• Clydesdale Bank PLC;
• CYB Intermediaries Limited;
• CGF No 9 Limited;
• Clydesdale Bank Asset Finance Limited;
• Clydesdale Covered Bonds No 2 LLP;
• CYBG PLC;
• CYB Investments Limited; and
• Yorkshire Bank Home Loans Limited.

You can contact us at a local branch or via the website details supplied above to exercise any of the following privacy rights:

3.2 Right to object:

You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.

3.3 Access to your personal information:

You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting a local branch or our Data Subject Access Request team at 'DSAR Team, 3rd Floor Granite House, 31 Stockwell Street, Glasgow, G1 4RZ'. Please make all requests for access in writing, and provide us with evidence of your identity.

3.4 Right to withdraw consent:

If you have given us your consent to use personal information, you can withdraw your consent at any time and, update your marketing preferences by visiting a branch or calling us directly. For contact details, visit our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers.

3.5 Rectification:

You can ask us to change or complete any inaccurate or incomplete personal information held about you.

3.6 Erasure:

You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.

3.7 Portability:

You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.

3.8 Restriction:

You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.

3.9 Make a complaint:

You can make a complaint about how we have used your personal information to us, by visiting your local branch, by contacting us via the details on our websites on cbonline.co.uk/contact-us for Clydesdale Bank customers, ybonline.co.uk/contact-us for Yorkshire Bank customers and youandb.co.uk/help for B customers or to a supervisory authority - for the UK this is the Information Commissioner's Office at ico.org.uk (Link opens in a new window).

We will not make any charge for responding to any request from you to exercise your privacy rights, and we will respond to your requests in accordance with our obligations under data protection law.

• We offer current accounts, savings accounts, credit card accounts, mortgage products, loan products, insurance products, payment services and financial management services.
• To provide any of these products and services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.

For some products and services we need to use additional personal information which we will gather about you, or we will not be able to provide any of these products and services to you. See section 5 How we gather your personal information for further details.

• For Credit Card Accounts, Loan Products and Mortgage Products we need financial information (including your income, expenditure, assets and liabilities, credit history and credit scoring); employment details; details of any criminal prosecutions and details of bankruptcy or any County Court Judgements.
• For products that include Travel Insurance and to provide Financial Management Services we need to use health information, which we will request you to provide.

1. your contact details;
2. your location data for fraud prevention and, if you have consented to it, mobile location services; and
3. your IP address to identify you for security reasons.

We might share all of the information we use for this purpose with third parties who help us to verify your contact details and deliver our products and services, such as our subcontractors and our own service providers for ATMs and cash management, payment processing, other banks and regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.

1. your contact details and the payment details that you have provided to us; and
2. your location data to enable us to verify locations at which payments are made for fraud prevention purposes.

We may give this information to our third party payment providers to process the payment to you.

1. information you give to us about your credit history;
2. information about those you are financially linked to (such as your partner);
3. information about how you have used other products and services offered by us or other members of our Group (a full list of our group of companies can be found in section 2 About us);
4. information we receive from third party credit reference agencies; and
5. information we receive about you directly from other third parties, including when you authorise us to access accounts you hold with other banks, as an account information service provider.

For this purpose, we share information with credit reference and fraud prevention agencies. Download the Full FPN which contains a list of the CRAs and FPAs we use at the end of the document. The information could then be used as follows:

• the credit reference or fraud prevention agency might add details of our search and your credit application to the records they hold about you, whether or not your application proceeds;
• we and the credit reference or fraud prevention agency might link your financial records to those of any person you are financially linked to – this means that each other's information (including information already held by us or the credit reference agency) will be taken into account in all future credit applications by either or both of you, until one of you successfully files a 'disassociation' at the credit reference agencies;
• we might add to the credit reference or fraud prevention agency's records details of how your agreements or accounts operate with us, including any default or failure to keep to the terms of your agreement, and any failure to advise us of a change of address where a payment is overdue;
• the credit reference or fraud prevention agency could pass on any of that information to other companies unrelated to us for the credit checking and fraud prevention purposes mentioned above; and
• the credit reference or fraud prevention agency will also use the information for statistical analysis about credit, insurance and fraud on an anonymous basis.
• if we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

We use your information in this way because it is necessary to perform our contract to deliver credit related products and services to you, and to meet our legal obligations. We also undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

When credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other banks and credit providers).

