At Tesco Bank, we’re working hard to serve our customers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and understand how we use it to offer you a better and more personalised experience.
We are Barclays Bank UK PLC, trading as Tesco Bank.
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy policy which explains:
If you have other Tesco products or if you have a Tesco Clubcard account associated with your Tesco Bank product, Tesco will collect and use personal data to provide you with their products and services. You can read the Tesco privacy policy here.
Personal data is any information about you which can directly or indirectly identify you.
Most of the personal data we collect is essential for us to know so that we can provide our products to you. If we ask for personal data that is optional, we will explain this at the time.
When you apply for a product, we will ask you to provide us with:
When you use our website or Mobile App or open our emails, we collect information to measure and improve our service. This includes:
When you contact us or take part in promotions or surveys about our products, we collect:
We collect personal data from other sources, such as:
Further information on how the credit references agencies and fraud prevention agencies that we work with use and share data can be found here.
We use this data when we need to:
If you have existing products with Tesco Bank or you have a Clubcard, we sometimes use this information to pre-populate fields in our application forms online. You will be asked to check the information is up to date.
If you give us information about other people who will be connected to your applications or products, we will keep a record of their data. You must make sure that you have their permission before you share their data with us or make decisions on their behalf about how we use their data, including credit checks. Please make them aware of this privacy policy.
This includes:
Whenever we process your personal information, we must meet at least one set condition for processing. These conditions are set out in data protection law, and we rely on a number of different conditions for the activities we carry out. The table below sets out what we use your personal data for and our legal basis for doing so.
|
To make our products available to you |
Why we collect data
|
Why we are using the data (legal basis) Because we have a contract with you, we have to use your data in this way as a necessary part of that contract. Once you no longer have the product, we keep your data for a period of time afterwards as part of our legitimate interests in case needed for a complaint or regulatory enquiry and to help us to lend responsibly. If you want to ask us to review a decision which we have made based on an algorithm, you can ask us any time. |
|
To prevent fraud and financial crime |
Why we collect data We carry out fraud checks to protect our customers and prevent crime. We use algorithms and computer programs to analyse transactions and data in applications to check for fraud. You can read more about our fraud prevention checks here. |
Why we are using the data (legal basis) The law requires us to do this as we have responsibilities to prevent financial crime. We also act in our legitimate interests to protect our business and customers. If you want to ask us to review a decision which we have made based on an algorithm, you can ask us any time. |
|
To trace and recover debt |
Why we collect data We may access information from third parties such as credit reference agencies to get up to date contact details where we need these to recover money owed to us. If you are ever concerned about paying your debts, please contact us. |
Why we are using the data (legal basis) We act in our legitimate interests as we need to recover money owed to us to enable us to operate our business. |
|
To record calls to our call centres |
Why we collect data We use call recordings to prevent fraud, for staff training and to manage customer complaints. |
Why we are using the data (legal basis) We act in our legitimate interests as call recordings help us to meet our responsibilities to combat fraud, provide good customer service and respond to complaints. |
|
To carry out analysis on our products and understand our customers’ needs |
Why we collect data We use algorithms and computer programs to analyse customer data by creating customer segments and scoring. We use customer data from our products, and data from declined applications. We sometimes combine your data with data from our partners to help us in our analysis. This will only happen where those partners have ensured that passing your personal data to us is permitted by data protection laws – this means that they must ensure that you have been informed that your data will be used in this way. When we analyse data as part of our product development, we don’t use it to identify individual customers. Analysing customer data allows us to understand our customers better and explore possibilities for how we might serve our customers better and improve our products. We work together closely with our partner Tesco to make sure we serve our customers a little better each day. To help us do this, some information about you may be shared between us and Tesco. This customer insight and analysis is done to help improve our customer understanding, and won’t negatively affect you. |
Why we are using the data (legal basis) We act in our legitimate interests as these activities allow us to improve our products and serve our customers better. |
|
