Privacy Notice

Read about how we use your information.

Privacy Notice for ages 7-11

Privacy Notice for ages 12-17

Your parent or guardian should read this Privacy Notice and/or the above notices on your behalf, or with you if you're old enough to understand it.

Good to know
We never send information about new mortgages or savings products and services we’ve developed to anyone under age 18.

Your right to privacy is important to us. When you share your details with us, we want you to be confident that we look after the information securely and we only use or share it in the ways we set out in this Notice.

There are also several things that, by law, we have to explain to you.

The Group is:

Coventry Building Society

Godiva Mortgages Limited

ITL Mortgages Limited

When we use the terms we, us, our and the Group in this Notice, we mean Coventry Building Society Group.

Under data protection law, an organisation that decides how the personal information it collects and holds is used is called a 'data controller'. For the personal data you give us, either Coventry Building Society, Godiva Mortgages Limited or ITL Mortgages Limited will be the data controller. It depends on which organisation you apply to, account you hold or service you use.

As part of looking after accounts, we work together as a Group so any of the three companies can be the one ‘processing’ your information.

Why we need to collect information

To set up and run accounts and services for you, we need specific details.

If you don’t give us the information we need, or if you don’t allow us to ‘process’ your information, we can’t open an account or set up a service for you. For what we mean by ‘process’, see ‘How we use your information’.

We’ll ask you directly for most of the information we need. Sometimes we also collect more data about you from external sources, such as credit reference agencies. At times we may be given data by a third party such as a family member and we'll record this information where we feel it's necessary.

There may also be times when you may not be a customer of the Society and we hold and use your personal information as a result of your appointment and/or relationship to a customer/their account.

For the purposes of promotional and marketing activities, including running competitions, prize draws and ticket giveaways, we may ask for information from you to be able to participate or opt in to receive information from us.

The parts of this Privacy Notice that apply will depend on the reason why we hold your personal information.
 

If you give us information about someone else 

You might give us information about another person, for example, if you’re applying for a joint account or for an account on behalf of a child.

We expect that:

• You have their permission to give us this information
• The other person understands how we’ll use their information
• The other person has no objection to us holding and using their information.

What information we hold about you

The type of personal information you can expect us to hold and collect includes:

• Personal information to identify and contact you, such as your name, address, contact details, National Insurance number (for ISAs) and date of birth. This could also include biometric information, like your fingerprint (more about this in special category data).
  
  
• Personal information gathered from when you’ve applied for a product or service, including where an application was declined, or you didn’t continue with the application.

• Information about the accounts you hold or held with us, and details about the money going in and out including any insurance claims you make.

• Information about your financial position, income, commitments and financial history, which may include the source of funds and wealth.

• Credit history information.

• Records of our contact with you, for example, notes on our systems, emails, letters, texts, social media.

• Information relating to your marketing and communication preferences.

• Recorded telephone calls and captured CCTV footage.

• Your biometrics (such as voice data) if you have given us permission to do this.

• In certain circumstances we may also record your IP address, device information etc., where you use Online Services or our app.

• Information about your work or profession, your nationality and your education and social and economic demographic.

• Details of when you interact with us through any of our channels (e.g. our branch network, telephone banking, Online Services or our app).

• Details of the type of device you are using and how you interact when you use our app.

• Details of how you use our website and Online Services and cookies which track your activity. To find out more about how we use cookies on our websites and digital services, please see our Cookie Policy here.

• Information on your location, gathered when you use our app or where you access Online Services to complete transactions.

• Details you make public on social media such as Facebook, Instagram or X.

• Details of any products or services with other providers that you’ve told us about or we’ve sold to you (e.g. block insurance).

• Other information that you supply to us or that we obtain during our relationship with you (e.g. information relevant to an insurance claim or marketing preferences).

• Details of any vulnerabilities you make us aware of which can include 'special category data'.

When we talk about ‘information’ throughout this page, we’re referring to all of these items.

While we try to stay within the confines of processing only the above personal information, this list is not exhaustive.

Sometimes we'll also hold sensitive personal information, for example about your health. We'll usually ask for consent to do this.

In limited circumstances, this might be needed where we administer an insurance policy linked or formerly linked to your mortgage. Depending on the accounts you hold with us or services you use, we may also record more personal information such as:

• Your income
• Your employment
  
• Your financial commitments
  
• Details of a credit search.
  

