Our Privacy Notice

This site is intended for UK residents unless otherwise stated.

COOKIES

A cookie is a small file of information that is sent to your computer by our website and is automatically saved on your computer by the browser that you use. Each time that you request new information from our website, your browser sends this information back to us helping us to improve how the website works for you.

We also use the cookies to record which parts of our website you are using and send this information, in an anonymised form, to Google Analytics. The analysis of this information by Google Analytics helps us to improve the way our website works for all users, but does not allow Google Analytics to identify particular users.

An overview of the work of Google Analytics is available at: http://www.google.co.uk/intl/en/analytics/privacyoverview.html.

The information that the cookie collects is considered to be your personal information, and so we will always ask for your consent to collect this information. You will be asked for your consent the first time you open the website. By ticking ‘consent’, you permit us to collect the information about your use of the website.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies automatically. However, doing this may affect your ability to access some parts of our or other websites.

If you do not tick ‘consent’ we will not collect this information.

A cookie does not give access to your computer or any information about you, other than information about your use of our website.

Other organisations may also collect information on your use of our website but we have no control over how they do this, nor how they process your personal information.

Our website may include links to third-party websites, which might also collect your information. The Society does not control these third-party websites and so we are not responsible for how they protect the privacy of your personal information. When you leave our website, we encourage you to read the privacy notice of each website you visit.

Our website also logs the IP address of your computer for administrative and security purposes and to compile anonymised statistical information about the use of our website.

CHILDREN’S USE OF THIS WEBSITE

This website is not directed towards children, but the Society understands that it may be accessed by some of its customers aged under 18.

The Society assumes that those customers aged between 13 and 18 who consent to the placement of cookies (by clicking on the consent banner the first time they visit our website), accept the Society’s legitimate interest in placing cookies on their computer and processing this information to improve the Society’s website.

We will process your personal information in order to complete your application for our savings or mortgage products, and to fulfil our contract with you once your application has been successful. The type of personal information we will process will depend on which of our products you apply for.

Before we explain what particular information we need in relation to our savings and mortgages products we will set out what personal information is processed for all of our products.

PERSONAL INFORMATION THAT WE PROCESS IF YOU APPLY FOR ANY OF OUR PRODUCTS

This personal information includes:

• Your title, full name, your contact details, including your email address, home and mobile telephone numbers;
• Your home address, correspondence address (where it is different from your home address) and your address history;
• Your date of birth and/or age, e.g. to make sure that you are eligible to apply for the product and that it is suitable for you;
• Your nationality, if this is necessary for us to comply with our legal and regulatory requirements;
• Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, your computer IP address and equipment (MAC) address; and
• Some special categories of personal information such as about your health or if you are a vulnerable customer (more details about this below).

ADDITIONAL PERSONAL INFORMATION THAT WE PROCESS IF YOU APPLY FOR A SAVINGS PRODUCT

This additional personal information includes:

• Where a person other than the savings account holder makes a withdrawal from the account, information about that person and the transaction; and
• Information about your tax position, so that we can comply with our legal and regulatory requirements; and
• Personal information of any parent or legal guardian associated with an account.

ADDITIONAL PERSONAL INFORMATION THAT WE PROCESS IF YOU APPLY FOR A MORTGAGE PRODUCT

This additional personal information includes:

• Your financial details e.g. your salary and details of other income, details of your savings, details of your expenditure, and details of account(s) held with other providers;
• Details about all of your existing borrowings and loans;
• Personal information about your credit history which we obtain from Credit Reference Agencies (CRAs) including information which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the Insolvency Service, Companies House, other lenders and providers of credit (who supply information to the CRAs), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
• Information about your employment status including whether you are employed, retired or receive benefits;
• Information about your occupier status, such as whether you are a tenant, live with parents or are an owner occupier of the property in which you live at the time of your application;
• Information which is relevant for your residency and/or citizenship status, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in UK, so that we can comply with our legal and regulatory requirements;
• Your marital status, family, lifestyle or social circumstances if relevant to the mortgage product (e.g. the number of dependents you have or if you are a widow or widower); and
• Where relevant, information about any guarantor which you provide in any application.

JOINT APPLICANTS, GUARANTORS AND POWER OF ATTORNEY

If you make a joint application with your spouse, partner or family member, we will also collect personal information about that person. You must show this privacy notice to the other applicant and ensure they confirm that they know that you will share their personal information with us for the purposes of your application. If we ask you to obtain consent from the joint applicant (such as for marketing) you should do that in the same way that we ask consent from you.

