Synovus Keystone Savings Bank

Privacy Policy for Synovus Keystone Savings Bank

  1. Introduction

This Privacy Policy explains how Synovus Keystone Savings Bank ("Synovus", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our banking services, visit our branches, access our websites, mobile applications, or otherwise interact with us. We are committed to protecting your privacy and handling your information in a transparent and secure manner.

As a bank operating in England, we process your personal data in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

  1. Who We Are

Synovus Keystone Savings Bank is a banking institution providing savings, current accounts, lending, payment, and related financial services. For the purposes of data protection law, we are the "data controller" in respect of your personal data. This means we determine the purposes and means of processing your personal data.

  1. Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Identification and Contact Information

  • Full name, title, date of birth, and gender
  • Residential and correspondence addresses
  • Email address and telephone numbers
  • National identifiers (such as National Insurance number or tax identification number)
  • Copies of identification documents (e.g. passport, driving licence, residence permit)

3.2 Financial and Transaction Information

  • Bank account numbers and sort codes
  • Card numbers and card-related information (partially masked where appropriate)
  • Account balances, deposits, withdrawals, loan details, and repayment history
  • Payment instructions, transfers, direct debits, and standing orders
  • Salary, income, and employment details provided as part of product applications

3.3 Regulatory and Due Diligence Information

  • Information required for anti-money laundering (AML), know-your-customer (KYC), and sanctions screening
  • Information obtained from identity verification and credit reference agencies
  • Information regarding suspected or actual fraud and other financial crime

3.4 Technical and Usage Information

  • IP address, device identifiers, browser type and version
  • Login information, access times, and security logs
  • Information about your use of our online and mobile banking services, including pages viewed, features used, and technical performance data

3.5 Communication and Interaction Information

  • Records of communications with us, including phone calls, emails, secure messages, and branch visit notes
  • Copies of communications, instructions, complaints, feedback, and surveys you complete

3.6 Special Category Data We generally do not seek to collect special category data (such as health information or data revealing racial or ethnic origin) unless it is strictly necessary and you have provided your explicit consent, or where the law otherwise permits or requires it (for example, to support vulnerable customers or to comply with legal obligations).

  1. How We Collect Your Personal Data

We collect personal data from various sources, including:

4.1 Directly From You

  • When you apply for or use our products and services
  • When you complete forms, provide documentation, or communicate with us by phone, email, online banking, mobile app, or in person at a branch
  • When you participate in customer surveys, promotions, or feedback activities

4.2 From Third Parties

  • Credit reference agencies
  • Fraud prevention agencies and anti-money laundering service providers
  • Publicly available sources (such as public registers and government databases)
  • Payment service providers, card schemes, and other financial institutions involved in processing your transactions
  • Employers or professional advisors, where relevant to the service provided

4.3 From Your Use of Our Services

  • Through cookies and similar technologies when you use our websites or mobile applications
  • Through security and transaction monitoring tools used to detect fraud or suspicious activity
  1. Legal Bases for Processing

We process your personal data only where we have a lawful basis to do so under UK data protection law. These legal bases may include:

5.1 Performance of a Contract Processing that is necessary to enter into or perform a contract with you, such as:

  • Opening and operating your bank accounts
  • Processing payments, transfers, and card transactions
  • Providing online and mobile banking services

5.2 Compliance With Legal Obligations Processing that is necessary for us to comply with legal and regulatory requirements, including:

  • Anti-money laundering (AML) and counter-terrorist financing obligations
  • Detection and reporting of fraud and other financial crime
  • Compliance with tax, accounting, and reporting obligations
  • Responding to requests from regulators, law enforcement, or courts

5.3 Legitimate Interests Processing that is necessary for our legitimate interests, or those of a third party, provided such interests are not overridden by your rights and freedoms. These interests may include:

  • Managing and improving our banking operations, products, and services
  • Protecting our business, customers, and systems against fraud and security threats
  • Conducting risk management, audits, and internal controls
  • Handling customer service, complaints, and dispute resolution
  • Direct marketing of similar products or services where permitted by law

5.4 Consent Where we rely on your consent, for example:

  • Certain types of electronic marketing communications
  • Processing of certain special category data where required You may withdraw your consent at any time, as described in the "Your Rights" section below.
  1. How We Use Your Personal Data

We may use your personal data for the following purposes:

  • To assess and process applications for accounts, loans, and other services
  • To verify your identity and conduct KYC, AML, and sanctions checks
  • To manage and administer your accounts, including processing transactions and providing statements
  • To provide, maintain, and improve our online and mobile banking platforms
  • To monitor and protect the security and integrity of our systems, transactions, and communications
  • To detect, prevent, and investigate fraud, financial crime, and misuse of our services
  • To manage our relationship with you, including customer service and communications
  • To send you information about changes to our terms, policies, and services
  • To conduct analysis and profiling for risk assessment, credit scoring, and product development (within legal limits)
  • To carry out internal reporting, analytics, testing, and business planning
  • To comply with our legal and regulatory obligations
  • To send you marketing communications about Synovus products and services, where permitted by law and your preferences
  1. Automated Decision-Making and Profiling

We may use automated systems to make certain decisions about you or your accounts, for example:

  • Creditworthiness and risk assessments when you apply for loans or credit products
  • Transaction monitoring to detect potential fraud or suspicious activity

These processes help us manage risk, comply with legal obligations, and provide efficient services. Where automated decisions have legal or similarly significant effects on you, we will ensure that appropriate safeguards are in place, including the right to request human review, express your point of view, and contest the decision, as required by law.

