Skip to content Go to accessibility help
We use cookies to keep our websites easy to use and relevant to our users’ requirements and to enable us to learn which advertisements bring users to our website. Select Accept below if you wish to proceed or How to change your cookies for instructions on how to manage your cookie settings. Find out more about our Cookie Policy.

Your info - how we use and keep it

This Privacy Notice provides all the need-to-know info on how we collect, use and keep your info as a personal banking customer and/or an important person within the organisation of a business banking customer.Just so you know, an important person can include a sole trader, proprietor, director, company secretary, shareholder, partner, member, committee member, trustee, controller, beneficial owner or authorised signatory to the business account.

1. Introduction

As a personal or business banking customer, we take your privacy seriously. Here, you can learn more about your data protection rights and how we collect, use, share and store your personal info.

That includes info we already hold about you now and further personal info we might collect about you, either from you or someone else. How we use your personal info depends on the accounts and relationship you have with us.

Our Data Protection Officer (DPO) provides help and guidance to make sure we protect your personal info and we use it in the right way. If you have any questions, you can contact our DPO (see section 13 “Getting in touch”).

This Privacy Notice will replace any previous notice we’ve given you. If we make any important changes to it we’ll get in touch to let you know.

2. About the Virgin Money UK PLC Group

When we say ‘Group’ we mean Virgin Money UK PLC, Clydesdale Bank PLC, each subsidiary or holding company of Virgin Money UK PLC. You can find out more about the companies within the Group in the Legal and Privacy section here.

The following are the ‘data controllers’ within the Group that collect and use personal info. When we say ‘we’ or ‘us’ in this notice we are referring to:

View our group of companies

  • Clydesdale Bank PLC
  • CYB Intermediaries Limited
  • CGF No 9 Limited
  • Clydesdale Bank Asset Finance Limited
  • Clydesdale Covered Bonds No 2 LLP
  • Virgin Money UK PLC
  • CYB Investments Limited
  • Virgin Money plc
  • Virgin Money Unit Trust Managers Ltd
  • Virgin Money Personal Financial Service Ltd
  • Virgin Money Holdings (UK) plc
  • Yorkshire Bank Home Loans Limited

Back to top ↩

3. What info we will keep

Find out more information about the kinds of personal information we hold about you

By ‘info’, we mean all the personal and financial details we collect, use, share and store. The info we keep will change depending on the account and relationship you have with us. It can include but isn’t limited to:

  • Info about your identity and contact details (like your name, date of birth, home address, phone number, email address, current and previous countries of residence/citizenship, a copy of identification documents like passport or driving licence, for example – and info we need to check your identity).
  • Unique identifiers and reference numbers that we or others have allocated to you (like Companies House references, account numbers, online usernames, and your National Insurance number).
  • Your financial and payment info, including details of your income and how you spend it (if relevant), business accounting info, credit history info, bank details and transactions with us and others.
  • Info about you from resources, organisations, and regulatory bodies (like Financial Conduct Authority, Business Banking Resolution Service or Companies House).
  • Info about people you’re financially linked to (like your husband/wife/partner or financial associates) or who have an interest in or association with any of your accounts. (For example, an additional cardholder or where you’ve opened an account for a child).
  • How you access and use our website or other digital services (like your IP address, location and the device and software being used).
  • The profile info we create by analysing you, your business, and your behaviour. This could be through the way you use your account and from other sources – including info we get using artificial intelligence to look at combined data sets.
  • Your permission to share info from third parties.
  • Info that the law sees as being in a special category because it’s sensitive to you. We can only collect and use this info if you’ve given us permission, or it’s allowed by law. This sort of info includes:
    -Race or ethnicity.
    -Religious or philosophical beliefs.
    -Trade union membership.
    -Genetic and bio-metric data.
    -Health information and data (needed for some insurance products and to protect vulnerable customers).
    -Criminal convictions and offences (needed for lending decisions, fraud prevention, anti-money laundering and to meet our legal duties).

In section 6, there’s more on how we use this info.

