PRIVACY NOTICE

This is how your personal information is used by Canara Bank.

ABOUT US

Canara Bank is registered as a data controller with the Information Commissioner under reference: Z1411209.

If you have any questions or want more details about how we use your personal information, you can call us on 020 76282187 or e-mail us at .

This notice lays out most of your rights under the new laws.

Cookies and IP Addresses

When you visit our website, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about or your browsing actions and patterns and does not identify you individually.

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our website and to deliver a better and more personalized service. They enable us:

• To store information about your preferences, and so allow us to customize our Site according to your individual interests.
• To make it easier for you to log on and use the Site during future visits.

You may refuse to accept cookies by activating the setting on your internet browser which allows you to refuse the setting of cookies. Please refer to your internet browser's help section for specific instructions. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our Site.

For more information about cookies (including how to set your browser to reject cookies) please visit the website set up by the Interactive Advertising Bureau (Europe) at www.allaboutcookies.org

Your privacy is protected by law. This section provides further detail about this.
According to Data Protection laws, we are allowed to use personal information only if we have an acceptable reason to do so.
The law says we must have at least one or more of the following reasons:

To fulfil a contract we have with you, or
When it is our legal duty, or
When it is in our legitimate interest, or
When we have your consent to.

When we have a business or commercial reason to use your information, this is classed as a legitimate interest, even then, it must be right and best for you and must not be unfairly used.

Below is a list of all the ways that we may use your personal information, and specific reasons we rely on to use this information.

We may collect personal information about you (or your business) from these sources:
Data you give to us:

When you apply for our products and services
When you talk to us on the phone or in branch
When you use our website or E-banking platform
In emails and letters
In financial reviews and interviews
In customer surveys

Data we collect for use of our services including the amount, frequency, type, location, origin and recipients:
Payment and transaction data.
Profile and usage data.

This includes when you connect to internet banking. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies.
Data from third parties we work with:

Parent Bank (Canara Bank - India)
Financial advisers
Card associations
Credit reference agencies
Fraud prevention agencies
Public information sources such as Companies House
Government and law enforcement agencies.

We have taken the time to identify the types of information we collect and have grouped it accordingly.

We may be legally obligated to share your information with other organisations or government agencies, these include Agents and Advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business:

HM Revenue & Customs, regulators and other authorities
UK Financial Services Compensation Scheme
Credit reference agencies
Fraud prevention agencies
Any party linked with you or your business’s product or service
Companies that we introduce you to
Companies you ask us to share your data with

Occasionally, we use systems to make automated decisions based on personal information we have – or have been allowed to collect from others – about you or your business making sure our decisions are quick, fair, efficient and correct, based on what we know.

These are the types of automated decision we make:

We may use your personal information to help decide if your personal or business accounts may be used for fraud and/or money-laundering. If we detect that an account is being used in ways that fraudsters work, or notice that an account is being used in a way that is unusual for you or your business, we may stop activity on the accounts or refuse access to them.

When opening an account with us, we will check that the product or service is suitable for you based on what we know about you. We also check that you or your business meets the conditions needed to open the account, which may include checking age, residency, nationality or financial position.

We use a system to decide whether to lend money to you, or your business when you apply for credit such as a loan or credit card. This is known as credit scoring. This is used to predict how likely you are to pay back any money you borrow by looking at your past data and similar accounts you may have had before.

Credit scoring uses data from three sources:
Data we may already hold
Your Application Form
Credit Reference Agencies

We use this assessment to help us make responsible lending decisions that are fair and informed. These credit scoring methods are tested regularly to make sure they are fair and unbiased.

You have rights over these automated decisions. You can ask that we do not make our decision based on the automated score alone and instead ask that a person reviews it.
If you need more information about these rights, please contact us.

When you apply for a product or services for you or your business we must carry out credit and identity checks. Sometimes we use Credit Reference Agencies to help us with this. From time to time we may search information that the CRAs have, to help us manage accounts and services that you use.

We will exchange personal information with CRAs about you. The data we exchange can include:

• Name, address and date of birth
• Financial situation and history
• Credit application
• Details of any shared credit
• Public information, for example from electoral register and Companies House. We use this data to:
• See whether you or your business can afford repayments
• Check what you’ve told us is true and accurate
• Help detect and prevent financial crime
• Manage your accounts
• Recover debts
• Make sure that we tell you about relevant offers.

