Leek online
Login to Leek online
New user?
Register here
Is your mortgage about to expire?
Login to switch your mortgage deal
Intermediary Login

Ask us your question

Or speak to us by phone

You can call us on

0800 093 0004

Our Privacy Notice

This Privacy Notice (the Notice) sets out how Leek Building Society collects and uses your personal data and the rights you have under applicable data protection laws. When you share your details with us, we want you to be confident that we'll protect that data and only use it in the ways we set out in this Notice.

To help you navigate, the Notice is divided into helpful sections with clear subject headings. This Privacy Notice may be updated from time to time. Here, you'll find the most up to date version. You can download a printable copy of this and our Privacy Notice for young savers at the bottom of this page.

At the end of this Privacy Notice, we've shared with you the privacy notices of Fraud Prevention Agencies and Credit Reference Agencies (CRAs). Please read them carefully and contact those organisations if you have questions (their details are in their notices).

  • 1. About us

    Who are we?

    We're Leek Building Society of 50 St. Edward Street, Leek, Staffordshire, ST13 5DL. Leek Building Society is a trading name of Leek United Building Society, which is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential Regulation Authority. Registered No: 100014

    In line with data protection law, we're the data controller of your information. This means that we're responsible for your personal data and making sure it's processed fairly and lawfully.

    When we use terms such as we, us and our in this Notice, we mean Leek Building Society.


    Our Data Protection Officer

    We've appointed a Data Protection Officer, referred to in this Notice as the DPO. The DPO can be contacted if you have questions about this Privacy Notice or wish to exercise any of your data protection rights.

    Marking your communication as FAO Society DPO, you can either:

    • Email andrew.davies@leekbs.co.uk
    • Write to us at 50 St. Edward Street, Leek, Staffordshire, ST13 5DL.
    • Call our central switchboard on 01538 384151 and ask to speak to the DPO.

  • 2. Data we collect about you

    What we collect

    Your personal data is any information about you that can be used to identify you. The amount of personal data that we hold about you will depend upon the types of interactions we have had, the services you have accessed and whether you have any accounts with us.

    We have set out below some categories of personal data that we might hold about you:

    • Identity - this means your first, middle and last name, title, date of birth, marital status, gender, nationality, national insurance number, passport number, driving licence number;
    • Contact data - home postal address, correspondence address (if different to your home address), address history, email address, telephone numbers (home, mobile, work);
    • Financial data - accounts you hold with us, details of other accounts you hold if you have shared this with us, income and expenditure details, savings held, employment status, any debt you have;
    • CCTV - images that we capture on CCTV inside and outside our premises;
    • Marketing preferences - whether and how you consent to receiving marketing materials;
    • Cookies - these track your browsing activity on our website;
    • Special category data - this relates to your racial or ethnic origin; political opinions; religious beliefs; genetic or biometric data; sexual orientation; or physical and mental health.


    Data anonymisation and use of aggregated data

    Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this Notice.


    If your personal data changes

    You should tell us without delay so that we can update our records. The contact details for this purpose can be found by clicking here. If you were introduced to us by a broker or other intermediary, you should also contact them separately.

  • 3. How we collect your data

    Data we collect from you

    Most personal data that we collect and process about you will come directly from you. The data is collected when you:

    • Complete an application for one of our mortgage or savings products;
    • Contact us about one of your accounts or an application you have made whether that be on the telephone, in writing, via email or in a face-to-face interaction;
    • Use our website or app;
    • Make an enquiry about one of our products or services;
    • Make a complaint;
    • Request an appointment at one of our branches, via telephone or virtual media;
    • Complete a customer survey or post comments via one of our social media channels.


    Joint applicants and powers of attorney

    If you make a joint application with your spouse, partner, or family member, we will also collect their personal information and you must show this Notice to them and confirm that they know you will share their personal information with us.

    If there is somebody who has power of attorney over your affairs, that person will see this Notice when we contact them.


    Data collected through technology

    We collect personal data about you whenever you use our website or app and when you transact on your accounts.

    • When you use our website, we collect technical and usage data about your computer, browsing actions and patterns of behaviour using cookies and server logs;
    • Our systems automatically record your transaction data whenever money goes into or out of the accounts you hold with us.


    Data collected from third parties or publicly available sources

    We receive and process personal data about you from various other sources as set out below.

    If you are introduced to us by a broker or other intermediary, we will obtain some personal information about you from them when they introduce you to us.

    In addition, we obtain your personal information from other sources such as Fraud Prevention Agencies, CRAs, your employer, landlord, other lenders, HMRC, DWP, publicly available directories and information (e.g., telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist with your application for one of our products, the management of your accounts, as well as in the prevention and detection of crime, police, and law enforcement agencies.

