Protecting your personal information as carefully as we protect your money.

Privacy notice

The privacy notice sets out how we protect your privacy as needed by law. It explains in detail:

  • What personal information we have and how we get it 
  • How we can and can't use your data
  • Who we can share your data with
Privacy notice

Cookie policy

We may use cookies and similar tracking technologies on our websites and apps, and in emails we send you.

To find out more about how we use cookies and email tracking, please see our cookie policy.

Cookie policy

Social media privacy policy & terms of use

This privacy policy explains what information may be collected and how it will be used when you access any of our social media channels.

Privacy policy and terms of us

What personal information do we have about you?

You have the right to know what information Halifax holds about you. There are several ways to get a copy of this, depending on what you need.

Request personal information

Understanding Privacy

  • Most of us think of personal information as our name, address and phone number, perhaps an email address too. It's not surprising as this is how people often identify themselves and others as individuals. The laws on data privacy include these but a lot more besides. They say that personal information is any information about specified individuals, or information that could be used to identify people as individuals, either directly or when added to other pieces of information.

    So, it covers a lot of the information people choose to give to organisations, as when submitting an email address to receive updates about offers or discounts, for example. But personal information also includes technical data that gets collected when people go online with a laptop or mobile, or when they browse websites or make purchases.

    Lloyds Banking Group collects information of the first sort when a customer fills in a form to apply for a credit card, for example. It also collects the second sort when recording the date, time and location of a purchase made with a credit card. It does this to offer the best services to customers, but also to comply with regulations that apply to all banks. This can add up to a detailed picture of a person's life and behaviour.

    A benefit to customers is that this helps banks to spot unauthorised activity in an account. It also makes it important that Lloyds Banking Group explains to customers what personal information it holds, when it's collected and why.

    For more detail, see our Privacy notice - it's worth a read.

  • We take the security of your personal information very seriously. We keep a constant check on our systems and anything that doesn't look right is investigated carefully so that we understand if there is an impact on our customers. If we don't do things right, it's a serious matter, which carries stiff penalties. It's worth saying that we go to great lengths to protect your personal information as well as your money - our methods go beyond industry standards.

    If you're unhappy about the way we've used your personal information please let us know. You can do this using the details you'll find in the How to contact us section of our Privacy notice.

    If after we've responded you're still unhappy, you can also contact the Information Commissioner's Office (ICO) yourself. The ICO is independent and can look into complaints on your behalf. Find out more on the ICO website about How to raise a concern.

  • Machines carry out many tasks that used to be done by humans. They can now help us with complex tasks such as processing a lot of information quickly and making decisions. We know how valuable your time is so we try to make applying for a new product or service as quick and efficient as possible.

    We do this by using machines to run eligibility checks or credit checks, for example. Some of these decisions directly affect your finances. If you think the machine has got one of these decisions wrong, and want it to be reviewed by a human, you have that right.

    For more details and guidance on how to do this see the How we use your information to make automated decisions section of our Data Protection Notice.

    Your right to be treated fairly also includes the accuracy of the details we hold about you. If we've got it wrong please let us know. We'll correct the mistake.

  • Everyone knows that marketing offers and sales promos follow us everywhere - online, by phone, or in the post. Privacy laws say that companies must have your agreement before sending you anything. The trouble is, most people are not always sure what they've agreed to. It's not the sort of thing most people remember, either.

    The good news is that new privacy rules make it much easier to check what marketing material you've agreed to receive. Organisations must make it much clearer when you're agreeing to this. They must also make it easy for you to change your mind when you want - and to opt out if you wish to. This might mean you have to make a lot more choices about your personal settings.

    You may well think that you've done it all before but it's worth taking a moment to check that you're happy with your settings if you're asked to do so. That way, you should only get things you may be interested in.

    We'll always send you important service messages about changes to interest rates, how to keep your account safe and the benefits linked to your account. But you can opt out of receiving our marketing material. You can also find out more about how we decide what may be relevant to you in the Marketing section of our Privacy notice.

    Agreeing to receive marketing material is called 'giving your consent'. It's worth remembering that the new privacy laws cover other types of consent, such as agreeing to have your financial status checked. There are details in our Privacy notice of how the regulations apply to our services and how the law protects you.

  • Your 'right to be forgotten' and how it applies to banks.

    The key to what some call the 'right to be forgotten' is the idea that personal information should be kept for no longer than needed. So, an individual has the right to request that their personal information be erased. The holder must then either erase it or give a good reason why this cannot happen.

    What counts as a good reason? One could be that the information is needed in order to supply a service that a customer still wants or needs. For example, it's not possible to provide a banking service for a person and also to erase all their personal information from the bank's systems. Another good reason could be that the holder is required by laws or regulations to keep personal information for a set time before it can be erased. This is also true of banks - in fact there are strict rules about the records banks must keep.

    For example, banks are required to hold financial records to help in the fight against crimes such as fraud, money laundering, or terrorism. So it's misleading to think of a simple 'right to be forgotten' in relation to banks. You have a right to request personal information to be erased, and for this to be carried out, or to be given a satisfactory reason why it can't be.

    See more about how long we keep your personal information in the Privacy notice.