-

Customer Privacy Notice

1.Introduction

This privacy notice applies to information we hold about you and Related Parties (natural persons or entities associated with a customer or prospective customer) in relation to the Corporate Banking products and services we provide. In this notice, ‘we’, ‘us’, and ‘our’ means the data controller i.e. Barclays Bank PLC, registered number 01026167, registered office 1 Churchill Place, London E14 5HP. ‘You’, ‘Your’ means the person the information relates to. If you provide us personal data that you are legally authorised to disclose about Related Parties, you are required to make them aware of this notice.

2. Information we hold about you and how we collect it 

2.1 Where your information comes from

We collect, use, share and store information to provide you with the services you have asked for or may be of interest to you. You may provide this information direct to us, for example by the way you communicate or do business with us, such as:

  • applying for our products or services;
  • using our branches or telephone services;
  • writing to us;
  • entering competitions or promotions;
  • downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
  • giving information to us at any other time, including through social media and via our website;
  • other banks and financial institutions (for example, when you have asked us to display their accounts on our platforms, we have received information to investigate incorrect payments, or you have switched your account to us);
  • other companies within the Barclays Group; and
  • using and managing your accounts (we may take information such as the date, amount and currency of payments made to your account).

We also collect data using cookies and similar technologies on our websites, mobile apps, and in our emails. For more information, please see our cookie policy Your information may also come from other organisations or people you have a relationship with, such as trade bodies you are a member of credit reference agencies (who may search the Electoral Register), your employer, publicly available databases such as Companies House, and fraud prevention agencies.

2.2 Which individuals’ data is processed

We will collect and process certain personal data about the following individuals:

  • Sole trader;

  • Individual members of a partnership;

  • Individual members of a co-ownership;

  • Individual directors;

  • Company secretaries or other equivalent individual office holders and beneficial owners

  • Guarantors and third-party security providers;

  • Individuals with joint financial obligations with directors and beneficial owners 
  • Individuals associated with the directors and beneficial owners

  • Any of your employees, contractors, representatives, officers or agents; and

  • Legal representatives and other individuals authorised to act on your behalf; and

  • Where the Customer holds client accounts, any individuals associated with the Customer’s client.
2.3 Types of data we collect

The categories of information that we will collect about you and Related Parties includes but is not restricted to:

Your personal details (e.g. name, date of birth, passport information, identification information, biographical information, information about personal interests)

Contact details (e.g. phone/mobile number, email address, postal address).

Related details (e.g. relationship with you or Related Parties, business information about shareholdings, business contact
details).

Transactional details (e.g. information about services including payments and, requests, queries or complaints).

Financial details (e.g. information about business accounts, financial history, information from credit reference agencies and fraud prevention agencies).

3. What we use your information for and the legal basis for doing so

We must have a legal basis to process customer and Related Parties' personal data. The table below sets out the purposes for which we collect personal data about customers and Related Parties and the legal basis for doing so. 

What we use your personal data for Legal basis we rely on
Customer administration and management, including relationship management, and for account administration and management purposes 
  • Where the law requires this.
  • Where we have your consent.
  • Where it is necessary for the performance of a contract with a sole trader, partnership or co-ownership customer. 
  • Where it is in our legitimate interests to ensure that our customer accounts are well managed, so that they are provided with a high standard of service, to protect our business interests and the interests of our customers. Transaction processing, monitoring and analysis
    activities to develop and manage our products and services.
  • Where the law requires this. 
  • Where it is necessary for the performance of a contract with a sole trader, partnership or co-ownership customer
  • .Where it is in our legitimate interests to develop, build, implement and run business models and systems which protect our business interests and provide you with a high standard of service.  
Transaction processing, monitoring and analysis
activities to develop and manage our products and
services.
  • Where the law requires this. 
  • Where it is in our legitimate interests to prevent and investigate fraud, money laundering and other crimes and to verify your identity to protect our business and to comply with laws that apply to it.  