If you apply for your mortgage with a guarantor, that person will also need to see this privacy notice when they submit their own personal information to us because they must sign and provide their details in the application form.

If there is somebody who has Power of Attorney or Court of Protection over your affairs, or you have arranged a Third Party Mandate with the Society, that person will be directed to this privacy notice when we contact them directly.

WHAT IS THE SOURCE OF YOUR PERSONAL INFORMATION?

We will collect your personal information from you directly, or where you are introduced to us by a broker or other intermediary, we will obtain some personal information about you indirectly from them when they introduce you to us.

In addition, as part of the application process, we may obtain your personal information from other sources such as Credit Reference Agencies, your employer, your landlord, other lenders, HMRC, DWP, publicly available directories and information (e.g. telephone directory, social media, internet, news articles), debt recovery and tracing agents, in addition to other organisations that assist us in the prevention and detection of crime, police and law enforcement agencies.

Some of the personal information obtained from Credit Reference Agencies will have originated from publicly accessible sources.  In particular, Credit Reference Agencies draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll).  We explain more about Credit Reference Agencies below.

WHAT IF YOUR PERSONAL INFORMATION CHANGES?

If your personal information changes you should tell us without delay so that we can update our records.  The contact details for this purpose are: Harpenden Building Society, Mardall House, 9-11 Vaughan Road, Harpenden, AL5 4HU.  If you were introduced to us by a broker or other intermediary who is a Data Controller in its own right, you should contact them separately. In some cases where you exercise your rights under data protection laws we may need to inform the broker or other intermediary, but this will not always be the case.

DO YOU HAVE TO PROVIDE YOUR PERSONAL INFORMATION TO US?

We are unable to process your application for a savings or mortgage product without first processing personal information about you.  We are required by law to undertake a number of checks of your background and your financial position before we can approve your application for our products.

Once your application has been accepted, we also need to process your personal information in order to fulfill our contract with you to provide savings or mortgage products.

If we already hold some of the personal information that we need – for instance if you are already a customer – we may not need to collect it again when you make your application.  In all other cases we will need to collect it.

IF YOU BEEN INTRODUCED TO US BY A BROKER OR OTHER INTERMEDIARY

It is possible to apply for some of our savings products in our branches and through our website in addition to through intermediaries such as brokers and financial advisors. Where you apply for a savings or mortgage product from us through an intermediary, they act in the first instance, as the Data Controller. If you have questions or complaints about how they have handled your personal information, you should contact them directly.

Once your application to us for a savings or mortgage product has been approved in principle, we then become the Data Controller and this privacy notice applies. Any questions or complaints you have about how your personal information is handled from this stage should be addressed to us.

CHILDREN’S PERSONAL INFORMATION

The Society also processes the personal information of customers of our savings products aged under the age of 18. Children of all ages can be customers of savings products with the Society. However, children under the age of 7 are legally not allowed to enter a contract for a savings product in their own right, and so their contract with the Society must be entered into by a parent or legal guardian. Children over the age of 7 can enter a contract themselves.  Despite children over the age of 7 being permitted to enter into a contract, they are not permitted to consent to the processing of their own personal information until aged 13.  Therefore, the Society requires the consent of a parent or legal guardian to allow us to provide a child under the age of 13 with a savings product.

The Society may also process the personal information of vulnerable individuals other than children who are customers of our savings or mortgage products. Staff who deal with vulnerable adults are trained to do this in a way that reflects their vulnerability while respecting their human rights and freedoms.

WHAT ARE THE LEGAL GROUNDS FOR OUR PROCESSING OF YOUR PERSONAL INFORMATION?

