Need help?
This Privacy Notice (the Notice) sets out how Leek Building Society collects and uses your personal data and the rights that you have under applicable data protection laws. When you share your details with us, we want you to be confident that we will protect that data and only use it in the ways we set out in this Notice.
To aid with navigation, the Notice is divided into helpful sections with clear subject headings. This Privacy Notice may be updated from time to time. Here, you'll find the most up to date version of the Notice; November 2022. Alternatively, download a printable copy at the bottom of this page.
You will see at the end of this Privacy Notice that we mention the privacy notices of Fraud Prevention Agencies and Credit Reference Agencies (CRAs). We need to share these with you. Please read them carefully and contact those organisations if you have questions (their details are in their notices).
We are Leek Building Society of 50 St. Edward Street, Leek, Staffordshire, ST13 5DL. Leek Building Society is a trading name of Leek United Building Society, which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Registered No: 100014
In line with data protection law, we are the data controller of your information. This means that we are responsible for your personal data and making sure it is processed fairly and lawfully.
When we use terms such as we, us and our in this Notice, we mean Leek Building Society.
We have appointed a Data Protection Officer, referred to in this Notice as the DPO. The DPO can be contacted if you have queries about this Privacy Notice or wish to exercise any of your data protection rights.
Marking your communication as FAO Society DPO, either email:
andrew.davies@leekbs.co.uk or use our postal address:
50 St. Edward Street, Leek, Staffordshire, ST13 5DL.
Alternatively, call our central switchboard on 01538 384151 and request to speak with the DPO.
Your personal data is any information about you that can be used to identify you. The amount of personal data that we hold about you will depend upon the types of interactions we have had, the services you have accessed and whether you have any accounts with us.
We have set out below some categories of personal data that we might hold about you:
Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Notice.
You should tell us without delay so that we can update our records. The contact details for this purpose can be found by clicking here. If you were introduced to us by a broker or other intermediary, you should also contact them separately.
Most personal data that we collect and process about you will come directly from you. The data is collected when you:
If you make a joint application with your spouse, partner, or family member, we will also collect their personal information and you must show this Notice to them and confirm that they know you will share their personal information with us.
If there is somebody who has power of attorney over your affairs, that person will see this Notice when we contact them.
We collect personal data about you whenever you use our website or app and when you transact on your accounts.
We receive and process personal data about you from various other sources as set out below.
If you are introduced to us by a broker or other intermediary, we will obtain some personal information about you from them when they introduce you to us.
In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, CRAs, your employer, landlord, other lenders, HMRC, DWP, publicly available directories and information (e.g., telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist with your application for one of our products, the management of your accounts, as well as in the prevention and detection of crime, police, and law enforcement agencies.
Some of the personal information obtained from CRAs will have originated from publicly accessible sources. CRAs draw on court decisions, bankruptcy registers and the electoral register.
We are unable to provide you with mortgage or savings products or process your application without having personal information about you. Your personal information is required before you can enter the relevant contract with us and is required during the life of that contract, or for as long as required by the laws that apply to us.
We will only use your personal data where the law allows us to. Data protection law refers to lawful bases of processing, four of which are set out below. The lawful basis that we rely on will depend on the purpose for which we are processing the data.
We will use your personal data in the following circumstances:
In very limited circumstances we may process data about your health so that we can protect your financial interests.
Much of what we do with your personal information is not based on your consent, instead it is based on another lawful basis. If we do seek your consent, we will explain how we wish to process your personal data. For processing that is based on your consent, you have the right to take it back at any time. You can do this by contacting us using the details here.
The table below sets out the ways we use your personal data and the lawful basis we rely on for that processing.
| Purpose | Lawful basis |
|---|---|
| To confirm your identity | To comply with legal obligation |
| To carry out credit check | You have given your consent |
| To open and manage your account | To perform the contract |
| To collect money owed to us | To perform the contract |
|
To manage our relationship with you, for example:
|
To perform the contract To comply with legal obligations |
| To prevent financial crime | To comply with legal obligations |
| To protect branch security | To comply with legal obligations |
| To market our products and services | You have given your consent |
| To comply with legal and regulatory obligations generally | To comply with legal obligations |
| Sharing your data with other payment services providers |
To comply with legal obligations You have given your consent |
We may use your address, phone numbers, email address and social media (e.g., Facebook, Google, and message facilities in other platforms) to contact you according to your marketing preferences. You will only receive such materials where you have opted in. You can stop our marketing at any time by telephone, email or visiting one of our branches.
