Newcastle Strategic Solutions - Savings Management | Systems
Part of Newcastle Building Society Group

Privacy Policy

Last updated: 14 May 2018

Newcastle Strategic Solutions Limited ("NSSL") respects your privacy rights and takes its data protection very seriously. NSSL is a subsidiary of the Newcastle Building Society.

NSSL provides strategic financial services solutions to our business clients. The client is the controller of their customers' personal data. Customers of our business clients can find out how their personal data is processed by contacting their relevant financial institution, and by viewing their privacy policy. NSSL provides our services as a processor acting on behalf of our business clients.

This Privacy Policy sets out our current policies and procedures about how we use personal data when dealing with you as a business client, for example, when you contact us about the services we offer, enquire about or request a service, when you visit our website or communicate with us. It covers personal data about you or anyone you provide personal data about (such as your colleagues or advisers) (which we refer to collectively as "you" or "your" in this Privacy Policy) that we collect about you and which we use for our own purposes. It sets out how we support your rights under data protection law in the UK. Any personal data that we hold about you or your staff will be stored and held securely by us on our computer systems.

When you deal with us directly, you are likely to provide personal data about others, such as your colleagues or advisers. Before you share any personal data with us, you must make sure the personal data is, in particular, accurate, up to date, limited for what is necessary for the purpose of your requirements and that you have permission to share that with NSSL.

The personal data we collect from you will be kept securely and retained as long as necessary for our relationship or contract with you, for our legitimate business purposes or to comply with any legal obligations around retaining data.

This Privacy Policy applies to personal data which is supplied by you to NSSL by any means whether via this website, by telephone, by email or letter, or face to face with our staff. It also applies to your personal data that we receive from others, such as your colleagues or advisers.

In certain circumstances we may securely share your personal data with third parties - more on this can be found elsewhere in our Privacy Policy below.

It is important that you revisit this Privacy Policy regularly, as we may change the content to reflect how we deliver our services. A full copy of our Privacy Policy can be found below, which provides more information about how we collect and process your personal data.

What personal data does NSSL collect?

NSSL collects the following categories of personal data about you when you contact us about the services we offer, enquire about or request a service, when you visit our website, or communicate with us:

  • Personal details which you provide to NSSL including name and contact information of yourself or of your colleagues or advisers.
  • Communications between you, and NSSL.
  • Details of meetings or calls you may have with NSSL.
  • Details included in the contract about you.
  • Management information including information about the nature of the services we offer to you such as:
    • Details of any service issue, or complaints.
    • Details of the device being used where you access our services online but not details of who is using it.
    • User activity details and user preferences at trend level, i.e. which pages on our site are being visited and how long they are being viewed for, but we cannot personally identify you.
    • The website which you were referred to us by.
    • Location details at trend level, i.e. which location you might be visiting our website from, but this is not necessarily accurate as it may come from server or data centres and we would not be able to identify you.
    • Electronic identification data including IP address and information collected through cookies.
Where does NSSL collect my personal data from?

NSSL collects personal data from you, from your colleagues or advisers, and from third parties, and from publically available information online as set out below.

Personal data supplied by you

NSSL collects personal data from you such as:

  • When you enquire about or discuss the services we offer.
  • When you use our website.
  • If you make an enquiry or a complaint.

Before you share that personal data with us, you must make sure that any personal data is, in particular, accurate, up to date, limited to what is necessary for the purposes of your organisation's requirement and that you have permission to share that personal data with NSSL.

Personal data supplied by others

NSSL collects personal data about you from others such as:

  • Any advisers or representatives instructed by you such as your solicitor or consultant.
  • Public information sources such as Companies House, the Financial Conduct Authority and the Prudential Regulation Authority.

What if I choose not to give personal data

  • We may need to collect personal data by law, to complete our due diligence in respect of who we work for, or to operate our website efficiently, answer your enquiries or agree services with you (for example your contact details).
  • If you choose not to give us this information, it may delay or prevent us from providing our services to you and your organisation.

What happens with personal data I provide about my customers?

  • Personal data that you provide to NSSL about your customers will be processed under a contract between your organisation and NSSL. Your organisation's own privacy policy, and the terms of our contract with your organisation will set out how your customer's personal data will be processed.
  • You must not share your customers' personal data with NSSL without having an appropriate contract in place with us.
How does NSSL use my personal data?

