Privacy notice

For the purposes of data protection legislation, C. Hoare & Co. is a "controller" meaning that we determine the purpose and means of processing the information we collect from and about you.

C. Hoare & Co. is also a "controller" in respect of any information you provide to Hoares Trustees Limited, which is a wholly owned subsidiary of C. Hoare & Co.

If you ever have any questions, comments or complaints about this notice, or any of its contents, please contact us via any of the following means and we will be pleased to assist you:

• By post: The Data Protection Officer, 37 Fleet Street, London EC4P 4DQ
• By email: DPO@hoaresbank.co.uk
• By telephone: +44 (0)20 7353 4522

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), C. Hoare & Co. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

• By post: EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
• By email: privacy@edpo.brussels
• By using EDPO's online request form at https://www.edpo.brussels/contact

We may collect the following types of information about you:

• identity data including your name, marital status, title, nationality, gender and date of birth
• identification data including your image, passport details, driving licence, or other identification documents
• contact data including postal addresses, email addresses and telephone numbers
• profile data such as your background, the products and services you use and your interests and preferences
• details of your financial position and history including source of wealth, employment, directorships and affiliations
• details in respect of your assets and liabilities, if required to assess creditworthiness and affordability
• details of your character provided by a personal or professional referee or via media monitoring of publicly available sources
• details of transactions you carry out using our products or services
• information that you may provide to us about your family and other relationships relevant to the banking products and services we provide, for example in respect of affordability, lending, special instructions or inheritance tax. We will assume that you have the authority to share this information with us and will treat it with the utmost confidence
• information that you provide when completing surveys that will be used for research purposes, should you choose to participate
• information that you provide to us from time to time, including through our Online Banking service, when you register, subscribe to, request, or use any of our products or services, or when you submit queries to us
• information that you provide when you fill in our forms online or visit our website
• details of your visits to any of our websites. Please see our Cookies page for details.

Please note that:

• we use tracking technology to gather information on links clicked and emails opened; this does    not store or access information on your device, but allows us to offer a tailored service
• If you contact us by any means we will keep a record of that correspondence and the information that you provide to us in that correspondence
• If you speak to us on the telephone, via video or using similar technologies, the call will be recorded and a copy of the call will be retained
• If you visit our premises, your image may be recorded by our CCTV system
• If you opt into our voice identification service, a copy of your voiceprint and biometric information concerning physical and behavioural characteristics will be stored by the system and used to identify you in future calls
• if you make online transactions requiring identity authentication, behavioural biometric information (such as your use of the keyboard and mouse) will be captured and used to identify you in future transactions.

In addition to the above, Hoares Trustees Limited may also collect:

• information that you provide to us regarding details of settlors, donors, named advisers and viewers of the fund
• information you have provided to C. Hoare & Co. where you have requested our services.

To ensure our records are complete and accurate, we may, if required, check and supplement the details that we hold about you using external sources, such as data brokers and public registers such as Companies House.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

We use your information:

• to confirm your identity and allow us to carry out checks in the interest of security, to detect and prevent fraud and to assess credit risk. 
  Please refer to our full privacy notice for details concerning use of your data by fraud prevention and credit referencing agencies 
• to administer and maintain your account(s) and provide you with products and/or services
• to respond to your queries
• to carry out our obligations under any contracts entered into between you and us
• to assess credit risk
• to notify you about any changes to our products, services and/or our websites
• to send you marketing information and service notifications 
• to comply with legal and regulatory requirements that apply to us
• to improve the products and services that we offer
• to meet our regulatory obligations 
• for general statistical analysis.

We use information that we hold about you to identify events that we think you may wish to attend or products and services that we think may be of value to you. 

The information we use to make these decisions includes both details you decide to share with us directly, and details collected through your interactions with the bank, such as your recent transactions or use of services and systems. 

We will only contact you for marketing purposes if you have given us consent to do so. 