Sometimes, we ask for your info as we need it to provide the product or service you’ve asked for or to do something the law requires us to do (like check you are who you say you are). Without that info we’ll not be able to provide some products or services requested.

For Credit Card Accounts, Loan Products and Mortgage Products, we need info on your finances. This includes:

  1. Your income, how much you spend, accounts info, assets and liabilities, credit history and credit scoring, employment info, any criminal prosecutions and details of bankruptcy or County Court Judgements.

To provide Financial Management Services and products that include Travel Insurance, we may need to use any health info, which we will ask for.

Back to top ↩

4. Where we get the info from

We collect info directly from you and others.

We get info:

  • Directly from you – for example, in applications, emails, letters, phone calls and conversations in Store (including info given by someone else, like an employer, financial adviser or accountant).
  • Through you attending events in our Stores, entries into our competitions, surveys, promotions, and conversations with us on social media.
  • By looking at how you use our products and services, or those of other members of our Group. For example, from transactions and how you manage your accounts and services. This includes the use of artificial intelligence or machine learning to analyse aggregated/combined datasets, to make forecasts/projections of earnings and cash flow and improving a service or systems in terms of machine learning or analytics cookie use. Info will be used for the development and deployment of the machine learning.
  • From the type of device you are using and the list of apps you have on your device.
  • From others who know you – including joint account holders and people you’re linked to financially.
  • By looking at how you interact when using your device. This could be the use of your keyboard, mouse and/or the way you hold your device – this is called “Behavioural Biometrics”.
  • From your use of our websites or applications, including through cookies that collect info about your internet use.
  • From recorded images (like CCTV in our Stores) and calls. We’ll record or monitor phone calls with you for regulatory purposes and training, to improve our service, to make sure our colleagues and customers are safe and to sort out any issues. We also use CCTV on our premises for the safety and security of everyone.
  • From other third parties who you have chosen to connect to your Virgin Money credit card app (e.g. Virgin Red).
  • From anyone else with your permission, e.g. when you link an account from another financial service provider, or link Virgin Red to a Virgin Money app.

We also get info from:

  • Credit reference agencies (like Experian) and fraud prevention agencies (for example, CIFAS).
  • Payment card networks, like Mastercard.
  • Price comparison websites.
  • Retailers.
  • Insurance companies.
  • Advertisers, Social media networks and companies that do market research and look at stats and analyse your behaviour (like Google and Facebook).
  • The Government and their agencies – for example, HM Revenue & Customs, Financial Conduct Authority, Business Banking Resolution Service, The British Business Bank and Companies House.
  • Public records (e.g. the electoral roll) and other public sources including internet searches.
  • Other companies that provide a service to us (e.g. surveyors and lawyers).
  • Marketing Services Providers – these are companies that collect personal data from a number of sources for the purposes of creating profiles of customer groups.
  • Other third parties who are allowed to share info with us.
  • Other third parties who you have chosen to connect via your Virgin Money app (e.g. Virgin Red).
  • Anyone else with your permission, e.g. when you link an account or card from another financial service provider, or link Virgin Red to a Virgin Money app.

We’ll also look at and combine the info collected (sometimes automatically) to understand how you use your account and our services. It also helps us understand what you may like and do. We may create a profile of you to help us predict your financial behaviour and what you prefer before offering services to you (‘profile info’).

Some of our products and services need you to allow third parties to share info with us. This may be combined with other info we hold and have analysed so we can provide that product or service. Please check out section 5 “"Why we need the information and what we use it for"” for more details.

