This notice explains how your information may be held and used by companies within the Virgin Money Group.
The companies within the Virgin Money Group are:
By “information” we mean all of the personal and financial information about you that we collect, use, share and store. The information we hold will vary according to the account and relationship you have with us. It can include but isn’t limited to:
We collect information directly from you and others.
You may give us information in:
We also get information from:
We’ll also analyse and combine the information collected (sometimes automatically) to understand the way you use your account and our services as well as what you might like and what you might do. Through our analysis we may create a profile of you to help us predict your financial behaviour and preferences so we can provide services to you (‘profile information’).
Data Protection law requires us to have one or more of the following reasons for using your information:
These are the main ways we’ll use your personal information (and the reasons for doing so):
(Contract performance; Legal obligation)
The law requires us to verify the identity of our new customers and to re-verify the identity of our existing customers from time to time. This is so we know who our customers are and to make it more difficult for criminals to use false or impersonated identities for criminal purposes, such as hiding the proceeds of crime or committing fraud.
To verify your identity we’ll check the information you provide to us with credit reference agencies and publicly available information.
We’ll also check that you meet the criteria to receive the product or service we’re offering.
(Contract performance; Legal obligation)
We’ll use your information to manage any account, product, service or relationship you have with us, in line with the terms of that arrangement and the rules of our regulators. Examples of this are:
(Contract performance; Legal obligation; Legitimate interest)
We have a legitimate interest in only lending money to customers who are able to repay it. Our regulators also require us to lend money in a responsible manner. So whenever you apply for credit (e.g. a mortgage, credit card or overdraft) or any increased borrowing on an existing product, we’ll use the information you give us and that we may already hold to assess the risk to us. We’ll also get information from credit reference agencies to undertake credit scoring and/or other risk assessments of your application.
Credit scoring is a way of making fair and responsible decisions about lending money. It’s an automated process that assesses how you’re likely to run your account, using information from a range of sources to make a decision (see ‘Where we collect information from’).
We’ll tell you when an application for credit is declined by our automated credit scoring process and you’ll have the right to ask one of our team to assess it again.
If you hold a credit card with us we’ll also use credit scoring to decide whether to maintain, increase or decrease your credit limit or the interest rate(s) that apply to your account. If we notify you of a change to your credit limit or interest rate based on our credit scoring process, you’ll have the right to ask one of our team to assess it again.
(Legal obligation; Legitimate interest)
The law requires us to screen applications and to monitor accounts to help combat the threats posed to our society by terrorism and money-laundering and other financial crime. We also have a legitimate interest in avoiding losses caused by financial crime such as fraud.
We may check and share relevant information held by us with fraud prevention agencies, law enforcement and other government agencies for the purpose of preventing, detecting and prosecuting financial crime and the funding of terrorism.
(Contract performance; Legitimate interest)
We have a legitimate interest in recovering debts that are due to us if there isn’t a satisfactory plan in place to repay them. We may instruct a debt collection agent or solicitor to act for us in recovering the debt, including by bringing legal proceedings in the courts and we’ll provide relevant information to them to help recover any money that is owed to us.
(Legal obligation; Legitimate interest)
We have a legitimate interest in making improvements to how we provide our services and to improve the security and resilience of the computer systems we use. We must also respond to any changes in law or regulation that relates to the protection of the information we hold.
We may use the information we hold to help us develop and test our systems (including new technologies and services) to ensure that they are safe and will work in the ways in which we expect them to. When we do this we’ll use processes and technologies that are designed to keep this information secure.
(Legitimate interest; Consent)
The range of products and services we offer (including those provided by companies outside the Virgin Money Group) is constantly evolving.
We have a legitimate interest in telling you about our products, services and any new developments that we think may interest you, but only where we are permitted to do so. For some marketing activity, including telling you about the products and services of other companies, we will need to ask for your consent to use your information. We don’t want to send you irrelevant or excessive information, so we’ll use the information we hold particularly profile information, to decide what to tell you, and how and when we’ll do this.
You have a legal right to tell us at any time that you don’t want us to use the information we hold in this way or to withdraw any consent that you have given to us.
We’ll only get in touch in the ways you’ve told us are acceptable to you. If you’ve said you don’t want to see marketing information, you’ll not receive it. You can opt in to, or out of, receiving marketing information at any time by contacting us in the usual way.
(Legal obligation; Legitimate interest)
We have a legitimate interest in organising and running our business in a correct and commercially sensible way and to comply with our legal and regulatory responsibilities to the UK financial system. We may use the information we hold to:
We may also use the information we hold for any other purposes that you have specifically consented to at any time (including over the phone or in our Stores) or, in some limited circumstances, when the law requires or permits us to.
