Privacy Notice

Our Privacy Notice gives you all the details you need to know about how we use your personal information and your privacy rights. Personal information includes what you tell us about yourself, what we learn about you as a FOGGGer, and the ways you’ve told us we can get in touch.

We’ve added individual links below to help you quickly find the right section, or you can read through or print out this page.

Personal information & the law

Find out more about us, how we collect personal information, and how the law protects you.

1. Who are we? (Goes to the “about” page)

FOGGG is a Community Interest Company registered in England number 14421925

We are a controller for the processing activities specified in this privacy notice that relate to your personal data.

This privacy notice also explains how other parties, including companies belonging to the Metro Bank group, may use your personal data. Some of our products, applications or services have separate privacy notices which do not incorporate this privacy notice.

If you have any questions about this privacy notice, would like more information about how we use your personal data, or to exercise any of your data subject rights (see “Your rights”) please contact our Data Protection Officer:

Write to

Data Protection Officer
FOGGG CIC
47 Lanark Road

London W9 1DE

Email

DataProtectionOfficer@Foggg.org

If you are unhappy with our management of your information, you have the right to lodge a complaint with the Information Commissioner’s Office. Please visit http://www.ico.org.uk/ for more information.

2. Our collection and retention of personal data

Personal data includes any information that directly or indirectly (whether alone or in conjunction with other information) identifies you (or someone else). This includes information such as your name, address, and contact details. It also includes, for example, any photograph we have of you, online identifiers such as IP address or device ID, and location data.

The personal data we hold about you is limited to information that you have given us directly – for example, when you contact us or when you complete customer surveys.

This also includes information we:

may ask you to provide to support your request to support us
record and monitor through our telephone calls to help improve the products and services we offer
collect during the provision of our contracted services to you (e.g. your account details, and details of your transactions and interactions with us)
collect, or third parties acting on our behalf (such as Google Analytics) automatically collect, when you use our websites or interact with our emails (in each case with your consent, where necessary). Examples of data collected include your IP address, browser type referral source, information about which parts of our page you have visited and how long you spent on them, the preferences you have set, and whether you have opened our emails
occasionally obtain from publicly-available sources, such as social media sites (e.g. we may collect your name and comments where you mention us in a post) and Government registers (e.g. Companies House).

Where we ask you to provide personal data to us on a mandatory basis, we will tell you at the time of collection. In the event that particular personal data is required by the contract or law, this will be made clear.

We may also collect your personal data where you engage with us online (for example, on Twitter or LinkedIn) or where you mention us in a public forum. Remember that any information you publish online may be seen by others; please see the section on “Social Networking Sites” for further information.

At the end of your relationship with us, we retain your personal data for as long as required to meet our legal and regulatory obligations. Where retention is based on other reasons, we will retain it for no more than seven years, in line with our data retention policy.

3. The purposes and lawful basis for our collection of personal data

Your personal data is collected and processed for business and business-compatible purposes, in accordance with applicable laws and as set out below. Personal data may occasionally be used for purposes not obvious to you where the circumstances warrant such use (e.g. in fraud investigations or similar).

We generally process your personal data under one of the following legal bases:

Our legitimate business interests (described in the section below), except where these are overridden by your interests or fundamental rights and freedoms which require protection of personal data (“legitimate interests”)
Compliance with a legal obligation to which we are subject (“legal obligation”)
For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract (“contractual performance”).

We may also rely on other bases (for example, where the processing is necessary in the performance of a task carried out in the public interest, or in order to protect your vital interests or those of another person, or where you have given your consent) on an exceptional basis, where none of the above applies.