Further details on how your information is used by credit reference agencies and fraud prevention agencies can be found here at www.equifax.co.uk/crain(Link opens in a new tab) and at the CIFAS website: https://www.cifas.org.uk/fpn(Link opens in a new tab) as well as the National Hunter website: www.nhunter.co.uk/privacypolicy/ (Link opens in a new tab).

1. information you give to us about your needs and circumstances. For mortgages this will include details of income and expenditure, assets and liabilities, and details of intended retirement age. For life and critical illness this will include date of birth, smoker status and details of existing policies; and

2. information about how you have used other products and services offered by us or other members of our Group including previous claims under existing policies you have with us as well as with other providers.

   We might share all of the information we use for this purpose with third parties who help us to deliver the advice. These third parties include credit checking and fraud prevention agencies and our insurance provider partners. See Appendix 1 (PDF. Opens in a new window) for a list of the credit reference and fraud prevention companies we use and Appendix 2 (PDF. Opens in a new window) for a list of our insurance provider partners. We use your information in this way because it is in our interests and your interests for you to receive advice about the right products and services for you.

1. any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
2. this information will include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, and information about any criminal convictions.

We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators. Fraud prevention agencies may use your information as set out in clause 6.3 above.

1. information you give to us which identifies a vulnerability (such as a health condition); and
2. information we may receive from another Group company which identifies vulnerability.

We will give information to and receive information about a vulnerability from third parties where that is necessary to meet our legal obligations, for example from police, social services or someone acting on your behalf.

1. your contact details;
2. information we obtain from looking at how you have used our services, including information about your location that we may find from reviewing your accounts; and
3. information available within the Clydesdale Group about how you have used services provided by other members of the Clydesdale Group.

We will give information to and receive information from third parties where that is necessary to recover debts due by you to us, for example, other banks, debt recovery agents, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.

We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.

1. information about the general nature of the products and services; and
2. information about the value of those products and services.

We use your information in this way because it is in our interests to do so to provide you with the products and services that best suit you.

We will give information to and receive information from third party independent financial advisers and mortgage brokers who have introduced you to us.

1. information about how you have used our products and services such as your bank accounts and insurance claims.

We may pass your personal information to market research companies and other service providers as required.

1. the contact details you have provided to us; and
2. information we have gathered from your use of our other products and services to form a profile of you which we will use to assess what other products and services would be most beneficial for you.

We will pass your personal information to our service providers who help us with these marketing activities.

Sometimes we work with other companies to offer you the best products and services. We will sometimes share your personal information with our partners, and receive personal information about you from our partners, to make sure that we give you the best, most relevant offers when we market to you (if you have consented). Download a list of our partners and the categories of our suppliers. (PDF. Opens in a new window)

We might also receive personal information about you from a third party and use it to market our products and services to you, where you have given that third party your consent to share the personal information with us. We may collect your name and address from other service providers for the purpose of providing suitable marketing to you.

For business customers, we will use personal information about key individuals in the business, so we can operate and administer the products and services which we provide to the business – to do this we will use:

• (a) personal information about key individuals who are either a sole trader of the business or are a proprietor, director, company secretary, shareholder, partner, member, committee member, trustee, controller, beneficial owner or authorised signatory to the account of the business.
• (b) the personal information we use about key individuals is as set out in section 6, and we may use it for any of the purposes described in section 6. We may hold personal information on key individuals for the purposes of operating and administering products and services which we provide to the business, as well as for the purposes of fraud and money laundering, for debt recovery purposes, and to make credit decisions about the business.

Personal information on key individuals is obtained directly from the key individual, from the business to which the key individual is linked with, from the key individual's dealings with any member of our Group, and from fraud prevention and credit reference agencies. Such information may include special categories of personal information, such as information relating to health or criminal convictions.

Credit scoring

We use automated decision making using your personal information to create a profile of you for credit scoring – a method which predicts your credit worthiness based on your financial profile.