 
Undertaking customer due diligence checks for the prevention and detection of financial and other crimes and undertaking checks, including on Related Parties, in relation to identity verification, application checks,
anti-money laundering, compliance and risk screening.
Communicating with you and Related Parties from time to time about products, services and events offered by us.  
  • Where it is in our legitimate interests to provide information about our business members of our Group, and other communications such as research and insights, that may be of interest to the you and Related Parties.  
  • Where we have your consent  
Exercising our legal rights where it is necessary to do so, for example to protect us against harm to our rights and property interests, to detect, prevent and respond to fraud or other violations of law, for legal and dispute management purposes, and for debt collection and recoveries purposes. 
  • Where the law requires this.
  • Where it is in our legitimate interests to prevent and investigate fraud, money laundering and other crimes and to verify your identity to protect our business and to comply with laws that apply to us. 
Complying with legal obligations to which we are subject and co-operating with regulators and law enforcement bodies. 
  • Where the law requires this. 
3.1 Sensitive personal data

Some of the information we collect is sensitive personal data (also known as special categories of data). In particular, we may process personal data that relates to your health (such as your medical history), biometric data, and any criminal convictions and offences. If we use sensitive personal data, we will usually do so on the legal basis that it is in the wider public interest, to establish, take or defend any legal action or, in some cases, that we have your permission. In any case, we will keep to all laws that apply.

 

What we use your sensitive personal data for  The legal basis for doing so 
To carry out due diligence checks (background checks, such as sanctions checks), which may reveal political opinions or information about criminal convictions or offences. 
  • It is in the wider public interest.

We may use your biometric data for some of the purposes set out in the previous table (for example, to detect and prevent fraud and money laundering, and to check your identity). 
  • We have your permission for any optional use of biometrics (such as your vocal pattern in voice recognition systems to identify you) 
  • It is in the wider public interest. 
We may use information you’ve given us about your personal circumstances (including medical information) for some of the purposes set out in the previous table. Examples include to:
  • settle complaints and answer questions
  • help provide, manage and personalise our services
  • help you apply for, or get quotations for, insurance products; and
  • flag up special circumstances, such as being bereaved or homeless, or needing adjustments to be made in order to receive or use services (for example, needing to receive statements in Braille). 
  • We have your permission to do so, such as placing markers on your account which tell us you are hard of hearing or have poor eyesight so need to receive a Braille statement. 
We may use your medical information and information on criminal convictions to temporarily postpone your debt repayments and to help us consider other suitable repayment options for you. 
  • It is in the wider public interest. 
To keep to laws and regulations that apply to us and co-operate with regulators and law enforcement organisations. 
  • It is in the wider public interest. 
Where our systems analyse information which provides us with sensitive information (for example, mapping payments geographically so it shows you have spent time at a political party conference). 
  • We have your permission to do so. 

When we process your and any Related Parties' personal data to meet our legitimate interests, we put in place robust safeguards to ensure that you and the Related Parties’ privacy is protected and to ensure that our legitimate interests do not override yours and the Related Parties’ interests or fundamental rights and freedoms. Where we process any information about you and Related Parties that is not personal data, we will comply with our obligations of confidentiality and establish and maintain adequate security measures to safeguard confidential information from unauthorised access or use.

3.2 Communicating with you

We will send you messages by post, telephone, text message, email and other digital methods, including through our online banking services and through new methods that may become available in the future.

These messages may be:

  • to help you manage your account

  • messages we must send to meet our regulatory obligations, such as about changes to your agreements, and to give you information on managing your money

  • to keep you informed about the features and benefits of the products and services we provide to you; or

  • to tell you about events, products and services (including those of other companies) that may be of interest to you.

In some cases, these will be marketing messages. You can ask us to stop or start sending you marketing messages at any time by writing to us or by contacting your relationship team. We will seek your permission when we collect and use certain types of personal data (for example, when we process sensitive personal data or place cookies or similar technologies on devices or browsers). If we ask you for permission to process your personal data, you can refuse, or withdraw your permission at any time, by using the details at the end of this privacy notice or, if in relation to cookies or similar, through the cookie policy on barclayscorporate.com.

4. Who we will share your information with

We will keep your information confidential but we may share it with third parties (who also have to keep it secure and confidential) for the examples set out in Section 3, and in the following circumstances.

