Privacy statement and your identity

How your personal information is used by Lloyds Banking Group Companies

Last updated May 2012

Your information will be held by Bank of Scotland which trades as Halifax, part of the Lloyds Banking Group.

The Lloyds Banking Group includes us and a number of other companies using brands including Lloyds TSB, Halifax and Bank of Scotland, and their associated companies. More information on the Group can be found at www.lloydsbankinggroup.com.

Please read this Privacy Policy to understand how we use and protect the information that you provide to us through the “Website”. By accessing any part of this Website or providing any information to us you consent to the use and transfer of your information on the terms set out in this Privacy Policy.

We reserve the right to revise or supplement this Privacy Policy from time to time at our sole discretion and you agree to revisit this page regularly to ensure that you are familiar with the most current version. By continuing to access or use the Website you will be agreeing to any such changes.

If you are a customer of a Lloyds Banking Group company, details of the information we collect and how we use it will also be set out in the terms and conditions of the product or service which you hold. In the event of a conflict between this Privacy Policy and the terms and conditions of your specific product or service, the terms and conditions of your specific product or service will take precedence.

Personal information that we collect and where we collect it from

Your “personal information” is information about you. Lloyds Banking Group companies get your personal information from you and others in various ways, including for example:

a)      through your contact with Lloyds Banking Group companies, for example in applications, emails and letters, during telephone calls and conversations in branch, when registering for services, in customer surveys, when you participate in competitions and promotions, through Lloyds Banking Group company websites and during financial reviews and interviews;

b)      from analysis of your payments and other transactions (such as the amount, frequency, location, origin and recipient) and your use of services involving other Lloyds Banking Group companies and what they know from operating your accounts or providing services to you; and

c)      information Lloyds Banking Group companies receive from or through other organisations (for example card networks, credit reference agencies, insurance companies, retailers, social networks and fraud prevention agencies) whether in the course of providing products and services to you or otherwise.

You must not give Lloyds Banking Group companies personal information about someone else (such as a joint applicant) without first getting his or her consent for it to be used and disclosed in the ways described in this condition. This is because the Lloyds Banking Group company will assume he or she has consented, although the Lloyds Banking Group company may still ask for confirmation. Where you do give a Lloyds Banking Group company information about someone else, or someone else discloses a connection with you, that information may be taken into account with your other personal information.

We will not retain your personal information for longer than is necessary for the maintenance your account, or for legal or regulatory requirements.

Domain name information that we collect is not used to personally identify you and instead is aggregated to measure the number of visits, average time spent on the Website, pages viewed etc. We use this information to measure the use of our Website and to improve its contents.

We may monitor or record phone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve our quality of service, and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.

Using information on social networking sites

As part of our ongoing commitment to understanding our customers better, we may research comments and opinions made public on social networking sites such as Twitter and Facebook.

How Lloyds Banking Group companies use your personal information

Lloyds Banking Group companies may share your personal information with each other.

Your personal information held by Lloyds Banking Group companies may be stored and used for:

a)      providing you with products and, services and notifying you about important changes or developments to the features and operation of those products and services;

b)      updating, consolidating and improving the accuracy of our records;

c)      crime detection, prevention and prosecution;

d)      responding to your enquiries and complaints;

e)      administering offers, competitions and promotions;

f)        evaluating the effectiveness of marketing and for market research, training, statistical analysis and customer modelling (with the aim of improving services);

g)      assessing lending and insurance risks across the Lloyds Banking Group;

h)      identifying products, services and offers which we or others believe may be of interest to you;

i)        managing your relationship with Lloyds Banking Group companies, and in the other ways described below; and

j)        producing data, reports and statistics which have been anonymised or aggregated to ensure that they do not identify you as an individual.

Lloyds Banking Group companies may, from time to time, provide further details about how your personal information may be used.

If you have agreed, we and other Lloyds Banking Group companies may contact you about products, services and offers available from Lloyds Banking Group companies or from selected companies outside the group, which we believe may interest you or benefit you financially. You may tell us at any time if you change your mind.

Lloyds Banking Group companies may use automated decision making systems when assessing your application, managing your borrowing and to detect fraud or money laundering.