Back to top ↩

5. Why we need the info and what we use it for

Data Protection law means we need to have one or more of the following reasons for using your info:

  1. 'Contract performance’ – where we’ll use your info to provide you with your account, product or service (for example, we’ll use your name and address to post an account statement to you).
  2. 'Legal obligation’ – this is where we must process your info by law (for example checking you are who you say you are).
  3. 'Legitimate interest’ – we’re allowed to use your info where, on balance, the benefits are reasonable and not outweighed by your interests or legal rights – for example, we have an interest in knowing what our customers like and don’t like so we can offer better products and services.
  4. 'Consent’ – sometimes, we may ask you for your consent or permission to use info in a certain way or where the law states we must get your permission. For example, if you agree to us recording something about your health so we can improve the way we communicate with you. Whenever permission is the only reason for us using the info, you have the right to change your mind. To do this, just contact us – head to section 13 "Getting in touch" to find out how.
Using your info

These are the main ways we’ll use your info and the reasons for doing so:

To check your identity and eligibility for an account (Contract performance; Legal obligation)

The law requires that we must check the identity of new customers and for business customers the verification of key individuals of such customers. The law also requires us to re-check the identity of existing customers from time to time. This is so we know who our customers are and to make it more difficult for criminals to use false or impersonated identities, for criminal purposes like hiding the proceeds of crime or committing fraud. To check your identity, we’ll check the contact details and financial info you give us with credit reference agencies and against publicly available info. We’ll also check you’re eligible for the product or service we’re offering.

To manage your account and relationships with us (Contract performance; Legal obligation; Legitimate interest)

We’ll use your info to manage any account, product, service or relationship you have with us. This’ll be done in line with the terms of that arrangement and the rules of our regulators. Examples of this are:

  • Management of your account including:
    - linking other accounts or linking your Virgin Red account where you've asked us to.
    - keeping info about your transactions and sending your account statements.
    - telling you about your account and your relationship with us, including letting you know any changes to interest rates, limits or charges.
  • Sharing your name and some account details with a person or organisation before a payment can be made to your account.
  • Linking other accounts or linking your Virgin Red account where you've asked us to.
  • Helping to fix mistakes and sort out any problems or complaints you may have.
  • Manage any offers or promotions you take part in.
  • Closing your account.

To do this, we’ll use your contact details, the payment details you’ve given us and your location data to enable us to check locations where payments are made (this is to prevent fraud). If you’ve agreed to it, we’ll also use mobile location services and your IP address to identify you for security and to stop fraud.

We may also share this info with third parties who help us confirm your contact details and deliver our products and services – this could be our payment providers, subcontractors, service providers for ATMs and cash management and other banks and regulators.

We might use info to manage any business internet banking money management services provided to business banking customers. Our money management services use machine learning to give you forecasts and predictions:

  • This provides a simple forecast of revenue for the next three months using the info you’ve given us and other info across the platform (including previous info). For example, daily and monthly revenues, industry type, size and location.
  • The forecasting tool gives a prediction of future cashflow using all the transactions, invoices and other financial info that cause your bank balance to change. It then looks back to find different patterns and trends that it can use to forecast your cashflow. It works directly from your cash movements rather than your profit and loss or balance sheet. This means it can consider individual customers and suppliers to make accurate forecasts right down to daily cash movements.

Assessing risk and deciding whether to lend you money (Contract performance; Legal obligation; Legitimate interest)

We have a legitimate interest in only lending money to customers we think can pay it back. Our regulators also require us to lend money in a responsible way.

So, whenever you apply for credit (for example, a mortgage, credit card or overdraft) or any extra borrowing on a product you’ve taken out, we’ll use the info you give us and what we already know to work out the risk to us.

We’ll also get info from credit reference agencies to do credit scoring and/or other risk assessments of your application.

Credit scoring is an automated way of making fair and responsible decisions about lending money and managing your accounts. We use it to assess how you are likely to run your account and by using info from a range of sources it allows us to decide on whether we’re going to offer you a product or service or make any changes to any ones you have.

To calculate a credit score we use:

  • Info you provide about your credit history.
  • Info about anyone you’re financially linked to (like your partner).
  • Info we get from credit reference agencies (including, but not limited to, those shown in Appendix 1).
  • Details about how you’ve used other products and services you have with us or the Group (for example, how you’re making repayments on other credit products).
  • Info we received about you from other third parties, including when you let us access accounts you have with other banks, as an account service provider.

We’ll confirm where we’ve used credit assessment. If there’s been a change to your credit limit or interest rate based on our credit assessment process, you can ask one of our team to assess it again. For more info see the section ‘When we make automated decisions’ below.