NSSL processes personal data about you and your staff for certain purposes. Data protection law only allows us to use your personal data if we have lawful reason. We have explained these purposes and the lawful reasons that we rely on to carry out that processing under data protection law below:

Processing data for legal and regulatory obligations

NSSL is required to process your personal data for various legal and regulatory processes. For example, this includes:

  • Keeping accurate and up-to-date records, contact details and records of contractual and statutory rights.
  • Retaining information for a specified amount of time.
  • To adhere to laws and regulations which apply to us.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

Processing data where we have a legitimate interest to do so

NSSL processes your personal data for various purposes where we believe we have a legitimate interest, and we have balanced this against your rights as an individual. For example, this includes:

  • To respond to your enquiries.
  • To send you, as a representative of your organisation, information about our services which we think may interest you, for example, we may send a client newsletter. If you no longer wish to receive this marketing information just let us know by writing to us at Principal Office, Portland House, New Bridge Street, Newcastle Upon Tyne, NE1 8AL, or calling us on 0345 734 4345 or see our contact section of this Privacy Policy
  • To monitor your use of our website to ensure it is functioning correctly and efficiently.
  • To monitor, develop and improve our services and for training and quality purposes, for example, we may conduct client satisfaction surveys.
  • To complete our due diligence in respect of who we work for.
  • Business management and planning, including accounting, risk reporting and auditing to ensure our business is run efficiently and in accordance with best practices.
  • Dealing with legal disputes.

What happens if the purposes for processing change?

  • We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated or incompatible purpose we will notify you and we will explain the lawful reason which allows us to do so.
Who do we share your personal date with?

The personal data we hold about you is confidential. We will only disclose it outside NSSL when:

  • We are required to share it with a third party to take steps as requested by you, and you would like us to provide your details to them. For example, with a parent company of NSSL for them to contact you and discuss the services offered by NSSL.
  • We use a supplier to provide services which support our products and services which we provide to you, and we need to talk to them in relation to your enquiry. In this case, we remain responsible for your personal data.
  • We or others need to investigate or prevent crime (e.g. to fraud protection agencies).
  • The law permits of requires it, or any other regulatory body requires it, even without your consent.
  • There is a duty to the public to reveal the information.

Businesses which support NSSL in providing services to you

We operate a complex yet robust and secure range of services. To deliver our services efficiently, we use various suppliers. All our suppliers and other entities in our corporate group which process personal data on our behalf are required to take appropriate security measures to protect your personal data. We do not allow them to use your personal data for their own purposes such as marketing. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

These include:

  • The Newcastle Building Society (the parent company of NSSL) which provides personnel and contract support to NSSL.
  • Newcastle Management Systems Limited (a sister company of NSSL) which provides information systems and support to NSSL.

Others that we may provide your personal data to

  • We may share your personal data where you ask us to do so, we are required to by law, or where we have a legitimate interest.
  • For example, we may report suspicions of money laundering to the National Crime Agency or Action Fraud. We may also be required to support law enforcement agencies in their investigations. We may not be able to inform you of this in advance.
  • We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.
  • We may share your personal data with regulatory bodies or ombudsman services or to otherwise comply with the law.

Information you provide to others

  • Please be aware that our site may link to other websites. You may also provide personal data to others directly where they provide services to you. For example, where you speak directly to someone we have introduced you to.
  • We are not responsible for the use of any personal data that you give directly or are collected via such third parties.
  • You should read the respective data policies or procedures of these third parties to find out how they use your personal data.
How long does NSSL keep my personal data?
  • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
  • NSSL keeps your personal data for the period agreed with you following the end of your organisation's relationship with NSSL.
  • Details of periods of time for which we keep other aspects of your personal data are available in our data retention policy which is available from our Legal Services Department upon request.
  • Once the relevant retention period has passed we will securely destroy your personal data in accordance with our data retention policy and data destruction policy.
What are my data protection rights and what can I do to enforce them?

Your rights in connection with personal data

Under certain circumstances, by data protection law in the UK you or your staff, where you are an individual data subjects, have the right to:

Access your personal data

Request access to your personal data (commonly known as a "subject access request"). You may ask for and receive a copy of the personal data we hold about you by writing to us at Principal Office, Portland House, New Bridge Street, Newcastle Upon Tyne, NE1 8AL or calling us on 0345 734 4345. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee:

  • if your request for access is clearly unfounded or excessive - we may also refuse to comply with the request in those circumstances; or
  • in the event that you ask for further copies of the information

Amendment of personal data

  • Request correction of the personal data that we hold about you. You may ask us to correct any incomplete or inaccurate information we hold about you.
  • It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Erasure of personal data

  • Request erasure of your personal data. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it, or if you have objected to our processing (see below). We may have a legal reason or other legitimate reason to continue to process your personal data.

Withdrawal of consent

  • To withdraw your consent. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by telephone or in writing, whichever is easiest for you. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the original purpose, unless we have another legitimate basis for doing so in law. This will not affect the lawfulness of the processing that you consented to before you withdrew your consent.

Object to processing

  • Object to processing of your personal data where we are relying on a legitimate interest to process your personal data and there is something about your particular situation which makes you want to object to processing on this ground.
  • Object to direct marketing. You may ask us to stop processing your personal data for direct marketing purposes. To stop direct marketing contact us by telephone or in writing.

Restrict processing

  • Request the restriction of processing of your personal data. You may ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.

Transfer your data

  • Request the transfer of your personal data to another party. You may ask us to provide your personal data in a form that you or another business can use.

Complain

  • Lodge a complaint with the UK's Information Commissioner, or other applicable data protection regulator.