How we may share your information outside Lloyds Banking Group

Lloyds Banking Group companies will treat your personal information as private and confidential, but may disclose it outside the Lloyds Banking Group if:

a)      allowed by this agreement;

b)      you consent;

c)      needed by Lloyds Banking Group companies’ agents, advisors or others involved in running accounts and services for you or collecting what you owe Lloyds Banking Group companies;

d)      HM Revenue & Customs or other authorities require it;

e)      the law or the public interest permits or requires it; or

f)        required by others to investigate or prevent crime.

Lloyds Banking Group companies may in the future wish to sell, transfer or merge part or all of their business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it. If so, they may disclose your personal information to a potential buyer, transferee, or merger partner or seller and their advisers so long as they agree to keep it confidential and to use it only to consider the possible transaction. If the transaction goes ahead, the buyers, transferee or merger partner may use or disclose your personal information in the same way as set out in this notice.

Anonymised Reports

Data, reports or statistics created using your personal information may be shared amongst Lloyds Banking Group companies and other companies or organisations outside the group. We will only share these data, reports or statistics outside the group where they have been aggregated or anonymised so that they do not identify you as an individual.

Credit reference agencies and fraud prevention agencies

Lloyds Banking Group companies and other organisations may use UK and European credit reference agency (“CRA”) and fraud prevention agency (“FPA”) records about you:

a)      to help make decisions, for example when:

(i)         checking details on applications for credit and credit-related or other facilities;

(ii)        managing credit and credit-related accounts or facilities;

(iii)       recovering debt;

(iv)       checking details on proposals and claims for all types of insurance; and

(v)        checking details of job applicants and employees; and

b)      to prevent crime, fraud and money laundering.

Lloyds Banking Group companies, CRAs and other organisations may also use CRA records about you and those financially linked to you to:

a)      check your credit history;

b)      verify your identity if you, or someone financially linked with you, applies for services;

c)      trace your whereabouts; and

d)      undertake research, statistical analysis and systems testing.

You will be financially linked by CRAs to any other names you use or have used, and any joint applicants. This means joint applicants' financial affairs may be treated as affecting each other, and will be revealed whenever CRAs are searched, until one of you successfully files a “disassociation” with the CRAs.

If a Lloyds Banking Group company needs to make a credit decision when you apply for a service or to review the amount of credit it provides under an existing agreement, such as an overdraft, it will carry out a CRA search. The CRA will record the searches, even if an application does not go ahead or is unsuccessful. This may affect your ability to borrow from other lenders within a short period.

Lloyds Banking Group companies may also tell CRAs how you run your relationship with them (such as whether or not you pay anything you owe on time), which may also affect your ability to borrow from other lenders. If you fall behind with your payments and a full payment or satisfactory proposals are not received within 28 days of a formal demand being issued, then a default notice may be recorded with the CRAs. Similar information may also be given about your other lending/credit relationships with members of the group. Any records shared with CRAs will remain on file for 6 years after your account is closed, whether it has been settled by you or as a result of a default. Other organisations may see these searches and updates if you apply for credit in the future, and these may affect your ability to borrow from other lenders.

Lloyds Banking Group companies may pass details of false or inaccurate information provided and any suspected fraud or general information about how you run your relationship with them to FPAs and other relevant organisations. Law enforcement agencies may access and use this information. Lloyds Banking Group companies, and other organisations, may access and use from other countries the information recorded by FPAs.

We carry out most of our credit searches using Experian, but details of how you have run your account(s) may be disclosed to all the credit reference agencies. The information they hold may not be the same and there is a small fee that you may need to pay to each agency that you apply to. Their addresses are:

• Experian Consumer Help Service, PO Box 9000, Nottingham NG80 7WP or call 0844 481 8000 or log on to www.experian.co.uk
• Equifax plc, Credit File Advice Centre, PO Box 1140, Bradford BD1 5US or log on to www.myequifax.co.uk
• CallCredit, Consumer Services Team, PO Box 491, Leeds LS3 1WZ or call 0870 060 1414 or log on to www.callcredit.plc.uk

Please contact us on 0845 602 7174 if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.