We have identified the following purposes for processing personal data, each of which relates to a lawful basis for processing, as required under applicable law. These purposes include:

Purpose for processing	Lawful basis
To provide products and services which you have requested, and to conduct business with you (for example, to process your application, to manage your account, to tell you about important changes to our services, to process and to respond to your enquiries, complaints and issues) and to keep updated and bring together and improve records.	Contractual performance
To detect, investigate, prevent and prosecute criminal activity and to meet out regulatory, legal and compliance obligations (including performing regulatory and prudential compliance checks on an ongoing basis, account and transaction monitoring, checks for sanctions and politically-exposed persons, and transaction and tax reporting. Also including making disclosures to, co-operating with, and complying with requests from: public authorities, regulators, courts of law, tax authorities, governmental bodies or law enforcement agencies, and investigating and preventing fraud, terrorism and other crime).	Legal obligation Legitimate interests: To the extent our processing of your personal data for these purposes extends beyond that strictly required by applicable UK law to which we are subject, or where such legal/regulatory obligations do not specify the method by which a mandatory outcome (e.g. preventing terrorist financing) shall be achieved, or where we are subject to a legal obligation in another jurisdiction, we consider that we have a legitimate interest in ensuring effective compliance in all relevant jurisdictions, in protecting our customers, and in maintaining a good relationship with law enforcement, regulators and other relevant authorities. We also consider that we have a legitimate interest in protecting our legal rights.

To improve customer service, and to decide if a product or service is suitable for your needs.	Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively. We consider that we have a legitimate interest in ensuring that we provide our customers with appropriate products and services, to ensure both appropriate risk management and good client relationship management.
To provide you with the appropriate level of service, to accommodate your specific individuals needs and treat you fairly based on any vulnerability you may have, whether you have told us or we believe necessary to record, to improve customer service ensure equality of treatment, protect vulnerable customers or safeguard your economic wellbeing.	Consent Public Interest Vital Interest Legitimate interests: We consider that we have a legitimate interest in providing quality customer service, as this allows us to maintain good client relationships and to deal with queries and complaints effectively.
To carry out operational and administrative functions (e.g. to maintain our own accounts and records, to operate information technology systems, to carry out billing-related and payments administration, to maintain stocks and shares registers).	Legal obligation (to maintain certain statutory records) Legitimate interests: To the extent that we do not have a strict legal obligation under UK or EU law to carry out such activities, we consider that we have a legitimate interest in running our business efficiently.


Marketing: To tell you about other FOGGG products, services and facilities that may interest you (by post, email, phone or text, in accordance with your preferences).	Legitimate interests: We may also process your personal information for marketing purposes. You have a right to receive services from us without consenting to marketing communications, and you can always opt out of receiving any such communications from us. Our lawful basis for processing your data is that we have a legitimate interest in making our customers aware of our other services and offerings. Consent to data being processed in relation to direct marketing by electronic means such as by email or SMS.
We may share some personal data (for example, your email address), in a secure format, with our advertising partners and social media companies, so that they can display the most relevant messages to you and others about our products and services. This includes instructing these companies not to show adverts to our existing customers. If you do not want us to share your personal data with our advertising partners or social media companies for this purpose, you can tell us not to.	Legitimate interests: It is in our legitimate interests to give you information about our products and services that you or others may be interested in.
To evaluate the effectiveness of marketing and for research, training and statistical analysis with the aim of improving services.	Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations.
To help us to improve our products, services and operations (Including market research, analysis of customer preferences, transactions and market trends, evaluating proposed products, testing new systems and upgrading existing systems).	Legitimate interests: We consider that we have a legitimate interest in improving our products, services and operations.
To manage our business and to protect and enforce our rights (Including assessing, monitoring and managing financial, reputational and other risk, conducting audits, liaising with regulators and law enforcement, and to establish, enforce and defend against legal claims).	Legal obligation Legitimate interests: We consider that we have a legitimate interest in prudently managing our business and in protecting and enforcing our rights.
To be able to work with other companies that provide services to us and our customers.	Contractual performance

Where you have consented we may also sell or exchange your data, or share your information with other carefully chosen organisations, so that you can hear from them about their products or services.

We may also process your personal data for other purposes permitted or mandated by applicable laws, including those legitimate interests pursued by Metro Bank, where these are not overridden by the interests or fundamental rights and freedoms of individuals.

