Privacy notice

For the purposes of data protection legislation, C. Hoare & Co. is a "controller" meaning that we determine the purpose and means of processing the information we collect from and about you.

C. Hoare & Co. is also a "controller" in respect of any information you provide to Messrs. Hoare Trustees, which is a wholly owned subsidiary of C. Hoare & Co.

If you ever have any questions, comments or complaints about this notice, or any of its contents, please contact us via any of the following means and we will be pleased to assist you:

• By post: The Data Protection Officer, 37 Fleet Street, London EC4P 4DQ

• By email: DPO@hoaresbank.co.uk

• By telephone: +44 (0)20 7353 4522

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), C. Hoare & Co. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

• By post: EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

• By email: privacy@edpo.brussels

• By using EDPO's online request form at https://www.edpo.brussels/contact

We may collect the following types of information about you:

• identity data including your name, marital status, title, nationality, gender and date of birth

• identification data including your image, passport details, driving licence, or other identification documents

• contact data including postal addresses, email addresses and telephone numbers

• profile data such as your background, the products and services you use and your interests and preferences

• details of your financial position and history including source of wealth, employment, directorships and affiliations

• details in respect of your assets and liabilities, if required to assess creditworthiness and affordability

• details of your character provided by a personal or professional referee or via media monitoring of publicly available sources

• details of transactions you carry out using our products or services

• information that you may provide to us about your family and other relationships relevant to the banking products and services we provide, for example in respect of affordability, lending, special instructions or inheritance tax. We will assume that you have the authority to share this information with us and will treat it with the utmost confidence

• information that you provide when completing surveys that will be used for research purposes, should you choose to participate

• information that you provide to us from time to time, including through our Online Banking service, when you register, subscribe to, request, or use any of our products or services, or when you submit queries to us

• information that you provide when you fill in our forms online or visit our website

• details of your visits to any of our websites. Please see our Cookies page for details.

Please note that:

• If you contact us by any means we will keep a record of that correspondence and the information that you provide to us in that correspondence.

• If you speak to us on the telephone, via video or using similar technologies, the call will be recorded and a copy of the call will be retained.

• If you visit our premises, your image may be recorded by our CCTV system.

• If you opt into our voice identification service, a copy of your voiceprint and biometric information concerning physical and behavioural characteristics will be stored by the system and used to identify you in future calls.

• if you make online transactions requiring identity authentication, behavioural biometric information (such as your use of the keyboard and mouse) will be captured and used to identify you in future transactions.

In addition to the above, Messrs. Hoare Trustees may also collect:

• information that you provide to us regarding details of settlors, trustees, beneficiaries, testators, donors and legatees

• information you have provided to C. Hoare & Co. where you have requested our services.

To ensure our records are complete and accurate, we may, if required, check and supplement the details that we hold about you using external sources, such as data brokers and public registers such as Companies House.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

We use your information:

• to confirm your identity and to allow us to carry out checks in the interest of security, to detect and to prevent fraud and to assess credit risk.
  
  We will search at credit reference and fraud prevention agencies for information on all applicants for certain products and services. In so doing we will provide the current and previous names, addresses and dates of birth, of all applicants, so if you are providing information about others, on a joint application, you must inform them of the information contained in this notice and be sure that you have their agreement to disclose to us their details.
  
  If you give us false or inaccurate information and we identify fraud, details may be passed to credit reference and fraud prevention agencies.
  
  If you are making a joint application now, or have ever done one of the following:
  a) applied for credit with someone else
  b) have joint account(s)
  c) are already financially linked.
  A financial associate will be someone with whom you have a personal relationship that creates a joint financial unit in a similar way to a married couple. You will have been living at the same address at the time. It is not intended to include temporary arrangements such as students, or rented flat sharers, or business relationships.
  
  Links between financial associates will remain on your and their records until such time as you or the financial associate successfully files for a disassociation with the credit reference agencies.
  
  Credit reference agencies may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married, or have jointly applied for credit, or have joint accounts. They may also link people together if they, themselves, state that they are financially linked.
  
  We will check your financial associates' records as well.

The information that we, and other organisations, provide to the credit reference agencies about you, your financial associates and your business (if you have one) may be supplied by credit reference agencies to other organisations and used by them to:

• prevent crime, fraud and money laundering by, for example, checking details provided on applications for credit and credit-related or other facilities

• check the operation of credit and credit-related accounts

• verify your identity if you, or your financial associate, applies for other facilities

• make decisions on credit and credit-related services about you, your financial associate, other members of your household, or your business

• manage your personal, your financial associates, and/or business (if you have one) credit, or credit-related account, or other facilities

• trace your whereabouts and recover debts that you owe

• undertake statistical analysis and system testing

• perform services as fraud prevention agencies.

Credit reference agencies will supply to us, public information such as County Court Judgments (CCJs) and bankruptcies, electoral register information and fraud prevention information on applicants’ and their known financial associates’ current and previous names, addresses and dates of birth.

We will use the information provided to us by credit reference and fraud prevention agencies to help make credit or credit related decisions about all applicants, to verify their identity, for the prevention and detection of fraud and/or money laundering, and to manage accounts.