Transferring information abroad

All countries in the EEA (including the UK) have similar standards of legal protection for your personal information. Lloyds Banking Group companies may run your accounts and provide other services from centres outside the EEA (such as the USA and India) that do not have a similar standard of data protection laws to the UK. If so, those Lloyds Banking Group companies will require your personal information to be protected to at least UK standards.

Lloyds Banking Group companies may process payments through other organisations such as banks and the worldwide payments system operated by SWIFT if, for example, you make a CHAPS payment or a foreign payment. Those organisations may process and store your personal information abroad and may have to disclose it to foreign authorities (including those outside the EEA, in which case your personal information may not be protected to standards similar to those in the UK), for example to help them in their fight against crime and terrorism.

Accessing and updating your personal information

The Data Protection Act 1998 gives you rights to request your personal information from Lloyds Banking Group companies. Each company may charge a small administrative fee (currently £10) for supplying the information, and may as appropriate require proof of your identity before doing so. You can ask Lloyds Banking Group companies to change your personal information to keep it accurate and up to date. If you want to find out what information we hold about you, please write to the:

Data Unit,
Freepost NWW15306,
City House,
City Road,
Chester CH88 3YZ.

You can also find out from us the address for personal information queries and requests for other Lloyds Banking Group companies.

How we may contact you

Using your Email address for service contact

Making sure we deliver excellent customer service is very important to us and to do this various methods of communication may be used to keep you updated about your account. Most of the time we communicate by telephone or post, but we recognise that E mail is becoming a more popular process.  If we decide to use E mail to contact you, we will only do this if we have ensured that using E mail will not put your information at risk, or, if you have requested we E mail you, that we have explained the risks of sending an "insecure" E mail and that you are happy to accept that risk.

In addition you may wish to choose a channel of communication that suits you when you need to contact us. If you need to E mail a Lloyds Banking Group company, we recommend you check their website to see if a secure E mail facility exists so that your E mail can be sent securely. If you send us E mails in other ways, such as from your personal account, then remember that the message may not be secure and there is a risk that it could be intercepted. If you choose to send an "insecure" E mail, please keep the amount of confidential information you include to a minimum. With some of our products we offer a number of communication update services via SMS. If you have signed up to this service, we may send you text messages containing administrative information about your relationship with us. You can ask us to stop sending these messages at any time. Additionally, in extraordinary circumstances (such as natural disaster or civil unrest) we may also send you updates by text message or email when we consider it to be appropriate.

Using cookies

Halifax is committed to protecting you and any data (anonymous or otherwise) that we collect about you online. This section tells you how we use cookies, why, and how this allows us to improve our service. It also tells you how you can manage what cookies are stored on your device. We call it our “Cookies Policy”.

By using our websites (through any device) you agree that this Cookies Policy applies to that use in addition to any other terms and conditions which may apply. 

We reserve the right to make changes to our Cookie Policy. Any such changes shall appear here and become effective immediately. Your continued use of our websites is taken as meaning that you agree to any such changes.

What is a cookie?
Cookies are files containing small amounts of information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs, such as remembering your preferences, and generally improving your online experience. There are different types of cookies. They all work in the same way, but have minor differences:

Session cookies
Session cookies last only for the duration of your visit and are deleted when you close your browser. These facilitate various tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality. Many of the cookies we use are session cookies. For example, they help us to ensure the security of your internet banking session, and can also keep you signed in to internet banking while you move between pages or service your account.

Our session cookies used for security are designed to be very difficult to read, change, access or use except by us when you have an active Internet Banking session. They contain no personal information that can be used to identify an individual. Their names typically start with the letters IB e.g. IBSESSION, IBCOOKIE01, IBCOOKIE02.

Persistent cookies
Persistent cookies last after you have closed your browser, and allow a website to remember your actions and preferences. Sometimes persistent cookies are used by websites to provide targeted advertising based upon the browsing history of the device.

Halifax uses persistent cookies in a few ways, for example,  to remember your username for log in so you don’t have to (cookie named HxUseLoginCookie).  We also use persistent cookies to allow us to analyse customer visits to our site, for example our cookie named WT_fpc. These cookies help us to understand how customers arrive at and use our site so we can improve the Internet Banking service. 

