PRIVACY NOTICE (Last updated: 25 May 2018)


Habib Bank Zurich plc ("Bank", "we", "us") respects your right to privacy. This Privacy Notice explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Notice only applies to personal information that we collect when you use or interact with our services and through our website at www.habibbank.com.

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Notice.

We recommend that you read this Privacy Notice in full to ensure you are fully informed.

What do we do?

Habib Bank Zurich plc registered office is at Habib House, 42 Moorgate, London, EC2R 6JJ and we are a company registered in England and Wales under company number 08864609. We are a financial services company authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority – financial services register No. 627671. We are registered on the Information Commissioner's Office Register; registration number ZA134540, and act as the data controller when processing your data.

For more information, please see the “About Us” section of our Website at www.habibbank.com

What personal information do we collect and why?

We collect and process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to collect and use the following information:

  • Name
  • Date of Birth
  • Address
  • Contact details (email, telephone number)
  • Identification number (national insurance number, tax identification number, passport number, driver’s license number)
  • Information required for identity checks and credit history checks
  • Copy of identification documents
  • Information on criminal offences, allegations, convictions etc for lending decisions, fraud prevention, anti-money laundering and to meet legal obligations
  • Information relating to profile, financial circumstances and arrangements etc to meet anti-money laundering and legal obligations
  • Current and previous countries of residence/citizenship

Type of Personal Information Why we collect it
1) Administration of products & services
  • your contact details;
  • your location data for fraud prevention and, if you have consented to it, mobile location services; and
  • your IP address to identify you for security reasons
  • To operate and administer our products and services, including dealing with your complaints and fixing our mistakes
    We might share all of the information we use for this purpose with third parties who help us to verify your contact details and deliver our products and services, such as our subcontractors, card processing service provider, service providers for ATMs and cash management, payment processing, group companies, other banks and regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.
    2) Administration of payments
  • your contact details and the payment details that you have provided to us; and
  • your location data to enable us to verify locations at which payments are made for fraud prevention purposes
  • your IP address to identify you for security reasons
  • information we receive about you directly from other third parties, including when you authorise us to access accounts you hold with other banks, as an account information service provider.
  • To administer payments to and from you
    We may give this information to our third-party payment providers to process the payment to you.
    3) Credit and client on-boarding decisions
  • information you give to us about your credit history;
  • information about those you are financially linked to (such as your partner);
  • information about how you have used other products and services offered by us or other members of our Group;
  • information we receive from third party credit reference agencies.
  • To make credit decisions and account on-boarding decisions about you (including new applications for credit or requests to increase credit limits)
    For this purpose, we share information with credit reference and fraud prevention agencies. The information could then be used as follows:
    1. the credit reference or fraud prevention agency might add details of our search and your credit application to the records they hold about you, whether or not your application proceeds;
    2. we and the credit reference or fraud prevention agency might link your financial records to those of any person you are financially linked to – this means that each other's information (including information already held by us or the credit reference agency) will be taken into account in all future credit applications by either or both of you, until one of you successfully files a 'disassociation' at the credit reference agencies;
    3. we might add to the credit reference or fraud prevention agency's records details of how your agreements or accounts operate with us, including any default or failure to keep to the terms of your agreement, and any failure to advise us of a change of address where a payment is overdue;
    4. the credit reference or fraud prevention agency could pass on any of that information to other companies unrelated to us for the credit checking and fraud prevention purposes mentioned above; and
    5. the credit reference or fraud prevention agency will also use the information for statistical analysis about credit, insurance and fraud on an anonymous basis.
    We use your information in this way because it is necessary to perform our contract to deliver credit related products and services to you, and to meet our legal obligations.

    When credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other banks and credit providers).

    Further information on how your information is used by credit reference agencies and fraud prevention agencies can be found at Experian
    4) Legal obligations
  • any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
  • this information will include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, tax identification number and information about any criminal convictions.
  • To comply with our legal obligations, to prevent financial crime including fraud and money laundering
    We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators. Fraud prevention agencies may use your information as set out in section 3 above
    5) Financial management and debt recovery
  • your contact details;
  • information we obtain from looking at how you have used our services, including information about your location that we may find from reviewing your accounts; and
  • information available within the Group about how you have used services provided by other members of the Group.
  • For financial management and debt recovery purposes
    We will give information to and receive information from third parties where that is necessary to recover debts due by you to us, for example, other banks, debt recovery agents, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.

    We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.
    6) Third party introducers
  • information about the general nature of the products and services; and
  • information about the value of those products and services.
  • To enable payments to third parties who may have introduced you to us
    We use your information in this way because it is in our interests to do so to provide you with the products and services that best suit you.