When using the information we hold we may share it with other people or organisations.
We’ll treat the information we hold as confidential and may share information with the following who are also required to keep the information confidential, safe and secure:
We may also share information we hold with the following types of organisation:
To assess an application for a product or service we’ll perform identity checks on you with one or more credit reference agencies (CRAs). Where you apply for credit we’ll also perform credit checks on you with the CRAs. We may also make periodic checks with CRAs to manage your account with us.
To do this we’ll pass your information to CRAs and they’ll give us information about you. The information we’ll supply includes information from your application and your financial situation and history. CRAs will also supply us with public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We’ll continue to exchange information about you with CRAs while you have a relationship with us. We’ll also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. They may supply this information to other organisations.
When CRAs do a credit search they’ll place a footprint on your credit file that may be seen by other lenders and may affect your ability to borrow from them.
If you’re making a joint application, or you tell us that you have a spouse or financial associate, we’ll link your records together - so you should make sure they know what you’re doing, and share this information with them, before applying. CRAs will also link your records together. If you later want to break this link you need to talk directly to the CRAs.
The identities of the CRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA Information Notice (CRAIN). You can find this on each of the CRA websites at:
The CRAs described above also perform roles as fraud prevention agencies (FPAs). In addition we’re a member of CIFAS and National Hunter which are both FPAs.
All countries within the EEA, which includes the UK, have similar standards of legal protection for your personal information. To provide some products and services we transfer and process information in countries outside the EEA (e.g. the United States) where there aren’t similar standards. For example, if you hold a credit or debit card with us, we’ll share transaction details with the payment network (e.g. MasterCard) who may process this information worldwide.
In these cases we’ll take all reasonable steps necessary to make sure your information is protected to UK standards. This may be through only allowing transfers to countries which have been officially recognised as having an adequate legal framework for the protection of information (an ’adequacy decision’). It may be through having recognised safeguards in place with our commercial partners, such as using standard terms in the contracts we have with them that are recognised and approved by our regulators as imposing high standards for the protection of information or where our commercial partner is a signatory to a recognised and binding code of conduct.
To find out more about any particular uses of information in countries outside the EEA, the existence of an “adequacy decision” for that country or the safeguards we have put in place, please contact our Data Protection Officer.
We’ll retain information for no longer than is necessary to manage your relationship with us (see 'Why we need the information and what we use if for'.) and this will mean that we’ll continue to hold some information for a period of time after your account has closed or our relationship has ended. This is to comply with our legal and regulatory obligations to keep records of our relationship, to resolve disputes or where it may be needed for future legal proceedings.
The law guarantees you rights in relation to your personal information. We have set out details of your rights below under individual headings.
You always have the right to ask whether or not we hold information about you. And if we do, what the information is, why we’re holding it and the ways it’s being used. You’re also entitled to a copy of the information.
We always want the information we hold to be up to date and accurate. If any of the information we hold is either incorrect or out of date then please tell us and we’ll fix it.
You have the right to ask us to erase or delete information where you consider there is no longer any justification for us holding it, either because:
When you make a request for information to be erased we’ll have up to one month to respond. If we reject your request we will tell you and set out the reasons why we’ll not erase or delete the information.
You have the right to get some of your information that you provided from us in a machine readable format.
We have told you about the ways in which we use the information we hold.
Where we have told you that any use of information is based on ‘legitimate interest’, you can raise an objection to that use. When you make an objection we’ll have up to one month to respond to you. We will stop using the information in this way unless we disagree that we should because of a compelling legal justification for continuing to use it. We’ll always tell you what the justification is.
Remember, you can always simply opt out of receiving marketing communications at any time. You can do this by contacting us in the usual way.
In certain circumstances you have a right to block or limit the use of information by us. This may arise where:
You can contact us at any time and in the normal way to discuss how Virgin Money holds and uses your information and your rights.
You can also contact our Data Protection Officer for further information and to request to use these rights. A Data Protection Officer is a person who is formally appointed to ensure that an organisation is aware of and complies with its responsibilities for data protection.
You can write to our Data Protection Officer at Virgin Money plc, Jubilee House, Gosforth, Newcastle upon Tyne, NE3 4PL.
If for whatever reason you are unhappy with any way we are using your personal information you should contact us in the first instance so that we can understand your issue and try and resolve it. We may ask our Data Protection Officer to look at your situation. If we can’t resolve the issue you have the right to complain to the Information Commissioners Office (ICO). The ICO is the UK's independent body set up to uphold information rights. For further information visit ico.org.uk Link opens in a new window
We’ll keep this information up to date and it will always be available at virginmoney.com/privacy or on request at any time.