To operate our business |
Why we collect data We use customer data when carrying out internal audits and in financial analysis. |
Why we are using the data (legal basis) We act in our legitimate interests to monitor the performance of our business and make improvements. |
|
To manage and improve our website and apps |
Why we collect data We use cookies and similar technologies on our website and apps to improve your customer experience. You can switch off non-essential cookies using the toggles. You can find more information in the Cookie Policy |
Why we are using the data (legal basis) Essential cookies: We act in our legitimate interests to enable our website to function securely. Non-essential cookies (measurement, experience and advertising): We obtain customer consent. You can change your preferences at any time by visiting manage my cookies. |
|
To provide you with marketing |
Why we collect data To personalise the marketing messages you receive so they are more relevant and interesting. This may include an analysis of your transactions so we can understand what may be of most relevance and interesting to you. We may also get information from third parties to tailor our marketing to you. We will stop using your personal data for these purposes if you ask us to stop sending all marketing messages to you, whether by post, email, telephone, text message, online or through our mobile banking app. We will work closely together with our partner Tesco to make sure we serve our customers a little better each day. As a part of this, some information about you may be shared with Tesco for marketing activities. You'll only receive marketing that's relevant to your Tesco Clubcard, and your marketing preferences for Tesco and Tesco Bank will be applied. We use personal data to tailor the adverts we show to you online on social media sites and other sites that sell advertising space. Personalised adverts show the AdChoices logo. You can find out more in our Cookie Policy. |
Why we are using the data (legal basis) It is in our legitimate interests to provide information more relevant to customers' circumstances. You can opt out via our unsubscribe site, or within online banking, our mobile app or by calling us. |
|
We use Tesco Clubcard data to give Tesco discounts and better offers |
Why we collect data We work closely with our partner Tesco to use Clubcard data (including shopping habits and the types of purchases you or your household make) to try to bring you better terms, deals, offers or support than you would get if we didn't use the data. This is done by creating customer segments and scores based on factors such as how likely we think you are to pay back money we lend you, how often you use other Tesco products and services, and how you prefer to shop. We can then use these scores as one of the factors in our automated decision-making process. We also consider whether you are a Tesco Clubcard customer or have an existing Tesco Bank product. Clubcard is a loyalty scheme, and customers trust Tesco to use their Clubcard data to reward them with offers. Clubcard data is only used to give better prices or offers and never to increase prices or decline an application. Working with our partner Tesco, we use data that you provide, such as your name and address, to find any Tesco Clubcards that are linked to your surname and address. That might be your Tesco Clubcard, or that of a family member living in the same house as you. When we do this, we aim to use the Tesco Clubcard linked to your address which gives you the best terms, deals or offers. |
Why we are using the data (legal basis) This is in our legitimate interests as it allows us to offer better deals to our customers. |
|
Complaints and requests |
Why we collect data We process your data if we need to manage complaints, data subject access requests or legal claims. We also sometimes receive requests from regulators for information which might require us to process and share your data with regulators. |
Why we are using the data (legal basis) When we do this, it is because we are bringing or defending legal claims, or because the law requires us to do this, as we have regulatory responsibilities to manage complaints to support our customers and respond to data subject rights requests and regulatory requests for information. |
|
Sensitive data – helping our vulnerable customers |
Why we collect data Sometimes we ask for sensitive or special category personal data, such as medical information, to allow us to help vulnerable customers. We only collect the minimum amount of information required. |
Why we are using the data (legal basis) Where possible, we will ask for your consent to use this data. Where we have asked for your consent, you can change your mind at any time by contacting us and asking us to stop processing this information. Where it is not possible to get your consent (for example if you are not able to give consent), we will only use or share your information where we believe that it is in your best interests and there are substantial public interests in us helping our customers in this way. We are also required by law to collect some sensitive data to help our customers as we have responsibilities to support our vulnerable customers. |
|
Biometric data |
Why we collect data Biometric data is data which relates to physical or behavioural characteristics used to try to identify a person, for example facial recognition or fingerprint verification. We use biometric data where this helps us to meet our responsibilities to prevent or detect financial crime. For example, we use algorithms and computer programs to look at images to assess certain features to identify the individual in the image as part of some of our application processes. |