Who we share your personal data with and why
To provide you with our products and services, run our business and to comply with our legal obligations we may share your information with:

Barclays Group of Companies (We are owned by Barclays PLC, so we work closely with other businesses and companies in the Barclays Group of companies.

Your advisers (such as accountants, lawyers and other professional advisers) who you have authorised to represent you, or any other person you have told us is authorised to give instructions, or use the account, products or services, on your behalf (such as under a power of attorney)

Any third party after a restructure, sale or acquisition of any Barclays Group company or debt. Anyone we transfer or delegate (or may transfer or delegate) our rights or obligations to, as allowed under the terms and conditions of any contract you have with us.

Any potential guarantor. We may contact your guarantors and security providers in connection with any products and services provided to you by us.

Providers of payment-processing services and other businesses that help us process your payments, as well as other financial institutions that are members of the payment schemes (for example, Visa) or involved in making payments, where that is needed for specific types of payments.

Third party payers. We may share your name where you are a sole trader with anyone paying money into your account, if this is necessary to confirm the payment is being made to the right account. (We would only do this if the payer’s name is a close match with your name or a joint account holder’s name).

Other financial institutions who you ask us to deal with (for example, if you switch your account from Barclays).

Companies House. By law we must report certain inconsistencies between the information we hold, and the information held by Companies House.

Our service providers and agents (including their subcontractors). This may include, for example, third-party collection agents we use, or where we pass your details to someone who will print your statements, deliver a gift or provide a gesture of goodwill. We may also share your personal data with our business partners who we provide services with. We may also share information with other service providers and agents who provide services on our business partners’ behalf.

Third party marketing agents, we engage third parties to share marketing information, to run our campaigns, inform you about our products and services, carry out client interviews, briefing call and media targeting. Other banks. If a payment goes into your account by mistake, we may provide details about you and the incorrect payment to the bank that sent the payment, so they can recover the funds.

Government agencies (for example, HM Revenue & Customs) and Regulators such as the Financial Conduct Authority (FCA) and Prudential Regulatory Authority (PRA),

Fraud prevention agencies in connection with actual or suspected fraud, financial crime or criminal activities, or with monitoring, preventing or investigating fraud, financial crime or criminal activities, please refer to section 6 for more details.

Credit reference agencies, for more information on this, please see section 6.

5.Individual Rights

Under data protection law, you have certain rights including:

  • The right to be informed – You have the right to be informed about the collection and use of your personal data. We inform you of data processing via the privacy notices, published via the website.
  • The right of access – You have the right to request confirmation of data processing, and to obtain a copy of your personal data.
  • The right to rectification – You have the right to have inaccurate data rectified or completed if it is incomplete.
  • The right to erasure – You have the right to have your personal data erased – (also known as the right to be forgotten).
  • The right to restrict processing – You have the right to request the restriction or suppression of your personal data.
  • The right to data portability – You have the right to obtain and reuse personal data for your own purposes across different services. The right to data portability enables you to move, copy or transfer your personal data easily from one IT environment to another in a safe, secure way, without affecting its usability.
  • The right to object – You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes. More broadly, the right to object to data processing only applies in specific circumstances.
  • Rights in relation to automated decision making and profiling –You have the right not to be subject to automated decision making or profiling where this activity produces legal effects. See section 9 for further information on automated processing.

Your ability to exercise these rights will depend on a number of factors, and in some instances we will not be able to agree to your request (for example, if we have a legitimate reason for not doing so or the right doesn’t apply to the particular information we hold about you). If you would like more information on your rights, or want to exercise them, please refer to section 11 on how to contact us.

6.Credit reference and fraud prevention agencies

6.1 Fraud prevention agencies

We will share your information and information of Related Parties with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity and the identity of Related Parties. We will also share your information with fraud prevention agencies if you give us false or inaccurate information or we suspect fraud. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal information and that of Related Parties to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance or employment. Further details of how personal data will be used by these fraud prevention agencies, and individuals’ data protection rights, can be found at www.cifas.org.uk/fpn. 

