Privacy Policy

This Privacy Policy sets out how Royal Bank of Wales Ltd uses and protects any personal information that you give us when you use this Website. Royal Bank of Wales Ltd and its officers and employees will comply with this Privacy Policy as well as with all relevant laws and regulations and guidelines from supervising authorities.

Royal Bank of Wales Ltd may change this Privacy Policy from time to time by updating this page. You are responsible for regularly reviewing this Privacy Policy. By accessing any part of this website, you consent to the use and transfer of your information by Royal Bank of Wales Ltd on the terms set out in this Policy.

When using this Website, you are not required to provide us with any personal information and Royal Bank of Wales Ltd does not monitor or collect any identifiable information from you. Royal Bank of Wales Ltd will track the number of users who visit areas of the Website, but this tracking will not identify you. Royal Bank of Wales Ltd may also record the location of your computer on the internet for systems administration and trouble shooting and to report aggregate information.

Royal Bank of Wales Ltd works with third parties to research certain usage and activities on its website for and on its behalf. In the course of this research cookies will be used. A cookie is a small amount of data that Royal Bank of Wales Ltd’s web server sends to your browser when you visit certain parts of the Website for record keeping purposes. Cookies can make the World Wide Web more useful by storing information about your preferences on particular sites, thus enabling website owners to provide more useful features for their users.

Cookies do not enable Royal Bank of Wales Ltd to gather personal information about you unless you give the information to Royal Bank of Wales Ltd’s web server. Most internet browser software allows the blocking of all cookies or enables you to receive a warning before a cookie is stored.

Our Information

The ‘Data Controller’* is RBW. Our registered office is at
 

Prince George's Gate
St. Biddulph's Way
London WC1N 3XX
United Kingdom

In this privacy policy (“Privacy Policy”), ‘Bank’, ‘we’, and ‘us’ refers to RBW and ‘you’ refers to you and those on whose behalf you are accessing this website.

Privacy Policy

This Privacy Policy sets out our current policy in relation to the protection of personal information and individuals and demonstrates our commitment to your privacy. We are obliged to inform you that any personal information we have about you or collect from you has a high level of protection against any unauthorized or accidental disclosure, access or deletion. We have strict security procedures covering the storage and disclosure of your information to prevent unauthorized access to comply with the General Data Protection Regulation (“GDPR”)***. The Bank will only process personal data for the purpose it was collected for. If we intend to process data other than for specified use, we will contact you before undertaking further processing.

Personal information we collect

The Bank may obtain the personal information about an individual such as

1. Identity information such as title, first name, last name, maiden name, marital status, date of birth, gender, father’s name, ID number, nationality, passport details, national insurance number, signature, job position country of residence and country of tax residence;

2. Contact information which can include billing address, delivery address, email and telephone numbers;

3. Financial information that may include bank account numbers, bank statements, bank balances and bills;

4. Information that we are obliged to acquire by law such as tax residency;

5. Transaction information which includes details about payments made through us and details of transactions made by you;

6. Usage information which consists of information about how you use the Bank’s website, products and services; and

7. Information that is freely available (such as information that is openly available on the internet) and information from public records.

The Bank doesn’t collect any sensitive data about its customer and suppliers. Sensitive data consists of details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about health and genetic and biometric data.

Source of information

The Bank can collect personal information through various sources, for example

1. A ‘Data Subject’* can provide information directly by completing forms, applications, or contacting the Bank via its website, email, post or telephone;

2. Information that is provided to the Bank when it conducts identity and address checks;

3. Information that is received from companies that carry out due diligence checks on behalf of the Bank;

4. Information from agents and brokers that introduce potential clients to the Bank; and

5. Payments and remittances received by the Bank.

Use of information

We process personal information of a data subject for the following reasons:

1. To manage relationship with the customers;

2. To provide products and services;

3. To make and manage customer payments;

4. To manage and maintain fees, charges, interest and debt recovery;

5. To identify, investigate and prevent financial crime;

6. To comply with laws and regulations that apply to the Bank;

7. To reply to and manage complaints and to try to resolve them; and

8. To ensure that we carry our business in an effective and efficient manner.

Legal basis of processing personal information

The Bank in its personal information processes has applied the following legal basis:

1. When it has obtained clear consent from the data subject for a specific purpose;

2. When it takes specific steps to enter in a contract or performs its contractual obligations such as providing Banking products to its customers; and

3. When it performs its legal or statutory obligations such as reporting to regulators or sanction screening.

Bank does not rely on legitimate interest as a lawful basis for processing personal information under the GDPR.