When credit reference agencies receive a search from us, they will place a search “footprint” on your credit file (and that of any joint applicant) whether or not an application to us is approved and proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future.

• to administer and maintain your account(s) and provide you with products and/or services

• to respond to your queries

• to carry out our obligations under any contracts entered into between you and us

• to notify you about any changes to our products, services and/or our websites

• to send you marketing information and service notifications

• to comply with legal and regulatory requirements that apply to us

• to improve the products and services that we offer

• to meet our regulatory obligations

• for general statistical analysis.

In addition to the above, Messrs. Hoare Trustees may also use the information you supply to:

• act as Trustees, Custodian trustee and or agents for different types of Trusts

• act as Executors/Trustees/Attorney administrator of wills

• provide administration of Trusts/Estates.

We use information that we hold about you to identify events that we think you may wish to attend or products and services that we think may be of value to you. The information we use to make these decisions includes both details you decide to share with us directly, and details collected through your interactions with the bank, such as your recent transactions or use of services and systems. We will only contact you for marketing purposes if you have given us consent to do so. We may share basic details with venues or hosts if you choose to attend an event but we will never sell or transfer your data to a third party to use for direct marketing without your knowledge and consent. You have the right to ask us not to send you marketing messages by post, telephone, or email, or any combination of these at any time. You can do this by:

• contacting your relationship manager or our Data Protection Officer

• checking certain boxes on the forms we use to collect your data

• by replying directly to the marketing message

• in case you wish to withdraw from all marketing communications, you can also unsubscribe from all marketing by clicking the appropriate link in any email you receive

  • Whatever your preference, you will still receive statements and other services notifications that we may need to send you containing important information in relation to your accounts or service we provide to you.

We use a variety of analytical tools and techniques and we may perform analysis, data matching and profiling using your information. This may affect the products and services that we may offer you, or the price we charge you for them. We will do this to:

• identify unusual transactions or behaviours to keep your accounts safe from potential fraud

• help support lending decisions including the assessment of credit and affordability factors

• personalise conversations and offers to identify potential products and services or events that may be of value to you based on your feedback, expectations and preferences, or based on customers in a similar segment or with similar circumstances

• perform data linkages with external data sets such as ONS to better understand economic drivers and to improve our products and services.

These activities may be done manually but we also use automated machine learning tools to be as accurate as we can.

We would never make a purely automated decision concerning you and we have suitable checks in place to ensure outcomes are fair and in line with your interests.

We will rely on the following legal bases to process your information

• where you have consented to such use

  • if you do choose to provide your consent you can withdraw it at any time by contacting your Relationship Manager or our Data Protection Officer.

• for the performance of a contract with you for provision of our products and/or services, or to take steps at your request prior to entering into such a contract.

  • if provision of your personal information is a legal or contractual requirement, or a requirement necessary to enter into a contract with us, and you choose not to provide it, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you.

• to comply with our legal obligations

• where it is in the substantial public interest

• for our legitimate interests in:

  • setting up, administering and maintaining your accounts with us

  • communicating with you

  • keeping the bank and your information secure including protecting against fraud

  • responding to any incidents or complaints

  • ensuring the quality of the products and services we provide to you

  • collecting information for marketing purposes;

  • managing and developing our technologies

  • meeting our regulatory obligations

  • business development

  • statistical analysis

  • identifying and archiving heritage content for our museum.

We may process your sensitive and special categories of information (this includes data concerning your health, personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, criminal convictions and offences, or data concerning sexual orientation) where you have provided your explicit consent or otherwise where this is necessary

• for the establishment, exercise, or defence of legal claims

• where it is in the substantial public interest

• where we need to carry out our legal obligations.

We will provide your information to our service providers to allow them to assist us with delivering the products or services that you have requested, under various categories:

• professional services providers (accountants, tax advisors, auditors, consultants and lawyers)

• banks and financial services providers including Third Party Payment Service Providers (TPPs)

• Credit reference agencies:

  • Transunion/CallCredit
    Post: Callcredit Information Group, One Park Land, Leeds, West Yorkshire, LS3 1EP
    Web Address: www.callcredit.co.uk/consumer-solutions/contact-us
    Phone: 0330 024 7574
    https://www.callcredit.co.uk/crain

  • Equifax Limited
    Post: Equifax Ltd, Customer Service Centre PO Box 10036, Leicester, LE3 4FS
    Web Address: https://www.equifax.co.uk/Contact-us/Contact_Us_Personal_Solutions.html
    Phone: 0333 321 4043
    https://www.equifax.co.uk/crain

  • Experian Limited
    Post: Experian, PO BOX 9000, Nottingham, NG80 7WF
    Web Address: https://ins.experian.co.uk/contact
    Phone: 0344 481 0800 or 0800 013 8888
    http://www.experian.co.uk/crain

• information technology and information security providers

• intermediaries that introduce you to us

• companies that we introduce you to

• if you request that we do so, your information will be passed between C. Hoare & Co and Messrs. Hoare Trustees to provide products and services to you which you have requested

• UK government agencies, law enforcement agencies and regulators:

  • We will share with law enforcement and regulators where we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation, or if we reasonably consider that this is necessary to help prevent or detect fraud or other crime, or to protect the rights, property, or safety of the bank, our customers or others.