6. Law enforcement, fraud prevention and other agencies

If you give us false or inaccurate information and we identify or suspect fraud or other criminal activity, we may pass details to fraud-prevention agencies or credit-reference agencies (or both). Law-enforcement agencies may also access and use this information. We and these other organisations may access and use your personal information to prevent fraud and money laundering – for example, when:

checking details on applications for credit and credit-related accounts or other facilities
managing credit and credit-related accounts or facilities.

If you ask, we will provide you with details of the relevant fraud-prevention agencies.

We and these other organisations may access and use the information recorded by fraud-prevention agencies or credit-reference agencies (or both) from other countries.

7. Use of cookies for online applications

When you visit our different online channels, we or a third-party service provider may collect technical and navigational information. This is done through the use of cookies.

A ‘cookie’ is a small text file that’s stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.

Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.

Our online services use session and persistent cookies.

Some cookies are set by websites you go to – they are known as first-party cookies. Others are set by outside organisations such as social media, search engines, other advertising networks and our business partners – these are known as third-party cookies. Whether a cookie is first- or third-party depends on where it comes from.

Our online services use first- and third-party cookies.

For further information about cookies please visit http://www.allaboutcookies.org/.

8. Cookies policy

The following sections set out FOGGG’s cookies policy, explaining how we use cookies and similar tracking technologies. It also explains the choices you can make about whether we can put some types of cookies on your PC, tablet or mobile phone.

In this policy, where we say ‘cookies’ we also include similar tracking technologies that collect data while you use our websites and mobile applications to help provide you with the best possible online experience.

The information cookies collect, and how we use that information may count as personal information e.g. internet protocol address (‘IP address’), operating system, browser type, pages visited and average time spent.

Data we collect will be held by FOGGG. We use this data to:

protect our visitors and customers from fraud and keep improving security
analyse how our visitors use our online services to help us improve their performance
decide which of our products, services and offers may be relevant for you.

We do not sell data to organisations outside our group.

If you have questions on our use of cookies, please email DataProtectionOfficer@Foggg.org

8.1 Types of cookies we use

The cookies we use are either strictly necessary or optional.

Strictly necessary cookies

Generally, these cookies will be essential cookies and are required for the operation of our websites. They include cookies that enable you to log into secure areas of our websites and help ensure the content of the pages you request load quickly. Without these cookies, you will not be able to access our online services (e.g. our websites or a service on any of our websites) which you have requested, this is why we will not collect your preferences in regards to these cookies.

Essential cookies are used to:

Maintain online security and protect against online fraud
Maintain your privacy and to help keep your details safe and secure.

Optional cookies:

We would like to use cookies to provide optional features and improve our websites.

We understand that not everyone likes data to be collected about them when it’s not strictly necessary, and so we’ll ask you to set your preferences when you first visit our websites.

To make it easier to choose which optional cookies to accept, we’ve organised these cookies by category. These are set out below. You can choose which categories you’d be happy for us to use in your cookie settings and make changes at any time by referring to the ‘Managing cookies’ section below and selecting ‘Customise my preferences’.

Performance cookies – tracking website performance

These cookies collect aggregated information and are not used to identify you. All the information collected is anonymous and is only used to help us understand and analyse how visitors use our online services and look for ways to improve their performance.

For example, a cookie might allow us to both count visitors and see how visitors navigate our online services, which allows us to improve the customer journey.

The analytics cookies we use include the following:

Google analytics – which uses cookies to help us analyse how our visitors use the site. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website, where visitors have come to the website from or the pages they visited. Find out more about how these cookies are used on the Google privacy site: https://policies.google.com/privacy?gl=GB&hl=en-GB
Hotjar – which uses cookies to collect user behavioural patterns online for statistical purposes: https://www.hotjar.com/legal/policies/privacy/
Episerver – which uses cookies to tag a unique ID to the user and provide personalised content on the Metro Bank websites: https://www.episerver.com/legal/privacy-statement
Heap – which uses cookies to track user behavioural patterns on our website for statistical purposes: https://heap.io/privacy

Functional cookies – giving you a better online experience

These cookies remember your preferences so that you do not have to enter them each time you visit our websites and other online channels. These cookies allow us to personalise content for you; without them we cannot remember your choices.