Why we are using the data (legal basis) Where possible, we will ask for your consent to use this data and offer an alternative way of carrying out our checks. If we have asked for your consent, you can change your mind at any time by contacting us. Where the use of biometric data forms an integral part of our financial crime and security checks which we must have in place to meet our regulatory responsibilities, we won’t offer a choice if there are substantial public interests in the use of biometrics and it is in our legitimate interests. We will explain on product applications or other screens if you have a choice as to the use of biometric data for that product or service. |
|
Behavioural biometrics |
Why we collect data When you shop online, you will occasionally be asked to authenticate your payment. If you don’t currently use our Mobile App to do this, we will use behavioural biometrics to help confirm it’s you making the payment. Within the payments (authentication) screen we will collect behavioural biometrics data. This looks at various behaviours such as how you move your mouse and keystroke analysis e.g. how you type and the speed at which you type. A profile is built up over time that enables us to identify you and provides a stronger way of checking it is you making the payment online. |
Why we are using the data (legal basis) Behavioural biometrics for card payments online is performed in the substantial public interest as it provides protection from social engineering (fraudsters tricking customers into giving their security details to them). Whilst passwords can be stolen from customers by fraudsters, the unique ways you interact with your devices cannot be duplicated. As our legal basis is substantial public interest to prevent and detect unlawful acts (in this case, fraud), you cannot opt out of this use as it is in place to protect you. |
|
Location data |
Why we collect data If you enable location services within our app, we will collect data which is used in our assessment of whether a transaction is unusual and may be fraudulent. We use algorithms and computer programs to make these assessments. This is done for your security and may be shared with fraud prevention agencies. We also collect location data for analysis purposes to help us to improve our service. |
Why we are using the data (legal basis) We ask for your consent. If you don’t want us to collect and use your location data, you can turn off the location service within our app. You can control access to location services at any time through your phone settings. We also collect and use your location data to prevent and detect fraud in behavioural biometrics, which is performed in the substantial public interest, as set out above in the table. |
|
Market research |
Why we collect data We like to hear your views to help us improve our services, so we may contact you for market research purposes. You will always have the choice about whether to take part in market research. |
Why we are using the data (legal basis) This is in our legitimate interests as market research helps us to improve our services to customers. |
|
Electronic payment services |
Why we collect data If you request that your data is transferred to a third-party payment initiation or account information service, we will share your information as requested by you. The third party will be responsible for your information once we have transferred it to them and we recommend that you check the privacy policy of the third party before asking for your information to be transferred to them. |
Why we are using the data (legal basis) The law requires us to do this. |
|
Sharing data to ensure payments go to the correct accounts |
Why we collect data If a person or organisation pays you money by mistake, we will contact you to ask you to return the money. If you do not return the money, the law says we must give your name and address to the account providers of the person or organisation who sent you the money so they can recover the money from you. When someone pays money into your account, we share your name with them if we need to confirm the payment is being made to the right account. |
Why we are using the data (legal basis) The law requires us to do this. |
|
Authenticating payments |
Why we collect data If you buy something online or over the phone, this is known as a Card Not Present transaction (CNP) which requires additional authentication for security reasons. If you make a CNP payment to someone else and we are your card issuer, the organisation you are making the payment to will send us some of your information so we can confirm it is you making the payment. Similarly, if you are making a CNP payment to us, we share some of your information with your card issuer so they can confirm that it is you making the payment. |
Why we are using the data (legal basis) This is in our legitimate interests as it enables us to detect and prevent fraud, for example, if your card was stolen and a fraudster tried to buy something using incorrect details about you. |
In order to provide our products to you, we have to share some of your data with partners we work with. Whenever we share data, we only share the minimum amount necessary to operate our business and provide our products. We may sometimes anonymise or aggregate your data to provide insights to third parties, including Tesco.
