Privacy Notice

Our Privacy Notice is below, or alternatively, download it here.

In this privacy notice, ‘Masthaven’, ‘we’, ‘us’ and ‘our’ refer to Masthaven Bank Limited and any other group or associated company.

Data Controller and Data Protection Officer

Masthaven is a data controller of your personal information. “Personal information” means information that is about you or that can be used to identify you. Should you wish to contact us for any matters concerning your personal information, including complaints, you can do this in the following ways:

Write to: Data Protection Officer, Masthaven Bank Limited, 11 Soho Street, London, W1D 3AD
Email: [email protected]
Telephone: 020 7036 2000

How will we use your personal information?

  • To accept or decline an application for our banking, savings or lending services
  • To deliver our banking, savings and lending products and services
  • To manage our relationship with you
  • To comply with our legal and regulatory obligations
  • To assess and manage the risks of fraud and financial crime
  • To run our business in an efficient and proper manner

What is the basis on which we deal with (“process”) your personal information?

(A) Our legitimate interests

We process your information in accordance with our legitimate interests, these being our business or commercial reasons to use your information, balanced with your right to privacy. These include:

  • Administering and managing your banking, savings or lending account and services relating to that
  • Developing new products and services
  • Complying with regulations that apply to us and the services we provide
  • Carrying out searches using Credit Reference Agencies
  • Maintaining and developing our financial crime risk management practices
  • Ensuring we are able to respond to complaints and seek to resolve them

(B) Our contractual obligations

  • Administering and managing your account(s) and services relating to them, including managing payments and receipts

(C) Our legal obligations

  • Complying with laws and regulatory requirements that apply to us and the services we provide
  • Carrying out identity checks, anti-money laundering checks, and checks with fraud prevention agencies
  • Dealing with requests from you when you exercise your rights under data protection law

(D) With your consent (which can be withdrawn by you at any time)

  • Developing and carrying out marketing activities
  • Working out which of our existing or new products and services may be of interest to you
  • Processing of your special categories of personal information such as about your health or if you are a vulnerable customer (your explicit consent will always be sought in order for us to do this)

Please note: If you withdraw your consent, we might not be able to provide you with specific products or services.

What personal information do we process?

Depending on the products or services you apply for and (if your banking, savings or lending application is successful) obtain from us – we collect and process different kinds of personal information, including:

  • Your main personal information (e.g. your name, date of birth and contact information)
  • Your financial information (e.g. your income, credit rating or history)
  • Information about your profession or work
  • Information about your family and other relationships
  • Tracking information (e.g. IP address and MAC address)
  • Some special categories of personal information such as about your health or if you are a vulnerable customer (more details above – basis for processing section)

Joint applicants

If you make a joint application with another person we will also collect their personal information. You must show this privacy notice to the other applicant and ensure they acknowledge and accept what it states.

Power of attorney

We will provide this privacy notice to the holder of a valid power of attorney for you when we make contact with him/her directly. That person will see and have full access to the personal information we hold on you.

Where we collect personal information from

We will generally collect your personal information directly from you. If you are introduced to us by a broker or other intermediary, we will obtain some personal information about you indirectly from them.

In addition, we may also obtain personal information about you from the following sources or in the following ways.

  • Credit reference agencies
  • Fraud prevention agencies
  • Government and law enforcement agencies
  • Agents working on our behalf
  • Public information sources (e.g. HM Land Registry, Companies House)
  • Information collected when you are using our website

Do we share your personal information?

We will share your personal information within our group and with our advisers and third party information providers in order to be able to provide a proper and efficient service in accordance with our legitimate interests.

In order to process banking, savings and lending applications and transactions, we may share your personal information with one or more credit reference agencies (CRAs) and anti- fraud databases to carry out identity checks, anti-money laundering checks, anti-fraud checks, and credit checks and to provide them with your mortgage payment history.

Link to the information notice for the three main CRAs: Credit Reference Agency information notice

When required by law or regulation or to assist in identifying and preventing financial crime, we will provide your personal information to: regulatory bodies; fraud prevention agencies; and government and law enforcement agencies.

