Protecting your personal information as carefully as we protect your money.

Privacy notice

The privacy notice sets out how we protect your privacy as needed by law. It explains in detail:

  • What personal information we have and how we get it 
  • How we can and can't use your data
  • Who we can share your data with

    Privacy notice

Cookie policy

We may use cookies and similar tracking technologies on our websites and apps, and in emails we send you.

To find out more about how we use cookies and email tracking, please see our cookie policy.

Cookie policy

Social media privacy policy & terms of use

This privacy policy explains what information may be collected and how it will be used when you access any of our social media channels.

Privacy policy and terms of use

What personal information do we have about you?

You have the right to know what information Bank of Scotland holds about you. There are several ways to get a copy of this, depending on what you need.

Request personal information

Understanding Privacy

  • If asked to give examples of personal information many of us would offer our name, address and phone number, perhaps an email address too. After all, this is how people usually identify themselves and others as individuals. The laws on data privacy do indeed classify these as personal information, but include a great deal more besides. Personal information is information about specified individuals, or information that could be used to single people out as individuals, either directly or when added to other pieces of information.

    This includes a great deal of the information that people knowingly give to organisations – when you submit an email address to be updated about offers or discounts, for example. But it also includes the technical information collected when people go online with laptops or mobiles to browse websites or make purchases.

    Lloyds Banking Group collects information of the first kind when a customer submits a form when applying for a credit card, for example. It collects the second sort when recording details such as the date, time and location of a credit card purchase. This is partly to make sure that the best quality services are offered to customers, but also to comply with regulations that apply to all banks.

    Clearly, when put together all this information adds up to a detailed picture of a customer’s life and behaviour. This benefits customers because it helps banks to spot unauthorised activity in an account and tackle fraud effectively. But it also makes it important that Lloyds Banking Group explains clearly to customers what personal information it holds about them, when it’s collected and why.

    For more detail, see our Privacy notice - it's worth a read.

  • The security of your personal information is something we take very seriously indeed. We keep a constant check on the systems that hold personal information and carefully investigate anything unusual in order to understand any impact on our customers. If we don’t follow the correct procedures it’s a serious matter, punishable with stiff penalties. We protect your personal information as well as your money. Our methods go beyond industry standards.

    If you're unhappy about the way we've used your personal information, please let us know. You can do this using the details you'll find in the how to contact us section of our Privacy notice.

    If after our response you’re still unhappy, you can also contact the Information Commissioner’s Office (ICO) yourself. The ICO is an independent body and can look into complaints on your behalf. Find out more on the ICO website about how to raise a concern.

  • Machines carry out an increasing number of tasks that were once the responsibility of people. Advances in technology mean they are helping us more with complicated tasks such as processing a lot of information quickly and making decisions.

    We know that a customer’s time is valuable to them so we try to make applying for a new product or service as quick and efficient as possible. An important step is to use machines to run eligibility checks or credit checks, for example. These are important decisions. We put a number of checks in place to make sure our machines get them right, but if you think a decision of this kind is wrong, and want it to be reviewed by a human, you have that right.

    For more details and guidance on how you can do this see the how we use your information to make automated decisions section of our Data Protection Notice.

    Your right to fair treatment also includes the accuracy of details we hold about you. If we’ve got it wrong please let us know. We’ll correct the mistake.

  • Marketing offers and sales promotions seem to be everywhere, sent to us online, by phone, or in the post. Privacy laws make it a requirement that companies wanting to send us material like this must get our agreement first. This may sound simple in outline but in practice many people aren’t always certain about what they’ve agreed to.

    The new privacy rules aim to make it easier to see what material you have agreed to receive from organisations. Also, they must make it clearer when you’re agreeing to receive it. They must make it simple for you to change your decision and opt out if you wish to. A consequence of this may be that you have more choices to make about your personal settings.

    Even if you think that you have done it all before it’s worth taking a moment to check your settings when asked to do so. That way, you should only get material likely to be of interest to you.

    We’ll always send you important service messages about changes to interest rates, how to keep your account safe and the benefits linked to your account. But you can decide not to receive our marketing material. You can also see how we make decisions about what may be relevant to you in the Marketing section of our Privacy Notice.

    Agreeing to receive marketing material is just one example of ‘giving your consent’. It’s worth remembering that the new privacy laws cover other types too, such as agreeing to have your credit status checked. There are details in our Privacy notice of how the regulations apply to our services and how the law protects you.

  • Central to what some call the ‘right to be forgotten’ is the idea that personal information should not be kept for longer than needed. It also recognises that an individual has the right to request that their personal information is erased. The holder must then either erase it or provide them with a good reason why this won’t happen.

    What counts as a good enough reason? One example is that the information is needed to supply a service that a customer still wants or needs. For example, it’s not possible to provide a banking service for a person and at the same time erase all their personal information from the bank’s systems. Another is that the holder may be required by laws or regulations to keep personal information for a set period before it’s erased. This is the case for banks – there are strict rules about the records banks must keep.

    For example, banks must hold financial records to help fight crimes such as fraud, money laundering, or terrorism. In connection with banks it’s misleading to think of a simple ‘right to be forgotten’. You have a right to request personal information to be erased, and for this to be carried out, or to be given a satisfactory reason why it can’t be.

    See more about how long we keep your personal information, in the Privacy notice.