We’ll keep your personal data if you...

• have an open account with us
• have enquired or applied for products with us
• have made a complaint

…so we can provide a service to you.

We’ll keep your data for added time...

• after you close your account
• after your product application date, or
• after the closure of your complaint

…in order to meet our legal and regulatory obligations.

While we hold your data...

we’ll keep it safe and secure, and we’ll regularly review the rules around how long we keep it for.

When we no longer need your data...

we’ll destroy it safely and securely, consistent with our rules on how long we keep your data.

If you’d like more information about how long we keep information, email:

Data.Protection@thecoventry.co.uk

We use your information:

• To assess every application you make for an account or service (including when you use Online Services), making checks so we can prevent fraud and money laundering, and to confirm who you are.  If you apply for a product via a third party they may make some of these checks on our behalf.
• To manage your accounts and your relationship with us.
• By helping you in challenging times and for debt recovery.
• In preventing and detecting fraud and financial crime.
• For tracing for debt recovery purposes.
• To develop and improve our services.
• To manage your marketing and communication preferences.
• To engage with you when you enter a competition, prize draw or ticket giveaway.
• To make sure we comply with the law that governs our activities.
• For risk management, including credit and liquidity modelling to comply with regulatory requests, reporting requirements and for auditing purposes. This may include profiling in relation to your account.
• To meet our legal and regulatory obligations.
• In testing our systems and processes.
  

We’re able to use your information for the purposes outlined above, where one of the following applies:

• We use the information to carry out our obligations to you, as part of an agreement between you and Coventry Building Society (e.g. your mortgage or savings account).
• We have to use the information to comply with the law.
• We use the information to carry out our legitimate business interests where we are able to by law.
• You've given us your consent to use the information.
• We use your information to protect your vital interests (in very exceptional circumstances).

Fraud and checking your identity and confirming it's you

We collect and use your personal information to check your identity when you open an account, product or service with us, and from time to time throughout our relationship with you.

There will also be times when you may not be a customer of ours, but we need to check your identity as a result of your appointment and/or relationship to a customer/account (e.g. where you are an executor).

We also collect and share your information with databases held by credit reference and fraud prevention agencies.

This is to meet UK money laundering regulations and help stop criminals from using financial products or services for their own benefit and to keep your money and personal details safe.

We may check your identity electronically or ask for documents which we’ll need to verify.

There may also be occasions where we check your identity for our legitimate business interests.
 

Data protection laws require us to explain what ‘legal grounds’ justify us processing your information, including sharing it with other organisations. The legal grounds are:

• Contracts
• Regulation
• Law
• Consent
• Legitimate interests.

This is a list of all the ways we use your information for each of these legal grounds:

Contracts

• To assess your application for an account or service - this depends on the type of account you apply for. For example, if you apply for credit (such as a mortgage), we have to make thorough checks. We assess your credit score, our risk of lending to you, and any risk that the application could be fraudulent.
• To set up and manage your accounts and keep our records up-to-date.
• To allow deposits and withdrawals to be made to and from your account both electronically and in cash.

Regulation and law

• To confirm your identity when you apply for an account or service or use Online Services.
• To meet our legal and regulatory obligations and for crime prevention/detection, fraud prevention, risk management including credit and liquidity modelling and money laundering.
• To make sure you have notice of our general meetings and are able to vote if you’re eligible.
• Where it's necessary in the public interest, and the law allows us to.

With your consent

We'll keep you informed about relevant accounts, services, competitions, prize draws or ticket giveaways and other promotional activities.

We ask for your permission to do this when you apply for an account or service with us.

You can change your mind at any time. Contact us if you don’t want us to send you information about new mortgage or savings products or services. To remove your details from any marketing activity, get in touch with us or log into Online Services or our app.

In some circumstances, due to Consumer Duty regulations, the Society may provide you with certain information about products and rates and these communications will not be construed as ‘marketing'.

Our legitimate interests

This means the purpose is essential or relevant to our business. For example, we use your information:

• To confirm who you are, and make checks so we can prevent fraud and money laundering. We need to do this before we enter into a contract with you.
• To carry out customer research to help us improve our accounts and services and to better understand our customers. To ask us not to include you in any customer research, please get in touch with us.
• To test computer systems to make sure our systems stay secure and function properly.
• For promotional and marketing purposes.
• To check and improve our customer service and provide training for our employees. We record CCTV footage in our branches and offices to protect our employees and customers.
• To perform credit modelling and risk management. While some of this information is required for regulatory reasons, we may also use it to make commercial decisions and for service monitoring purposes.
• To trace you for debt recovery purposes in the event of default on a mortgage.
  