See section 7 "Who we share info with",for more about sharing info with credit reference and fraud prevention agencies.

Obeying the law, stopping financial crime (including fraud and money laundering) and funding terrorism (Legal obligation; Legitimate interest)

By law, we must review applications and monitor accounts. This helps us tackle threats from terrorists, money-laundering and other financial crimes. We also have a legitimate interest in avoiding losses caused by financial crime like fraud. We may share info with law enforcement agencies and other official bodies or government departments to comply with our legal obligations (like tax and immigration authorities).

We may also check and share info we’ve got about you – like your contact details and financial info – with fraud prevention agencies, credit reference agencies, law enforcement, other government agencies, different banks and regulators. This is to help stop financial crime and terrorism funding. To do that, we’ll use any info you’ve provided, as well as info we’ve got from a third party. We’ll also see how you use our services for more info.

This includes your name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport or driving license number), your IP address and details of any criminal convictions. This might also include info about your location, which helps prevent crime and fraud.

Getting back money that’s owed to us (Contract performance; Legitimate interest)

We use your info in this way because it is necessary to perform our contract with you. It is also in our legitimate interest to recover any debts that are owed to us if there isn’t a plan in place to pay it back.

We’ll use your contact details and info we’ve got from seeing how you’ve used our services (including info about your location that we may find from reviewing your accounts). We’ll also use info available within the Group about how you’ve used services from other Group members.

To get a debt paid back, we’ll share info with and receive info from third parties where we have to. This might even include legal proceedings. Examples of third parties include other banks, debt recovery agents, solicitors, credit reference agencies and sheriff officer or bailiff services.

This might also include sharing info about you with a third party who we’ve moved your debt to e.g., securitisation. We’ll tell you who they are and they’ll contact you directly to collect that debt.

Improving our services and computer systems (Legal obligation; Legitimate interest)

We have a legitimate interest in improving how we offer our services and the security of the computer systems we use. We also have to respond to any law changes or rules that affect how we protect the info, that we hold.

We may use your info to help us develop and test our systems, including new technologies and services. This is to make sure they’re safe and secure and will work the way we want them to. When we do this, we’ll use processes and technologies that are designed to keep this info secure.

Identifying other products and services from us and our partners that may be useful (Legitimate interest; Consent)

The range of products and services we offer, including those from companies outside the Virgin Money UK PLC Group, changes all the time.

We have a legitimate interest in telling you about products, services and any new developments we think may interest you, where we’re allowed to. For some of our marketing, including letting you know about the products and services of other companies, we’ll ask for your permission first.

We don’t want to send on too much info or anything that’s not right for you, so we’ll use the info we already have, particularly profile info, to decide what we talk to you about. This includes telling business customers who meet certain scores that they may be able to apply for Sustainability Linked Loans.

You have the right to tell us at any time if you don’t want us to use your info in this way.

We’ll only get in touch in the ways you’ve said we can. For example, a phone call, text message or post. If you’ve said you don’t want to see any marketing, you won’t. You can opt in or out at any time to marketing by contacting us in the usual way see "Getting in touch" for our contact details).

  • The info you’ve given us.
  • Details about how you’ve used other products and services you have with us or the Group.
  • Any feedback you’ve given us.
  • Info we’ve got from credit reference agencies (including, but not limited to, those set out in "Appendix 1").
  • Info from other companies we’re partnering with (including, but not limited to, those shown in "Appendix 3").

We might get info about you from a third party to help us market our products and services to you. But we’ll only do this if you’ve given them permission to share your info with us.

We might also ask you for permission to show marketing from Virgin Red as part of your Virgin Money app, both inside the app and in push notifications.

We may also get your name and address from other companies to help us offer services that are right for you. Our manual or automated processes analyse this info to decide what products and services to offer to you and to prioritise the marketing messages you receive.

We do this by:

  • Working out which products and services you can have.
  • Seeing if they’ll be useful to you.
  • Deciding how likely you are to reply.

We may also get info telling us if you’ve opened or clicked on an email, the type of device you’re using and your general location when you opened the email.