Disclosure of personal information

The Bank may decide to share personal information with other external organizations. This is essential in the delivery of its products and services, to conduct its business and to comply with all regulations. We can share personal information with, for example

1. Authorities that can include auditors and regulators based in the United Kingdom and other relevant jurisdictions who require reporting in certain circumstances;

2. Professional advisers including lawyers, auditors and insurers who provide consultancy, legal, insurance, private healthcare providers and accounting services to the Bank;

3. Companies that provide due diligence checks of customers;

4. Companies that provide checks in relation to the customers to identify “politically exposed persons”;

5. Financial service companies that help us to prevent, detect and report fraudulent and criminal activities;

6. Agents and brokers that provide business to the Bank;

7. Banks and other financial services companies that provide agents, correspondents or intermediary banking services;

8. Our holding companies for the purpose of internal reporting; and

9. Banks and other financial services companies that provide payment or remittances services.

Sending personal information outside the EEA

Personal information about individuals can be transferred to locations outside the European Economic Area (EEA). When this is done, the Bank ensures that this transfer is lawful. We also make every effort to ensure that there is an appropriate level of protection and safeguards in accordance with the GDPR.

Data subject rights

There are certain rights for data subjects in relation to their personal information.

1. The right to access and rectify the information the Bank hold about them;

2. The right to erase or restrict processing;

3. The right to object to processing;

4. The right to data portability (ie your right to obtain and reuse your personal information across different services for your own purposes).

Data subjects can exercise their rights by contacting us by emailing at info@rbwales.com or in writing to 

Prince George's Gate
St. Biddulph's Way
London WC1N 3XX
United Kingdom

When you choose to exercise your rights, it may delay or prevent the Bank from performing its contractual and legal obligations. It could also mean that the Bank will need to cancel a product or service that it may have with you. The Bank may still be able to process personal information if it has a lawful basis for doing so.

Request a copy of personal information

You have the right to request a copy of the personal information that the Bank hold on you. To do so, please either email your request by contacting us by emailing at info@rbwales.com or in writing to 

Prince George's Gate
St. Biddulph's Way
London WC1N 3XX
United Kingdom

The Bank will not ask for a fee to access any personal information. However, it may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, the Bank can refuse to comply with request in such circumstances.

The Bank can request for more specific information to help confirm identity and to ensure the right to access your personal information. We may also contact you to ask for further information in relation to your request to speed up our response. The Bank will ensure that it provides the information in the commonly used electronic or written format.

The Bank reserves the right to withhold information if it has any adverse effects on the rights and freedoms of other data subjects. This means that disclosing that information can be against the public or business interest.

The Bank aims to respond to all legitimate requests within one month. Occasionally it may take an additional two months if the request is particularly complex or multiple requests have been made. In this case, we will notify you and explain why such an extension is necessary.

Withdrawing consent

You have the right to withdraw consent if we have used consent as the lawful basis for the processing of your personal information. This can be done through the following ways:

In writing to Royal Bank of Wales Ltd:

Prince George's Gate
St. Biddulph's Way
London WC1N 3XX
United Kingdom

Please allow 5 working days for the systems update and the Bank’s records to reflect the request to change your preferences.

Complaints

Data subjects can report a concern on ICO’s website at https://ico.org.uk/ 

Accuracy

You need to ensure that you provide the Bank with accurate and relevant information as well as informing the Bank of any changes. The Bank reports, as part of its legal obligations, to the regulatory authority based on the information provided.

If inaccurate information is provided, the Bank may not be able to provide products and services to the data subject.

Automated decision making

The Bank in its processes, does not rely on automated decision making and profiling.

Retention of information

The Bank will retain personal information in line with its Data Retention Policy. The Bank will only retain personal information for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, it considers the amount, nature, and sensitivity of the personal information. If the personal information in no longer needed, the Bank may destroy, delete or anonymize it.

Third party sites and social media

Please note that this Privacy Policy does not extend to third party service providers. Any social media post/comments and any public reviews you send to us through third party sites and social media such as Facebook or LinkedIn, will be shared under the terms of the relevant platform and could be made public. We do not control these platforms and are not responsible for this kind of sharing.

Cookies Policy

The Bank may gather and analyze information regarding usage of this website, including domain name, the number of hits, the pages visited, previous/subsequent sites visited, the location from which this website is being accessed and length of the user’s session. This information may be gathered by using a cookie. A cookie is a small text file placed on your hard drive by our web page server. You can choose whether to allow the use of a cookie by altering the settings of your browser. A cookie will make the use of this web site faster and easier.

Amendments

If you have any questions about this Privacy Policy or our data processing activities, please either email your request by contacting us by emailing at info@rbwales.com or in writing to

Prince George's Gate
St. Biddulph's Way
London WC1N 3XX
United Kingdom

RBW reserves the right to modify sections of this Privacy Policy at any time.

_____________________________________________

*The data controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information is, or is to be, processed.

**The data subject means an individual who is the subject of personal information. In other words, the data subject is the individual the particular personal information is about.

*** The General Data Protection Regulation is a new law that came into effect across the European Union on 25 May 2018, introducing increased rights and transparency for individuals regarding their personal information and helping them understand how companies use their personal information.