We may share basic details with venues or hosts if you choose to attend an event but we will never sell or transfer your data to a third party to use for direct marketing without your knowledge and consent.

You have the right to ask us not to send you marketing messages by post, telephone or email or any combination of these at any time. You can do this by:

• contacting your relationship manager or our Data Protection Officer
• checking certain boxes on the forms we use to collect your data
• by replying directly to the marketing message

Whatever your preference, you will still receive statements and other service notifications that we may need to send you containing important information in relation to your accounts or services we provide to you.

We use a variety of innovative analytical tools and techniques and we may perform analysis, data matching and profiling using your information. This may affect the products and services that we may offer you, or the price we charge you for them. 

We will do this to:

• identify unusual transactions or behaviours to keep your accounts safe from potential fraud
• help support lending decisions including the assessment of credit and affordability factors 
• personalise conversations and offers to identify potential products and services or events that may be of value to you based on your feedback, expectations and preferences, or based on customers in a similar segment or with similar circumstances
• perform data linkages with external data sets such as ONS to better understand economic drivers and to improve our products and services.

These activities may be done manually but we also use automated machine learning tools to be as accurate as we can. We would never make a purely automated decision concerning you and we have suitable checks in place to ensure outcomes are fair and in line with your interests. 

We will rely on the following legal bases to process your information

• where you have consented to such use
  • if you do choose to provide your consent you can withdraw it at any time by contacting your Relationship Manager or our Data Protection Officer.
• for the performance of a contract with you for provision of our products and/or services, or to take steps at your request prior to entering into such a contract.
  • if provision of your personal information is a legal or contractual requirement, or a requirement necessary to enter into a contract with us, and you choose not to provide it, we may not be able to perform some of the tasks we need to in order to provide certain products or services to you.
• to comply with our legal obligations
• where it is in the substantial public interest
• for our legitimate interests in:
  • setting up, administering and maintaining your accounts with us
  • communicating with you
  • keeping the bank and your information secure including protecting against fraud
  • responding to any incidents or complaints
  • ensuring the quality of the products and services we provide to you
  • collecting information for marketing purposes;
  • managing and developing our technologies
  • meeting our regulatory obligations
  • business development
  • statistical analysis
  • identifying and archiving heritage content for our museum.

We may process your sensitive and special categories of information (this includes data concerning your health, personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, criminal convictions and offences, or data concerning sexual orientation) where you have provided your explicit consent or otherwise where this is necessary

• for the establishment, exercise, or defence of legal claims
• where it is in the substantial public interest
• where we need to carry out our legal obligations.

We will provide your information to our service providers to allow them to assist us with delivering the products or services that you have requested, under the following categories:

• professional services providers (accountants, tax advisors, auditors, consultants and lawyers)
• credit reference agencies (for full details please refer to our full Privacy Notice)
• information technology and information security providers
• intermediaries that introduce you to us
• companies that we introduce you to
• if you request that we do so, your information will be passed between us and Hoares Trustees Limited to provide products and services to you which you have requested
• UK government agencies, law enforcement agencies and regulators 
• fraud prevention agencies. The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at https://www.cifas.org.uk/fpn
• if we are under a duty to disclose or share your information with HM Revenue & Customs (HMRC), who may transfer it to the government or the tax authorities in another country where you may be subject to tax
• UK Financial Services Compensation Scheme
• third party payers to confirm the correct account details are being used 
• any Third Party Payment Service Providers (TPPs) who you may choose to use for open banking purposes
• event organisers or market research companies if you choose to attend an event or to participate in a research study
• if the bank (or all or part of its assets) were to be acquired by a third party, in which case personal data about you as one of our customers would be one of the transferred assets. 

Our websites may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please check their privacy policies. 

For some processing activities, we transfer your personal information to recipients outside of the UK and European Economic Area (“EEA”). These transfers, to carefully selected third party service providers, support the bank’s provision of products and services to you, and to protect you from fraud.

We currently transfer data to the following countries outside of the EEA: Switzerland, Ukraine, Jersey, USA, Canada, India, Singapore, Australia and South Africa.