In some cases, we need to share your data with our partners because they provide a service which we do not provide. In other cases, we have to share your data to prevent fraud and financial crime or to ensure that we are lending responsibly.
We share the personal data we collect with Tesco for customer services across Tesco. For example, we share some personal data with Tesco Stores in connection with the operation of Tesco Clubcard accounts so that Tesco Bank customers receive Tesco Clubcard points where these are collected as part of the Tesco Bank product. We don’t share all of your data with Tesco and only share the minimum amount of data they need to provide or receive shared services.
We share data with:
If you have a credit card with us and you also request a quote for insurance products from Tesco's insurance business (Tesco Personal Finance plc), we may share limited information regarding how you use your credit card with Tesco's insurance business. They may use this information to match this to personal information they already hold about you, so that they can offer you better discounts on insurance products.
We are owned by Barclays PLC, so we work closely with other businesses and companies in the Barclays Group of companies. We may share certain information with other Barclays Group companies (for example, to provide you with products or services, for marketing purposes, for internal reporting and where those companies provide services to us).
We share card details with Visa and Mastercard to enable them to provide their services to you. If you get a replacement Visa card or Mastercard, they will share the new card details with retailers you have a known relationship with, so that the retailers can keep your card details up to date. This might happen where you have given a retailer permission to hold your card details for future payments. You can opt of out this by contacting the retailer. For Visa card holders, you can call us on 0345 835 3353 to let us know. However, this means you’ll need to contact any retailer you’ve set up a recurring payment with and update your new card details with them directly to ensure your payments continue and your service with them is uninterrupted.
Sometimes we may need to send your personal data to another country. For example, if one of our service providers has a data centre overseas. Before sending your personal data to an overseas country outside the UK or the European Economic Area, we check that the organisation we are sending the data to will be able to keep your data secure. If necessary, we will put appropriate measures in place, such as relevant clauses in contracts, to make sure that personal data is sent and received in line with any laws that apply.
When your personal data is in another country, it could be accessed by law enforcement agencies in those countries. They do this to detect and prevent crime, or because the law says they must.
In most cases we keep your personal data for 7 years after the end of your relationship with us. We keep data in case of legal claims, complaints and for analysis to help us develop our products. For example, looking at customer data helps us to understand how to make lending decisions in future. When we use data for analysis, we do not use it to identify individual customers.
We keep banking application data for up to 7 years after the end of your relationship with us. We do this to develop our products and to protect you and us against fraud and financial crime. We use this data if you apply for a product again in the future, for example as part of our fraud checks.
We keep marketing records for 3 years after your last activity with us.
In some cases, we keep personal data for longer than 7 years, for example where it is needed for an ongoing investigation or legal proceedings. We only keep the data that we need, and we delete or anonymise it as soon as we can.
When someone borrows money from a bank, there is always a risk that they may not be able to pay it back. Credit decisioning, which involves credit scoring and checking if you are able to afford the lending, is a way of working out how likely we think it is that you will pay back the money we lend you. Your credit score, which is part of your assessment, is worked out automatically by a computer. It takes into account different factors, such as the amount of debt you currently have, how you have paid off debts in the past and data from your Clubcard if it can be used to improve your credit score. Credit decisioning and credit scoring are important steps in making sure we are lending responsibly.
We use three main sources of data when working out your credit score:
When we are processing your application for a credit product (a loan or credit card), we will perform a credit check with credit reference agencies. You will be told when this is about to happen and will be asked to agree. We will give your personal data to the credit reference agencies and they will give us data about you. This will include data from your application about your financial situation and financial history.
We don’t share data on other products, such as savings accounts, with credit reference agencies, but we access data from credit reference agencies to perform identity checks.
Credit reference agencies will give us data that is public, such as information from the electoral register, as well as specific information they know, such as shared credit, financial situation and financial history information, and fraud prevention information which other lenders have shared with them.
