Website Privacy Notice – How, when and why we collect and process personal data
This privacy notice provides information as to how, when and why Barclays Investment Bank (“we” or “us”) will collect and process personal data.
If you have received a separate client privacy notice from us, please refer to that notice for information on how we will collect and process your personal data for the provision of our products or services.
Investment Bank clients of Barclays Bank PLC and Barclays Capital Securities Limited can refer to the online client privacy notice at the link below:
We are committed to safeguarding the privacy of your personal data. By 'your personal data' we mean any information about you that you or third parties provide to us, that we will handle in accordance with the Barclays Privacy Principles:
We will only collect and use your personal data where we have lawful grounds and legitimate business reasons to do so
We will be transparent in our dealings with you and will tell you about how we will collect and use your personal data
If we have collected your personal data for a particular purpose we will not use it for anything else unless you have been informed and, where relevant, your permission obtained
We will not ask for more personal data than we need for the purposes for which we are collecting it
We will update our records when you inform us that your details have changed
We will continue to review and assess the quality of the personal data that we hold
We will implement and adhere to information retention policies relating to your personal data and will ensure that your personal data is securely disposed of at the end of the appropriate retention period
We will observe the rights granted to you under applicable privacy and data protection laws and will ensure that queries relating to privacy issues are promptly and transparently dealt with
We will train our staff on their privacy obligations
We will ensure we have appropriate physical and technological security measures to protect your personal data regardless of where it is held
We will ensure that when we outsource any processes we ensure the supplier has appropriate security measures in place and will contractually require them to comply with these Privacy Principles
We will ensure that suitable safeguards are in place before personal data is transferred to other countries.
3. Personal data we collect
We will process personal data about individuals using our products and services, as well as individuals associated with our institutional clients, including: legal representatives, signatories, authorised personnel, directors, beneficial owners, trustees, other employees, associates of and any other person duly authorised to act on behalf of the client. Personal data will be collected directly from the individual or from the client institution, from publicly available sources, or from third parties providing services to us.
If you register to use our secure online services we will ask you to provide some personal data for security, identification and verification purposes. When you complete any online forms, we will tell you how your information will be used, unless this is obvious.
If you are asked to provide personal data about others you must ensure that you have their consent or you are otherwise entitled to provide their information to Barclays.
We will also collect personal data from persons that visit and use our websites. This will include:
Information provided in order to register for and use our online services
Information provided within ‘contact us’ forms
4. The categories of personal data collected
The categories of personal data that we will collect and process in order to provide our products and services include:
Personal details (e.g. name, date of birth, passport information, identification information, biographical information, information about personal interests)
Contact details (e.g. phone number, email address, postal address, mobile number)
Client-related details (e.g. relationship with the client or related parties, business information, information about any shareholdings, business contact details)
Transactional details (e.g. information about services, requests, queries or complaints)
5. What we use personal data for
Personal data is used to manage the relationship with our clients, and to comply with regulatory or legal requirements imposed on us in each jurisdiction. This will include the following:
Conducting ‘Know Your Customer’ activities, including anti-money laundering checks
Managing the banking and financial relationships with our clients
Administering our clients’ products and services
For the prevention, detection and investigation of crimes, including money-laundering, terrorist financing, fraud, corruption and tax evasion
Processing instructions from clients
In connection with legal and dispute management
For compliance with legal, regulatory and tax reporting obligations
For research and statistical analysis with the aim of improving our services
Personal data will also be used to invite individuals to events, to inform them about other products, services and opportunities that we think will be of interest to their organisation, and also to send communications providing industry and economic analysis and insights. Individuals can opt-out at any time to the receipt of such communications. For communications sent by email, an opportunity to unsubscribe will be provided within the email.
Where we are required or permitted by local law and regulation to do so, we will monitor or record your communications with us, including telephone calls and emails. We will use these recordings to check instructions to us and for other evidential purposes, to assess and improve our services to you, and for training and quality purposes.
We use surveillance cameras in and around our premises for the prevention and detection of crime, which will monitor and collect footage, images or voice recordings in accordance with local legal requirements.
We retain personal data for as long as permitted for legal and regulatory purposes, or where we have a legitimate business reason to do so.
6. Personal data sharing and data transfers
We operate internationally and will need to share information with other Barclays offices, entities, affiliates, and external vendors, to conduct our business, support our clients, and where we outsource operational functions.
Where a global service is provided to our clients, personal data can be accessed from Barclays offices internationally where necessary for the performance of a transaction with the client, or for compliance with regulatory or legal requirements imposed on us. A full list of our locations is available here. This list may be modified and updated.
We will share personal data with external authorities when we are required, requested or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority.
We will provide personal data to our suppliers and agents. Where we engage with a supplier or agent to process personal data on our behalf, we will undertake due diligence, monitoring and assurance activities to ensure that the personal data is appropriately protected, and contractual clauses will be agreed between the parties to ensure that data protection and confidentiality is maintained.
Personal data will be provided to any third party as a result of any restructure, sale or acquisition of any company within the Barclays Group.
Some affiliates or service providers to which personal data are sent will be established in other countries. If we transfer personal data to a person, Barclays office, or other organisation in another country we will ensure that they agree to apply equivalent levels of protection and that they use process personal data strictly in accordance with our instructions.
7. Individuals’ rights in relation to their personal data
Where granted by applicable law, individuals may have a legal right to access, correct, update and delete their personal data. In order to exercise these rights we may require proof of identity.
By exception, in some jurisdictions certain requests concerning personal data may need to be addressed to bodies other than Barclays. For example, subject access requests for personal data processed by Barclays for anti-money laundering purposes may need to be made to the local data protection authority.
For Investment Bank clients, please refer to your client privacy notice for further details on your data protection rights and how you can exercise them.