    Some of the personal information obtained from CRAs will have originated from publicly accessible sources. CRAs draw on court decisions, bankruptcy registers and the electoral register.


    If you don’t provide your personal data

    We are unable to provide you with mortgage or savings products or process your application without having personal information about you. Your personal information is required before you can enter the relevant contract with us and is required during the life of that contract, or for as long as required by the laws that apply to us.

  • 4. How we use your data

    Legal grounds for using personal data

    We'll only use your personal data where the law allows us to. Data protection law refers to lawful bases of processing, four of which are set out below. The lawful basis that we rely on will depend on the purpose for which we're processing the data.

    We'll use your personal data in the following circumstances:

    • Where we need to perform the contract we have already or are about to enter with you;
    • Where we need to comply with our legal obligations;
    • Where you've consented to us using your personal data; or
    • Where we feel it's necessary for our legitimate interests and we're confident that processing the data won't lead to a significant risk to you.

    In very limited circumstances we may process data about your health so that we can protect your financial interests.



    Much of what we do with your personal information isn't based on your consent, instead it's based on another lawful basis as detailed in the table below.

    If we do seek your consent, we'll explain how we wish to process your personal data. For processing that is based on your consent, you have the right to take it back at any time. You can do this by contacting us using the details below. 

    • Call us on 0800 093 0004 between 9am-5pm, Monday to Friday
    • Visit one of our branches
    • Write to us at Leek Building Society, 50 St. Edward Street, Leek, Staffordshire, ST13 5DL

    Purposes for using your data

    Purpose Lawful basis
    To confirm your identity To comply with legal obligation
    To carry out credit check You have given your consent
    To open and manage your account To perform the contract
    To collect money owed to us To perform the contract

    To manage our relationship with you, for example:

    1. To provide details of changes to our terms and conditions;
    2. To keep our records up to date;
    3. To respond to queries and complaints;
    4. To communicate with you about the Society.

    To perform the contract

    To comply with legal obligations
    To prevent financial crime To comply with legal obligations
    To protect branch security To comply with legal obligations
    To market our products and services You have given your consent
    To comply with legal and regulatory obligations generally To comply with legal obligations
    Sharing your data with other payment services providers

    To comply with legal obligations

    You have given your consent



    We may use your address, phone numbers, email address and social media (e.g., Facebook, Google, and message facilities in other platforms) to contact you according to your marketing preferences. You'll only receive such materials where you've opted in. You can stop our marketing at any time by phone, email or visiting one of our branches.

    We'll never sell of share your personal data with any third party for marketing purposes.


    Monitoring personal data processing

    Monitoring refers to any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, social media messages, face to face meetings and other communications, including CCTV.

    We may monitor where permitted by law and we'll do this where the law requires it. Where we're required by the Financial Conduct Authority’s regulatory regime to record certain phone lines we'll do so.

    Some of our monitoring may be to

    • Comply with regulatory rules
    • Comply with self-regulatory practices or procedures relevant to our business
    • Prevent or detect crime
    • In the interests of protecting the security of our communications systems and procedures
    • Have a record of what we’ve discussed and actions agreed with you
    • Protect you and to provide security for you such as in relation to fraud risks on your account and for quality control and staff training purposes.



    We have CCTV inside and outside all our premises to keep both our customers and staff safe. We have signage in the areas which are covered by CCTV to remind you.

    All CCTV footage is kept secure and is retained in line with our data retention policy. Footage may be disclosed to other parties, but in very limited circumstances, for example when we're required to do so by law.

  • 5. Sharing your data with Third Parties

    Sharing your data with Third Parties

    We may share your personal information with third parties where it is necessary to administer or manage the contract we have entered into with you, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests.

    Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes. 

  • 6. Sending your data outside the UK

    Sending your data outside the UK

    We are solely based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA) to help us to provide our products and services. If it is processed within Europe or other parts of the EEA then it is protected by European data protection standards.

    Where we send your personal data outside the EEA, we will make sure that suitable safeguards are in place before we transfer your personal information. Safeguards include contractual obligations imposed on the recipients of your personal information. Those obligations require the recipient to protect your personal information to the standard required in the EEA.

  • 7. Checking your identity

    Checking your identity

    Before we can open a savings account for you or arrange a mortgage, we need to check your identity to confirm that you are who you say you are. It is a legal requirement. Checking your identity is one way that we can stop criminals from using other people’s identities to commit crimes.

    We use technology to make some decisions about you without involving a person to make that decision – this is called “automated decision-making”.  We do this when we confirm your identity when you use our Online Services.

    Identity checks will be carried out every time you apply for a new account or mortgage with us. These checks do not affect your credit score.

