Cynergy Bank Limited trading as Cynergy Bank (or “we/us/our”) is authorised by the Prudential Regulation Authority (“PRA”) and regulated by the Financial Conduct Authority (“FCA”) and the PRA.
Cynergy Bank Limited is registered in England and Wales with company number 04728421, with its registered office at 27-31 Charlotte Street, London, W1T 1RP.
Our registration number with the Information Commissioner's Office (ICO) is Z8214515.
Cynergy Bank Limited is a “data controller”. This means that we, either alone or jointly with others, will determine who and how your personal data is processed.
Post: Cynergy Bank, PO Box 17484, 87 Chase Side, London, N14 5WH
Telephone: 0345 850 5555
Categories of personal data that we process
We will collect, store and use (as applicable) the following categories of personal data about you:
- Personal contact details such as name, title, home address and address history as well as telephone/mobile numbers and email addresses;
- Date of birth;
- Marital status, next of kin, dependants and emergency contacts;
- National Insurance number;
- Nationality, in order to comply with our legal and regulatory obligations;
- Your banking details, in order that we may pay your salary to you;
- Terms of your employment, including salary, annual leave, pension and benefits information;
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process);
- Employment records (including job titles, work history, working hours, holidays, training records and professional memberships/qualifications);
- Information about criminal convictions and offences;
- Details of your work schedule (days of work and working hours) and attendance at work;
- Details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
- Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
- Performance Information including assessments of your performance, including performance reviews and ratings, performance improvement plans and related correspondence;
- Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
- Equal opportunities monitoring information including information about your ethnic origin, sexual orientation, health and religion or belief;
- Relevant declarations, e.g. Fraud, Personal Account Dealing Notice, Declaration of Outside Interests;
- Correspondence about you, for example letters to third parties (e.g. mortgage/lettings companies, the Home Office, Embassies, etc.) confirming your employment details with your prior consent;
- Information about you in company documents and records that are produced by you and your colleagues in the course of carrying out your duties and the business of the company; and
- Any other information you give to us during the course of your employment.
How is your personal data collected?
We collect personal data through the application and recruitment process, either directly from candidates or from an employment agency or background check provider. We may also collect information from third parties including former employers, credit reference agencies and information from criminal records checks permitted by law.
Data will be stored in (as applicable) your Employee Correspondence file, in our HR management system (Cascade/EPIUSE) and in other IT systems (Salesforce, our email system (Microsoft Outlook), etc.).
Why we process your personal data and on what legal basis
We are committed to protecting your privacy and handling your personal data in an open and transparent manner and as such we process your personal data in accordance with all applicable data protection laws, including the General Data Protection Regulation ((EU) 2016/679).
We process your personal data for one or more of the following reasons:
- For the performance of a contract
We process personal data in order to perform the employment or service contract between us, e.g. to pay your salary and other benefits.
- For compliance with a legal obligation
As an employer or recipient of services in a regulated sector, there are a number of legal obligations which require us to process your personal data, e.g. to establish that you have the right to work in the United Kingdom.
- For our legitimate interests
As an employer or recipient of services we may process your personal data in order to benefit our aims, objectives and commercial business interests, e.g. to monitor recruitment practices/trends; to offer benefits to employees or to further our business interests.
Processing employee data allows the organisation to (amongst other things):
- run recruitment and promotion processes;
- maintain accurate and up-to-date employment records and contact details (including details of who to contact in the event of an emergency), and records of employee contractual and statutory rights;
- operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
- operate and keep a record of employee performance, education, training and development requirements;
- operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay or other benefits to which they are entitled;
- obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that employees are receiving the pay or other benefits to which they are entitled;
- operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that the organisation complies with duties in relation to leave entitlement, and to ensure that employees are receiving the pay or other benefits to which they are entitled;
- ensure effective HR administration;
- provide references on request for current or former employees;
- respond to and defend against legal claims; and
- maintain and promote equality in the workplace.
We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits including statutory maternity pay, statutory sick pay, pensions and permanent health insurance.
We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Who receives your personal data?
In the course of your recruitment, employment/engagement with us or following the termination of your employment/engagement, your personal data may be:
- provided to various departments within Cynergy Bank such as HR and the payroll team, your line manager/other managers in the business area you work in and IT staff if access to the data is necessary for performance of their roles;
- shared with certain third parties, e.g. regulatory bodies, service providers such as for the provision of your benefits, for employment background checks and necessary criminal records checks from the Disclosure and Barring Service. We will also share personal data with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected you could be refused certain services or employment. Your personal data will also be used to verify your identity. For further details of how your information will be used by us and Cifas, and your data protection rights, please contact Human Resources by emailing email@example.com.
Any third party who we provide your personal data to will have entered into contractual agreements with us to protect your personal data. In particular, we ensure that third parties are legally required to treat your personal data as confidential information and to comply with applicable data protection laws.
Transfer of your personal data to a third country or to an international organisation
Whilst we are based in the UK sometimes it’s necessary to transfer information outside the UK. Data transferred within the European Economic Area (EEA) is protected by European data protection standards. Some countries outside the EEA do not have adequate protection for personal data under laws that apply. We will therefore make sure that adequate protection is in place before data is transferred in such circumstances.
To what extent is there automated decision-making and does profiling take place?
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
How long we keep your personal data for?
For employees and contractors, Cynergy Bank will hold your personal data for the duration of your employment/contract and for a period of 10 years from your date of termination. We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons.
For unsuccessful candidates, personal data will be held for no longer than six months.
If you were a member of our closed Defined Benefit Pension Scheme, any records relating to your service and salary will be kept during your lifetime to ensure effective management of this benefit.
Your data protection rights
You have the following rights in terms of your personal data we hold about you:
Request access to your personal data. This allows you to request a copy of the personal data we hold about you and to check that we are lawfully processing it. In order to receive such a copy you can complete our web form through our website. http://www.cynergybank.co.uk/faq/the-general-data-protection-regulation-gdpr-faqs/
- Request correction. This allows you to request for any incomplete or inaccurate data we hold about you to be corrected.
- Request erasure of your personal data. This allows you to ask us to erase your personal data (known as the ‘right to be forgotten’) where there is no good reason for us continuing to process it. Please note however that this right does not take precedence over our obligations as a regulated business to retain your data in certain circumstances.
- Object to processing of your personal data. Where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. to use it only for certain things, if:
- it is not accurate,
- it has been used unlawfully but you do not wish for us to delete it,
- it is not relevant any more, but you want us to keep it for use in possible legal claims,
- you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.
- Request to receive a copy. You have the right to request a copy of the personal data you have provided to us concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (known as the right to data portability).
- Withdraw the consent that you gave us. You have the right to withdraw consent for the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
To exercise any of your rights, or if you have any other questions about your rights, please contact Human Resources by emailing firstname.lastname@example.org.
Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain. Please contact Human Resources by emailing email@example.com.
You also have the right to complain to the Information Commissioner’s Office and you can find out how to contact the ICO here –http://www.ico.org.uk/
Frequently Asked Questions
To help you understand the basic principles of data privacy law and address some of the common questions that arise with regard to the protection of your personal data, please refer to the Frequently Asked Questions through our website.