We may process your information where it is in our legitimate interests do so as an organisation and without prejudicing your interests or fundamental rights and freedoms.
a) We may process your information in the day to day running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
This may include processing your information to:
Monitor, maintain and improve internal business processes, information and data, technology and communications solutions and services.
Ensure business continuity and disaster recovery and responding to information technology and business incidents and emergencies.
Ensure network and information security, including monitoring authorised users’ access to our information technology for the purpose of preventing cyber-attacks, unauthorised use of our telecommunications systems and websites, prevention or detection of crime and protection of your personal data.
Provide assurance on the bank's material risks and reporting to internal management and supervisory authorities on whether the bank is managing them effectively.
Perform general, financial and regulatory accounting and reporting.
Protect our legal rights and interests.
Manage and monitor our properties and branches (for example through CCTV) for the purpose of crime prevention and prosecution of offenders, for identifying accidents and incidents and emergency situations and for internal training.
Enable a sale, reorganisation, transfer, financial arrangement, sub participation, asset disposal, including, without limitation loan portfolio sales, securitisations or other transaction relating to our business and/or assets held by our business where information may be shared with any relevant third party.
b) It is in our interest as a business to ensure that we provide you with the most appropriate products and services and that we continually develop and improve as an organisation.
This may require processing your information to enable us to:
Identify new business opportunities and to develop enquiries and leads into applications or proposals for new business and to develop our relationship with you.
Send you relevant marketing information (including details of other products or services provided by us or other RBS companies which we believe may be of interest to you).
Understand our customers’ actions, behaviour, preferences, expectations, feedback and financial history in order to improve our products and services, develop new products and services, and to improve the relevance of offers of products and services by RBS companies.
Monitor the performance and effectiveness of products and services.
Assess the quality of our customer services and to provide staff training, calls to our service centres and communications to our mobile and online helplines may be recorded and monitored for these purposes.
Perform analysis on customer complaints for the purposes of preventing errors and process failures and rectifying negative impacts on customers.
Compensate customers for loss, inconvenience or distress as a result of services, process or regulatory failures.
Identify our customers’ use of third party products and services in order to facilitate the uses of customer information detailed above.
Combine your information with third party data, such as economic data in order to understand customers’ needs better and improve our services.
We may perform data analysis, data matching and profiling to support decision making with regards to the activities mentioned above. It may also involve sharing information with third parties who provide a service to us.
c) It is in our interest as a business to manage our risk and to determine what products and services we can offer and the terms of those products and services. It is also in our interest to protect our business by preventing financial crime.
This may include processing your information to:
Carry out financial, credit and insurance risk assessments.
Manage and take decisions about your accounts.
Carry out checks (in addition to statutory requirements) on customers and potential customers, business partners and associated persons, including performing adverse media checks, screening against external databases and sanctions lists and establishing connections to politically exposed persons.
Share data with the Central Credit Register, credit reference, fraud prevention agencies and law enforcement agencies.
Trace debtors and recovering outstanding debt.
For risk reporting and risk management.
Application decisions may be taken based on solely automated checks of information from the Central Credit Register, credit reference agencies and internal NatWest Group records. For more information on how we access and use information from the Central Credit Register, credit reference and fraud prevention agencies see Section 11 Central Credit Register, credit reference and fraud prevention agencies in this document.