Privacy Policy of Liberty gte financial Commerce Bank

1. Introduction

This Privacy Policy explains how Liberty gte financial Commerce Bank ("Liberty gte financial Commerce Bank", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use our banking products and services, visit our websites or mobile applications, or otherwise interact with us in England. We are committed to protecting your privacy and handling your information in a fair, transparent, and lawful manner.

By using our services or providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are and Contact Details

Liberty gte financial Commerce Bank operates as a bank in England and is responsible for determining how and why your personal data is processed.

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, you may contact our Data Protection Officer (DPO) using the following details:

Data Protection Officer Liberty gte financial Commerce Bank Email: [email protected] Postal address: Data Protection Officer, Liberty gte financial Commerce Bank, England

3. Personal Data We Collect

We may collect and process the following categories of personal data about you:

3.1 Identification and contact details

• Full name, title, date of birth, gender
• Residential address, correspondence address, previous addresses
• Email address, telephone and mobile numbers
• National identifiers such as passport details, national insurance number, driving licence details

3.2 Financial and account information

• Bank account numbers and sort codes held with Liberty gte financial Commerce Bank
• Account balances, transaction histories, payment instructions
• Credit and debit card details (in accordance with industry security standards)
• Direct debit details and standing orders
• Credit history and credit scores (where permitted and applicable)

3.3 Regulatory, compliance and risk data

• Information required for anti-money laundering (AML), counter-terrorist financing (CTF), and know-your-customer (KYC) checks
• Information about suspected or confirmed fraud and other financial crimes
• Sanctions screening data and politically exposed person (PEP) status, where required by law

3.4 Online and technical data

• Login credentials (username, password, security questions, PINs, and authentication tokens, stored and protected in line with industry standards)
• IP address, browser type and version, device identifiers, operating system
• Usage data relating to our websites, mobile apps, and online banking platforms
• Cookies and similar technologies (for more details, see Section 10 below)

3.5 Communication and interaction data

• Records of communications with us, including phone calls, emails, secure messages, online chats, and postal correspondence
• Feedback, complaints, and survey responses

3.6 Marketing and preference data

• Your preferences regarding receiving marketing communications from us
• Your responses to marketing campaigns and events

4. How We Collect Your Personal Data

We collect personal data from a variety of sources, including:

4.1 Directly from you

• When you open an account or apply for a product or service
• When you use our banking services, including in branch, online and via mobile apps
• When you contact us for support, make a complaint, or otherwise communicate with us
• When you participate in surveys, competitions, or promotions

4.2 From third parties

• Credit reference agencies
• Fraud prevention and sanctions screening agencies
• Publicly available sources (e.g., official registers and databases)
• Other banks and financial institutions involved in your transactions
• Professional advisers, brokers, or intermediaries acting on your behalf

4.3 Automatically

• When you use our websites, online banking, or mobile applications, we may automatically collect technical and usage data through cookies and similar technologies

5. Legal Bases for Processing

We process your personal data only when we have a lawful basis to do so under applicable data protection laws in England, including the UK GDPR and the Data Protection Act 2018. The main legal bases we rely on are:

5.1 Performance of a contract Where processing is necessary for us to provide our banking products and services to you, such as opening and maintaining your accounts, processing your transactions, and administering loans or credit facilities.

5.2 Compliance with legal obligations Where processing is required to comply with our legal, regulatory, and reporting obligations, including anti-money laundering, counter-terrorist financing, tax reporting, and other financial regulations.

5.3 Legitimate interests Where processing is necessary for our legitimate business interests or those of a third party, provided that your interests and fundamental rights do not override those interests. Examples include:

• Managing our risk and preventing fraud
• Improving and developing our products and services
• Ensuring the security of our systems and networks
• Handling your queries and complaints

5.4 Consent In certain circumstances, we may rely on your explicit consent, for example for certain types of marketing communications or for specific optional services. Where we rely on consent, you may withdraw it at any time (see Section 9).

6. How We Use Your Personal Data

We use your personal data for the following purposes:

6.1 Providing and managing banking services

• Opening, administering, and closing accounts
• Processing deposits, withdrawals, transfers, and payments
• Issuing and managing cards and payment instruments
• Providing online and mobile banking services

6.2 Compliance, risk management, and security

• Conducting identity verification, KYC, and AML/CTF checks
• Monitoring transactions for fraud and suspicious activities
• Screening against sanctions and politically exposed persons lists, where required
• Detecting, investigating, and preventing fraud and financial crime
• Maintaining the security and integrity of our systems, networks, and premises

6.3 Customer support and communication

• Communicating with you regarding your accounts, transactions, and services
• Responding to your requests, questions, and complaints
• Sending important information about changes to our terms, conditions, or policies

6.4 Business operations and improvement

• Analysing and improving our banking products, services, and customer experience
• Conducting market research and customer satisfaction surveys
• Training and quality assurance for our staff (including call recordings)

6.5 Marketing and promotional communications

• Sending information about products, services, and offers from Liberty gte financial Commerce Bank that may be of interest to you, where permitted by law
• Tailoring marketing communications based on your preferences, account usage, and interaction history, where allowed You can object to or opt out of marketing at any time (see Section 9).