Data protection laws require us to explain what legal grounds justify our processing of your personal information, including sharing it with other organisations.  More than one legal ground may be relevant for some processing, except where we rely on your consent.   The legal grounds that are relevant to us are:

WE PROCESS YOUR PERSONAL INFORMATION TO FULFILL OUR CONTRACT WITH YOU

3.1 Processing your personal information is necessary for us to process your application and then, once your application is successful, to fulfill our contract with you for a savings or mortgage product:

a. All stages and activities relevant to managing your savings or mortgage account including the enquiry, application, administration and management of accounts, illustrations, or requests for transfers of equity. Also, for the setting up, or changing, or removing guarantors for some mortgage products;
b. Administering and managing your savings or mortgage account and services, updating your records, or tracing you to contact you about your account and, where necessary for managing your mortgage account, doing this for recovering debt;
c. Sharing your personal information with other payment services providers such as when you ask us to share information about your account with them;
d. When we do what we will call throughout this privacy notice “profiling and other automated decision making”; by “automated decision making” we mean making decisions about you, such as your suitability for a product,  using a computer based and automated system without a person being involved in making that decision (at least first time around) and by “profiling” we mean  doing some automated processing of your personal          information to evaluate personal aspects about you, such as analysing or predicting your economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.  Please see section below on automated decision making.

WE PROCESS YOUR PERSONAL INFORMATION TO COMPLY WITH THE LAW

3.2 Processing is necessary to comply with our legal obligations:

a. For compliance with laws that apply to us;
b. For establishment, defence and enforcement of our legal rights;
c. For activities relating to the prevention, detection and investigation of crime;
d. To carry out identity checks, anti-money laundering checks at the application stage, and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf.
e. To carry out monitoring and to keep records (see below);
f. To deal with requests from you to exercise your rights under data protection laws;
g. To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and
h. When we share your personal information with these other people or organisations:

• Your guarantor (if you have one);
• Joint account holders, Trustees and beneficiaries, and the person with power of attorney over your affairs;
• Other payment services providers such as when you ask us to share information about your account with them;
• Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;
• Fraud Prevention Agencies;
• Law enforcement agencies and governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme (depending on the circumstances of the sharing); and
• Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

WE PROCESS YOUR PERSONAL INFORMATION TO PURSUE OUR LEGITIMATE INTERESTS

3.3 Data protection laws allow the processing of personal information where the purpose is legitimate and is not outweighed by your interests, fundamental rights and freedoms.  Those laws call this the legitimate interests legal ground for personal information processing. Where we consider that, on balance, it is appropriate for us do so, processing necessary for the following legitimate interests which apply to us and in some cases other organisations (who we list below) are:

a. Administering and managing your savings or mortgage account, updating your records, tracing your whereabouts to contact you about your account and, where necessary for managing your mortgage account, doing this for recovering debt;
b. To test the performance of our products, services and internal processes;
c. To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme;
d. For management and audit of our business operations including accounting;
e. To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf;
f. To carry out monitoring and to keep records (see below);
g. To administer our good governance requirements, such as internal reporting and compliance obligations or administration required for Annual General Meeting processes;
h. For market research and analysis and developing statistics;
i. For direct marketing communications about similar products to those you already hold;
j. For some of our profiling and other automated decision making, in particular where this does not have a legal effect or otherwise significantly affect you (see section below); and
k. When we share your personal information with these other people or organisations;

• Your guarantor, if you have one for your mortgage account;
• Where relevant, joint account holders, trustees and beneficiaries and any person with power of attorney over your affairs;
• Other payment services providers such as when you ask us to share information about your account with them;
• Other account holders or individuals when we have to provide your information to them because some money paid to you by them should not be in your account;
• The broker or other intermediary who introduced you to us;
• Our legal and other professional advisers, auditors and actuaries;
• Financial institutions and trade associations;
• Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme;
• Tax authorities who are overseas for instance if you are subject to tax in another jurisdiction we may share your personal information directly with relevant tax authorities overseas (instead of via HMRC);
• Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions;
• Buyers and their professional representatives as part of any restructuring or sale of our business or assets;
• Credit Reference Agencies (see below where we explain more and refer to a separate leaflet); and
• Market research organisations who help us to develop and improve our products and services.

SOMETIMES WE PROCESS YOUR PERSONAL INFORMATION ONLY WITH YOUR CONSENT

3.4 Processing with your consent:

a. When you request that we share your personal information with someone else and consent to that;
b. For direct marketing communications about products different to those that you hold, or from third parties;
c. For some of our profiling and other automated decision making, see section below;
d. For some of our processing of special categories of personal information such as about your health or if you are a vulnerable customer (and it will be explained to you when we ask for that explicit consent what purposes, sharing and use it is for.)

