Genesis Arvest Bank

Privacy Policy of Genesis Arvest Bank

  1. Introduction Genesis Arvest Bank ("Genesis Arvest Bank", "we", "us", or "our") is committed to protecting your privacy and handling your personal data in a fair, transparent, and lawful manner. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our banking products and services, visit our branches, websites, or mobile applications, or otherwise interact with us in England.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

  1. Who We Are Genesis Arvest Bank is a banking institution operating in England. We act as a data controller for the personal data we process in connection with our products and services. This means we decide how and why your personal information is used.

  2. Personal Data We Collect We may collect and process the following categories of personal data:

    • Identification data: name, date of birth, nationality, identification numbers (such as passport, driving licence, national ID), and signatures.
    • Contact details: home and mailing address, email address, telephone numbers.
    • Financial information: bank account numbers, sort codes, card details, transaction history, account balances, payment instructions, salary and income details, credit information, and records of loans, mortgages, and investments.
    • Employment and professional data: employer details, job title, employment history, income, tax information.
    • Regulatory and compliance data: information from sanctions lists, politically exposed person (PEP) status, credit reference checks, fraud prevention data, and information required for anti-money laundering (AML) and know your customer (KYC) checks.
    • Technical and usage data: IP address, device identifiers, browser type, operating system, login information, and data about your interactions with our websites, mobile apps, ATMs, and online services.
    • Communication data: records of your communication with us, including emails, letters, phone call recordings, chat messages, and in‑branch interactions.
    • Marketing preferences: your preferences regarding receiving marketing communications from us.

We collect personal data directly from you and, where lawful, from third parties, such as credit reference agencies, fraud prevention agencies, publicly available sources, and our service providers.

  1. Legal Basis for Processing We process your personal data only when we have a lawful basis to do so, including:

    • Performance of a contract: to provide you with our banking services, such as opening and managing accounts, providing loans, processing payments, and offering support.
    • Legal and regulatory obligations: to comply with applicable banking and financial regulations in England and the United Kingdom, including AML, KYC, taxation, reporting, and record‑keeping obligations.
    • Legitimate interests: to manage our business, prevent fraud and misuse of services, ensure network and information security, improve our products, and protect our rights, provided that our interests do not override your fundamental rights and freedoms.
    • Consent: where required by law, such as for certain types of marketing. You may withdraw your consent at any time as described in this Privacy Policy.

  2. How We Use Your Personal Data We use your personal data for the following purposes:

    • Providing and managing accounts: to open, administer, and maintain current, savings, and other types of accounts; to manage deposits, withdrawals, and transactions.
    • Processing payments and transactions: to process transfers, direct debits, standing orders, card payments, online and mobile banking transactions.
    • Lending and credit services: to assess applications for credit products (such as loans, overdrafts, and mortgages), manage existing credit arrangements, evaluate creditworthiness, and determine suitable limits.
    • Verification and security: to verify your identity, authenticate your access, prevent fraud, secure our systems, and monitor suspicious activities.
    • Regulatory compliance: to conduct AML and KYC checks, monitor transactions, comply with sanctions regimes, assist law enforcement, and meet other regulatory requirements.
    • Customer service: to respond to your enquiries, handle complaints, provide support, and inform you about changes to our services.
    • Service improvement and development: to analyse how you use our services, improve user experience, perform research and analytics, and develop new products and features.
    • Marketing and communication: to provide you with information about our products, services, and offers, subject to your preferences and applicable law. This may include communications related to the keyword "arvest" and other Genesis Arvest Bank services.

  3. Cookies and Online Tracking When you use our websites or mobile apps, we may use cookies and similar technologies to collect technical and usage data. Cookies help us:

    • Recognise you and your device.
    • Remember your preferences.
    • Improve the performance and security of our online services.
    • Analyse how our websites and apps are used.

Where required by law, we will request your consent before using certain cookies. You can manage your cookie preferences through your browser or device settings, but disabling some cookies may affect your ability to use certain features.