For full details about our cookies, we’ve put together a list of the cookies that we use. 

First and third party cookies
Whether a cookie is a first or third party cookie depends on which website the cookie comes from. First party cookies are those set by or on behalf of the website visited. All other cookies are third party cookies. We use both first party and third party cookies, which you can read more about in our list of the cookies that we use. 

Strictly necessary cookies
These cookies are essential in order to enable you to move around the website and use its features, and ensuring the security of your online banking experience.  Without these cookies services you have asked for, such as applying for products and managing your accounts, cannot be provided. These cookies don’t gather information about you for the purposes of marketing.

Performance cookies
These cookies collect information about how visitors use a web site, for instance which pages visitors go to most often, and if they get error messages from web pages.  These cookies don't collect information that identifies a visitor although they may collect the IP address of the device used to access the site.  All information these cookies collect is anonymous and is only used to improve how a website works, the user experience and to optimise our advertising.  By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.  For more information on how to do this you may wish to watch one of our short video guides which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari). Visit our cookie policy page to access our videos. 

Functionality cookies
These cookies allow the website to remember choices you make (such as your user name). They may also be used to provide services you have requested such as watching a video. The information these cookies collect is anonymised (i.e. it does not contain your name, address, account details, etc.) and they do not track your browsing activity across other websites. By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings.  For more information on how to do this you may wish to watch one of our short video guides which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari). Visit our cookie policy page to access our videos. 

Targeting cookies
These cookies collect several pieces of information about your browsing habits. They are usually placed by advertising networks. They remember that you have visited a website and this information is shared with other organisations such as media publishers. These organisations do this in order to provide you with targeted adverts more relevant to you and your interests. This type  of advertising is called online behavioural advertising and those companies providing this advertising are working with the UK’s Internet Advertising Bureau to deliver more information to consumers. To highlight this information, publishers of advertising will, in the future, look to place an icon in the top right hand corner of an advert. This icon when clicked, will take the you through to the website Your Online Choices where there is more help and guidance. In addition, Lloyds Banking Group seek to only use advertising networks which are signed up to the IASH code of conduct for the placement of adverts. This code requires members to have their processes audited by a third party to ensure compliance.  For more information on IASH please go to go to www.iash.org.uk. By using our websites you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings. For more information on how to do this you may wish to watch one of our short video guides which explain how this is done in popular web browfsers (Internet Explorer, Google Chrome, Firefox and Safari). Visit our cookie policy page to access our videos. 

Cookies used by Halifax
You can find out more about the cookies we use by going to our cookie policy page. 

Additional information
From time to time, we may embed external content from third party websites (e.g. Facebook, YouTube) within our website. Additionally, we partner with third parties who provide services for us which you can navigate to from our website.  These third parties may use cookies, you can find out about their approach to cookies on their websites.

What if I don't want to accept cookies?
If you wish to restrict or block the cookies which are set by any website - including Halifax websites, you should do this through the browser settings for each browser you use, on each device you use to access the internet.

Please be aware that some of our services, for example Internet Banking, will not function if your browser does not accept cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser.  For more information on how to do this you may wish to watch one of our short video guides which explain how this is done in popular web browsers (Internet Explorer, Google Chrome, Firefox and Safari). Visit our cookie policy page to access our videos. 

Alternatively, you may wish to visit www.allaboutcookies.org which contains comprehensive information on how to do this on a wider variety of browsers.

When you apply for and use our products & services

Joint applicants

Sometimes, when you open a joint account or product, this may mean that your personal data will be shared with the other applicant.  For example, transactions made by you will be seen by your joint account holder and vice versa.

Using Credit Scoring

When you apply for credit, an automated system known as credit scoring may be used when considering whether to agree the borrowing. It is a method of assessing your likely conduct of an account based on a range of data, including the conduct of previous similar accounts. It is a system widely used by credit providers to help make fair and informed decisions on lending.

Credit scoring takes account of information from three sources - the information you provide on your application, information provided by credit reference agencies and information that may already be held about you by companies in the Lloyds Banking Group. A credit scoring system will consider information from these sources, to make an overall assessment of your application.

