Skip to main content

Privacy notice


We are Cater Allen Private Bank, the data controller. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

This is our Privacy Statement which explains how we obtain, use, and keep your personal data safe in relation to the Cater Allen website ( and the Cater Allen internet banking website.

Your personal data is data which by itself or with other data available to us can be used to identify you.

We're committed to keeping your personal information safe in accordance with applicable data protection laws.

The types of personal data we collect and use

The types of personal data we capture and use will depend on what you are doing on the website or when using internet banking. We'll use your personal data for some or all of the reasons set out in this Privacy Statement. If you become a customer we'll also use it to manage the account, product or service you've applied for and we'll provide you with a separate data protection statement specifically in relation to that as part of the application process. Some of the information relevant to that is included in this Privacy Statement for consistency. Examples of the personal data we use in relation to our websites may include:

  • full name and personal details including contact information (e.g. home and/or business address and address history, email address, home, business and mobile telephone numbers);
  • date of birth and/or age (e.g. to make sure you are eligible to apply for a product or service);
  • financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us);
  • records of products and services you've obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
  • information from credit reference and fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us;
  • family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependents you have);
  • education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us;
  • personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Statement and any related data protection statement with them beforehand together with details of what you've agreed on their behalf (i.e. Financial Adviser or Intermediary); and
  • special category data, including data about your health and biometric data (e.g. facial ID, fingerprints, keystrokes, and voice recordings for TouchID and voice recognition).

Providing your personal data

We'll tell you if providing some personal data is optional, including if we need to ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your application, query, or service request. We'll collect this personal data directly from you when you use this website. Where you go through an application process with us, we may collect some of your personal data indirectly, from other sources. We will tell you about the sources of the personal data in the data protection statement relevant to the specific product. If you provide personal data about another individual, you must have their authority to provide their personal data to us and you must share this Privacy Statement and any related data protection statement with them beforehand together with details of what you've agreed on their behalf.

Monitoring of communications

Subject to applicable laws, we'll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We'll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what's been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.

Using your personal data: the legal basis and purposes

We'll process your personal data:

  1. as necessary to perform our contract with you for the relevant account, product or service:
    • to take steps at your request prior to entering into it;
    • to decide whether to enter into it;
    • to manage and perform that contract;
    • to update our records; and
    • to trace your whereabouts to contact you about your account
  2. as necessary for our own legitimate interests or those of other persons and organisations, e.g.:
    • for good governance, accounting, and managing and auditing our business operations;
    • to search at credit reference agencies at your home and/or business address (if you are a business customer) if you're over 18 and apply for credit;
    • to monitor emails, calls, other communications, and activities on your account;
    • for market research, analysis and developing statistics;
    • to trace your whereabouts to contact you about your account, and to recover debt you owe us;
    • for establishment and defence of legal rights;
    • for the prevention, detection and investigation of financial crime, including fraud, money laundering, and terrorism financing; and
    • to send you marketing communications, including automated decision making relating to this
  3. as necessary to comply with a legal obligation, e.g.:
    • when you exercise your rights under data protection law and make requests;
    • for compliance with legal and regulatory requirements and related disclosures;
    • for establishment and defence of legal rights;
    • for activities relating to the prevention, detection and investigation of crime;
    • to verify your identity, make credit, fraud prevention and anti-money laundering checks; and
    • to monitor emails, calls, other communications, and activities on your account
  4. based on your consent, e.g.:
    • when you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
    • when we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
    • to send you marketing communications where we're required to ask for your consent to do so.

You're free at any time to change your mind and withdraw your consent. The consequence might be that we can't do certain things for you. To the extent that action has already been taken based on your consent, withdrawal of your consent will not apply to the processing of your personal data that has already occurred, based on your consent.

Sharing of your personal data

Subject to applicable data protection law we may share your personal data:

  • with the Santander group of companies* and associated companies in which we have shareholdings;
  • with sub-contractors and other persons who help us provide our products and services;
  • with companies and other persons providing services to us;
  • with our legal and other professional advisors, including our auditors;
  • with fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management;
  • with other organisations who use shared databases to do income verification and affordability checks and to manage/collect arrears;
  • with law enforcement bodies;
  • with government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner's Office);
  • with courts, to comply with legal requirements, and for the administration of justice;
  • with the Financial Services Ombudsman;
  • with other banks and financial institutions for the prevention and detection of financial crime, including fraud, money laundering, and terrorism financing;
  • in an emergency or to otherwise protect your vital interests;
  • to protect the security or integrity of our business operations;
  • to other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions;
  • when we restructure or sell our business or its assets or have a merger or re-organisation;
  • with market research organisations who help to improve our products or services;
  • with payment systems providers (e.g. Visa or MasterCard) if we issue cards linked to your account; they may transfer your personal data to others to process transactions, resolve disputes and for statistical purposes, including by sending your personal data overseas; this is necessary to operate your account and for regulatory purposes; and
  • with anyone else where we have your consent or where we have another lawful basis for doing so.

International transfers

In some instances your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries additional steps will be necessary to ensure appropriate safeguards are in place to protect your personal data. These include imposing contractual obligations to ensure these safeguards are put in place or requiring the recipient to subscribe to or be certified with an 'international framework' for the protection of personal data. More details can be found in our Using my personal data (pdf) booklet.

Internet applications

If you apply for an account via the website, before you enter any personal details into the online form, we'll tell you how your information will be used in our data protection statement relevant to that account, in the Using my personal data (pdf) booklet and sometimes in the relevant terms and conditions. You'll be asked to confirm that you have read these and you'll be asked to agree to our terms and conditions before you submit the application.