  • 8. Conducting credit checks

    Conducting credit checks

    To process your mortgage application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

    We will use this information to:

    • Assess your creditworthiness and whether you can afford to take the product;
    • Verify the accuracy of the data you have provided to us;
    • Prevent criminal activity, fraud, and money laundering;
    • Manage your account(s);
    • Trace and recover debts; and
    • Ensure any offers provided to you are appropriate to your circumstances.

    We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.


    Soft and hard credit checks

    We carry out two types of credit checks during our mortgage application process.

    A soft check is carried out before the issue of a Decision in Principle. This does not leave a footprint on your credit file.

    When you choose to proceed with the application, a hard credit check is performed and the CRA will place a search footprint on your credit file that may be seen by other lenders.

    If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

    The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail on the Equifax website and Experian website.

  • 9. Sharing your data with fraud prevention agencies

    Sharing your data with fraud prevention agencies

    Fraud prevention agencies exist to try to prevent individuals and organisations from becoming victims of financial fraud. To do this, they maintain detailed records of confirmed and suspected fraudulent activity. This is explained in more detail on the Equifax, Experian and National Hunter websites.

    When you apply for a mortgage or savings account, we share your identity and contact data with these agencies to check that you have not been flagged as a fraud risk. Where you are flagged as a fraud risk, we may decide not to continue with your application.

  • 10. How long we keep your personal data

    How long we keep your personal data

    Unless we explain otherwise to you, we'll hold your personal information for the following periods:

    • Retention in case of queries - for instance, if you apply unsuccessfully for a product or service. we'll keep your personal information for one year unless we must keep it for a longer period (see directly below);
    • Retention in case of claims - for instance, you might legally bring claims against us. In practice, this means up to 7 years after a savings account has been closed and up to 15 years after a mortgage has been redeemed unless we must keep it for a longer period (see directly below); 
    • Retention in accordance with legal and regulatory requirements - we need to keep this information even after the relevant contract you have with us has come to an end (for up to 7 years for a savings account and up to 15 years for a mortgage and this will be to satisfy our legal and regulatory requirements). Where you've been provided with a mortgage illustration and haven't proceeded with the mortgage, we're obliged to keep your data for 3 years in accordance with FCA regulation (Mortgage Code of Business Sourcebook).

    If you'd like further information about our data retention practices, contact our Data Protection Officer.

  • 11. Your legal rights under data protection law

    Your rights

    Here is a list of the rights that all individuals have under data protection laws. They don't apply in all circumstances. If you wish to exercise any of the rights, please contact us as set out in Section 1. The right of data portability is only relevant from May 2018.

    • The right to be informed about your processing of your personal information;
    • The right to have your personal information corrected if it's inaccurate and to have incomplete personal information completed;
    • The right to object to processing of your personal information;
    • The right to restrict processing of your personal information;
    • The right to have your personal information erased (the “right to be forgotten”);
    • The right to request access to your personal information and to obtain information about how we process it;
    • The right to move, copy or transfer your personal information (“data portability”);
    • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.

    ICO - Guide to your data protection rights


    Exercising your rights

    If you wish to exercise any of your rights against the CRAs, the Fraud Prevention Agencies, a broker or other intermediary who's a data controller, you should contact them separately.

    Your right to complain

    You have the right to complain at any time if you're unhappy with the way that we've used your personal data. You can do this by contacting the Information Commissioner’s Office which enforces data protection laws clicking here.

    You can also complain to the Society directly by contacting our Data Protection Officer on 01538 381451, complaining via our website or contacting your local branch.

  • 12. Data privacy notices from other organisations

    Data privacy notices from other organisations

    As you know, we share your personal information with Fraud Prevention Agencies and CRAs. They require us to pass on to you information about how they'll use your personal information to perform their services or functions as data controllers. These notices are separate to our own and can be found below.

    National Hunter | Privacy Policy (nhunter.co.uk)

    Experian Privacy Policy

    Privacy Statement | Equifax

  • 13. Understanding Data Protection Terms

    Understanding Data Protection Terms

    The meaning of some terms that we use in this Notice:

    Automated decision making means a process where we make decisions about you, such as your suitability for a product, using a computer based and automated system without a person being involved in making that decision (at least first time around).

    Profiling means any form of automated processing of your personal information to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

    Process or processing includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. This includes for instance collecting it (from you), obtaining it (from other organisations), using, sharing, storing, retaining, deleting, destroying, transferring it overseas.

    Legitimate interests is mentioned in our privacy notice because data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights, and freedoms. Those laws call this the legitimate interest’s legal ground for personal data processing.

Unsure about anything? Just complete your details or call 0800 093 0004