Privacy Notice

Version last updated: July 2023

We may make changes to this policy from time to time, and will post the latest version of the policy on this page. If we make any significant changes to this policy, we will let you know by email or other appropriate means.

We are Recognise Bank (“Recognise”), our Company Registration number is 10603119 and our Registered Office address is Second Floor, Augustine House, 6A Austin Friars, London, EC2N 2HA. Recognise are registered with the Information Commissioner’s Office (“ICO”) under number ZA776590.

This privacy notice explains how and why Recognise use your personal data. In this policy, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you. When we use terms such as “we”, “us” and “our” in this policy, we mean Recognise.

This policy applies to personal data processed by or collected on behalf of Recognise. We may collect information from you when you visit our website, apply for a service, contact us by telephone or email or receive a communication from us relating to the service we provide.

You should read this policy so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time.

Recognise is a “Data Controller”. This is a legal term which means that we make decisions about how and why we use your personal data. As the “Data Controller”, we are responsible for making sure that your personal data is used in accordance with applicable data protection laws. As Data Controller, we are required by law to give you the information in this policy. There may also be other Data Controllers involved in processing your data as further explained in this Policy, or as you may be advised at the time your information is to be processed.

Our products and services are available through our regional offices and on our website as well as through professional and financial advisers and anyone else who acts as a person sitting in between you and us in relation to what we do for you. We work with brokers and intermediaries for our lending and savings products and services. In this policy we will call these persons “brokers and other intermediaries”.

When a broker or other intermediary processes your personal data on our behalf, this privacy notice will apply. When a broker or other intermediary processes your personal data as a Data Controller in its own right, its own privacy notice will apply, and you should ask them for a copy if you do not have one by the time you are introduced to us.

This will depend on the products and services you apply for and (if your application is successful) obtain from us. Generally speaking, the personal data we process about you falls into the following categories:

  • Identity data including your name, date of birth and/or age, marital status, family, lifestyle or social circumstances (if relevant to the application), passport information or other identification documents (e.g. driving licence or birth certificate);
  • Contact data including where you live (tax residency status is collected for Savings products), your correspondence address (where different from where you live), address history, email address and telephone numbers;
  • Financial data including your employment status, your salary and other sources of income, financial position, status and credit history, whether you receive benefits, your savings, financial commitments, existing borrowings and loans and household expenditure;
  • Transaction data including details about payments to and from your accounts with us and bank details;
  • Special categories of personal data including information about your health or vulnerability [and details of any criminal convictions or alleged offences];
  • Technical data including details on the devices and technology you use when accessing our website, your Internet Protocol (IP) address, operating system and browser type (please refer to our Cookie policy for more information)
  • Usage data including about how you use our products and services, and website;
  • Marketing and communications data including your preferences in receiving marketing from us and your communication preferences.
If you make a joint application with your spouse, partner or family member, we will collect the personal data mentioned above about that person too, and this privacy notice will apply to them.

If you make an application for your business, we will also collect the personal data mentioned above about all individuals who you have a financial link with, for example other directors or officers of your company, who you must include on the application form. This privacy notice will apply to them too. In order to assess your company’s suitability for the product, we need to verify that:

  • All applicants are included
  • The identity for all applicants is verified
  • All applicants are UK tax payers (applies to savings products)


To do this, we use an external agency to check all directors are included and gather publicly held data to run authentication and world checks. If the data we gather is insufficient to allow us to run these checks, we will request them directly from you.

Some of our products and services including business finance, require witness signatures (to comply with execution formalities as a matter of law) and include the name and address of individuals who have acted as a witness for you. These details are kept on the application forms and stored with your account documents (but not in such a manner that it is part of a searchable filing system) in line with our retention procedures.

We collect personal data directly from you in different ways, including:

  • when you provide it on our website (“our site” or “our website”) when you register to use our site or subscribe to our newsletters;
  • when you apply for a savings or credit product;
  • information we gather from you when you use our services and the way you operate your accounts and/or services;
  • information you provide when you interact with us whether face-to-face, by telephone, video conference, email, letters or other channels;
  • materials you post on our social media pages;
  • information you provide when responding to surveys we may carry out (although you do not have to complete them); and
  • if you take part in any of our competitions or promotions when we have them.