6.2 Credit reference agencies

When processing your application, we will carry out credit and identity checks on you and the Related Parties with one or more credit reference agencies and fraud prevention agencies. To do this, we will supply your and the Related Parties’ personal data to the agencies and they will give us information about you. We can ask the credit reference agencies and fraud prevention agencies to carry out searches of:

  • publicly available information about you and your Related Parties’ personal credit behaviour.

  • information about the way you and your Related Parties have handled any personal borrowings, if your business has three or fewer directors or partners.

  • information about your business (for example, details registered at Companies House).

  • information about your business accounts.

  • the identities of all your business owners.

  • the home address of a director, to confirm it is the same as that registered at Companies House; and

  • information about the personal accounts of any ‘associated person’ of yours. (An associated person can be a person or entity which performs services for or on behalf of Barclays).

We will also continue to exchange information about you with credit reference agencies while you are our customer. The credit reference agencies may in turn share your personal data with other organisations, (including gambling operators) which those organisations may use to make decisions about you. This may affect your ability to get credit.

We may continue to collect information about you (and your accounts) from credit reference agencies after your account is closed.

You must make sure the Related Parties (including Directors and persons with significant control) are aware we will be carrying out credit checks on them and providing information about them to the credit reference agencies.

The Credit Reference Agency Information Notice (CRAIN) describes how credit reference agencies in the UK use and share personal data. The CRAIN is available on the credit reference agencies’ websites.

www.transunion.co.uk/crain
www.equifax.co.uk/crain
www.experian.co.uk/crain
www.dnb.co.uk/crain

7. International transfers of personal data

Your information may be transferred to and stored in locations outside the United Kingdom (UK) or the European Economic Area (EEA).

When we transfer your personal data outside the EEA/UK, we will make sure they agree to apply equivalent levels of protection for personal data as we do.

Where we transfer your personal data to third countries (in the operation of our business between our entities or to our suppliers or agents), appropriate safeguards are used to ensure that the data transfers are subject to an adequate level of protection. Safeguards include:

  • the Intra-Group Agreement (IGA) for transfers of personal data between our group of entities.
  • conditions in the contract with the organisations receiving your personal information to protect the equivalent standard.
  • where necessary, conducting Data Transfer Impact Assessments (DTIAs) prior to any transfer of personal data to a third country.

8. How long we keep your information

The period we keep information for is often linked to the amount of time available to bring a legal claim, which in many cases is seven to ten years after your account closes or following a transaction such as a payment. We will keep your personal data after this time if we have to do so to keep to the law, if there are existing claims or complaints that will reasonably require us to keep your information, or for regulatory or technical reasons. If we do need to keep your information for a longer period, we will continue to protect that information.

9. Automated processing

The way we analyse personal data relating to our services may involve profiling. This means that we may process your personal data (including sensitive personal data) using software that can evaluate your personal circumstances and other factors to predict risks or outcomes. We may also use profiling, or other automated methods, to make decisions about you and your Related Parties’ that relate to the in the following circumstances:

  • Credit and affordability checks to see whether your application will be accepted
  • Credit limits
  • Anti-money laundering and sanctions checks
  • Identity and address checks
  • Monitoring your account for fraud and other financial crime, either to prevent you
  • committing fraud, or to prevent you becoming a victim of fraud
  • Screening people who may be classed as ‘politically exposed’ (for example, if you are a government minister)
  • Assessments required by our regulators and appropriate authorities to make sure we meet our regulatory obligations (for example, making decisions about those at risk of becoming financially vulnerable)
  • Deciding whether an account is dormant (that is, no longer used) and, if so, closing it. 

This is known as ‘automated decision-making’ and is only allowed when we have a legal reason for this type of decision making. We may make automated decisions about you in the following circumstances:

  • If automated decisions are necessary for us to enter into a contract. For example, we may decide not to offer our services to you, or we may decide on the types of services that are suitable for you, or how much to charge you for our products, based on your credit history and other financial information we have collected about you.
  • If automated decisions are required or authorised by law (for example, to prevent fraud)

  • If it is a reasonable way of keeping to government regulation or guidance, such as our obligation to treat customers fairly.

You can contact us to ask for a person to review an automated decision.