  

Using your data for test purposes

We may use your personal information for testing purposes to help improve our products, services, systems and tools or introduce new ways of working. This may include training AI systems and we'll ensure data minimisation at all times and only use identifiable data where absolutely necessary.

We have rigorous processes in place to keep your personal information safe and secure and we won’t use it in a way that’s unfair.

Using your information for testing is in our legitimate business interests as it helps us to maintain and improve the confidentiality, integrity, availability and performance of systems. It's also a benefit to members where we're able to develop systems to improve member experience with us.
 

Storing sensitive personal information

We might need to do this to, for example, support your insurance claim, or to help us deal more sensitively with your particular circumstances. If we process sensitive personal information, we'll do it because we need to for the purpose, or we have your explicit consent.

We use technology to carry out automated processing

We use technology to make some decisions about you without involving a person to make the decision – this is called ‘automated decision-making’.

Examples of this are:

• To confirm your identity when you use Online Services
• Assessing lending risks
• Analysing transactions on your account
• Deciding what happens when a bond matures
• Choosing what information to send you about our accounts or services.

For more about this, see ‘Your rights under data protection law’.

We’ll also use data to analyse statistics. When we do this, we make sure information can’t be traced back to individuals.

We can do this activity only when:

• It’s essential for us to open or run your account, or
• It’s authorised by law.

Not happy about an automated decision?

If you apply for an account and there’s something about it that means you’d prefer a human to assess it rather than a computer, please let us know before you submit the application. (For example, if you apply for a mortgage and you have a County Court Judgement registered against you).

If we make a decision about you using automatic processing, you can ask us to have one of our team reconsider the decision.

We’ll only share your information with other organisations for the reasons detailed in this Notice.


When you log in to Online Services or use our app, we share some of your information in a secure, encrypted format with a third party. We need to do this so we can identify you and help prevent fraud.

To spell out what we don’t do with your information:

• We’ll never sell your data to anyone else

• We’ll never use your data to send you marketing information selling products or services by other organisations.

Confirming your identity

Under money laundering law, all financial organisations have to confirm a customer’s identity when you apply for an account and at various points throughout your journey as a customer. To do this, we may send your details to a specialist external agency or third-party supplier. If your details change, we’ll ask you to re-confirm your identity. For example, you apply for another account with us, or you change your name.

If you've provided us permission to use your biometrics (such as your voice data) in order to identity yourself, we'll also share your personal data to a specialist external organisation in order to prevent fraud and protect your personal data.

We may need to check your identity even if you're not a customer of ours. (e.g. if you're an executor going through our bereavement process to close an account).

Credit checking

Sometimes, we'll need to share your personal information with a credit reference agency to check that a product or service is right for you.

If you apply for a mortgage, we contact a credit reference agency for details of your credit history. The agency keeps a record of our enquiry (‘search’) and your application, and whether or not you've taken out the mortgage.

We do this for the following reasons: 

• Assess your credit worthiness and consider whether we believe you can afford to take out a product or service
• Check the accuracy of information you've provided to us
• Prevent criminal activity and financial crime
• Manage your ongoing relationship with us.

When your mortgage is set up, we give the agencies more information about you. For example, if you pay your mortgage on time. If you apply to another company for credit, they'll then be able to see this information.

Remember, if you apply for a joint mortgage account, your financial information will be ‘linked’ to the other applicant(s) by the credit reference agency, which creates an association between you. We, or other financial organisations, might take this into account when you or any of the other applicants are credit-checked again in future. To prevent this, you must ask the agency to unlink your financial records.

The credit reference agencies we normally use are below, along with how to find their ‘Credit Reference Agency Information Notice’ (CRAIN).

• Equifax Ltd
  www.equifax.co.uk/privacy-hub/crain
  Customer Service Centre
  PO Box 10036
  Leicester
  LE3 4FS

• Experian
  www.experian.co.uk/crain
  Consumer Help Service
  PO Box 8000
  Nottingham
  NG1 5GX
  

• TransUnion
  www.transunion.co.uk/crain
  One Park Lane
  Leeds
  LS3 1EP
  

You can see the information these agencies hold about you, and read their Privacy Notices, on the websites above. Contact them directly and they’ll explain how to make a request and how much it costs.