We will carry on sharing your personal information with CRAs while you are a customer which will include details about your settled accounts with us and any debts not fully repaid on time. It will also include details of any funds going into your account as well as the account balance.

CRAs will make a note on your credit file when we ask about you or your business. This is known as a credit search which can be seen by other lenders, we may also see credit searches from other lenders.

There are more details about the Credit Reference Agency Information Notice on CRAs websites which includes details about:

• Who they are
• How they help to prevent fraud
• How they use and hold data
• How they share personal information
• How long they keep data
• Your rights to data protection

We use FPA’s to help us with the following:

• Confirming your identity
• Prevent fraud and money-laundering
• Fulfil contracts you or your business has with us.

Before providing you with products and/or services, we may need to confirm your identity. Even after you become our customer, we will need to share your personal information with FPA’s. We or a FPA may permit law enforcement agencies to access your personal information to support their requirement to identify, investigate and prevent criminal activity.

The time that FPAs can keep personal information will vary according to their requirements. If they find a risk of fraud or or money-laundering, they can keep your data for up to six years.

If we notice that an account has had some unusual activity or activity that is similar to how fraudsters work, we and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. These may indicate a possible risk of fraud or money-laundering.

If there is a risk of fraud detected by us or an FPA, we may stop or block activity on the accounts. In these cases, FPAs will keep records of the potential risk that you or your business may have.

Personal information that we use:

• Name
• Date of birth
• Residential address and residential address history
• Contact details: email addresses and phone numbers
• Financial information
• Information about your or your businesses products or services
• Employment details
• Vehicle details
• Information identifying computers/devices used to connect to the internet, including your Internet Protocol (IP) address.

This may result in other organisations refusing to provide you with products or services, or to employ you.

Canara Bank store and maintain data in India through a secure privately-owned network. To ensure we are adhering to the regulation we have assessed the associated risks, amended our agreement with our Parent Bank to ensure we safeguard your information with the requirements are applied to your data when it is outside of the EEA.

Data is sent outside of the European Economic Area (‘EEA’) to:

• Comply with a legal duty.
• To help run your accounts and services

Data collection that is optional will be clearly stated when collected. However, if you decide not to share required personal data with us, it may delay or stop us from meeting our obligations. This can also mean that we cannot perform services needed to run your accounts. We are required to collect certain personal information by law, and/or under the terms of a contract we have with you. By not sharing the required data with us may mean that we may cancel a product or service you have with us.

We will keep your personal information for as long as you are a customer of Canara Bank.

After you stop being a customer, we may keep your data for up to 10 years for one of these reasons:

• To respond to any questions or complaints.
• To show that we treated you fairly.
• To maintain records according to rules that apply to us.

We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.

You can access the personal information we hold by writing to us at this address: 10 Chiswell Street, London EC1Y 4UQ

If you think we may have information about you that is incorrect or wrong, you have the right to question and raise this with us. Please contact us if you want to do this, we will take reasonable steps to check its accuracy and correct it.

We may need to keep your data for legal or official reasons but you can inform us if you think that we shouldn’t be using it. You can object to us using your data or to have it deleted and removed if you think there is no reason for us to have it. This is now recognised as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’.

We can sometimes limit the use of your data. This will mean that your data will only be used for specific things like legal rights and legal reasons. In this case, we will not use or share your information in additional ways while it is restricted.

You have the right to ask for your personal data to be restricted if you think:

• It is not correct.
• It you think it has been used unlawfully, but you do not want it deleted.
• It is no longer relevant, but you want us to keep it for legal claims.
• You are waiting for us to confirm if we are allowed to keep on using it but you have already asked us to stop using your data.

If you want us to stop using your personal data for any of the above cases, please contact us.

You have the right to withdraw your consent at any time so please let us know if you wish to withdraw consent. It may not always be possible to provide certain products or services to you if you do but we can confirm this with you.

if you are unhappy or unsatisfied with why and how we have used your personal data, you can contact us by sending an e-mail to , or by writing to us at this address: 10 Chiswell Street, London EC1Y 4UQ.

You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern.

From the 25th of May 2018, you have the right to obtain your personal information from us in a format that can be easily re-used or ask us to pass on your personal information in this format to other organisations.