    We will give information to and receive information from third party independent financial advisers and mortgage brokers who have introduced you to us.
    7) Marketing
  • the contact details you have provided to us; and
  • information we have gathered from your use of our other products and services to form a profile of you which we will use to assess what other products and services would be most beneficial for you.
  • To market products and services to you from us
    8) Business Customers – Personal Information Requirements
    For business customers, we will use personal information about key individuals in the business, so we can operate and administer the products and services which we provide to the business – to do this we will use:
    • personal information about key individuals who are either a sole trader of the business or are a proprietor, director, company secretary, shareholder, partner, member, committee member, trustee, controller, beneficial owner or authorised signatory to the account of the business.
    • the personal information we use about key individuals is as set out in sections 1-7, and we may use it for any of the purposes described in sections 1-7. We may hold personal information on key individuals for the purposes of operating and administering products and services which we provide to the business, as well as for the purposes of fraud and money laundering, for debt recovery purposes, and to make credit decisions about the business.
    Personal information on key individuals is obtained directly from the key individual, from the business to which the key individual is linked with, from the key individual's dealings with any member of our Group, and from fraud prevention and credit reference agencies. Such information may include special categories of personal information, such as information relating to health or criminal convictions.

    We collect personal information in following ways

    Data you give to us:

    • when you apply for our products and services;
    • when you fill out an application on paper and on Website or provide information through documents;
    • When you talk to us on the phone or visit us in branch;
    • When you use our website and mobile device apps;
    • In emails and letters;
    • In financials reviews and interviews;
    • In customers surveys;

    Data we collect when you use our products and services or those of other members of our Group. This includes:

    • the amount, frequency, type, location, origin and recipients
    • Payment and transaction data
    • Profile you create to identify yourself when you connect to our internet, mobile and telephone services.

    Data from third parties we work with:

    • Credit Reference Agencies
    • Fraud Prevention Agencies
    • Public information sources such as Companies House, Search engines etc
    • Government and law enforcement agencies

    From other people who know you including joint account holders and people you are linked to financially.

    We also may obtain some personal information from monitoring or recording calls and when we use CCTV. We will record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and customers, and to resolve queries or issues. We also use CCTV on our premises to ensure the safety and security of our staff and customers.

    Information that we collect automatically

    We may also collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

    Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

    Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

    Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” below.

    In general, we will use the personal information we collect from you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your personal information. However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes) if and where this is permitted by applicable data protection laws.

    Who do we share personal information with?

    We may disclose your personal information to the following categories of recipients:

    • to our group companies, third party services providers and partners who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website), or who otherwise process personal information for purposes that are described in this Privacy Notice or notified to you when we collect your personal information We may share your personal information with the following categories of third parties:
      • Group companies including our parent in Switzerland and subsidiaries and branches in Canada, Hong Kong, South Africa, Kenya, Pakistan and UAE;
      • Property surveyors
      • Lawyers
      • Audit firms
      • Debt collection agencies
      • Credit reference agencies
      • Fraud prevention agencies
    • to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
    • to a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Notice;
    • to any other person with your consent to the disclosure.

    Legal basis for processing personal information

    Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.

    However, we will normally collect personal information from you only where we have your consent to do so, we need to use the information to comply with our legal obligations, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person (for example if you have a severe and immediate medical need whilst on our premises).

    Our legitimate interests include providing our customers with the services they request and administering our contracts, undertaking anti-fraud checks, improving our services, assisting in our legal, tax or accounting needs, and marketing our products and services.

    If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

    Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:

    1. we have a legal obligation to do so (for example to protect vulnerable people);
    2. it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
    3. it is in the substantial public interest;
    4. it is necessary for the prevention or detection of crime;
    5. you have specifically given us explicit consent to use the information.

    Cookies and similar tracking technology

    We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please visit our website for the Cookie Notice.

    How do we keep personal information secure?

    We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we use include strong access controls, encryption of data in transit etc.

    International data transfers

    Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

    Specifically, our Website servers are located in Switzerland, and our group companies and third party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.

    However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include strong contractual undertakings approved by the relevant regulators such as the EU model clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA in accordance with European Union data protection law.

    Data retention

    We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

    When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

    Automated decision-making

    In some instances, our use of your personal information may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.

    Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to decide whether to accept applications completed for fixed rate bonds on our website. We have implemented measures to safeguard the rights and interests of individuals whose personal information is subject to automated decision-making, including a manual review process.

    When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contact us using the contact details provided under the “How to contact us” heading below.

    Your data protection rights

    You have the following data protection rights:

    1. If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
    2. In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below.
    3. You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below.
    4. Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
    5. You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available here.)

    We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

    Updates to this Privacy Notice

    We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

    You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.

    How to contact us

    If you have any questions or concerns about our use of your personal information, please contact us using the following details: dp.uk@habibbank.com.