Privacy Policy

1. Introduction

This Privacy Policy explains how Blue Horizon arvest Bank ("Blue Horizon arvest Bank", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our banking and financial services, visit our branches, websites, or mobile applications, or otherwise interact with us in England.

We are committed to respecting and protecting your privacy and to handling your personal data in accordance with applicable data protection laws in England, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services or interacting with us, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Blue Horizon arvest Bank is a banking institution operating in England. We provide a range of financial services, including current accounts, savings accounts, loans, payment services, online and mobile banking, and related products.

We act as a data controller when we determine the purposes and means of processing your personal data. Our contact details for privacy-related matters are provided in Section 12 of this Privacy Policy.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Identification and Contact Details

• Full name, title, date of birth, and gender
• Residential and correspondence addresses
• Email address and telephone numbers
• Nationality and country of residence
• Identification documents (e.g., passport, driving licence, national ID), including document numbers, dates, and issuing authorities

3.2 Financial and Account Information

• Bank account numbers, sort codes, and IBANs
• Account balances and transaction histories
• Payment card details (card number, expiry date, and limited security-related data processed via secure, compliant processors)
• Loan, mortgage, credit, and overdraft information
• Income, employment, and tax information relevant to our services

3.3 Regulatory, Compliance, and Risk Data

• Information required for anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions screening
• Information from credit reference and fraud prevention agencies
• Information relating to politically exposed person (PEP) status

3.4 Technical and Usage Data

• IP address, device identifiers, browser type, and operating system
• Log data relating to access to online and mobile banking
• Usage data about how you interact with our websites, apps, and digital services

3.5 Communication Data

• Records of your communications with us, including phone calls (which may be recorded), emails, secure messages, in-app chats, and correspondence
• Feedback, complaints, and survey responses

3.6 Special Categories of Data We generally do not seek to collect special categories of personal data (such as data about health, religion, or ethnicity). However, in limited circumstances we may process such data where:

• You provide it voluntarily and explicitly consent to its use; or
• It is necessary for reasons of substantial public interest or as otherwise permitted by law (for example, to support customers in vulnerable circumstances).

4. How We Collect Your Data

We collect personal data from a variety of sources, including:

4.1 Directly From You

• When you apply for and use our accounts, products, or services (including arvest-branded services)
• When you complete forms, documentation, or online applications
• When you contact us by phone, email, secure message, or in person

4.2 From Third Parties

• Credit reference agencies and fraud prevention agencies
• Publicly available sources, such as electoral registers or public databases
• Sanctions lists and watchlists maintained by authorities
• Introducers, brokers, or other financial institutions involved in your transactions

4.3 Through Our Digital Services

• When you use our websites, online banking, mobile apps, or other digital platforms
• Through cookies and similar technologies, where permitted by law and your browser or device settings

5. Legal Bases for Processing

We only process your personal data where we have a valid legal basis under data protection law. These include:

5.1 Performance of a Contract To enter into and perform our contract with you, including to:

• Open, maintain, and manage your accounts
• Process payments, transfers, and transactions
• Provide online and mobile banking services

5.2 Compliance With Legal Obligations To comply with laws and regulations applicable to Blue Horizon arvest Bank as a bank in England, including to:

• Meet anti-money laundering (AML) and counter-terrorist financing (CTF) requirements
• Conduct identity verification and customer due diligence (KYC)
• Report to regulatory, supervisory, and tax authorities

5.3 Legitimate Interests To pursue our legitimate interests, provided that your rights and freedoms do not override those interests, including to:

• Manage risk, prevent fraud, and secure our systems and services
• Improve and develop our products, including arvest-branded services
• Perform analytics and reporting to better understand customer needs
• Handle queries, complaints, and customer support

5.4 Consent In certain cases, we may rely on your consent, for example:

• For certain marketing activities, where required by law
• For the use of certain cookies and similar technologies
• For processing special categories of personal data, where applicable

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

6. How We Use Your Personal Data

We may use your personal data for the following purposes:

6.1 Provision of Banking Services

• To assess and process applications for accounts, credit facilities, and other products
• To manage and operate your accounts and related services, including arvest-branded offerings
• To execute payments, transfers, standing orders, and direct debits

6.2 Risk Management and Security

• To verify your identity and prevent fraud and financial crime
• To monitor transactions for suspicious activity
• To protect the security and integrity of our systems, networks, and services

6.3 Customer Support and Communication

• To respond to your queries, requests, and complaints
• To send you important service-related information, such as updates to terms, security alerts, or changes to this Privacy Policy

6.4 Business Operations and Improvement

• To analyse how our products and services are used
• To maintain, test, and improve our platforms, systems, and processes
• To develop new products or services, including improvements to arvest-branded banking solutions

6.5 Marketing and Personalisation

• To provide you with information about products or services that may be of interest to you, in accordance with your marketing preferences
• To personalise your experience on our digital channels, including presenting content we believe may be relevant to you

You may opt out of direct marketing at any time (see Section 9 below).

