
    • Marketing companies
    • Payment facilitators for example SWIFT, Moneygram, PayUK
    • Analytics companies
    • Investment companies
    • Software development contractors
    • Data processors
    • Computer maintenance contractors
    • Property contractors, consultants, conveyancers and valuers
    • ATM administrators
    • Courts and Court-appointed persons/entities,
    • Receivers, liquidators, examiners, official Assignee for Bankruptcy and equivalent in other jurisdictions
    • Debt collection agencies, budgeting and advice agencies, tracing agencies
    • National Asset Management Agency and its agents or other parties designated by or agreed with National Asset Management Agency or designated under the relevant legislation
    • Business partners and joint venture partners
    • Member companies of the Finance and Leasing Association
    • Associate members of International Factors Group
    • Rating agencies
    • Healthcare professionals
    • Business associates and other advisers
    • Financial organisations
    • Credit reference agencies
    • Finance houses, trade associations and professional bodies
    • Central and local government
    • Pension fund administrators
    • Persons making an enquiry or complaint
    • Police forces and security organisations, ombudsmen and regulatory authorities
    • Correspondent banks and other financial institutions (for example for syndicated deals)
    • Fraud and financial crime prevention agencies
    • Suppliers of credit to which facilities management services are provided
    • Credit card issuers and merchant acquirers, for example VISA and MasterCard
    • Supply of status opinions to other financial institutions in accordance with banking practice
    • Credit bureau
    • Trustees of collective investment undertakings and pensions trustees Insurers and re-insurers
    • Brokers or dealers who introduced you to us or third parties acting on their behalf
    Government departments, Law enforcement and regulatory bodies On occasion we may be required to share your information with government departments, law enforcement agencies and regulatory bodies. This is usually to support the prevention of crime and to enable us to meet our legal and regulatory obligations. It may also be to enable other organisations to fulfil their public tasks. This includes organisations such as:

    • Bank of England
    • Central Bank of Ireland
    • Companies House
    • Data Protection Commission
    • Financial Conduct Authority
    • Financial Ombudsman Service
    • Financial Services Compensation Scheme
    • Fraud prevention agencies
    • His Majesty’s Revenue and Customs (HMRC)
    • Information Commissioner’s Office
    • Lending Standards Board
    • National Crime Agency
    • Police services
    • Prudential Regulation Authority
    • US, EU and other designated authorities
    Credit Reference Agencies When processing applications for one of our credit facilities we share your information with credit referencing agencies that will perform credit reviews. These agencies may retain a record of the search even if the application does not proceed. The credit reference agencies we use are Equifax Ltd, Experian Ltd, TransUnion International UK Ltd.
    Third parties acting on behalf of the Bank of Ireland Group plc. and/or Bank of Ireland (UK) plc. We may share your information with third parties connected with the sale, merger or acquisition of the Group’s assets; law companies who may assist with legal advice or litigation; market research companies or consultants who are conducting research or offering advice; and external auditors.
    Third parties acting on your behalf with your consent or to protect your vital interests or those of another person We may share your information with third parties where you have provided us with your consent and/or where this is in the vital interests of either you or another person. This may include legal representatives, accountants, financial advisors, family members, Account Information Service Providers (AISP), Payment Initiation Service Providers (PISP) and Credit Based Payment Instrument Issuer (CBPII), other financial organisations, employers, medical professionals.

    Table 4

  • Consequences of not providing information

    We will only collect information that is necessary to perform our contract with you, comply with our legal and regulatory obligations, where it is in our legitimate business interests or we have your consent. If you choose not to provide this information we may not be able to provide or continue to provide the products and services you have applied for.

  • What rights do I have over my personal information

    Under data protection legislation, you have a number of rights including the right to:

    • Be informed if an organisation is using your personal data;
    • Ask whether or not we are using or storing your personal information and to ask for a copy of that information;
    • Ask us to correct/rectify inaccurate or incomplete information;
    • Request human intervention if you disagree with a decision based solely on automated processing, although there are some exceptions;
    • Withdraw your consent for us using your information where processing was based on us obtaining your consent;
    • Request we erase your information in certain circumstances;
    • Restrict how we use your information in some situations;
    • In some circumstances object to the way we process your information;
    • Request we port or transfer your information to another organisation or provide it to you in an accessible format for you to pass on.

    Additional information on how you can exercise your rights is available on our website bankofirelanduk.com/site-links/data-subject-rights-dsr/.

    If you are unhappy about the way we have used your information, please let our Data Protection Officer know so we can help put things right (see details included below). You also have the right to raise a complaint with the data protection regulator, the Information Commissioner (ICO) www.ico.org.uk.