Targeting cookies

These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. They will always be persistent but time-limited cookies.

Targeting cookies are used to send you relevant information and see which content you use. They do this by recording your visits to our websites, the pages you have visited and the links you have followed. We then use the information collected to tailor both our websites and the relevance of the advertising displayed to your interests. In order to make the advertising displayed more relevant, we provide the information collected to advertising networks. Please note these cookies do not contain any of your personal or financial information.

We partner with third-party companies including Google Ads and Facebook to provide cookies that help us optimise the relevance of advertisement on the websites.

Overview of the cookies we use across all online service channels

Category	What they do	My choices
Strictly necessary	These cookies are needed to run our websites, to keep them secure if you are logged on and to obey regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details safe and private. Other important jobs they do are: · Help you move around the site · Tell us if you’ve been to it before and which pages you went to · Tell us how the site is working, so we can find and fix any problems.	You can’t turn off these cookies
Functional	These cookies are used for remembering things like: · Your user ID on the logon page · Your region or country · Your preferred language · Accessibility options like large font or high-contrast pages.	We’ll ask for your consent to use these cookies
Performance	These cookies tell us how you and our other customers use our websites. We combine all this data together and study it. This helps us to: · Improve the performance of our services · Improve the products we provide.	We’ll ask for your consent to use these cookies
Marketing	These cookies help us decide which of our products, services and offers may be relevant for you. We may use this data to tailor the marketing and ads you see on our own and other websites and mobile apps, including social media. For instance, you may see our ads on other sites after you have been to our websites. If you turn off marketing cookies you will still see ads online, but they will not be tailored to things that may interest you.	We’ll ask for your consent to use these cookies

8.2 Managing cookies

You can manage your cookie preferences at any time by changing your cookie settings.

Customise my preferences

You can also use your browser settings to delete cookies that have already been set at any time and to manage cookies, for example, to switch off a cookie altogether. If you do this, it could mean that we can’t use ‘strictly necessary’ cookies properly and so parts of our websites may not work correctly.

For more information about how to use your browser settings to clear your browser data or to manage cookies, check your browser ‘Help’ function.

Find out more on how to manage cookies in common browsers (Internet Explorer, Chrome, Firefox and Safari) on the Information Commissioners’ Office (ICO) website.

8.3 How do we remember your cookie preferences?

Your preferences are saved in cookies stored on your browser. If you switch off a category of cookies that you’ve previously accepted, then for technical reasons those cookies will not be deleted.

To delete cookies from your browser, we recommend that you clear your browser data. If you do this, or change browser, we’ll ask for your preferences again when you next visit our websites.

Managing your personal information

9. Keeping your information up to date

If any of the information we hold on you is incorrect, please notify us and we will ensure that it is updated accordingly. Where your details have changed, you have a responsibility to inform us at the earliest time possible. Failure to notify us of a change in your details may affect the way in which we provide you with products and services.

10. Your rights

You have specific rights over your personal data, as explained below. These may not apply in all circumstances – we will let you know where this is the case.

Data subject access request: You may request information concerning what personal data we process on you and request a copy of that personal data
Rectification of inaccurate personal data: You may request rectification of any inaccurate personal data. We take reasonable steps to keep your personal data accurate and current but you can also ask us to change any information we hold about you to keep it accurate, complete and current. However, please remember that it is your responsibility to tell us about any updates to this information
Erasure of personal data: You have the right to ask us to erase the personal data we hold about you. It may be necessary to retain your personal data to fulfil our contract with you or to fulfil our legal and regulatory obligations
Restricting processing of personal data: You can request that we restrict our processing of your personal data where you contest the accuracy of the information we hold (restricted until it has been verified), where it was processed unlawfully and you do not wish us to erase it but just to restrict our processing, or where we no longer need the personal data but you need us to retain it for the establishment, exercise or defence of a legal claim. Where a restriction is in place we can continue to store your information but only otherwise process it with your consent or for the establishment, exercise or defence of legal claims, for the protection of another individual’s rights or for important public interest reasons. We will inform you prior to the lifting of any restriction
Right of portability: In certain circumstances, where technically feasible, you have the right to receive the personal data in a structured, commonly-used and machine-readable format and the right to transmit such personal data to another controller, if the processing is based on consent and is carried out by automated means
Object to the processing of your personal data: Where we process your personal data on the basis of ‘legitimate interests’, you can request we stop such processing. Where we process your personal data for direct marketing purposes, you can request we stop such processing and we will cease any processing related to direct marketing
Right not to be subject to automated decision making: You have the right to ask that a human reviews an automated decision, to express your point of view and to contest an automated decision
Right to withdraw consent: Where we process your personal data because you have given us your consent, you can withdraw your consent at any time