We use data from credit reference agencies to:
If you have a credit product (a loan, credit card or a current account overdraft), we will continue to exchange data about you with credit reference agencies while you have a relationship with us. This includes telling the credit reference agencies how you manage your debts; for example, how you repay your loans, credit card or manage your overdraft. If you do not pay back in full or on time, we will tell the credit reference agencies, and they will record the outstanding debt. Other organisations will be able to see this information and may take it into account when making decisions about whether to offer you credit.
When we make a search request, the credit reference agencies make a note on your file that Tesco Bank has done a search. Other organisations will be able to see that Tesco Bank made a search of your data.
If you are making a joint application and tell us that you have a spouse or partner or anyone else that you are financially associated with, we will also search their data with the credit reference agencies and link your records together.
Credit reference agencies will also link your records together. Your records will stay linked until either you or the other person requests that the files are no longer linked (this is known as issuing a ‘notice of disassociation’). It is important that anybody you are making a joint application with, or any financial associate you tell us about, understands this before you make an application.
The three main credit reference agencies are TransUnion, Equifax and Experian.
To learn more about what they do, what data they hold, and what your rights are, go to www.transunion.co.uk/crain, www.equifax.co.uk/privacy-hub/crain or www.experian.co.uk/crain
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at www.cifas.org.uk/fpn and www.nhunter.co.uk/privacy-policy
When you apply for certain products, we may need to verify your identity and we may use services of external service providers to help us verify your identity to protect our customers and help us meet our regulatory responsibilities.
If you’d like to exercise your data subject rights, or have any questions or concerns about how we use your data, you can contact us:
By post: The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ
By phone: by calling us on one of the numbers for your product(s) here
By email: DataSubjectRights_DPO@tescobank.com
Our Data Protection Officer supports us in answering any questions and acts as a point of escalation.
We’d like the chance to resolve any complaints you have, but you also have the right to complain to the Information Commissioner’s Office (the "ICO") about how we have used your personal data. Their website is ico.org.uk/your-data-matters/raising-concerns/
You have a number of data subject rights, which you can make at any time. In some cases, these rights have limitations, but we will always respond within one calendar month. If we cannot meet your request, we will explain why. We may get in touch sooner if we need extra information to help us find your personal data, or to verify your identity.
You have the right to see the personal data we hold about you. This is called a Subject Access Request. If you make a Subject Access Request, we will send you a copy of the personal data that you would like to see. There are a few exceptions where we might not be able to provide the information, such as where it includes personal data about others. Please use the subject access request form to make your request.
If you believe we hold inaccurate or missing data, please let us know and we will correct it.
If you want us to stop or restrict us using your personal data, or you want us to erase it entirely, please let us know. There are times when we may not be able to do this – for example, if the data is related to a contract between us, or if the law says we need to keep your personal data for a certain amount of time.
You can also ask us to stop using your personal data for direct marketing purposes and you can opt out of marketing at any time:
On emails: by clicking ‘opt out’ or ‘unsubscribe’ (usually at the bottom of the email).
Online:
By phone: by calling us on one of the numbers for your product(s) here and asking the customer service representative to opt you out of marketing.
You can ask us to transfer your personal data in an electronic format to you, or to another organisation (for example, another bank or insurer).
An automated decision is one that is made by our systems rather than by a person. The benefit of automated decision-making is that we can quickly make key decisions.
We also use automated decision-making:
Automated decision-making helps us to decide things like how likely it is that you will pay back the money we lend. It takes into account factors such as the amount of debt someone has, and how they have paid off debts in the past.
You have the right to:
If you would like us to review a decision we have made about you, such as declining an application, please let us know.
You have the right to object to our use of your personal data. If you do, we'll consider your objection to decide if your rights outweigh our interests in using your personal data. In some instances, we will not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right doesn’t apply to the particular information we hold about you).
We don’t always have to ask for consent to process your personal data, but where we do, you have the right to withdraw that consent at any time by contacting us.
This privacy policy will be reviewed and updated from time to time. We will contact you if there are any important changes which impact how we use your personal data. If we need to give you the opportunity to opt out, we will give you time to do this before we make any changes to the way we use your personal data.
Last updated: November 2024