We will never sell of share your personal data with any third party for marketing purposes.
In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, social media messages, in person face to face meetings and other communications including CCTV.
We may monitor where permitted by law and we will do this where the law requires it. Where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone lines we will do so.
Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you such as in relation to fraud risks on your account and for quality control and staff training purposes.
We have CCTV inside and outside all our premises to keep both our customers and staff safe. We have signage in the areas which are covered by CCTV to remind you.
All CCTV footage is kept secure and is retained in line with our data retention policy. Footage may be disclosed to other parties, but in very limited circumstances, for example when we are required to do so by law.
We may share your personal information with third parties where it is necessary to administer or manage the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.
We are solely based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA) to help us to provide our products and services. If it is processed within Europe or other parts of the EEA then it is protected by European data protection standards.
Where we send your personal data outside the EEA, we will make sure that suitable safeguards are in place before we transfer your personal information. Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the EEA.
Before we can open a savings account for you or arrange a mortgage, we need to check your identity to confirm that you are who you say you are. It is a legal requirement. Checking your identity is one way that we can stop criminals from using other people’s identities to commit crimes.
We use technology to make some decisions about you without involving a person to make that decision – this is called “automated decision-making”. We do this when we confirm your identity when you use our Online Services.
Identity checks will be carried out every time you apply for a new account or mortgage with us. These checks do not affect your credit score.
To process your mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
We carry out two types of credit checks during our mortgage application process.
A soft credit search is an initial look at certain information on your credit report to ascertain the likely success of a mortgage application. This check does not leave a footprint on your credit file. The Society reserves the right to carry out a soft credit search before the issuance of a Decision in Principle.
When you choose to proceed with the application, a hard credit check is performed and the CRA will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on the Equifax website and Experian website.
Fraud prevention agencies exist to try to prevent individuals and organisations from becoming victims of financial fraud. To do this, they maintain detailed records of confirmed and suspected fraudulent activity. This is explained in more detail on the Equifax, Experian and National Hunter websites.
When you apply for a mortgage or savings account, we share your identity and contact data with these agencies to check that you have not been flagged as a fraud risk. Where you are flagged as a fraud risk, we may decide not to continue with your application.
Unless we explain otherwise to you, we will hold your personal information for the following periods:
If you would like further information about our data retention practices, contact our Data Protection Officer.
Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of the rights, please contact us as set out in Section 1. The right of data portability is only relevant from May 2018.
ICO - Guide to your data protection rights
If you wish to exercise any of your rights against the CRAs, the Fraud Prevention Agencies, or a broker or other intermediary who is a data controller, you should contact them separately.
You have the right to complain at any time if you are unhappy with the way that we have used your personal data to the Information Commissioner’s Office which enforces data protection laws. You can contact the ICO by clicking here.
You can also complain to the Society directly by contacting our Data Protection Officer on 01538 381451, complaining via our website or contacting your local branch.
We have mentioned that we share your personal information with Fraud Prevention Agencies and CRAs. They require us to pass on to you information about how they will use your personal information to perform their services or functions as data controllers. These notices are separate to our own.
The meaning of some terms that we use in this Notice:
Automated decision making means a process where we make decisions about you, such as your suitability for a product, using a computer based and automated system without a person being involved in making that decision (at least first time around).
Profiling means any form of automated processing of your personal information to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
Process or processing includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying, transferring it overseas.
Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights, and freedoms. Those laws call this the legitimate interest’s legal ground for personal data processing.
Download a printable copy of Leek Building Society's Privacy Notice here.
We care about protecting everyone's data, regardless of their age. That's why we have a separate Privacy Notice aimed for children and young people too.
Leek Building Society received the award of Best Building Society 2023 at the British Bank Awards, sponsored by Smart Money People, on 11 May 2023.
Leek Building Society is a trading name of Leek United Building Society, which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority with firm reference number 100014. Our details can be found on the Financial Services Register at https://register.fca.org.uk/s/. Leek United Building Society’s address for service is 50 St. Edward Street, Leek, Staffordshire ST13 5DL.