7. Sharing Your Personal Data

We may share your personal data with:

7.1 Group Companies and Service Providers

• Group entities or affiliates that support the provision of Blue Horizon arvest Bank and arvest-branded services
• Third-party service providers who perform functions on our behalf, such as IT hosting, payment processing, customer support, analytics, printing, or mailing services

These third parties are required to use your data only as needed to provide services to us and are subject to appropriate confidentiality and data protection obligations.

7.2 Professional and Regulatory Recipients

• Auditors, legal advisers, consultants, and other professional advisers
• Regulators, supervisory authorities, law enforcement agencies, and courts where we are required or permitted by law to do so

7.3 Other Financial Institutions and Partners

• Correspondent banks, payment networks, and card schemes
• Other banks, building societies, or financial institutions involved in processing your payments or transactions

7.4 Business Transfers In the event of a merger, acquisition, reorganisation, or transfer of all or part of our business, we may transfer your personal data to the relevant third parties, subject to appropriate safeguards.

We do not sell your personal data to third parties.

8. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom that may have different data protection standards. Where we transfer your data internationally, we will ensure that appropriate safeguards are in place as required by law, such as:

• Using countries which the UK government has determined provide an adequate level of data protection; or
• Implementing standard contractual clauses or equivalent safeguards approved under UK law.

You may contact us for further details about international transfers and the safeguards used.

9. Marketing and Your Choices

We may use your contact details to send you marketing communications about Blue Horizon arvest Bank products and services, including information related to arvest-branded accounts or services, where permitted by law and consistent with your preferences.

You can manage your marketing preferences by:

• Following the unsubscribe or opt-out instructions in marketing emails or messages; or
• Contacting us using the details provided in Section 12.

Even if you opt out of marketing, we may still send you non-marketing communications related to your accounts and our contractual relationship with you.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

• Provide our services and manage our relationship with you
• Comply with legal, regulatory, and accounting obligations
• Resolve disputes and enforce our rights

In many cases, banking and financial regulations require us to retain certain records for a specified period after the end of our relationship with you. Once retention periods have expired, we will securely delete or anonymise your personal data.

11. Your Rights

Under applicable data protection law, you have a number of rights in relation to your personal data, which may include:

• Right of access: to obtain confirmation as to whether we process your data and, where applicable, a copy of your personal data.
• Right to rectification: to have inaccurate or incomplete personal data corrected.
• Right to erasure: to request deletion of your personal data where there is no compelling reason for us to continue processing it (subject to legal and regulatory obligations).
• Right to restriction: to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format and have it transmitted to another controller, where applicable.
• Right to object: to object to processing based on our legitimate interests, and to object to direct marketing at any time.
• Rights in relation to automated decision-making: to obtain information about, and in some cases challenge, decisions based solely on automated processing (including profiling) that have legal or similarly significant effects on you.

You may exercise these rights by contacting us using the details in Section 12. We may need to verify your identity before responding to your request. Your rights may be subject to limitations where we have overriding legal obligations or legitimate interests.

12. Contact Us

If you have any questions about this Privacy Policy or how Blue Horizon arvest Bank processes your personal data, or if you wish to exercise your data protection rights, you can contact our data protection contact point at:

Data Protection Officer Blue Horizon arvest Bank [Insert Address] England

Email: [Insert Email Address] Telephone: [Insert Telephone Number]

You also have the right to lodge a complaint with the UK data protection authority, the Information Commissioner's Office (ICO). Further information is available on the ICO website.

13. Security of Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption and secure transmission technologies
• Access controls and authentication procedures
• Regular security assessments and monitoring

However, no system can be completely secure. You are responsible for keeping your login credentials, passwords, and security details confidential and for notifying us immediately if you suspect unauthorised use of your accounts.

14. Cookies and Similar Technologies

Our websites and online services may use cookies and similar technologies to enable functionality, improve performance, and provide analytics and personalisation. Where required by law, we will obtain your consent before placing non-essential cookies on your device.

You can manage your cookie preferences through your browser settings and, where available, our cookie management tools. Please note that disabling certain cookies may affect the functionality of our services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will take appropriate steps to inform you, such as posting a prominent notice on our website or contacting you directly.

The "Last updated" date will indicate when this Privacy Policy was most recently revised.

By continuing to use our services after any changes become effective, you acknowledge that you have read and understood the updated Privacy Policy.