We collect personal data from the following third parties or publicly available sources, including:

  • companies that introduce you to us including industry bodies and associations;
  • brokers;
  • credit reference agencies and fraud prevention agencies (see section below on “Sharing Information with Credit Reference Agencies” and “Sharing Information with Fraud Prevention Agencies”);
  • retailers;
  • comparison websites;
  • land agents;
  • publicly available information sources, such as Companies House, the electoral register, media, social networks and sanctions list;
  • agents working on our behalf;
  • market researchers; and
  • Government bodies and law enforcement agencies.
We collect and process your data for several purposes, and for each purpose Recognise must explain to you what legal grounds justify our processing of your personal data. We set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity Type of data Legal basis for processing (including basis of legitimate interest)
To process your application. Identity data, Contact data, Financial data, Special categories of personal data Performance of a contract with you or to carry out any pre-contract steps.
To carry out identity checks, anti-money laundering checks and checks with Fraud Prevention Agencies (this will involve sharing your personal data with Credit Reference Agencies and Fraud Prevention Agencies). Identity data, Contact data, Financial data, Special categories of personal data Necessary to comply with a legal obligation.
Administering and managing your account and providing products (including online product platforms and mobile apps) and services (this may involve sharing your personal data with certain third parties). Identity data, Contact data, Financial data, Transaction data, Special categories of personal data Contractual necessity (in order to perform a contract with you).
To respond to any queries you have in respect of our services and to fulfil the requests you make to us. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data Necessary for our legitimate interests (to provide a responsive service and develop our business).
To collect and recover money owed to us (this may involve sharing your personal data with debt recovery agencies). Identity data, Contact data Necessary for our legitimate interests (to recover monies owed to us).
To manage how we work with other companies that provide services to us and our customers. Identity data, Contact data, Financial data, Transaction data, Usage data, Marketing and communications data Necessary for our legitimate interests or that of a third party (to improve our services and develop our business).
To correspond with solicitors, surveyors, valuers, other lenders, conveyancers and third party intermediaries. Identity data, Contact data, Financial data, Transaction data, Usage data, Marketing and communications data Contractual necessity (in order to enter into a contract with you).
To exercise our rights (any other member of Recognise), and enforce the terms of our contract and to bring or defend legal claims. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data Necessary for our legitimate interests (to enforce our rights and protect the business).
To understand how you use our products and services (including profiling), and to improve our site to ensure that content is presented in the most effective manner for our site users. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data, Technical data, Usage data, Marketing and communications data Necessary for our legitimate interests (to improve and tailor our services to you and develop our business).
To inform you about updates to the service and to notify you about other products and services offered by us that may be of relevant to you. Identity data, Contact data, Usage data, Marketing and communications data Necessary for our legitimate interests (to market our services and develop our business) or, where we cannot rely on legitimate interest for direct electronic marketing, you have given us your consent to receive such marketing.
To send you newsletters where you subscribe to receive these, and to enable you to participate in any competitions or promotions we may run. Identity data, Contact data, Marketing and communications data Necessary for our legitimate interests (to market our services and develop our business).
To ask you to participate in surveys for market research purposes, and to analyse those surveys and research to benchmark our services. Identity data, Contact data, Marketing and communications data Necessary for our legitimate interests (to improve our services and develop our business).
To undertake system or product development, and improve our products, services and systems. Identity data, Contact data, Transaction data, Usage data Necessary for our legitimate interests (to improve our services and develop our business).
To comply with applicable laws and regulations, including our obligation to maintain records, prevent money laundering and crime (this may involve sharing your personal data with governmental, regulatory bodies and in some circumstances, payment service providers). Identity data, Contact data, Financial data, Transaction data, Special categories of personal data, Technical data, Usage data Necessary to comply with a legal obligation.
To share your personal data, where applicable, with your guarantor, joint account holders, trustees, beneficiaries, power of attorneys, beneficial owners and other account holders. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data Necessary to comply with a legal obligation.
To respond to requests from you to exercise your rights under data protection laws. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data, Technical data, Usage data, Marketing and communications data Necessary to comply with a legal obligation.
To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority and ICO. Identity data, Contact data, Financial data, Transaction data, Special categories of personal data, Technical data, Usage data, Marketing and communications data Necessary for our legitimate interests (for running our business in accordance with good governance requirements).
To administer and operate our business and site (including audits, system maintenance & security, business continuity, support, reporting and hosting of data). Identity data, Contact data, Financial data, Transaction data, Special categories of personal data, Technical data, Usage data, Marketing and communications data Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud).