Our service providers will help us with these marketing activities. The partners we give your info to might use it for marketing profiling.

Sometimes we work with other companies to offer you the best products and services. We’ll sometimes share your information with our partners, and get info about you too, to make sure that we give you the best, most relevant offers when we market to you (if you have given permission).

See Appendix 3 for a list of our partners and Appendix 4 for the types of suppliers we use.

Managing and organising our business (Legal obligation; Legitimate interest)

We have a legitimate interest in running our business as well as possible while also sticking to our legal and regulatory responsibilities to the UK financial system.

Therefore, we may use your financial info, including how you’ve used our products and services, for the following reasons:

  • To see how well our marketing is working.
  • To train our team.
  • To spot trends or behaviours.
  • To check performance indicators.
  • To work out the profitability (or other indicators) of a product, service, sector or part of it when compared to others to help us with our future strategy.
  • To report to and communicate with regulators, auditors and government agencies.
  • To help the preparation and confidential sharing of info that supports our funding and other activities. For example, the sale or transfer of our interests in some of our mortgage or credit card accounts or where we may want to reorganise some or all our businesses through a merger, transfer or sale.

We may pass your info to market research companies and others who help us with these activities.

Sometimes, we’ll use artificial intelligence to help us understand trends, behaviours and predict general patterns. For example, to see how well our marketing is doing.

We may also use your info for other things you’ve agreed to, as well as some situations where the law asks or requires us to.

Supporting vulnerable customers (Legal obligation; Legitimate interest; Consent)

We have an interest as well as a legal duty to support vulnerable customers. That’s why we’ll use any info you give us, and what we can see from your transactions, that might show a vulnerability. For example, a health condition or money worries.

We’ll also use info we get about vulnerable customers from other members of our Group if we need to protect their interests. Plus, we’ll give info to third parties about vulnerability to meet our legal duties. This might be to the police, social services or someone acting on your behalf.

Managing relationships with third parties who introduce customers to us (Legitimate interest)

We’ll give info to and get info from third party independent financial advisers and mortgage brokers who’ve introduced you to us.

This is so we can provide products and services to you and manage our relationships with those third parties, including paying any fees.

To do this, we’ll use info about the general nature of the products and services, as well as info about the value of those products and services.

Making sure our mortgage products and/or our life and critical illness cover are right for you (Contract performance; Legal obligation; Legitimate interest)

To provide you with mortgage products and some insurance products, as well as the info already listed above, we’ll need to use extra info about your needs and situation. This is to make sure the products and services are right for you.

For mortgages, this’ll include info about your income and spending, assets and liabilities and your planned retirement age.

For life and critical illness, this’ll include your date of birth, if you smoke or not and details of current policies. Plus, info about how you’ve used other products and services offered by us or other Group members. This will include previous claims under any current policies you have with us, as well as with other providers.

We might share all the info we use with third parties who help us to give the best advice possible. These third parties include credit checking and fraud prevention agencies and our insurance provider partners.

See Appendix 1 for a list of the credit reference and fraud prevention companies we use and Appendix 2 for a list of our insurance provider partners.

We use your info like this because it’s in both of our interests for you to get advice about the right products and services. It’s also so we stick to the rules of our regulators.

When we make automated decisions

We sometimes use computers to make decisions. We do this when:

