Data Privacy Notice
Data Privacy Notice
At Unity Trust Bank, we take the protection of your personal data seriously.
This Data Privacy Notice applies to all personal data held by Unity Trust Bank and explains, in a clear and transparent way, how we responsibly collect, store, and process personal data, the rights you have in relation to your information, and how you can contact us.
1. Who we are
We, Unity Trust Bank, registered office: Four Brindley Place, Birmingham, B1 2JB, are the data controller for your personal data.
2. What information we collect
We will only collect information about you as allowed by regulations and law. We collect and process information from a range of sources such as:
2.1 Information you give us when you open an account with us or apply for or use one of our products or services (our “services”). This will be your name and any previous names, marital status, address, telephone numbers, date of birth, gender, personal address, personal email address, country of residence, information to identify you (passport information/photo identification) and position/title within the organisation for all people who are named on the account (“Account Details”).
2.2 Information you provide when you voluntarily complete customer surveys, provide feedback and participate in customer focus groups (“Feedback”).
2.3 Correspondence you may have with us (including recordings of your calls with us) and any complaints you have raised to our attention (“Correspondence”).
2.4 Information from credit reference agencies who gather information for us (for example, the Driver Vehicle Licensing Agency (DVLA) and local authorities who run the UK electoral rolls) (“Compliance Information”).
2.5 Your name, business name, business address, business email address, and business telephone number, where this information has been obtained from third parties for marketing purposes or collected directly from you where you have not completed an application (“Lead Generation Data”).
2.6 Information from your device, such as your internet protocol (IP) address, login details, browser type and version, time zone and location settings, browser plug-ins, operating system and platform, device identifiers, and other technology used to access our website (“Technical Data”).
2.7 Information from identity verification processes used to confirm your identity and protect your account, including the secure collection of your image and identification documents during account opening. (“Biometrics Data”).
2.8 Information from trusted third-party providers such as data brokers, to obtain information in order to support our business activities such as due diligence, credit risk assessment and commercial operations (“Third Party Providers”).
2.9 Information relating to you sourced from publicly accessible sources, including public registers and other information that has been made publicly available in accordance with applicable laws (“Public Data”).
3. How we collect your information
We use different methods to collect information from and about you, this includes:
3.1 Your interactions with us via online forms or through correspondence by post, phone, or email.
3.2 When you apply for or use our products or services.
3.3 If you subscribe to our service or publications or request marketing.
3.4 If you give us feedback though surveys or contact us directly.
3.5 Information from public sources and trusted third parties.
3.6 When you use our website, we collect Technical Data. This information is collected through the use of cookies. Further details are available in our Cookie Policy.
4. How we’ll use your information
We are required by law to have a legal basis for processing your personal data and rely on one or more of the following:
4.1 Where it is necessary to fulfil a contract that we have in place with you.
4.2 Where the processing is necessary for compliance with our legal obligations.
4.3 For our legitimate business interests.
4.4 If you have given us your consent.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| Purpose/Use | Type of data | Lawful basis |
| To register you as a new customer, confirm your identity and keep your account secure, preventing fraud, and complying with our legal obligations for customer verification. | (a) Account Details (b) Biometrics Data (c) Compliance Information (d) Third Party Providers |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation to carry out mandatory customer identity checks |
| To provide you with our Services and updates concerning our Services. | (a) Account Details (b) Correspondence |
(a) Performance of a contract with you (b) Necessary for our legitimate interests in providing you with our Services and updates concerning them |
| To use call recordings for internal training purposes and to ensure we handle your query correctly. | (a) Account Details (b) Feedback (c) Correspondence |
(a) Performance of a contract with you (b) Necessary for our legitimate interests to train our staff and to manage our relationship with you |
| To use AI-powered transcripts of calls to our contact centre for the purposes of: • Quality monitoring and staff training • Resolving complaints or disputes relating to contact centre interactions • Compliance with our internal policies and regulatory obligations. Please note that AI is solely used to generate a transcript. No automated decisions are made as a result of this processing. All outputs are reviewed by our staff. |
(a) Account Details (b) Feedback (c) Correspondence (d) Compliance Information (e) Third Party Providers |
Necessary for our legitimate interests to maintain and improve the quality and accuracy of our contact centre service and train our staff, as well as to keep a record of instructions and agreements reached with you. |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Data Privacy Notice (b) Dealing with your requests, complaints and queries. |
(a) Account Details (b) Feedback (c) Correspondence |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests to keep our records updated and manage our relationship with you |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | (a) Account Details (b) Technical (c) Correspondence (d) Lead Generation Data |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (b) Necessary to comply with a legal obligation for example in connection with our obligations to report on data breaches |
| To deliver relevant website content and online advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | (a) Account Details (b) Feedback (c) Correspondence (d) Lead Generation Data (e) Technical |
(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) (b) Consent |