  1. Cookies and Similar Technologies

When you visit our websites or use our mobile applications, we may use cookies and similar technologies to:

  • Enable essential site and app functionalities
  • Remember your preferences and improve user experience
  • Analyse how our services are used and measure performance
  • Support security and fraud prevention

You can manage your cookie preferences through your browser or device settings. Some cookies are essential for the operation of our digital services, and disabling them may affect the functionality available to you.

  1. How We Share Your Personal Data

We may share your personal data with the following categories of recipients, always subject to appropriate safeguards:

9.1 Within Synovus Keystone Savings Bank

  • Our internal departments and authorised personnel who need access to your data for the purposes described in this Privacy Policy

9.2 Service Providers and Professional Advisors

  • IT and cloud service providers supporting our systems and infrastructure
  • Payment processors, card schemes, and clearing systems
  • Document storage, archiving, and destruction services
  • Auditors, legal advisers, consultants, and other professional service firms

9.3 Other Financial Institutions and Third Parties

  • Other banks, building societies, or payment service providers involved in processing your transactions
  • Credit reference agencies and fraud prevention agencies
  • Debt collection agencies where necessary to recover sums owed

9.4 Regulators, Authorities, and Law Enforcement

  • Regulatory bodies, tax authorities, courts, and law enforcement agencies where we are required or permitted to do so by law

We do not sell your personal data to third parties.

  1. International Transfers

Where it is necessary to transfer your personal data outside the UK (for example, where our service providers or group-related functions are located overseas), we will ensure that:

  • The destination country has been recognised as providing an adequate level of data protection; or
  • Appropriate safeguards are in place, such as standard contractual clauses approved by relevant authorities, together with additional security measures where required.

You may contact us for more information about the specific safeguards used in connection with any international data transfers.

  1. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures may include:

  • Encryption, pseudonymisation, and access controls
  • Secure networks, firewalls, and intrusion detection systems
  • Strong authentication procedures and access logging
  • Regular testing, monitoring, and staff training on data protection and information security

While we strive to protect your information, no system can be completely secure. You are responsible for keeping your login credentials and security information confidential and for notifying us promptly of any suspected unauthorised use of your accounts.

  1. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including to meet legal, regulatory, accounting, or reporting requirements. In determining appropriate retention periods, we consider:

  • The nature and sensitivity of the personal data
  • The potential risk of harm from unauthorised use or disclosure
  • The purposes for which we process your data and whether we can achieve those purposes through other means
  • Applicable legal and regulatory retention requirements, especially in relation to banking and financial records

When your personal data is no longer required, we will securely delete, anonymise, or otherwise dispose of it.

  1. Your Rights

Under UK data protection law, you may have the following rights in relation to your personal data, subject to certain conditions and exceptions:

  • Right of access: to obtain confirmation as to whether we process your personal data and to request a copy of that data
  • Right to rectification: to have inaccurate or incomplete personal data corrected
  • Right to erasure: to request the deletion of your personal data where there is no compelling reason for its continued processing
  • Right to restriction: to request that we restrict the processing of your personal data in certain circumstances
  • Right to data portability: to receive personal data you provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller where technically feasible
  • Right to object: to object to processing based on our legitimate interests or for direct marketing purposes
  • Rights relating to automated decision-making: to request human intervention, express your views, and contest decisions made solely by automated means that produce legal or similarly significant effects

To exercise your rights, please contact us using the contact details provided in the "Contact Us" section. We may need to verify your identity before responding to your request. We aim to respond within the time frame required by law.

  1. Marketing Communications

We may use your contact details to send you information about Synovus products and services that may be of interest to you, in accordance with your marketing preferences and applicable law.

You can opt out of receiving marketing communications at any time by:

  • Following the unsubscribe or opt-out instructions in the communication; or
  • Contacting us using the details provided in the "Contact Us" section.

Even if you opt out of marketing, we may still send you non-marketing communications related to your accounts, transactions, or important updates to our terms or policies.

  1. Children’s Privacy

Our services are not primarily intended for children. Where we do collect and process personal data of individuals under 18 (for example, in connection with certain account types), we do so only with appropriate legal bases and, where necessary, with the involvement or consent of a parent or guardian, in accordance with applicable law.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or improvements to our services. When we make material changes, we will take appropriate steps to inform you, such as by posting a notice on our website or contacting you directly.

The "last updated" date at the end of this Policy indicates when it was most recently revised.

  1. Contact Us and Complaints

If you have any questions about this Privacy Policy or how Synovus Keystone Savings Bank handles your personal data, or if you wish to exercise your data protection rights, please contact us using the contact information provided on our official website or in your account documentation.

You also have the right to lodge a complaint with the UK data protection supervisory authority, the Information Commissioner’s Office (ICO), if you are unhappy with how we handle your personal data. Details on how to contact the ICO can be found on its official website.

Last updated: [Please insert date of last update].

Your privacy at Synovus Keystone Savings Bank

Synovus Keystone Savings Bank uses cookies and similar technologies to provide secure, reliable, and personalised services on our website. We use this information to improve site performance, remember your preferences, and understand how visitors use our pages. You can adjust your cookie settings at any time, and we will always handle your personal data in line with our detailed privacy policy and applicable UK data protection laws. View full Synovus privacy policy