Contact us to exercise your rights

  • If you want to make a request in relation to these rights, you can contact us by writing to us at Principal Office, Portland House, New Bridge Street, Newcastle Upon Tyne, NE1 8AL, or calling us on 0345 734 4345 or see our contact section of this Privacy Policy.
  • We will notify others of your request to rectify, erase or restrict the processing of your personal data if we have shared your personal data in accordance.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

How does NSSL protect and secure my personal data?
  • We have in place a range of security safeguards to protect your personal data against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification, regardless of the format in which we hold it.
  • The way we do this depends on the sensitivity of the information and the format in which it is contained. Security measures include technological measures such as Transport Layer Security i.e. HTTPS, which creates a secure connection with your browser when you register and login into our online services, physical measures like restricted access to offices and strategic measures such as our own clearances via a logical access process and limiting access to a "need-to-know" basis.
  • No data transmission over the internet or the telephone can be guaranteed to be perfectly secure. Any personal data you submit to us or access electronically or over the telephone is done at your own risk.
  • We endeavour to take all reasonable steps to protect your personal information but cannot guarantee the security of any data you disclose online.
What cookies and tracking technologies does NSSL use?

Visitors to our website

In order that we can monitor and improve our websites we gather certain information about you when you use them, including details of your domain name and IP address, operating system, browser, version and the name of the website that you visited prior to our website (if you came to us through a search engine or another website for example).

What is a cookie?

A cookie is a text only string of information that a website transfers to the cookie file of the browser on your computer's hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot be used by themselves to identify you and are not computer programs, and can't cause any damage to your computer.

What is a persistent cookie?

These retain a user's preference if you select the 'Remember Me' option within our online account management service and are not deleted when the browser is closed. They stay on your device until expiry or you decide to remove them. The cookie we issue contains a uniquely generated random number and expiry date. It does not contain any personal information.

What is a session cookie?

These are temporary cookies that remain in the cookie file of your browser until you leave our site. Session Cookies allow you to carry information across pages of our site and avoid having to re-enter information into calculators, tools, illustrations and demonstrations.

Cookie consent

By using our website, you're consenting to our use of cookies. You can change your cookie settings at any time through your browser.

How do I disable/enable cookies?

By modifying the settings of your browser, you may opt to accept cookies, to be informed when one is about to be placed on your computer, or to automatically reject all cookies. However, you will not be able to use all the interactive features of our site if cookies are disabled.

More information on cookies can be found at http://www.aboutcookies.org

What is a web beacon?

Web beacons (sometimes known as clear or transparent gifs) are used to identify whether a recipient has opened an HTML email. When the email is opened the web beacon generates a record showing that the email has been viewed. Web Beacons may also recognise when the email was opened, how many times it was forwarded and which URL's (links within the email) were clicked.

These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a campaign.

Disabling Web Beacons within Emails

If you do not wish to receive Web Beacons you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

Social Media Widgets

Our website includes social media features, such as LinkedIn buttons, and Widgets, such as the Share This button or interactive mini-programs that run on our website. These features may collect your internet protocol address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.

Links to external websites

Our website may be linked to or from third party websites. These links are provided as a convenience only. We are not responsible for the content or privacy principles of websites that are linked to or from our website. You should review the privacy policies of any third party websites you visit.

Can NSSL change the Privacy Policy?

We may change this Privacy Policy from time to time. If we make any material changes we will notify you by email (sent to the email address you provided us) or by means of a notice on the website prior to the change becoming effect. We encourage you to periodically review the page for the latest information on our privacy practices.

How do I make complaint?

If you have a complaint please tell us about it. We take all complaints seriously and investigate all complaints. You can contact us by writing to us at Principal Office, Portland House, New Bridge Street, Newcastle Upon Tyne, NE1 8AL, or calling us on 0345 734 4345 or see our contact section of this Privacy Policy.

As an individual data subject, you also have the right to submit a complaint to the UK's Information Commissioner's Office (or ICO) or any other applicable data protection regulator.

How do I contact NSSL about my personal data?

We have appointed a data protection officer (DPO) to oversee compliance with this Privacy Policy. If you have any questions about this Privacy Policy or how we handle your personal data, please contact the DPO.

The contact details of the DPO for NSSL are as follows: gdprqueries@newcastle.co.uk

News

Newcastle Strategic Solutions Gender Pay Gap Report 2017

Newcastle Strategic Solutions has a separate report as part of Newcastle Building Society Group's Report... (more >)


Understanding millennials financial needs

24 April 2018

Newcastle Strategic Solutions and its Parent, Newcastle Building Society, have partnered with Northumbria University's Business Clinic scheme, which enables students to replace their dissertations with collaborative real life projects for regional businesses. (more >)


May 2018 - A European wide pledge to protect personal information

13 April 2018

It is the biggest change in UK data privacy law for 20 years. The General Data Protection Regulation replaces the Data Protection Directive, to provide transparency and clarity regarding the law for data privacy and security. (more >)