  1. Sharing Your Personal Data We may share your personal data with:
    • Group companies: within Genesis Arvest Bank’s group entities, where applicable, for internal administrative purposes, compliance, and the provision of services.
    • Service providers: trusted third parties who perform services on our behalf, such as IT and cloud hosting providers, payment processors, card manufacturers, communication services, and professional advisers (lawyers, auditors, consultants).
    • Credit reference and fraud prevention agencies: to assess creditworthiness, reduce fraud risk, and comply with regulatory obligations.
    • Regulatory and governmental authorities: including financial regulators, tax authorities, law enforcement, and courts, when required by law or in order to protect our rights or the rights of others.
    • Business partners: where we offer co‑branded or partner services and where such sharing is necessary to provide these services to you.

We require all third parties who process personal data on our behalf to maintain appropriate security and confidentiality standards and to process your data only in accordance with our instructions and applicable law.

  1. International Transfers Your personal data may be transferred to and processed in countries outside England and the United Kingdom, which may have different data protection laws. When we transfer personal data internationally, we will ensure that appropriate safeguards are in place, such as:
    • Transferring to countries recognised as providing an adequate level of protection; or
    • Using standard contractual clauses or equivalent safeguards approved under applicable data protection laws.

You may contact us for further information regarding international transfers and the safeguards we use.

  1. Data Retention We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
    • Providing you with our banking services.
    • Complying with legal, regulatory, and reporting requirements.
    • Resolving disputes and enforcing our agreements.

In general, banking and financial records are retained for a period determined by applicable law and regulatory guidance in England and the United Kingdom, which may require us to keep certain data for several years after your relationship with us ends.

  1. Data Security We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, alteration, or destruction. These measures include:
    • Encryption and secure transmission protocols.
    • Access controls and authentication mechanisms.
    • Regular monitoring, testing, and security assessments.
    • Training staff on data protection and confidentiality obligations.

While we take reasonable steps to safeguard your information, no system can be completely secure. You are responsible for maintaining the confidentiality of your login details, passwords, and security credentials.

  1. Your Rights Depending on applicable data protection law, you may have the following rights with respect to your personal data:
    • Right of access: to obtain confirmation of whether we process your data and to receive a copy of your personal information.
    • Right to rectification: to request correction of inaccurate or incomplete personal data.
    • Right to erasure: to request deletion of your personal data in certain circumstances.
    • Right to restriction: to request that we limit the processing of your data in specific situations.
    • Right to data portability: to receive your personal data in a structured, commonly used, and machine‑readable format and to request that we transmit it to another controller where technically feasible.
    • Right to object: to object to processing based on our legitimate interests or for direct marketing purposes.
    • Right to withdraw consent: where processing is based on consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, please contact us using the contact details provided in this Privacy Policy. We may need to verify your identity before responding to your request. We will respond within the timeframes required by law.

  1. Direct Marketing We may use your contact details to send you information about our products, services, offers, and events that may be of interest to you, including products and services branded or associated with "arvest". We will do so in accordance with your marketing preferences and applicable law.

You can opt out of receiving marketing communications at any time by:

  • Following the unsubscribe instructions in the communication; or
  • Contacting us using the details provided in this Privacy Policy.

Even if you opt out of marketing communications, we may still send you service‑related messages, such as information about your accounts, transactions, and changes to our terms or policies.

  1. Children’s Data Our services are generally not directed at children under the age set by applicable law for independent use of banking services. Where we intentionally collect personal data of minors (for example, for specific account types), we will do so in accordance with applicable law and, where required, with the consent or authorisation of a parent or legal guardian.

  2. Third‑Party Links Our websites or mobile applications may contain links to third‑party websites, apps, or services that are not controlled by Genesis Arvest Bank. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of each third‑party service you use.

  3. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will take appropriate steps to notify you, such as posting a notice on our website or contacting you directly.

The date of the latest update will be indicated at the end of this document.

  1. Contact Us If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the contact information made available on our official Genesis Arvest Bank channels.

We will handle your enquiry promptly and in accordance with applicable data protection laws.

Last updated: [insert date]

We value your privacy at Genesis Arvest Bank

Genesis Arvest Bank uses cookies and similar technologies to provide a secure, reliable and personalised banking experience. We rely on this information to protect your account, remember your preferences, improve our services and measure how visitors use our site. You can change your cookie settings at any time and choose which types of cookies you wish to allow. For full details on how we collect, use and protect your data, please review our Privacy Policy before continuing. Open full Privacy Policy