  • Assessing your eligibility for products and services. We’ll analyse and combine the info collected to create a profile of you to understand the way you use your account (or how we think you might use your account) and our services as well as what you might like and what you might do. We use this to decide whether to offer you certain products and services.
  • Evaluating your use of bank products and services. For example:
    - The types and volumes of transactions you make
    - How often you use our digital services.
    - Which products or services you appear to prefer;
    This helps us to create profiles of you which we will use to manage our relationship, including how we communicate with you.
  • Deciding whether to lend money. We use credit scoring to help us make fair, responsible, and consistent decisions about lending money and managing your account(s). We use credit scoring to decide:
    - whether we provide a product or service to you;
    - whether to adjust products or services you have (like increasing or decreasing credit limits or interest rates);
    - to pre-approve future products or services for you;
    - to authorise overdraft limits;
    - to authorise payments from you; and
    - in some cases where we need to recover a debt from you.
  • Creating a profile of you for marketing purposes (but only where you’re happy to be contacted with marketing). This helps us make sure you get the most relevant info about the products and services that will be the most beneficial to you, at the right time. It also helps us decide how likely you are to respond. To do this, we use:
    - info you give to us;
    - info about the types or retailers where you spend your money;
    - details about how you have used other products and services you have with us or the Group;
    - any feedback you have given us;
    - publicly available data from a reputable institution that may give us an insight into economic circumstances that impact you or the area you live in. Example sources included but are not limited to: The Bank of England, The Office of National Statistics and academic institutions or research papers.
    - info we have obtained from credit reference agencies (including, but not limited to, those set out in Appendix 1 ; and
    - info from other companies we are partnering with (including, but not limited to, those set out in Appendix 3.
  • To assess payments to your account to identify any that look unusual and that are potentially fraudulent. We take into account various elements of the payment like billing address, IP location, issuer country, and velocity checks on how many times the card has been used globally and assign a score to each payment and where the score is above a certain threshold the payment will not be processed.
  • When we make automated decisions, we look at look at how you’re likely to run your account, using info from a range of sources (See section 4 "Where we get the info from". Where we make automated decisions you can always ask for a member of the team to review the outcome.

Back to top ↩

6. What we use special categories of info and criminal offence info for

Special protection is given to special categories of info and criminal offence info.

We’ll only use special categories of info if we have one or more of the following additional reasons for using your info:

  1. 'Explicit consent’ – where you have given us explicit consent to use the info.
  2. 'Vital interests’ – where we need to protect your vital interests e.g. if you have a severe and immediate medical need whilst on our premises.
  3. 'Public interest’ – where it is in the substantial public interest.
  4. We’ll only use criminal offence info where the law allows us to for example for the purposes of preventing or detecting crime.

Using special categories info

We use the following special categories info for the reasons below:

Health info

  • If you apply for a health-related insurance product, we’ll need your info to provide you with services that are right for you.
  • If we identify that you have a health-related vulnerability, we’ll share that in our organisation to the extent needed to protect your interests and offer you services that are suitable for you.
  • If we need to provide you with urgent medical help when you’re on our premises.
  • To make sure you’re treated fairly if you come into financial difficulties because of a vulnerability.

Genetic and biometric identifiers

Some of our accounts use facial and other biometric recognition technology to help customers prove their identity when opening accounts. We’ll ask for your permission when setting this up.

By observing how you interact when using your device for example, the use of your keyboard, mouse and/or the way in which you hold your device, this is called “behavioural biometrics”. We also use behavioural biometrics to confirm your identity when you shop online with your debit or credit card. Behavioural biometrics is the use of machine learning to analyse patterns. This helps us stop fraud by making sure the person using the card is who they say they are.

Racial and ethnic background

We may ask you about your racial and ethnic background as we need to make sure everything is fair and equal when it comes to the service we offer.

Criminal info

We may use info about criminal proceedings relating to you when deciding to lend money to you, to help us prevent and detect financial crime and to fulfil our legal/regulatory obligations.

Account payments

Sometimes the transactions in your bank accounts will reveal special categories info (like your political opinions, health status, religious beliefs and trade union membership), depending on payments you make and receive. This info may be processed by us to provide account payment services to you and will not be used for any other purpose.

Back to top ↩

7. Who we share info with

We treat all the info we hold as confidential. We may share your info with other people or companies, who are also required to keep the info confidential, safe and secure. For example:

  • Companies in the Virgin Money UK PLC Group.
  • Other companies, commercial partners, agents and professionals who offer products, services and admin support to us – for example, our IT Suppliers.
  • The relevant business customer connected to you.
  • Companies, organisations and professionals who also offer you services.
  • Anyone we may transfer our rights and duties under any arrangement to.
  • Anyone else with your permission, including for open banking (which allows you to ask for data to be shared between financial services providers to give you a wider choice of products and services).
  • Anyone else where you have asked us to connect their service via a Virgin Money app (e.g. Virgin Red).