• fraud prevention agencies:

  • The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at www.cifas.org.uk/fpn

• HM Revenue & Customs (HMRC):

  • We will share with HMRC if we are under a duty to disclose or share your information with them. HMRC may transfer it to the government or the tax authorities in another country where you may be subject to tax.

• UK Financial Services Compensation Scheme

• third party payers to confirm the correct account details are being used

• any Third Party Payment Service Providers (TPPs) who you may choose to use for open banking purposes

• event organisers or market research companies if you choose to attend an event or to participate in a research study

• if the bank (or all or part of its assets) were to be acquired by a third party, in which case personal data about you, as one of our customers, would be one of the transferred assets.

Our websites may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please check their privacy policies.

For some processing activities, we transfer your personal information to recipients outside of the UK and European Economic Area (“EEA”). These transfers, to carefully selected third party service providers, support the bank’s provision of products and services to you, and to protect you from fraud.

We currently transfer data to the following countries outside of the EEA: Switzerland, Ukraine, Jersey, USA, Canada, India, Singapore, Australia and South Africa.

While some countries are deemed adequate by the U.K. Government and European Commission, not all destination countries offer the same GDPR-level of protection for personal information as in the UK. When this is the case, we put in place appropriate safeguards to protect your information and enter into standard contractual clauses with each recipient.

You can request further details by contacting our Data Protection Officer.

We will keep your information only for as long as necessary depending on the purpose for which it was provided. Details of retention periods for different aspects of your personal information are available in our retention schedule which is available from our Data Protection Officer.

When determining the relevant retention periods, we will take into account factors including:

• the nature and sensitivity of the personal data

• the potential risk of harm from unauthorised use or disclosure of your personal data

• the purposes for which we process your personal data and whether we can achieve those purposes through other means

• our legal obligations under applicable law to retain data for a certain period of time

• the statute of limitations under applicable law(s) (potential) disputes

• guidelines issued by relevant supervisory authorities.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Transferring records to our museum

In certain cases, we will retain data which we believe is of particular historical interest for our museum. This includes bank statements, which forms part on an unbroken record of the bank’s history since 1672. These records are kept secure and not made available to researchers for a period of at least 100 years.
Unless your information is selected for ongoing preservation, it will be securely erased or destroyed once it is no longer needed.
Further information about our museum and its collection is available at https://www.hoaresbank.co.uk/our-history.

We have put in place measures to protect the security of your information.

These measures are intended to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Unfortunately, the transmission of information via email is not secure. Therefore, if you use email to communicate with us we cannot guarantee that it will remain confidential whilst in transit.

We do not actively collect geo-location data however certain security and operational features of our Online Banking service and mobile app may make use of information from your device to create a device “fingerprint”. This may include the IP address of your device, mobile provider or WiFi network which could provide an indication of a broad location (for example when you may be on holiday abroad).

We require this information to help us detect and prevent fraud and to enable us to provide functionality in accordance with this Privacy Notice.

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.
Under certain circumstances, by law you have the right to:

• object to the processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation that makes you want to object to processing on this ground.

• object where we are processing your personal information for direct marketing purposes

• request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it

• request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected

• request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above)

• request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy, or the reason for processing it

• request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact your relationship manager or our Data Protection Officer.

The various rights are not absolute and each is subject to certain exceptions or qualifications. Where we cannot provide a full response to you, we will let you know about this in our reply to your request.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This security measure is to ensure that personal information is not disclosed to any person who has no right to receive it.

Fees

You do not have to pay a fee to access your personal information (or to exercise any of your other rights).

In some cases, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may decide to not fulfil your request in such circumstances.

If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, contact our Data Protection Officer.

You can also make a complaint to the Information Commissioner’s Office ("ICO"):

• https://ico.org.uk/make-a-complaint/

• ICO Helpline: 0303 123 1113.

We keep our Privacy Notice under regular review and any updates will be posted on our website in the most recent version of this Privacy Notice. Where appropriate, changes may be notified to you by post or email.

A summary of recent changes to our Privacy Notice is available for your information:

• August 2022 - Removing references to our tax services.

• February 2022 - Addition for online transactions and the information collected, removal of will drafting references

• July 2021 - Addition of data sharing and use for new Confirmation of Payee feature

• December 2020 - Update concerning international data transfers, personal referees, recording new use of data brokers to maintain data accuracy and providing further details of the bank’s museum and archiving practices. Contact details of the bank’s EU Representative also provided.

• April 2020 - Notice refresh covering updated details in respect of analytics and marketing activities, data processing in respect of open banking and clearer information relating to our services

• March 2019 - Details of the bank's new voice identification system and the processing of biometric data added.

• November 2018 - Details regarding sharing your information with fraud prevention agencies, such as CIFAS updated.

• April 2018 - Notice refreshed in line with the General Data Protection Regulation (GDPR) requirements.