Privacy
At CrestView Standard,
Financial Strength You Can Rely On.
Privacy Policy
Transparency is at the heart of our relationship with you. This policy explains how we collect, use, protect, and respect your personal information.
Information We Collect
We collect information necessary to provide our banking services while respecting your privacy.
To provide you with banking services and meet our legal obligations, we collect various types of information:
| Type of Information | Purpose | Required |
|---|---|---|
|
Personal Identification Name, date of birth, government ID numbers |
Account opening, identity verification, regulatory compliance | Required |
|
Contact Information Address, email, phone numbers |
Account communications, service delivery, fraud prevention | Required |
|
Financial Information Income, employment details, transaction history |
Credit assessment, fraud detection, service improvement | Required |
|
Technical Information IP address, device information, browsing data |
Security, service optimization, analytics | Optional |
|
Marketing Preferences Communication preferences, product interests |
Personalized offers, service recommendations | Optional |
Sensitive Information
We only collect sensitive information (such as biometric data) when necessary for security purposes, and we obtain your explicit consent before doing so.
How Your Data Flows Through Our Systems
How We Use Your Information
We use your data responsibly to provide, improve, and protect our banking services.
Your information helps us deliver exceptional banking services while maintaining the highest security standards:
Service Delivery
Processing transactions, managing accounts, providing customer support, and delivering banking services as agreed.
Security & Fraud Prevention
Verifying identity, detecting and preventing fraud, protecting accounts, and ensuring system security.
Legal Compliance
Meeting regulatory requirements, preventing money laundering, reporting to authorities, and complying with court orders.
Service Improvement
Analyzing usage patterns, developing new features, personalizing services, and enhancing user experience.
Legal Basis for Processing
We process your personal data under one or more of the following legal bases:
- Contractual necessity: To provide the banking services you've requested
- Legal obligation: To comply with financial regulations and laws
- Legitimate interests: To prevent fraud and improve our services
- Consent: For marketing communications and optional services
Data Sharing & Third Parties
We only share your information when necessary and with appropriate safeguards in place.
We may share your information with the following categories of recipients:
| Recipient Category | Purpose | Data Protection |
|---|---|---|
| Regulatory Authorities FCA, HMRC, other government bodies |
Legal compliance, regulatory reporting, investigations | Legal obligation |
| Credit Reference Agencies Experian, Equifax, TransUnion |
Credit assessment, fraud prevention, identity verification | Contractual necessity |
| Service Providers IT providers, payment processors, analytics |
Service delivery, technical support, system maintenance | Data processing agreements |
| Other Financial Institutions Banks, payment networks, insurers |
Transaction processing, fraud prevention, interbank operations | Industry standards |
We Never Sell Your Data
CrestView Standard Bank does not and will never sell your personal information to third parties for marketing purposes.
International Data Transfers
When we transfer your data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
Your Data Protection Rights
You have important rights regarding your personal information. Here's how to exercise them.
Under data protection laws, you have the following rights regarding your personal information:
Right to Access
Request a copy of the personal data we hold about you (commonly known as a "data subject access request").
Request AccessRight to Rectification
Request correction of inaccurate or incomplete personal data we hold about you.
Request CorrectionRight to Erasure
Request deletion of your personal data in certain circumstances (also known as the "right to be forgotten").
Request ErasureRight to Restrict
Request restriction of processing of your personal data in certain circumstances.
Request RestrictionResponse Times
We will respond to all legitimate requests within one month. If your request is particularly complex, we may extend this period by a further two months, and we will notify you of this extension.
Download Complete Privacy Policy
For your records or offline reading, download the complete Privacy Policy document in PDF format.
Download PDF VersionFile size: 1.8 MB | Version: 3.1 | Last updated: December 15, 2023
Data Security & Retention
We implement robust security measures to protect your information and retain it only as long as necessary.
Security Measures
We employ a range of security measures to protect your personal information:
- Encryption: All sensitive data is encrypted both in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Strict role-based access controls and authentication requirements
- Monitoring: 24/7 security monitoring and intrusion detection systems
- Training: Regular security awareness training for all staff
- Testing: Regular penetration testing and security audits
Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Typical Retention Periods
- Account information: 7 years after account closure
- Transaction records: 7 years from transaction date
- Marketing preferences: Until you withdraw consent
- Website analytics: 26 months from last visit
Data Breach Response
In the unlikely event of a data breach, we have established procedures to:
- Contain and assess the breach immediately
- Notify the Information Commissioner's Office within 72 hours if required
- Notify affected individuals without undue delay when there is a high risk to their rights and freedoms
- Take steps to mitigate the effects and prevent future breaches
Contact Our Data Protection Team
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us.
Regulatory Authority
If you have concerns about how we handle your personal information, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).