  • Transferring your personal data outside of the UK

    We may transfer or allow the transfer of information about you and your products and services with us to our service providers and other organisations outside the United Kingdom (UK), but only if they agree to act solely on our instructions and protect your information to the equivalent standard that applies in the UK.

    Some of our service providers (such as IT service providers, telecommunication providers, credit reference agencies, payment processors, custodians, providers of administration services and tracing agents), contractors and other third parties or entities used in connection with your products and services may be based outside of the UK or European Economic Area (EEA). Where we authorise the processing/transfer of your personal information outside of the UK or EEA, we require your personal information to be protected to at least UK standards and include the following data protection transfer mechanisms:

    • The UK International Data Transfer Agreement contains standard data protection clauses with our service providers to ensure that any personal data leaving the UK or EEA will be transferred in compliance with UK data protection law.
    • Transfers to countries outside the UK which have an adequate level of protection as approved by the UK Government.
    • Binding Corporate Rules. A copy of the Binding Corporate Rules for those organisations who use them (such as First Data (one of the Bank’s payment processors) or Mastercard) are available on request.
    • Transfers permitted in specific situations where a derogation applies as set out in Article 49 of the UK GDPR. For example, where it is necessary to transfer information outside of the UK to perform our contract with you.
  • How long do we hold your information?

    How long we hold your data depends on a number of things, like the law and regulations and the type of financial product we’ve given you.

    These factors include:

    • The rules set out in laws and regulations or set by authorities like the Bank of England, Financial Conduct Authority and the Prudential Regulation Authority.
    • The type of financial product we’ve given you for example, we may keep data relating to a mortgage product for a longer time than we keep data relating to a single payment transaction.
    • Whether you and we are in a legal or other  dispute with another person or each other.
    • The type of data we hold about you.
    • Whether you or a regulatory authority ask us to keep it for a valid reason.
    • Whether we use your data for long-term statistical modelling, but only if the modelling does not affect any decision we make about you.

    We keep your information for a set amount of time after a transaction has completed and/or you are no longer a customer. In most cases this is 7 years. It may be up to 13 years if we have a legal deed (such as a mortgage deed) in place. If we are not able to completely delete or anonymise your personal information within these times, for example, because of IT system restrictions, we will limit access to your information or make sure it cannot be used, where possible.

    Please note that in some circumstances we may be required for legal or regulatory reasons to retain your information for longer periods, for example whilst supporting an investigation by a law enforcement agency or where litigation is in progress.

  • Other privacy notices

    Ensure you read the Privacy Notices issued by Credit Reference Agencies and Fraud Prevention Agencies which are available from their websites (see Table 2 on page 6 and Table 3 on page 8 of this notice for the website addresses).

    If you were introduced to us by a broker or other intermediary, ask your broker or other intermediary, such as a motor dealer, for a copy of its own Privacy Notice if you have not already seen it. You should also ask for a copy of the Privacy Notice of any third party product and service provider you contract with.

  • Changes to our Privacy Notice

    It may be necessary to update this Privacy Notice from time to time, however if that is the case we will notify you of any significant changes by one or more of the following methods: post, SMS, e-mail or when you log into 365 online. We will also ensure the most recent version of the privacy notice is available on our website – bankofirelanduk.com.

    This privacy notice was last updated on October 2024.

  • Contacting our Data Protection Officer

    If you have any questions about how we use your information please let our Data Protection Officer know by either emailing boiukdataprotectionofficer@boi.com or writing to:

    Bank of Ireland UK – Data Protection Officer
    PO Box 31911
    1 Temple Quay
    Bristol
    BS1 9HY

  • Accessibility

    If you require a copy of this privacy notice in braille, large print or audio, please contact us.

  • Appendix A: Fraud Prevention Agencies

    GENERAL
    (a) Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
    (b) The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
    (c) Details of the personal information that will be processed, for example are: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
    (d) We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
    (e) We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
    (f) Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
    (g) Details of the Fraud Prevention Agencies used by the Bank are provided in Table 3, the ‘Legal obligations’ section of this Privacy Notice.

    AUTOMATED DECISIONS
    (h) As part of the processing of your personal data, decisions may be made by automated means. This means our systems may automatically decide that you pose a fraud or money laundering risk, for instance if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or your behaviour is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

    CONSEQUENCES OF PROCESSING
    (i) If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
    (j) A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

    DATA TRANSFERS
    (k) Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
    Please note National Hunter rules currently do not allow for processing National Hunter data outside of the UK and European Economic Area.

    YOUR RIGHTS
    (l) Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
    (m) For more information or to exercise your data protection rights please visit: bankofirelanduk.com/site-links/data-subject-rights-dsr/
    (n) You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.