| To tailor the experience and content based on your past activities on the website or Internet Banking, gauging customer satisfaction or providing customer service (including trouble shooting in connection with customer issues). | (a) Account Details (b) Feedback (c) Correspondence (d) Technical |
(a) Necessary for our legitimate interests (to improve customer satisfaction and to grow our business and to inform our marketing strategy) (b) Consent |
| To use data analytics to improve our website, products/services, customer relationships and experiences and to identify usage trends and to measure the effectiveness of our communications and marketing. | (a) Account Details (b) Feedback (c) Correspondence (d) Lead Generation Data (e) Technical |
(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) (b) Consent |
| To send you relevant marketing communications and make personalised suggestions and recommendations to you about Services that may be of interest to you. In addition to determine the effectiveness of our promotional campaigns. | (a) Account Details (b) Feedback (c) Correspondence (d) Lead Generation Data (e) Third Party Providers (f) Public Data |
(a) Necessary for our legitimate interests (to carry out direct marketing, develop our products/services and grow our business) (b) Consent, having obtained you prior consent to receiving direct marketing communications |
| To carry out market research through your voluntary participation in surveys. | (a) Account Details (b) Feedback (c) Correspondence |
Necessary for our legitimate interests (to study how customers use our products/services, to help us better understand our customers and improve our customer engagement and to help us improve and develop our products and services). |
| To assess creditworthiness, financial risk, and eligibility for products or services. | (a) Account Details (b) Compliance Information (c) Third Party Providers (d) Public Data |
Necessary to comply with a legal obligation; Necessary for our legitimate interests in managing credit risk |
| To enrich, verify, or update customer information obtained from other sources. | (a) Account Details (b) Third Party Providers (c) Public Data |
Necessary to comply with a legal obligation; Necessary for our legitimate interests in maintaining accurate and up to date records |
| To respond to regulatory requests, law enforcement enquiries, or legal claims. | (a) Account Details (b) Correspondence (c) Compliance Information (d) Public Data (e) Third Party Providers |
Necessary to comply with a legal obligation |
5. Marketing preferences
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving the marketing. We use the following channels to provide you with information which may be of interest to you:
5.1 Email
5.2 Phone
5.3 Post
5.4 Text message
We will analyse your information to identify opportunities to promote products and services to existing or prospective customers and to understand how our products and services are used. For example, this may include:
5.5 Reviewing historical customer transactional behaviour.
5.6 Comparison of customer activity.
5.7 Analysis of your transactional information.
5.8 What you have directly communicated to us during our interactions with you.
5.9 The balance of your accounts and regular or atypical movements.
5.10 The use of your card abroad as well as the automatic categorisation of your transaction data.
5.11 We may ask you to confirm or update your marketing preferences if you take out any new products or services with us in future. You may also be asked for further consent to process your personal data where necessary.
5.12 You have the right to update your marketing preferences at any time, including your preferred communication channels, or to opt out of receiving marketing communications. You can do this by updating your user preferences or by emailing us@unity.co.uk. Please note, if you opt out or amend your preferences, we will still contact you about Service-related issues, such as where we make changes to our Services, our terms and conditions or this Data Privacy Notice.
5.13 We will never sell or disclose your personal data to third parties for marketing activities, although we do use third party providers for customer management and fulfilment agencies to help us with our own marketing activities.
6. International transfers
We may transfer your personal data outside the UK to service providers acting on our behalf. Where such transfers involve countries that do not provide the same level of data protection as UK law, we ensure that appropriate safeguards are implemented to ensure the same level of protection is maintained by ensuring the following safeguards are in place:
6.1 The country the personal data is transferred to have been deemed by the UK to provide an adequate level of protection for personal data.
6.2 Standard contractual clauses or statements are in place and approved for use in the UK which give the transferred personal data the same protection as it has in the UK.
7. How long we’ll keep your information
We keep your information in line with our data retention schedule. This means we’ll normally keep your personal data for seven years from when our relationship with you ends.
Sometimes we may need to keep your information for longer. The reasons for this include:
7.1 Where we need the information to meet regulatory or legal requirements.
7.2 To help detect or prevent fraud and financial crime.
7.3 For our legitimate purposes e.g. managing your account or dealing with disputes.
7.4 To answer requests from regulators.
7.5 Where we have collected personal data based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will stop processing that personal data and delete it. This will not affect the lawfulness of processing based on consent before its withdrawal.
7.6 If we have anonymised your personal data or aggregated in a way that you can no longer be identified from it, then we will continue to keep and use this anonymised information.
8. Sharing your information
We cannot run our business or provide many of our services and benefits without involving other people and businesses, and sometimes we pass your information to these other people and businesses as set out below. We only share your information where we can do so in accordance with our legal data protection and privacy obligations.
We will share your information with:
8.1 Credit reference service providers who provide anti-fraud and credit score information to us (you can find out more about the credit reference service providers on their websites Credit Reference Agency Information Notice (CRAIN).
8.2 Central and local government departments such as the Driver Vehicle Licensing Agency (DVLA) and local authorities who run the UK electoral rolls, banks and finance companies who also provide anti-fraud services, in each case as necessary in order to benefit from their services.