To carry out credit scoring we use information you give to us, information we obtain from credit reference agencies, and details about how you have used other products and services you have with us or the Group (for example how you are making repayments on other credit products). In some cases we will also use external data sources for credit scoring. Download a list of credit reference agencies (PDF. Opens in a new window). We analyse this information to identify a credit score based on how likely it is that debts will be re-paid.

We use credit scoring to make the following decisions about you: whether we enter into a contract to provide a product or service to you; whether to adjust products or services you have (such as an increasing or decreasing credit limits); to pre-approve future products or services for you; to authorise overdraft limits; to authorise payments from you; and in some cases where we need to recover a debt from you.

Profiling for marketing

We want you to get the most relevant information about products and services at the right time. The most effective way for us to do this is to use automated processes to create a profile of you for marketing.

To carry out marketing profiling we use information you give to us, details about how you have used other products and services you have with us or the Group and any feedback you have given us, information we have obtained from credit reference agencies and other external data sources and information from other companies we are partnering with. Download a list of credit reference agencies and a list of the companies we partner with (PDF. Opens in a new window).

We use processes to analyse this information to decide what products and services to offer to you and to prioritise the marketing messages you receive by; assessing your eligibility for those products and services; assessing how likely they are to be useful for you; and deciding how likely you are to respond.

We use an artificial intelligence programme which uses data that you have provided or that we have collected from you from use of your account. We use this information to create models based on the performance of previous promotional initiatives, so that we can predict the likely success of future promotions generally, but this information is not used to make any specific decisions about you as an individual.

The partners we pass your personal information to for marketing might also carry out marketing profiling using your personal information for these purposes. Download a list of our partners and the categories of our suppliers (PDF. Opens in a new window).

Health information

• if you apply for a health related insurance product, we will require your personal information to provide you with services that are suitable for you;
• if we identify that you have a health related vulnerability, we will share that within our organisation to the extent needed to protect your interests and provide you with services that are suitable for you;
• if we need to provide you with urgent medical assistance when you are on our premises; and
• to ensure you are treated fairly in circumstances where financial difficulty has arisen due to a vulnerability.

Genetic / biometric identifiers

• some of our accounts use facial and other biometric recognition technology to enable customers to verify identity when opening accounts – we will ask for your consent when setting up this access.

Racial / ethnic origin

• we may ask for this information to fulfil our regulatory and reporting obligations relating to ensuring fairness and equality in our service delivery.

Criminal information

• we may use information about criminal proceedings relating to you to make lending decisions (for example we will not lend to you if you have a criminal prosecution pending), for fraud prevention/anti-money laundering purposes and to fulfil our legal and regulatory obligations.

Account payments

• sometimes the transactions in your bank accounts will reveal special categories of information (such as your political opinions, health status, religious beliefs and trade union membership), depending on payments you make and receive. This information may be processed by us to provide account payment services to you and will not be used for any other purpose.

We may need to transfer your personal information to territories that are outside the EEA. We will only transfer your personal information outside the EEA where either the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses. We also use the EU Commission approved EU-US Privacy Shield (Link opens in new window) when personal information is transferred to the US.

You can find out more information about standard contractual clauses as detailed by the ICO. Visit their website at ico.org.uk (Link opens in a new window) and search for ‘International transfers’.

We will not use your personal information for marketing purposes once you no longer have any active products or services with us. We keep the other personal information we use for seven years after closure of your account or from the date you last used one of our services. We may hold information relating to insurance accounts and pension accounts for up to 15 years from the date of expiry of the account. In some circumstances we will hold personal information for longer where necessary for active or potential legal proceedings, to resolve or defend claims, and for the purpose of making remediation payments.

A cookie is a small file which is sent to your browser and stored on your computer's hard disc and helps us understand and track your use of our websites and where we can improve the information and services provided. We use cookies solely to gather information on IP addresses, to analyse trends, administer the website, track your movements on the website and gather broad demographic information for aggregate use. For information about blocking the use of cookies, please refer to the instructions/help screen on your internet browser. Please note that you may not be able to use or access certain parts of the website or online services if you block the use of all cookies. For further information on our use of cookies visit:

• Clydesdale Bank: Use of Cookies
• Yorkshire Bank: Use of Cookies
• B: Use of Cookies