Where we either have your consent or a legitimate interest, we will keep you informed about Recognise products and services similar to those you already have unless you tell us you don’t want this material.

If at any time you wish to stop receiving marketing information from us, you can notify us via the instructions detailed in the marketing communication you have received, via your account where online access is provided, or by contacting us by any of the means listed in the Contact us section of our website.

We may also from time to time ask you for your consent for other purposes, which we will explain to you at the time. For example, when you request that we share your personal data with someone else and no other legal basis applies.

Some of the personal data we collect about you includes special categories of personal data. In particular, we may process data about your health, biometric data and criminal convictions and offences. Where we process special categories of personal data, this will usually be on the basis of either:

  • explicit consent (and when we ask for that explicit consent, we will explain to you the purposes and use of such data).
  • for reasons of substantial public interest, such as:
  • processing of health data (including sharing of such data) where necessary to enable us to comply with our legal obligations relating to vulnerable customers;
  • using criminal records data to help prevent and detect crime.
  • to establish, exercise or defend legal claims.

Much of what we do with your personal data is not based on your consent and is instead based on other legal grounds.

For processing that is based on your consent, you have the right to revoke that consent for future processing at any time. You can do this by contacting us by emails mentioned under the ‘Contact us’ section of our website and by ‘unsubscribing’ to our newsletters when you receive one. The consequence might be that we cannot send you some marketing communications.

We will tell the broker or other intermediary who introduced you to us that you have withdrawn your consent only if it is our data processor (this means an organisation that is processing personal data on our behalf) or if we are required to do when you exercise certain rights under data protection laws.

So that we can provide you with products and services, meet our legal obligations and operate our business, we may share your personal data with the following third parties in the following circumstances:

  • With other Recognise group companies in order to administer and manage your account.
  • With companies whom we have contracts in place for the supply of goods and services as part of providing service to our customers, such as our mailing house and website suppliers. With market research companies we engage to develop our products and services.
  • We disclose your personal data with third parties who provide us with data analytics, business intelligence, software development and IT services
  • We may also disclose your personal data to our appointed representatives in connection with a contracted transaction between you and us. This includes solicitors, surveyors, valuers, insurers, loss adjusters, debt collection agencies and any party described in the terms and conditions of the individual products you hold with us. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data.
  • With other organisations to provide you with the product or service you have chosen, for example, if you use direct debits, we will share your data with the Direct Debit scheme. If you have a secured loan or mortgage with us, we may share information with other lenders who also hold a charge on the property.
  • With HM Revenue & Customs and other regulatory bodies such as the Financial Conduct Authority, Prudential Regulation Authority and the UK Financial Services Compensation Scheme and the Financial Ombudsman Service, where necessary as part of ongoing supervision or law enforcement.
  • With companies we have a joint venture or agreement to co-operate with and any companies that introduce you to us or we introduce to you.
  • With any party linked with you or your business’s product or service including anyone acting on your behalf with authority to do so or any potential guarantor.
  • Price comparison websites and similar companies that offer ways to research and apply for financial products and services
  • Companies you ask us to share your data with, for example, when you switch accounts from Recognise
  • Credit reference agencies (see paragraph 14 below for more information)
  • Fraud prevention agencies (see paragraph 15 below for more information)
  • Any third party after a change of ownership (see paragraph 16 below for more information)

Should you wish to receive details of the relevant credit reference, fraud or financial crime prevention agencies we use, please contact us by letter or email using the addresses set out at the end of this privacy notice.

To process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). Where you take products or services from us we may also make periodic searches at CRAs to manage your account with us.

To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register, court decisions and bankruptcy registers) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.
  • We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.


When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

Credit Reference Agency Information Notice

Set out below are links to Experian, Equifax and TransUnion International Limited – these are the most commonly used CRA’s within Recognise

All Credit Reference Agencies are required to publish a notice explaining what, why and how they obtain and use information about businesses and individuals. Each is regulated by the Financial Conduct Authority (“FCA”) and authorised to conduct business as a credit reference agency and are required to publish such notices under the General Data Protection Regulation.

https://www.experian.co.uk/legal/crain

https://www.equifax.co.uk/crain

https://www.transunion.co.uk/legal/privacy-centre

As Recognise will source information about you or your business from such agencies we are required to make available the information notices from these companies.