The data protection statement, in conjunction with the Using my personal data (pdf) booklet, includes details of the uses we may make of your data, the legal bases we are relying upon to carry out that processing, and who we may share your personal data with. For instance, for credit account applications like bank accounts, we may pass your details to a recognised credit reference agency to help process your application.

We may occasionally send you information about accounts and services which we think would be of interest to you but only where we have your consent or if this is within our legitimate interests (see above for more details about lawful bases). You can choose to stop receiving information at any time by contacting us.

Contacting us

Contacting us by phone

You can call us on 0800 092 3300. To help us improve our service we may record or monitor phone calls as explained in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests.

Contacting us by email

When you contact us, we may need to collect some personal details like your name, address and phone numbers. Email isn't 100% secure so you shouldn't send personal data such as your account information using normal email. Please consider another method, such as calling us, if you need to share personal information.

Emails are stored on our standard internal contact systems which are secure and can't be accessed by external parties. We store this information to identify trends, and for the purposes set out in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests. For more information on the criteria we use to determine our retention periods, see below.

Automated decision making and processing

We may automatically process your personal information, without human intervention, to evaluate certain personal aspects about you (known as profiling).

In particular, we may analyse or predict (among other things) your economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you using your personal information. For example, we might analyse certain customer demographics, account holdings and account behaviours (such as Direct Debits you have set up on your accounts including those which identify accounts and products such as credit cards and store cards which you hold with other providers/elsewhere) and look at details of transactions relevant to your accounts. We may also analyse events such as the maturity dates of your accounts and opening anniversaries.

In some instances we'll use automated processing and decision making, where relevant, to decide which of our other products or services might be suitable for you. We'll look at the types of accounts that you already have with us, as well as your age, where this is relevant to the product, we think you might be interested in. We'll also conduct behavioural scoring, including by looking at the accounts and products you already have with us and how they are being used, such as account turnover, arrears and other indications of financial difficulties. Where searches are carried out against publicly available data sources and credit reference agencies, these searches may appear on your credit report, but they will not affect your ability to get credit.

You may have a right to certain information about how we make these decisions. You may also have a right to request human intervention and to challenge the decision.

You may withdraw your consent at any time by contacting us. Further details can be found in the Using my personal data (pdf) booklet.

Using your personal information for direct marketing

We'll tell you if we intend to use your information for marketing purposes and we'll give you the opportunity to opt out if you want to (unless we need a consent to use your information for marketing purposes – if we do we'll seek one). If you receive marketing emails and don't want to in future, please use the unsubscribe link within the email and we'll remove you from future campaigns. Ways to opt out of marketing communications that we send you via other channels, can be found in the Using my personal data (pdf) booklet.

Surveys and competitions

We'll treat any survey or competition information you provide with the same high standard of care as we do all other customer information, using any details provided strictly within the terms of the competition and this Privacy Statement.


Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

  • collect information that will help us understand visitors' browsing habits on our website;
  • compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
  • temporarily store any information which you may enter in tools, such as calculators; and
  • in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services.

We use cookies to enable us to perform our contract with you (e.g. if you are an Internet Banking customer) and for our legitimate interests (e.g. to help us improve our service). We'll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy.

Criteria used to determine retention periods (whether or not you become a customer)

The following criteria are used to determine data retention periods for your personal data:

  • retention in case of queries. We'll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
  • retention in case of claims. We'll retain your personal data for as long as legal claims can be brought and defended.; and
  • retention in accordance with legal and regulatory requirements. We'll retain your personal data after your account has been closed or has otherwise come to an end based on our legal and regulatory requirements.

My rights under applicable data protection law

Your rights are as follows (noting that these rights don't apply in all):

The right to be informed about our processing of your personal data;

  • The right to have your personal data corrected if it's inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the "right to be forgotten");
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data ("data portability"); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner's Office. It has enforcement powers and can investigate compliance with data protection law:

For more details on all the above you can contact our DPO, view the Using my personal data (pdf) booklet or request it by calling us on 0800 092 3300.

Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data, which can't be used to identify you. We may share and sell such anonymised data including in an aggregated format, within and outside of the Santander group of companies, for statistical analysis, research and other business purposes. For example, sharing information about general spending trends in the UK to assist in research. The law says this is not considered to be personal information after it has been anonymised and/or aggregated.

Group companies

For more information on the Santander group companies, please see the Using my personal data (pdf) booklet.

Changes to this Privacy Statement

We'll notify you if there are any material changes to this Privacy Statement if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.

Legal statement about this Privacy Statement

This Privacy Statement is not designed to form a legally binding contract between Cater Allen and users of our website or internet services.

Links to other websites

Certain hypertext links in this website may lead you to websites which are not under the control of Cater Allen Private Bank. When you activate these, you may leave the website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by Cater Allen Private Bank.

We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

No liability for unavailability

We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.

Contacting us about our Privacy Statement

You can contact us on 0800 092 3300 or write to our DPO at: 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

Customer responsibility

It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.

Easy ways to protect yourself from danger

There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:

  1. never share a One Time Passcode (OTP) with another person, not even a member of Cater Allen staff
  2. do not log on using a public computer
  3. always access Internet Banking by typing into your web browser and logging on via our website
  4. never enter your Internet Banking details after clicking on a link in an email or text message
  5. do not send confidential information by email as it's not secure and there is always a risk it could be intercepted
  6. if you're logged into any online service, do not leave your computer unattended. Close down your internet browser once you've logged off
  7. never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

For more information about staying safe online you can visit our Fraud and Security Centre at

Secure Internet Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

All information passed between you and Cater Allen when using our online services is sent using secure industry standard encryption.