Where you have given your consent to marketing we may use a third party provider to issue marketing to you on our behalf. We will not share your information with other third parties for marketing purposes.

In addition, we will share your personal information with the following organisations in order to help us develop and improve our banking, savings and lending products and services in accordance with our legitimate interests.

  • Customer communication providers and customer feedback providers

We may also share your personal information if there is a potential or actual change in the future:

  • We may choose to sell, transfer, or merge all or parts of our business, or our assets. Or we may seek to acquire other businesses or merge with them.
  • During any such process, we may share your personal information with other parties. We’ll only do this if they agree to protect your personal information in accordance with UK data protection law.
  • If the changes to Masthaven happen, then other parties may use your personal information in the same way as set out in this notice.

Is personal information transferred outside of the UK?

We are based in the UK and your personal information is retained within the UK or EEA. Should data be transferred at any future date outside of the EEA we will take appropriate measures to safeguard it.

For more information about the safeguards and how to obtain a copy of them, should we transfer data outside the European Union in the future, you can contact our Data Protection Officer using the details above.

How long do we keep your personal information for?

We will hold your personal information for the following periods for our legitimate interests and to comply with legal and regulatory requirements:

  • Banking, savings and lending applications that are cancelled, declined or not funded – normally up to 1 year from application
  • Banking, savings and lending accounts that are opened and funded – normally up to 6 years after the account is closed

Based on our legitimate interests, your personal information may be kept for longer than the aforementioned periods, for example, if we are dealing with an on-going complaint or in order to fulfil our legal or regulatory obligations.

If you would like further information about our data retention practices, contact our Data Protection Officer.

Do we make automated decisions using your personal information?

We do not make automated decisions about banking, savings or lending clients or applicants. We do make use of automated systems to provide us with information. This may include things like checking your age, residency or nationality, and credit checking, to confirm that you meet the conditions needed to open and maintain the account. This helps us to make sure our decisions are consistent, fair, quick and efficient.

What are your rights under data protection laws?

We have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, if you wish to exercise any of them we will explain at that time whether they can be exercised.

  • The right to access
    You have the right to know if we process your personal information and, if so, to access it together with certain additional information.
  • The right to rectification
    You have the right to have any inaccurate personal information about you rectified.
  • The right to erasure
    In some circumstances you may have the right to have your personal information erased.
  • The right to restrict processing
    In some circumstances you may have the right to restrict the processing of your personal information.
  • Notification to third parties regarding rectification, erasure and restriction
    Where we have disclosed your personal information to a third party, and you have subsequently exercised any of the rights of rectification, erasure or blocking, we will notify those third parties of your exercising of those rights.
  • The right to object to processing
    You have the right to object to our processing of your personal information on grounds relating to your particular situation.
  • The right to data portability
    You may have the right to receive your personal information from us in a structured, commonly used and machine-readable format. However, this right can only be exercised where personal information is being processed based on consent, or for performance of a contract and is carried out by automated means.
  • The right to withdraw consent
    For personal information being processed on the basis of your consent you have the right to withdraw that consent for continuing and future processing.
  • Rights in relation to automated decision making and profiling
    This right allows you, in certain circumstances, to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention.

You have the right to complain to the Information Commissioner’s Office (ICO) – the UK's independent authority set up to uphold information rights in the public interest. In addition, they will be able to provide you with further information or advice on your rights under data protection laws. ICO website:

Call recording

We may record or monitor phone calls to confirm details of our conversations, to resolve queries and complaints, to help detect or prevent fraud and other crimes, for regulatory purposes, to improve service and help monitor and train our staff. This is in accordance with our legitimate interests and, in some cases, legal obligations.

Changes to this privacy notice

We may change this privacy notice from time to time. If we make any changes, we will revise the "Last updated" date at the bottom of this privacy notice.

If there are material changes to this privacy notice, we will notify all current banking, savings and lending clients and applicants by email or letter prior to the change becoming effective.

Last updated: May 2, 2018