Fraud prevention and reporting

Under money laundering law, all financial organisations have to report any suspicious transactions to help detect and prevent crime. We report to the National Crime Agency, the police and other law enforcement agencies.

If you're considered a fraud or money laundering risk, fraud prevention agencies can hold your data for up to six years.

When people give us false or inaccurate information and we identify it as fraud, we pass the details to fraud prevention agencies, such as Cifas, National Hunter, Synectics Solutions, as well as law enforcement agencies who may view and use this information.

We and other organisations may also use this information to:

• Detect, investigate and prevent crime, including fraud and money laundering
• Check details on applications for accounts with credit facilities
• Manage credit facilities
• Recover debt
• Check details on claims for all types of insurance.

We also use information recorded by fraud prevention agencies in other countries.

If we determine, based on our information or that of a fraud prevention agency, that you pose a fraud or money laundering risk, we may refuse you the services or financing you've asked for, stop any existing services or refuse to employ you.

The fraud prevention agencies will keep a record of any fraud or money laundering risk, and you may be refused services, financing or work.

For the details of the relevant fraud prevention agencies, ask us. To see the information these agencies hold about you, you’ll need to contact them directly.

Tax reporting

We have to give information about you and your savings accounts to HM Revenue & Customs. For example, to verify that our customers aren’t saving more than the annual allowance in ISAs, and to make sure people with tax residency in other countries are complying with the law.

Our suppliers

Examples of suppliers or other organisations we use are: 

• Third party financial services suppliers, for example, to manage payments (including use of our clearing bank and the use of payment services involving the transfer of electronic payments into or out of your account) or insurance providers or administrators of insurance services. They need access to your personal information to process it, so they can carry out services such as creating quotes, renewing policies and handling claims.
• Mailing, data management and IT suppliers.
• Marketing agencies or third party suppliers in relation to running competitions, prize draws and ticket giveaways and other promotions, your data will be used for these purposes and will not be sold to them.
• Market research suppliers for example, to carry out surveys, focus groups or other research for us.

We can change the companies we use or appoint to provide services.

When we appoint a company to provide a service on our behalf, they must meet our strict requirements about the security and privacy of our customers’ data.

Transferring data outside the EEA

Occasionally we or a supplier may need to transfer data to countries outside the European Economic Area (EEA). This could be, for example, for tax reporting purposes. Other countries may not have the same standard of data protection laws as we do here in the UK. In these circumstances, we use safeguards to make sure data is transferred securely and in line with UK data protection standards. For example, we’d always use encryption, where information is converted into a code and only readable by the organisation we send it to.

Where fraud prevention agencies transfer your personal data outside the European Economic Area they'll make sure the recipient's obligations to protect your data and share it securely are outlined in their contracts.

They may also need to sign up to 'international frameworks' which will give assurance that data will be shared securely.

Other occasions we need to share your information

When necessary, we may also share information with other organisations, including:

• Partners and suppliers that support the operation of our business and services.
• Specific third parties that you’ve authorised us to deal with (e.g. family members or representatives).
• The UK Financial Services Compensation Scheme.
• Our regulators (e.g. FCA,PRA, ICO).
• The Financial Ombudsman Scheme (FOS).
• Law enforcement agencies (e.g. police).
• Other lenders and financial services’ providers.
• Companies and organisations that introduce you to us such as a broker or financial advisor.
• Card associations (e.g. Visa) and payment processors (e.g. BACS).
• Market research providers.
• Civica Electoral Services (to help us run our annual AGM).

If you apply for a mortgage or hold a mortgage with us, sometimes we share information with some or all of these people or groups:

• Your employer to confirm your income and employment.
• Your mortgage intermediary or broker (if you use one) so they can provide their services to you.
• A legal representative acting either for us or you.
• A valuer.
• Debt counsellors or other specialist services, if for example you fall into payment difficulties or can’t repay your outstanding mortgage balance.
• A guarantor of your mortgage or their legal advisor.
• Credit reference agencies such Equifax or Experian.
• Other lenders who also have a charge on the property you have a mortgage with us on.
• Third parties, when we’re required to do so under the terms of any secured wholesale funding programmes.