SOMETIMES WE MIGHT HAVE TO PROCESS YOUR PERSONAL INFORMATION TO PROTECT YOUR VITAL INTERESTS OR FOR A REASON OF SUBSTANTIAL PUBLIC INTEREST

3.5 Processing for a substantial public interest under laws that apply to us where this helps us to meet our broader social obligations such as those listed below, or to protect your vital interests:

a. Processing of your special categories of personal information such as about your health or if you are a vulnerable customer.
b. Processing that we need to do to fulfill our legal obligations and regulatory requirements.
c. When we share your personal information with other people and organisations if they need to know that you are a vulnerable customer and your relatives, social services, your carer, or the person who has authority over your affairs (such as a Power of Attorney).

HOW AND WHEN CAN YOU WITHDRAW YOUR CONSENT?

Much of what we do with your personal information is not based on your consent, instead it is based on other legal grounds.  For processing that is based on your consent, you have the right to withdraw your consent for future processing at any time.  You can do this by contacting us using the details above.  The consequence might be that we cannot send you some marketing communications or that we cannot take into account special categories of personal information such as about your health if you are a vulnerable customer. This would only be the case where we rely on explicit consent for this, and so will have discussed this with you and where this information is not required in order to protect your vital interests.

We will tell the broker or other intermediary who introduced you to us that you have withdrawn your consent only if the intermediary is processing personal information on our behalf, or if we are required to do so when you exercise certain rights under data protection laws.  If necessary, you should contact the intermediary directly to withdraw your consent for anything that they do with your personal information.

IS YOUR PERSONAL INFORMATION TRANSFERRED OUTSIDE THE UK OR THE EEA?

We are based in the UK but sometimes your personal information may be transferred outside the UK or the European Economic Area (EEA). If it is processed within the EEA then it is protected by European data protection standards.  Some countries outside the EEA have equivalent protections for personal information and so we are allowed to transfer personal information to companies based in these countries.

We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA which do not have adequate protection over personal information. Your personal information may be transferred to: the United States of America (marketing software and risk and document management software), and Canada (Information Technology (IT) security).

We will always make sure that US-based companies subscribe to the Privacy Shield scheme that provides adequate protections over personal information, and that all companies based outside the EEA have robust contract clauses in place to protect the rights of our customers. (https://www.privacyshield.gov/welcome)

HOW DO WE SHARE YOUR INFORMATION WITH CREDIT REFERENCE AGENCIES?

In order to process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

• Assess your creditworthiness and whether you can afford to take the product;
• Verify the accuracy of the information you have provided to us;
• Prevent criminal activity, fraud and money laundering;
• Manage your account(s);
• Trace and recover debts; and
• Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. The identities of the CRAs, their role as fraud prevention agencies, and the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail in the separate leaflet ‘Credit Reference Agency Information’.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, or have a correspondent on your account, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail in the CRA leaflet, which is available on our website: www.harpendenbs.co.uk/credit-reference-agency-information-notice

Please also see Equifax’s CRAIN on their website, using the following link: www.equifax.co.uk/crain

HOW WE MONITOR AND PROFILE YOUR PERSONAL INFORMATION

Monitoring means any listening to, recording of, viewing of, intercepting of, or taking and keeping records of calls, email, text messages, social media messages, CCTV images on Society property, in person face to face meetings and other communications.

We may monitor where permitted by law and we will do this where the law requires it.  In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone lines or in person meetings, such as branch visits by customers, we will do so.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you, such as in relation to fraud risks on your account, and for quality control and staff training purposes.

Some of our monitoring may check for obscene or profane content in communications.

We may conduct short term monitoring of your activities on your savings or mortgage account where this is necessary to protect against fraud or money laundering, or to comply with our legal obligations.

Telephone calls to the Society and visits to branches may be recorded to make sure that we have a record of what has been discussed and what your instructions are.  The recordings of these communications may also be used for quality control and staff training purposes.

We may also process your personal images as part of our CCTV coverage if you visit Society premises, whether Head Office or a Branch.  The purpose of this is to prevent, detect and prosecute crime.  We will retain these images for 30 days.  Images will be stored securely and destroyed after the 30-day retention period.

PROFILING AND OTHER AUTOMATED DECISION MAKING

We may carry out profiling using your personal information to analyse or predict your financial situation, your personal preferences, interests, or behaviour. We may also do this to help us fulfil our savings or mortgage contract with you, or based on our legitimate interests as an organisation that must maintain its good financial and management health to protect the interests of its savers and mortgage customers. We may also carry this out for legal or regulatory purposes.

If we were to carry out profiling for direct marketing, you would have a separate right to object.