We may also share information we hold with the following types of organisation:

  • Credit reference agencies.
  • Fraud prevention agencies.
  • UK and overseas regulators, authorities and their service providers (for example, the Financial Conduct Authority, Business Banking Resolution Service, the British Business Bank or Companies House).
  • UK and overseas tax authorities (like HM Revenue & Customs).
  • UK and overseas law enforcement agencies – for example, the National Crime Agency.
How we work with credit reference and fraud prevention agencies

Credit reference agencies

To assess an application for a product or service we’ll perform identity checks on you with one or more credit reference agencies (CRAs). Where you apply for credit, we’ll also perform credit checks on you with the CRAs. We may also make periodic checks with CRAs to manage your account with us.

To do this we’ll pass your information to CRAs and they’ll give us information about you. The information we’ll supply includes information from your application and your financial situation and history. CRAs will also supply us with public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We’ll continue to exchange info about you with CRAs while you have a relationship with us. We’ll also let them know about any accounts you’ve since paid off. If you don’t pay back your credit in full and on time, CRAs will record the debt. They may also let other organisations know.

When CRAs do a credit search they’ll place a footprint on your credit file that may be seen by other lenders and may affect your ability to borrow from them. If you’re making a joint application, or you tell us that you have a spouse or financial associate, we’ll link your records together, so you should make sure that they know what you’re doing and share this info with them before applying. For joint applications with a spouse or financial associate, CRAs will also link your records together. If you want to break this link, you’ll need to talk directly to the CRAs.

The identities of the CRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share info, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA Information Notice (CRAIN).

You can find out more about CRAs here:

We may also use TransUnion’s services for other reasons not mentioned in the CRA Information Notice (CRAIN). This is to help us with identification, verification and fraud prevention as well as other purposes.

You can learn how your data is used at

Fraud Prevention Agencies

The CRAs also work as fraud prevention agencies (FPAs). Just so you know, we’re also a member of CIFAS and National Hunter, which are both FPAs.

Before offering you a product or service, we may run some checks with the FPAs to help prevent and detect fraud and money laundering.

We’ll do this by giving FPAs your info, who’ll then give us info about you. This includes details in your application or info from third parties.

If we or an FPA believe you’re a fraud or money laundering risk, we may not offer you a new product or service. We might also stop the product or service you’re already using and share any info we get from a FPA with the CRAs.

A record of any fraud or money laundering risks will be kept by the FPAs. This may mean other companies won’t offer you services, finance or employment.

We and FPAs may also let law enforcement agencies use your info to detect, investigate and stop crime. For more details, please ask a member of staff or visit:

Back to top ↩

8. Using info outside the UK

We may need to share your info outside the UK and EEA with others. This can include Group companies, service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not offer the same protection as in the UK and European Economic Area e.g. USA.

For example, if you have a credit or debit card with us, we’ll share what you’ve spent with the payment network e.g. Mastercard, who may use this info worldwide. In these cases, we’ll do everything we can to make sure your info is protected to UK standards.

This could be by only letting transfers take place with countries the EU Commission thinks offer enough protection for your info (an adequacy decision) or, we’ve put our own measures in place to make sure there’s enough security as set out by data protection law.

These measures include having recognised safeguards in place with our commercial partners, like carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators like the EU style model clauses or where our commercial partner is a signatory to a recognised and binding code of conduct. For more info about standard contractual clauses as shown by the ICO, check out and search for ‘International Transfers’.

To learn more about how your info is used in countries outside the EEA, the adequacy decision for that country or the measures we’ve put in place, please get in touch with our Data Protection Officer.

EU and EEA based customers – some extra privacy info

The United Kingdom left the European Union on 31 January 2020. So, we’ll need to transfer your personal info to the UK and other areas outside of the EEA, so you can continue to use our products and services.