We may share information with these groups at different times throughout the life of your mortgage.

If you apply for a savings account via a third-party company, we may receive or share information to set up your account and for general account administration:

• Where you make an application for the account via a third-party partner through an Employee Benefits Scheme provided by your Employer.
• Where you make an application via an investments Provider.

You have certain rights when it comes to your personal information and there are a number of requests you can make to us. When you submit a request, we’ll review it and get back to you as soon as possible – always within one month.

Your rights are:

The right to access your information

You can ask us for a copy of any information we hold on you. This is called a Subject Access Request (SAR). When we provide you with a copy of your personal information, we’ll also provide an explanation of how it's being used.

The right to rectify your information

You have the right to ask us to correct information that you feel is inaccurate or incomplete, or both. We'll review your request and get back to you to let you know what action we are taking.

The right to restrict how we use your information

In certain circumstances, you have the right to restrict us from processing your information any further or deleting it.

There are times where we'll still need to use your information. For example, to take care of your accounts, products or services, to help protect you from fraud and to fulfil legal and contractual obligations. If processing is restricted, we’ll continue to store your information and process it as required by law.

The right to object to how we use your information

In certain circumstances, you have the right to object to the way we process your information. For example, when we’re processing your information for direct marketing or if you feel that us processing your information for legitimate interests is causing you such a level of damage or distress that you would like us to stop.

Just so you know, there are some situations where we won't stop processing your information despite your objection, but we will respond and explain clearly why this is the case.

The right to erase your information

In certain circumstances, you have the right to have your information erased. This is also known as the right to be forgotten. Please note that we may not be able to agree to your request if we cannot delete your information for legal, regulatory or technical reasons.

The right to transfer your information

In certain circumstances, you have the right to ask us to transfer a copy of some of your information to you or to a new data controller (this is known as the right to portability).

This applies when you've shared your information with us, it’s been collected with your consent or where collecting it was necessary for the agreement between us.

The right to human intervention

In certain circumstances, you have the right to ask for an automated decision to be reviewed.

The right to complain to the regulator.

We're always here to help and you can contact us with any queries you have.

If things don't go as you expected, you can make a complaint by calling us, sending a message, writing to us or popping into a branch.

If you still have concerns after you have been through our complaint process, you also have the right to complain to data protection authorities. The authority overseeing data protection in the UK is the Information Commissioner's Office.

Their contact details are:

Information Commissioner Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 11 13

To withdraw your consent

Where we're relying on your consent to process any of your information, you have a right to withdraw that consent at any time.

If you're a member and you’ve consented to marketing, you can change your marketing preferences at any time via Online Services, by post, phone or by popping into branch.

Remember, often it’s essential that we hold or share your information. For example, if you’re applying for a mortgage and don’t want us to share your details with a credit reference agency, then we can’t go ahead with your application.

How to make a request under any of these rights

You can have a copy of the personal information we hold about you. This is your right under data protection regulations and it’s usually free of charge. To ask us about these rights or to make a formal request, get in touch using your preferred method below.

Just to let you know, that for security, you must give us some details before we can disclose our records.

Via our online portal

Submit request

By post

Fill in the form:

Download Data Subject Rights Request form

Send it to us at

FREEPOST CBS CUSTOMER SERVICES

Write the address exactly like this - in capital letters and all on one line.

By email

Or you can email the completed form to Data.Protection@thecoventry.co.uk.

Any questions?

Just contact us, we'll be happy to help.

By email

support@thecoventry.co.uk

By phone

0800 121 8899

At a branch

For details of our opening hours.

We’ll reply to you as soon as we can and within one month. If we can’t reply within one month, we’ll let you know.

To make a request to credit reference agencies, fraud prevention organisations, or brokers, you must contact them directly.

If you’re not happy

If you’re not happy about something we’re doing, please let us know. We sort out most problems very quickly. We aim to resolve any concerns promptly and fairly.

If you have a complaint about data protection or how we use your data, contact our Data Protection Office at Data.Protection@thecoventry.co.uk.

Or you can complain at any time to the Information Commissioner’s Office, an independent government organisation.

Find out more at:

ICO.org.uk

Or write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow SK9 5AF

Changes to our Privacy Notice

This Notice is effective from August 2024.

We update our Privacy Notice when anything changes or there’s new information we need to tell you. You can view and download the current Privacy Notice here.