9.1 How automated processing makes decisions

Credit and affordability assessments
We will consider a number of factors, including information about your income, your outgoings and how well you have kept up on payments in the past. This will be used to work out the amount we could lend you and you could comfortably afford to pay back.

Regulatory assessments
We will consider activity on your accounts such as whether you are keeping up with payments, paying off debts, extending overdrafts, or showing signs of financial difficulties. For example, if you are extending an overdraft and have a reduced amount coming into your account, this might indicate that you are likely to get into financial difficulties. We will use this information, for example, to contact you to offer appropriate forms of help.

Protecting you and your account against criminal or fraudulent activity
We will assess your transactions (payments to and from your account) to identify any that are unusual (for example, payments you would not normally make, or that are made at an unusual time or location). This may stop us from making a payment that is likely to be fraudulent. Protecting us against criminal or fraudulent activity We will assess a number of factors such as whether you have provided false information in the past, where you might be at the time and other information about your credit history to decide whether you are a fraud or financial-crime risk (for example, whether offering services to you may break or not be in line with financial sanctions).

Dormant accounts
If your account has not been used for a long period, this will trigger action by us and we would ultimately close these accounts.

10. Social Media Platforms

For certain information we collect about you from social media platforms, we will be a ‘joint controller’ with the social media platform provider. This means we and the social media platform provider will be jointly responsible for deciding how and why to process your information. This applies, for example, where we collect information about you, such as from your actions on our social media pages or through the social media platform pixels (which are similar to tracking cookies) on our website.

Where we are a joint controller, we have agreed with the social media platform provider to share some responsibilities to protect your personal information by:

  • making sure we each have a legal basis (a valid legal reason) for processing your information
  • honouring your legal rights relating to your information; and
  • making sure your information is secure while it is being processed.

The type of information we collect includes:

  •  what you say (such as comments) or your actions (such as liking, sharing or recommending)
  •  your country or region (or your precise location if you have provided this in your user profile and you are logged in)
  • your device and internet connection; and
  • your social media profile details and user ID. We will only use this data for legitimate business reasons, such as: user experience/feedback analytics, to respond to your query or training purposes.

You can contact us to find out more about how we protect your information when we are a joint controller. You can also contact the social media platform provider about what they do or read their privacy notice, which includesdetails of your legal rights relating to the information the social media platform provider collects and keeps.

11. Contact us

To obtain a copy of the personal information that we hold about you or to exercise any of your rights (see 'Individual Rights' section) go to barclays.co.uk/control-your-data. Alternatively, you can contact your Relationship team or refer to the Contact section of the Barclays Corporate Banking website.

If requesting a copy of your personal data please be as specific as possible about the data you are looking for, as this will allow us to tailor our response accordingly. You are only entitled to information that relates to you as an individual (not that of the corporate entity) and we may need to carry out additional checks to verify your identity before we process your request. We will provide you with a copy of your data within 30 days, unless doing so is complex, in which case we will communicate this fact to you. Certain exemptions exist under the law as to data that does not have to be disclosed, which if applicable, we may rely on.

You can contact our Data Protection Officer by email at dpo@barclays.com or by mail at: The Data Protection Officer, Barclays, Leicester, LE87 2BB, UK. Please note that we cannot guarantee the security of your Personal Data while it is in transit to us. Therefore, if you choose to contact the Data Protection Officer by email or post, we advise that you keep Personal Data to a minimum, and that you don’t include full account information.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you are not satisfied with our response you have the right to make a complaint to the Information Commissioner's Office (ICO), which regulates the use of personal data in the UK. You can contact the ICO by visiting https://ico.org.uk/global/contact-us/

If you are an EU citizen or Regulator, for the purposes of the General Data Protection Regulation (GDPR), our Appointed Representative is Barclays Bank Ireland PLC. You can contact the Appointed Representative by emailing dpo@barclays.com.

12. Changes to our privacy notice

You can ask us for a copy of this privacy notice using the contact details set out above. We may change or update this privacy notice from time to time. If changes to this privacy notice will have a major effect on what we do with your personal data or on you personally, we will give you enough notice to allow you to exercise your rights (for example, to object to the processing).

March 2025

Download a copy of the Customer Privacy Notice