Moving your personal data from the EU to the UK will take place based on an adequacy decision by the European Commission in favour of the UK, or on the basis of protections which comply with EU GDPR. We’ll also need to continue to act in line with EU GDPR when we process your personal data.

We’ll continue to keep your data secure, but if you’ve got any questions about how we use your info or your data rights and our obligations as a Data Controller, you can speak to our EU representative. If you want to write, the address is The Data Warehouse at Keizersgracht 482, 1017EG, Amsterdam, Netherlands. You can also email them at

If you’d like more info, you can contact our Data Protection Officer (see section 13 "Getting in touch.

Back to top ↩

9. How long we hold info

How long we keep your information for depends on the products and services we deliver to you.

Find out more about how long we keep your information for

How long we keep your info for depends on what products and services you have with us. Just so you know, we won’t keep it any longer than we need to (see section 5 "Why we need the info and what we use it for" and section 6 "Why we need special categories info and what we use it for)").

This means we’ll continue to hold some info for a while after your account has closed or our relationship has ended. For example, where we need to for the regulator, for active or potential legal proceedings, to resolve or defend claims or for making remediation payments.

If you’d like more info, you can contact our Data Protection Officer (see section 13 "Getting in touch.

Back to top ↩

10. Keeping you up to date

We’ll get in touch with you about products and services we are delivering using the contact details you’ve given us. This might be by post, email, text message, social media and notifications on our app or website.

Where you have given us permission to send you marketing, you can cancel it and update your marketing choices in Store, by calling us, via online banking or through the Virgin Money app.

You can also update your contact preferences in Store, by calling us or through the Virgin Money app.

Head to for all the contact info you’ll need.

Back to top ↩

11. What you do online

We use cookies to track how you use our website. If you’ve given us permission, we may also use cookies to tailor marketing messages when you’re logged in. For more info about how we use cookies, visit

Back to top ↩

12. Your Data Protection Rights

The law guarantees your rights about how we use your info.

If you don’t want us to use your info

We have told you about the ways in which we use the information we hold.

You can object to how we use your info. When this happens, we have up to one month to get back to you.

Remember, you can stop getting marketing communications at any time. Just get in touch in the usual way to let us know.

Access to info

You always have the right to ask whether we hold info about you. If we do, you have the right to know:

  • What the info is.
  • Why we’ve got it.
  • The ways it’s used.
  • Who we share it with.
  • How long we keep it for.
  • Whether it’s been used for any automated decision making.

You’re also allowed a free copy of the info. We can give it to you in person, online, over the phone, by email or by post.

Getting your info right

We always want the info we have for you to be absolutely spot on (up to date and accurate). If any of it is wrong or out of date, let us know and we’ll fix it.

Deleting info

You can ask us to delete your info if you think we don’t need it anymore. This might be because:

When you ask for info to be deleted, we have up to one month to get back to you. If we don’t go ahead and do it, we’ll tell you why.

Portability of info

You have the right to get some of the info you gave us in a machine-readable format.

Restricting some uses of info

In certain situations, you can block or limit the use of info by us. This may happen where:

  • You’ve challenged the accuracy of the info is and we’re checking it.
  • You’ve objected to how we use your info and we’re considering whether you’re right.
  • We’ve been using your info unlawfully but you want us to continue to hold the info rather than delete it (see “Deleting info” above).
  • We no longer need to keep the info but you’ve asked us to keep it because of legal claims you’re involved in.

Who can I complain to?

If you’re unhappy with how we’re using your info, please visit us in Store or at

If we can’t fix the issue, you can complain to the Info Commissioners Office (ICO). The ICO is the UK’s independent body set up to uphold your rights. You can find out more at

You can exercise any of your data protection rights by contacting us – (see section 13 "Getting in touch.

Back to top ↩

13. Getting in touch

If you wish to make a Rights Request, you can do so by emailing or writing to the team at: Virgin Money, Sunderland SR43 4JB. We will respond within a month and there is no need to send a reminder during that period.

If you’d like to contact our Data Protection Office directly regarding a data protection concern, you can email the team or contact them via the postal address above, addressing the letter to: The Data Protection Office.

Back to top ↩