8.3 Fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights can be found by following this link.
8.4 Other banks and financial institutions where it is necessary to prevent, detect and investigate fraud or money laundering and other financial crime, we will only do this when we have a proper reason to do so such as complying with a legal obligation or our legitimate interest.
8.5 Commercial partners, intermediaries or brokers to enable us to provide our services and products to you.
8.6 Customer management and fulfilment service providers, including agencies that support lead generation and arrange appointments for our Relationship Managers; and service providers that assist us in managing your transactions, processing account applications and amendments, and handling personal data received from third parties.
8.7 Our contact centre platform provider through which our contact centre operates, including call handling, routing, recording calls and providing transcripts of call recordings using AI technology.
8.8 Payment service providers who provide services for sending and receiving payments.
8.9 Data security providers who provide us with our safeguards for your personal data.
8.10 Professional advisors who need it to provide advice to us.
8.11 Compliance and regulatory bodies: police, local authorities, HM Revenue & Customs (HMRC), the Financial Conduct Authority, the Prudential Regulation Authority, the courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime.
8.12 Other people who make a right to access request to us, where we are allowed to do so by law (see Your rights below for what we mean by a right to access request).
8.13 We also share the information we process where we are legally obliged to do so, for example, to comply with a court order.
8.14 We require all third parties who process personal data on our behalf to respect the security of your personal data and to treat it in accordance with the law. We do not allow such third-party processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
9. Security
Your personal data is stored in secure databases designed to protect it against unauthorised access, loss, alteration, or disclosure. Access to these systems is strictly controlled and monitored to ensure that only authorised personnel can access your data. Where your data is shared with a third party with your agreement, it is transferred using encrypted methods, and the third party is required to apply security measures equivalent to our own. Our data processing environment is continuously monitored and regularly updated to ensure that security standards align with industry best practice and comply with applicable laws, regulations, and standards for the protection of personal data.
10. Your rights
You have certain rights in relation to your personal data. These include:
10.1 Where we rely on your consent as the lawful basis for processing, the right to withdraw your consent to the processing of your personal data at any time.
10.2 The right to access to your personal data (a “data subject access request”).
10.3 The right to rectification by requesting the correction of any inaccurate or incomplete personal data we hold.
10.4 The right to object to our use of your personal data based on legitimate interests.
10.5 The right, in certain circumstances, to request the erasure of your personal data or the restriction of processing where it is no longer necessary.
10.6 The right, in certain circumstances, to exercise data portability by requesting the transfer of your personal data to you or a third party in a machine readable format.
10.7 Rights related to automated decision-making including profiling.
10.8 If you wish to exercise any of these rights, please get in touch with us at dpo@unity.co.uk or using the contact details set out in Section 13. Providing us with the following information will help us quickly identify and deal with your request. Please ensure that your email to us uses ‘Data Subject Rights Request’ in the subject line and includes:
-
-
- Your first name(s) and surname, address, and postcode.
- Proof of identity e.g. a copy of your passport or driving licence.
- The right you would like to exercise e.g. right to access, right to erasure.
-
10.9 You will not be required to pay a fee to exercise any of your data rights. Where a request is found as manifestly unfounded, repetitive or excessive, we may charge a reasonable fee or decline to act on the request, in accordance with applicable data protection law.
11. Links
For your convenience, this site contains links to other sites. This Data Privacy Notice applies solely to Unity Trust Bank and does not extend to any third party websites. Unity Trust Bank accepts no responsibility for the content, accuracy, performance, or privacy practices of such external sites. Any queries or concerns relating to linked websites should be directed to the relevant site owner. We recommend that you review the data protection or privacy notice of each website you visit.
12. Changes to our data privacy notice
We regularly review and update this Data Privacy Notice to reflect developments in technology and regulatory requirements. The latest version will always be available be published on this webpage and we will communicate any significant changes via our website or through our standard communication channels.
This Data Privacy Notice was last updated on 27 May 2026.
13. Contacting us
If you require further information, wish to provide feedback, raise a concern regarding the processing of your personal data, or exercise your rights as described in Section 10, please reach out to the Data Governance Team at:
- Email: dpo@unity.co.uk
- Call: 0345 140 1000*
- Write to us at: Unity Trust Bank, FAO Data Governance, PO Box 7193, Planetary Road, Willenhall, WV1 9DG.
We will do our very best to answer any questions and resolve any queries to your satisfaction. If, for whatever reason, you feel we do not meet the high standards we expect of ourselves, you have the right to complain to the UK Data Protection Supervisory Authority, the Information Commissioner’s Office (ICO).
*Our call centre opening hours are 9am to 5pm, Monday to Friday, excluding bank and public holidays in England and Wales. Calls are charged at local rate. Calls may be monitored and recorded for training, quality and security purposes.
It’s simple, secure and stress-free to switch to us
If you’re ready to switch your Business Current Account to Unity Trust Bank, we’ll make sure it happens like clockwork. The account switch process is guaranteed to take 7 working days or less, and it’s all taken care of by the Current Account Switch Service.