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by https://www.Cifas.org.uk/fpn.

In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Recognise or substantially all of its assets are acquired by a third party, the personal data we hold about our customers will be one of the transferred assets.

There will be some limited circumstances in which we will need to transfer your personal data outside of the UK and/or the European Economic Area (which means all the European Union (EU) countries plus Norway, Iceland and Liechtenstein, together “EEA“).

However, when we need to transfer your personal data abroad, we take steps to ensure that your personal data is adequately protected and in compliance with data protection laws such as entering into the UK’s International Data Transfer Agreement (for transfers of personal data from the UK) – this is a set of contractual wording which has been issued by the ICO.

A summary of our regular data transfers is set out below:

Country/jurisdiction to where we transfer personal dataPurpose for the transferSafeguard used to protect your personal data
IndiaTo engage a third party for consultancy services to assist with software developmentUK’s International Data Transfer Agreement

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

For further information on our transfers of personal data, please contact us at the contact details provided in the “Contacting Us” section below (see section 32).

You should tell us without delay so that we can update our records. If you were introduced to us by a broker or other intermediary who is Data Controller in its own right, you should contact them separately. In some cases where you exercise rights against us under data protection laws (see below) we may need to inform the broker or other intermediary, but this will not always be the case.
We may be unable to provide you with a product or service or to process your application without having certain personal data about you. Certain personal data is required before you can enter into the relevant contract with us, or it may be required during the life of that contract, or required by laws that apply to us. If we already hold some of the personal data that we need – for instance if you are already a customer – we may not need to collect it again when you make your application. In all other cases we will need to collect it except where providing some personal data is optional (in which case, we will make this clear). For instance, we will say in application forms or on our website or via the broker or other intermediary if alternative (such as work) telephone number contact details can be left blank.

Your data is important to us and we take all reasonable steps to maintain it safely and securely and fully in accordance with the General Data Protection Regulation.

We will keep your personal data for seven years from end of last financial year of our business relationship with you. This includes credit agreements, applications forms (paper and electronic), ID provided, credit scores, payments default records and complaints.

We keep data relating to prospective and indicative customer enquiries for 6 months following the expiry of the quote or illustration.

After this time, the data is securely disposed of. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Here is a list of the rights that all individuals have under data protection laws. They do not apply in all circumstances. If you wish to exercise any of them we will explain at that time if they are engaged or not.

  • The right to be informed – we must be transparent with you about the processing that we do with your personal data. This is why we have a privacy notice. The information that we supply is determined by whether we collected your personal data directly from you or indirectly via someone else (such as a broker or other intermediary). Your right to be informed may be relevant if you consider it necessary to ask for more information about what we do with your personal data.
  • The right to request access to the personal data held about you, to obtain confirmation that it is being processed, and to obtain certain prescribed information about how we process it. This may assist if you wish to find out what personal data we do have about you to then determine if you can exercise other rights (those mentioned above and below). You can exercise this right by writing to us or emailing us. We will respond within one month.
  • The right to object to processing of your personal data where it is based on legitimate interests, where it is processed for direct marketing (including profiling relevant to direct marketing) or where it is processed for the purposes of statistics.


Your rights to object may be relevant where you wish for us to stop processing your personal data. You have an absolute right to object to the processing of your personal data for direct marketing purposes (this includes any profiling of data that is related to direct marketing). Otherwise, the right is not absolute and only applies in certain circumstances.