While some countries are deemed adequate by the U.K. Government and European Commission, not all destination countries offer the same GDPR-level of protection for personal information as in the UK. When this is the case, we put in place appropriate safeguards to protect your information and enter into standard contractual clauses with each recipient.

You can request further details by contacting our Data Protection Officer.

We will keep your information only for as long as necessary depending on the purpose for which it was provided. Details of retention periods for different aspects of your personal information are available in our retention schedule which is available from our Data Protection Officer.

When determining the relevant retention periods, we will take into account factors including:

• the nature and sensitivity of the personal data
• the potential risk of harm from unauthorised use or disclosure of your personal data
• the purposes for which we process your personal data and whether we can achieve those purposes through other means
• our legal obligations under applicable law to retain data for a certain period of time
• statute of limitations under applicable law(s)
• (potential) disputes, and
• guidelines issued by relevant supervisory authorities.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

Transferring records to our museum

In certain cases, we will retain data which we believe is of particular historical interest for our museum. This includes bank statements, which forms part on an unbroken record of the bank’s history since 1672. These records are kept secure and not made available to researchers for a period of at least 100 years.

 Unless your information is selected for ongoing preservation, it will be securely erased or destroyed once it is no longer needed. 

We have put in place measures to protect the security of your information.

These measures are intended to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Unfortunately, the transmission of information via email is not secure. Therefore, if you use email to communicate with us we cannot guarantee that it will remain confidential whilst in transit.

We do not actively collect geo-location data however certain security and operational features of our Online Banking service and mobile app may make use of information from your device to create a device “fingerprint”. This may include the IP address of your device, mobile provider or WiFi network which could provide an indication of a broad location (for example when you may be on holiday abroad).

We require this information to help us detect and prevent fraud and to enable us to provide functionality in accordance with this Privacy Notice.

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights.
Under certain circumstances, by law you have the right to:

• object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).
• request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact your relationship manager or our Data Protection Officer.

The various rights are not absolute and each is subject to certain exceptions or qualifications. Where we cannot provide a full response to you, we will let you know about this in our reply to your request.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This security measure is to ensure that personal information is not disclosed to any person who has no right to receive it.

Fees

You do not have to pay a fee to access your personal information (or to exercise any of your other rights).

In some cases, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive, or if you request multiple copies of the information. Alternatively, we may decide to not fulfil your request in such circumstances.

If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, contact our Data Protection Officer.

You can also make a complaint to the Information Commissioner’s Office ("ICO"):

• https://ico.org.uk/make-a-complaint/
• ICO Helpline: 0303 123 1113.

We keep our Privacy Notice under regular review and any updates will be posted on our website in the most recent version of this Privacy Notice. Where appropriate, changes may be notified to you by post or email.

A summary of recent changes to our Privacy Notice is available for your information:

• April 2024 - Information that we collect, regarding tracking technology, added. 
  Replacement of Messrs. Hoares Trustees Limited with new trustee, Hoares Trustees Limited.
• January 2024 -  Updated name of Messrs. Hoares Trustees Limited.
• August 2022 - Removing references to our tax services.
• February 2022 - Addition for online transactions and the information collected, removal of will drafting references.
• July 2021 - Addition of data sharing and use for new Confirmation of Payee feature.
• December 2020 - Update concerning international data transfers, personal referees, recording new use of data brokers to maintain data accuracy and providing further details of the bank’s museum and archiving practices. Contact details of the bank’s EU Representative also provided.
• April 2020 - Notice refresh covering updated details in respect of analytics and marketing activities, data processing in respect of open banking and clearer information relating to our services.
• March 2019 - Details of the bank's new voice identification system and the processing of biometric data added.
• November 2018 - Details regarding sharing your information with fraud prevention agencies, such as CIFAS updated.
• April 2018 - Notice refreshed in line with the General Data Protection Regulation (GDPR) requirements.