You can exercise your rights by contacting us at Admin@FOGGG.org

We will respond to your request within one calendar month. We may need to confirm your identity before processing your request. If you can’t give us satisfactory proof of your identity, we have the right to refuse your request. We also have the right to reject requests that are manifestly unfounded or excessive.

How we use your personal information

11. Further processing

If we determine that your personal data is to be used for a new purpose, we will inform you beforehand.

12. Sharing your information

Your personal information may be shared with third-party service providers, including companies belonging to the Metro Bank group, which may provide products or services to you or us.

We will only share your personal data where necessary and where we have a lawful basis for doing so (for the purposes already outlined). Recipients of your personal data may include:

other parties connected to your account (i.e. joint account holders)
credit reference agencies (please see section below)
our service providers (such as payment processors, IT service providers, email service providers and web analytics providers)
specific subcontractors who help to provide you with the services you have requested
tax authorities, regulatory authorities, government bodies, insolvency service, law enforcement agencies and fraud prevention agencies (please see section below)
our insurers, lawyers, auditors, consultants and other professional advisers
other banks or financial institutions (where you ask us to share your personal data, or where we are asked to confirm your identity for the purposes of preventing or investigating financial crime)
selected third parties, if you want to use our referral to get discounts for their services, or where you want to take advantage of our functionality to import or export your banking data
third parties, where you have consented for us to share your data with them
advertisers, technology providers, social media platforms and providers of apps and smart devices. This is so that you are only shown marketing we think you might be interested in and we can try to find new customers who are like you, or have similar interests to yours.

These recipients may be located in countries around the world (please see “Processing personal data outside of the EU (EEA) and UK”).

Our websites may contain links to other websites operated by third parties. This privacy policy applies only to the personal information that FOGGG collects and we are not responsible for personal information that others may collect, store and use through their websites. You should refer to the privacy policy of the third party’s website for details on how they collect and use your personal information.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at http://www.cifas.org.uk/FPN

13. Processing personal data outside of the EU (EEA) and the UK

Parties with which we share your personal data (for the purposes explained above), may be located in countries outside of the UK and the European Economic Area (EEA), such as India and the USA which have more lenient data protection laws than those of the UK.

We will only make such a transfer where an appropriate transfer mechanism is in place, in compliance with applicable data protection law. Where necessary, we will carry out a risk assessment to ensure that your personal data remains appropriately protected.

In most cases, such transfers are made pursuant to the standard contract clauses approved by the European Commission. A copy of the standard contract clauses are available on the ‘Standard contractual clauses’ page of the European Commission’s website.

19. Social networking sites

We maintain an online presence on popular social media websites including (but not limited to) Instagram, LinkedIn, Twitter and YouTube. We use these websites to share our news, upcoming events and to celebrate our culture. By engaging with us on these sites, you are accepting that the webpages are available to the general public and agree to the following:

Social media web pages are not private. Please do not share your personal account information on any of the websites, including through the use of private messages
Although we do always try to read every message sent to us on social media, we cannot guarantee a response to every message
Any pictures you provide on our social media web pages may be used within our internal newsletters
Any information that you provide us with on social media web pages may be retained by the website for longer than your relationship with us.

20. Java/ActiveX

FOGGG’s websites do not run any java applets or applications, or any ActiveX controls. This means that if you are connected to our websites you will not be asked by us if you want to allow a program to run.

Privacy Notice

Become a FOGGGer