  • The right to restrict processing of your personal data, for instance where you contest it as being inaccurate (until the accuracy is verified); where you have objected to the processing (where it was necessary for legitimate interests) and we are considering whether our organisation’s legitimate interests override your own; where you consider that the processing is unlawful (and where this is the case) and where you oppose erasure and request restriction instead; or where we no longer need the personal data for the purposes of the processing for which we were holding it but where you require us to continue to hold it for the establishment, exercise or defence of legal claims.
  • The right to have your personal data erased (also known as the “right to be forgotten”). This enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. It may be relevant where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed; if the processing is based on consent which you then withdraw; when you object to the processing and there is no overriding legitimate interest for continuing it; if the personal data is unlawfully processed; or if the personal data has to be erased to comply with a legal obligation. Requests for erasure may be refused in some circumstances such as where the personal data must be retained to comply with a legal obligation or to exercise or defend legal claims.
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed in certain circumstances. If we have disclosed the personal data in question to other organisations, we must inform them of the rectification where possible. Your rights in relation to rectification may be relevant if you consider that we are processing inaccurate or incomplete information about you.
  • The right to data portability. This allows individuals to obtain and reuse their personal data for their own purposes across different services; to move, copy or transfer their personal data easily from one environment to another in a safe and secure way without hindrance to usability. This right can only be relevant where personal data is being processed based on a consent or for performance of a contract and is carried out by automated means. This right is different from the right of access (see above) and that the types of information you can obtain under the two separate rights may be different. You are not able to obtain through the data portability right all of the personal data that you can obtain through the right of access.
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention. This right is different from the more general right to object to profiling related to direct marketing (see above) because that other right is not tied to a scenario where there is a legal effect on you or where the processing otherwise significant affects you. Data protection laws prohibit this particular type of automated decision making except where it is necessary for entering into or performing a contract; is authorised by law; or where you have explicitly consented to it. In those cases, you have the right to obtain human intervention and an explanation of the decision and you may be able to challenge that decision.
  • You also have a right to complain to ICO which regulates the processing of personal data in the UK.


If you wish to find out more about your data subject rights or how to exercise them, please contact our Data Protection Officer using the contact information below.

If you wish to exercise any of these rights against the Credit Reference Agencies, the Fraud Prevention Agencies, or a broker or other intermediary who is Data Controller in its own right, you should contact them separately.

In this section monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, emails, text messages, social media messages, face-to-face meetings and other communications.

We may monitor where permitted by law and we will do this where the law requires it. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone calls or in person meetings we will do so.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks of your account) and for quality control and staff training purposes.

We may conduct short term carefully controlled monitoring of your activities on your account where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, where we suspect fraud, money laundering or other crimes.

Telephone calls and/or in person meetings between us and you in connection with your application and the product or service may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for quality control and staff training.

Like many Financial Service providers, we use automated processing in our account opening and identification processes. This means we attempt to match your personal details to publicly available information through sources such as the Royal Mail or Credit Reference Agencies. If for any reason we are unable to complete our formalities using this process you will be informed how you many complete the process using manual methods.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.

Here are some examples of the types of automated decisions we make:

  • Pricing
  • We may decide what to charge for some products and services based on what we know.
  • Tailoring products and services
  • Credit scoring (for more information about how we do this please see paragraph 26 Approving Credit below).


We may place you in groups with similar customers. These are called customer segments. We use these to study and learn about our customers’ needs, and to make decisions based on what we learn. This helps us to design products and services for different customer segments, and to manage our relationships with them.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and products you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details provided.

We use your personal information to help decide if your personal or business accounts may be being used for fraud or money-laundering. We may detect that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them.

When you open an account with us, we check that the product or service is relevant for you, based on what we know. We also check that you or your business meets the conditions needed to open the account. This may include checking age, residency, nationality or financial position.

We use a system to decide whether to lend money to you or your business, when you apply for credit such as a loan or credit card. This is called credit scoring. It uses past data to assess how you’re likely to act while paying back any money you borrow. This includes data about similar accounts you may have had before.

Credit scoring uses data from three sources:

  • Your application form
  • Credit Reference Agencies
  • Data we may already hold


It gives an overall assessment based on this. Banks and other lenders use this to help us make responsible lending decisions that are fair and informed. Credit scoring methods are tested regularly to make sure they are fair and unbiased.

  • You have rights over automated decisions:
  • You can ask that we do not make our decision based on the automated score alone.
  • You can object to an automated decision and ask that a person reviews it.

We use our customers’ data to understand how our website is operating, to track how certain products are performing and to generate business strategy based on statistical analysis

For this we profile using data generated throughout your contact with Recognise by our online applications and in strict accordance with the Bank’s Cookie Policy.

Profiling is also relied upon in the processes used by Credit Reference Agencies where automated decisioning methods are used to check for Fraud or Money Laundering activity. You have rights in relation to auto decisioning so contact us if you want to learn more.

We also profile your data to help us identify opportunities for us to maximise the benefits to you of being an Recognise customer, such as, for example, through the provision of special offers, unless you have told us that you do not want us to do this.