7. Sharing Your Personal Data

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and with appropriate safeguards:

7.1 Group entities and affiliates

• Other entities within the Liberty gte financial Commerce Bank group, where applicable, for internal administration, risk management, and service provision

7.2 Service providers and professional advisers

• IT and cloud service providers supporting our systems and infrastructure
• Payment processors and card scheme providers
• Identity verification and credit reference agencies
• Professional advisers, such as lawyers, auditors, and consultants

7.3 Other financial institutions and third parties

• Other banks and financial institutions involved in processing your payments and transactions
• Correspondent banks and clearing houses

7.4 Regulatory and public authorities

• Financial regulators, tax authorities, law enforcement agencies, and courts, where required by law or in response to valid legal requests

7.5 Fraud prevention and credit reference agencies

• Organisations that help prevent fraud, money laundering, and financial crime
• Credit reference agencies, where we conduct credit checks or report credit information

We do not sell your personal data to third parties.

8. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom or the European Economic Area. Where such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable data protection laws, such as:

• Using standard contractual clauses approved by relevant authorities
• Transferring data to countries recognised as providing an adequate level of data protection
• Implementing additional technical and organisational measures to protect your data

You may contact us for more information about the specific safeguards applied to international transfers.

9. Your Data Protection Rights

Subject to applicable law and certain limitations, you have the following rights concerning your personal data:

9.1 Right of access You may request confirmation as to whether we process your personal data and obtain a copy of such data, along with information about how we use it.

9.2 Right to rectification You may request that we correct or complete any inaccurate or incomplete personal data we hold about you.

9.3 Right to erasure You may request that we delete your personal data where there is no longer a lawful basis for us to retain or process it. Certain legal and regulatory obligations may require us to keep some data for a specified period.

9.4 Right to restriction of processing You may request that we restrict the processing of your personal data in specific circumstances, for example while we verify the accuracy of your data or handle an objection.

9.5 Right to data portability You may request to receive certain personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller where technically feasible.

9.6 Right to object You may object, on grounds relating to your particular situation, to processing based on our legitimate interests. We will stop processing your data unless we demonstrate compelling legitimate grounds that override your interests or where processing is necessary for legal claims.

You have an absolute right to object at any time to the processing of your personal data for direct marketing purposes.

9.7 Right to withdraw consent Where we rely on your consent for processing, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of your rights, please contact us using the details provided in Section 2. We may need to verify your identity before responding to your request.

10. Cookies and Similar Technologies

We use cookies and similar technologies on our websites and online banking platforms to:

• Enable essential site functionality and security
• Understand how you use our services and improve performance
• Remember your preferences and personalise your experience

Where required by law, we will seek your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings or the cookie management tools provided on our websites. Disabling certain cookies may affect the functionality of our online services.

11. Data Security

We implement technical and organisational measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These measures may include:

• Encryption of data in transit and at rest where appropriate
• Access controls and authentication mechanisms
• Secure network and infrastructure management
• Regular monitoring, testing, and review of our security controls
• Staff training and confidentiality obligations

Despite our efforts, no security system is entirely infallible. You also play a role in protecting your information by keeping your login details, passwords, and PINs secure and not sharing them with others.

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, accounting, or reporting requirements.

When determining appropriate retention periods, we consider:

• The nature and sensitivity of the data
• The purposes for which we process it
• The applicable legal and regulatory retention requirements

When your personal data is no longer required, we will securely delete or anonymise it.

13. Children’s Privacy

Our banking services are generally not directed at children under the age at which they may lawfully enter into banking contracts in England, except where specific youth or student products are offered with appropriate consent and safeguards. Where we knowingly collect personal data relating to minors, we will do so in compliance with applicable laws and, where required, with the consent or involvement of a parent or legal guardian.

14. Links to Third-Party Sites

Our websites and online services may contain links to third-party websites or services that are not operated by Liberty gte financial Commerce Bank. We are not responsible for the privacy practices or content of such third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory developments, or improvements in how we communicate information to you. The updated version will be published on our website and will indicate the date of the latest revision.

We encourage you to review this Privacy Policy periodically to stay informed about how we use and protect your personal data.

16. Complaints and Your Right to Contact the Regulator

If you have any concerns about how we process your personal data, please contact us first so that we can attempt to resolve your concerns.

You also have the right to lodge a complaint with the UK data protection regulator:

Information Commissioner’s Office (ICO) Website: https://www.ico.org.uk

This Privacy Policy applies to Liberty gte financial Commerce Bank’s activities in England and is intended to provide you with clear information about how we handle your personal data when you use our gte financial banking services.