The credit scoring methods used are regularly tested to ensure they remain fair, effective and unbiased.

Using a credit scoring system helps our Group companies to lend responsibly. If you submit an application and it is declined through this automated process, you can contact us within 21 days to have the decision reconsidered. You also have the right to ask that the decision is not made based solely using a credit scoring system.

How we manage sensitive personal information

Data Protection Act defines certain information as ‘sensitive’ (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, criminal proceedings and offences). When you apply for certain product or services, we may ask you for some ‘sensitive’ information, but we will always ask for your explicit consent. As a customer, there may also be times when you give us 'sensitive' information. We will use it to provide the service you require and may share it with other parts of the group and our subcontractors to keep our records up to date.

How we check your identity

We may ask you to provide physical forms of identity verification when you open your account. Alternatively, we may search credit reference agency files in assessing your application. The agency also gives us other details and information from the Electoral Register to verify your identity. The agency keeps a record of our search, whether or not your application proceeds. Our search is not seen or used by lenders to assess your ability to obtain credit.

Undertaking Anti-Money Laundering checks

To comply with money laundering regulations, there are times when we need to confirm (or reconfirm) the name and address of our customers. This information may be shared with other group companies. For more details about identity checks, please refer to proving your identity.

Obtaining information about you, and other personal details

When you apply for a mortgage or further borrowing it may be necessary to obtain references, details of your existing financial commitments, and any other information that is required to assess or review lending risks, to recover debts, and to prevent or detect fraud. Where applicable, your current and previous employers, accountant, landlord, lender, bank, insurance or pension company may be contacted to obtain this information. In limited circumstances these references may need to be obtained after you open your account. This may be for regulatory purposes, or if the lending decision needs to be reviewed. Your permission to obtain these references will therefore continue to apply after your account has been opened. It may also be necessary to obtain information or documentation from your solicitor relating to any work they carry out either on your or our behalf.

Credit and/or Debit Cards

If you hold a credit or debit card with us, we will share transaction details with our scheme providers (e.g. Visa or MasterCard).

Some transactions that you or an additional card holder makes on a card account may cause sensitive or confidential details to appear on your statement. By using your card to make such transactions you give us your explicit consent to process this information.

Insurance

If you apply to us for insurance, we will pass your details to the insurer. If you make a claim, any information you give to us, or to the insurer, may be put onto a register of claims and shared with other insurers to prevent fraudulent claims. A list of the participants is available from the insurer. We may also disclose your information within our group of companies, to our agents and other insurers to investigate or prevent fraud.

Mortgages/Secured Loans

If you have a secured loan or mortgage with us, we may need to share information with other lenders who also hold a charge on your property.

Changes to Privacy Notice

We keep our privacy notice under regular review and we will reflect any updates within this notice. This privacy notice was last updated on May 2012.

How to help us to prevent crime

When you take out certain products with us, to help us prevent crime, we will need to confirm your identity, this means proving who you are and where you live.

We need to verify the identity of all of our customers.  In the first instance we use a system of electronic identification and if this is successful, that's all we need to do.  The search is performed with a credit reference agency. This is not a credit search and will only record the fact that we have done an ID check.

As part of our security checks we'll usually ask you for some personal details. When more than one person is applying, we may need to confirm the name and address of each of you.  If we are unable to verify your identity electronically, we will ask you to provide some original documents containing your name and address if you're applying in branch or by post. This may happen whether you are applying to be a new customer or you have been one for some time. When applying online you will be told during the application process which options are available to you.

Further verification may also be requested in other circumstances such as if correspondence has been returned to us by the post office. This is to comply with money laundering regulations which help to stop criminals using financial products or services to hide money made from their illegal activities from the authorities.

Asking you for evidence of your identity also protects you from criminals who might falsely use your name, without you ever knowing.

For more information on proving your identity, anti-money laundering and the documents we will ask you to provide when opening an account, please see the personal information and your identity leaflet. (PDF opens in a new window)

To view PDF documents you will need the latest version of Adobe Acrobat reader.