We can do this activity based on our legitimate interests (and they are listed in the What we do with your data section above) only where the profiling and other automated decision making does not have a legal or other significant effect on you. In all other cases, we can do this activity only where based on your consent. In those cases, you have the right to obtain human intervention to contest the decision (see ‘rights in relation to automated decision making which has a legal effect or otherwise significantly affects you’ below). Profiling for direct marketing can mean there is a separate right to object (see ‘rights to object’ above).

Your personal data may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy notice.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Although we take appropriate steps to protect your personal data, we cannot guarantee that your personal data will not become accessible to unauthorised persons and we cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or any public computer network.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We have mentioned that we share your personal data with Fraud Prevention Agencies and Credit Reference Agencies. They require us to pass on to you information about how they will use your personal data to perform their services or functions as Data Controllers in their own right. These notices are separate from our own.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

AccessiBe is a web accessibility tool designed to simplify and streamline the process of achieving accessibility.  As a bank, one of our goals is to cater tousers with diverse disabilities, ensuring adherence to the WCAG 2.1 guidelines and global legislation. The accessiBe widget offers tailored options (such as large print and spoken word) to enhance website experiences, allowing users to easily toggle these features on or off. When a Visitor, or someone acting on their behalf, accesses or utilises the widget, accessiBe collects various types of information, including Personal Information. Details about the information collected can be found in their Privacy Notice, accessible here.

Please refer to our Cookies Policy for details of how we use Cookies Cookie Policy | Recognise Bank

When you submit an enquiry on behalf of an applicant to Recognise Bank this will constitute processing and sharing of personal data. You do so as a controller of the personal data which you collect, process, and provide to Recognise Bank and are solely responsible for the processing and disclosure of that personal data and ensuring that such processing is undertaken in accordance with the requirements of Data Protection Laws.

You shall ensure that in respect of any personal data transferred to Recognise Bank that you will (i) ensure that any such personal data has been collected and disclosed to Recognise Bank in accordance with Data Protection Laws and your own privacy notice which has been provided to the applicant; (ii) obtain any prior consent, as applicable (in particular for the processing of any special category data) in order to enable the lawful sharing of the personal data to Recognise Bank and to ensure that Recognise Bank can use such personal data for consideration of a prospective customer’s application and (iii) ensure that any such personal data collected and disclosed to Recognise Bank is accurate and up to date. We will receive the personal data as a controller.

Each party shall be separately and independently responsible under Data Protection Law for any personal data in respect of which each party is a controller while the personal data is in their possession or under their control. The parties shall, where necessary, cooperate with, and provide reasonable assistance to one another to enable each party to comply with their obligations under Data Protection Laws.

We will not disclose such information to anyone else other than our agents, affiliates or other third parties to assist in the provision and servicing of the business you have introduced to us.

Prior to sharing an applicant’s personal data and /or any necessary special category data (which is relevant to the application) to Recognise Bank, you will draw to the applicant’s attention to such information relating to the Data Protection Laws as may be contained in the relevant documents and, in particular, make the applicant aware of the purposes for which Recognise Bank will process personal data and to whom that personal data may be disclosed.

For the avoidance of doubt, we may use personal data supplied to us by or on behalf of an applicant for the purposes set out in this privacy policy.

  • If you want to receive a copy of the information we hold, exercise any of your information rights explained in this notice or have any concerns or complaints about our use of your information, please contact our Data Protection team mentioning “Data Protection Queries”:
    1. By letter addressed to Data Protection Team, Recognise Bank Limited, 2nd Floor, Augustine House, 6A Austin Friars, London, EC2N 2HA or
    2. By emailing: [email protected] or our DPO at 2nd Floor, Augustine House, 6A Austin Friars, London, EC2N 2HA. If we cannot resolve a complaint to your satisfaction you can contact the ICO at www.ico.org.uk or by telephoning 0303 123 113 if the complaint relates to the way we have handled your personal information.
Steve Pateman

Steve has had an extensive executive career in banking, leading corporate and commercial banking businesses at RBS/NatWest, managing Santander’s UK banking businesses and as CEO of Shawbrook Bank, Hodge Banking Group and most recently successfully leading the banking licence application for StreamBank.

He is a non-executive Director at Bank of Ireland both in the UK and Dublin and Thin Cats, a specialist SME lending business and is retained as an advisor to Black Lion Ventures. He was previously President of the Chartered Banker Institute.

Steve took up the role of Chair (subject to regulatory approval) at Recognise Bank in November 2024, having served as an Investor Non-Executive Director since January 2024.