We may also use automated tools to help us make decisions about you or the products that you have applied for, such as assessing your suitability for a savings or mortgage product. We do not make decisions about you using only technology, as all computerised assessments form part of a manual process of assessment of suitability.

We might also use automated triggers such account opening anniversaries and maturity dates to help us update you about follow-on products following expiry of your products, and to analyse statistics and assess lending risks.

INFORMATION ANONYMISATION AND USE OF AGGREGATED INFORMATION

Your personal information may be converted into statistical or aggregated information which cannot be used to re-identify you.  It may then be used to produce statistical research and reports. This aggregated information may be shared and used in all the ways described in this privacy notice.

YOUR MARKETING PREFERENCES AND WHAT THIS MEANS

We may also use your home address, phone numbers, email address and social media (e.g. Facebook, Google and message facilities in other platforms) to contact you about similar products that the Society offers that we believe you may be interested in.

We would only contact you according to your marketing preferences. So, if you have not opted into direct marketing, you will not receive this marketing information. Even if you have opted in to receive marketing information, you have the opportunity with every communication from us to ask us to stop sending any further information.

You can also do this at any time by contacting your local branch, or putting your request in writing to, Harpenden Building Society, Mardall House, 9-11 Vaughan Road, Harpenden, AL5 4HU or by following the instructions on how to do that in the marketing email or other communication.

FOR HOW LONG IS YOUR PERSONAL INFORMATION RETAINED BY US?

Unless we explain otherwise to you, we will hold your personal information for the following periods:

• Where your personal information has been provided for the purpose of a mortgage or savings product, we will retain this information for a period of twelve months from last communication in the event that the application is not completed and the product is not opened;
• We will otherwise retain your personal information in accordance with our legal and regulatory requirements. Following the end of the savings or mortgage contract period, we will retain your personal information that for an additional six years to comply with our legal and regulatory requirements; and
• Following the end of the six-year period, we will delete your personal information from our databases and archive it securely for an indefinite period to allow us to answer any legal claims that you might bring against us.

WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LAWS?

You have a series of rights over how your personal information is processed and stored and you have the right to exercise your rights at any time.

THE RIGHT TO BE INFORMED

We will always be transparent with you about how we process your personal information.  This is why we have a privacy notice.  You also have the right to have inaccurate personal information updated and corrected. If we have also passed your personal information to other organisations for legitimate purposes, we will inform them of the rectification where possible.

THE RIGHT TO REQUEST ACCESS

You also have the right to request access to the personal information held about you, to confirm what personal information and how it is processed.

THE RIGHT TO OBJECT TO PROCESSING

Where we process your personal information based on legitimate interests for direct marketing or statistical purposes, you have the right to object to this processing.

THE RIGHT TO RESTRICT PROCESSING

You also have the right to restrict processing of your personal information, for instance:

 

• where you believe it as inaccurate - until the accuracy is verified;
• where you have objected to the processing, but only where it lawful for the legitimate interests of direct marketing and statistical analysis;
• where you believe that the processing is unlawful and where you oppose erasure and request restriction instead; or
• where we no longer need the personal information for the purposes of the processing for which we were holding it but where you require us to continue to hold it for the establishment, exercise or defence of legal claims.

THE RIGHT TO HAVE YOUR PERSONAL INFORMATION ‘ERASED’

The right to ‘be forgotten’, or to have your personal information erased allows you to request the deletion or removal of personal information where there is no compelling reason for its continued processing.  This right applies only in particular circumstances and where it does not apply any request for erasure will be rejected.

 

This right may be relevant where:

 

• the personal information is no longer necessary in relation to the purpose for which it was originally collected/processed;
• if the processing is based on consent which you then withdraw;
• when you object to the processing and there is no overriding legitimate interest for continuing it;
• if the personal information is unlawfully processed; or
• if the personal information has to be erased to comply with a legal obligation.

 

Requests for erasure may be refused in some circumstances such as where the personal information has to be retained to comply with a legal obligation or to exercise or defend legal claims.

THE RIGHT TO OBTAIN A COPY OF YOUR PERSONAL INFORMATION

The right to ‘information portability’ allows you to obtain a copy of your personal information so that you can reuse it for different services, for instance to move, copy or transfer your personal information easily from our environment to another in a safe and secure way without hindrance to usability.  This right can only be exercised where personal information is processed based on consent or for performance of a contract and is carried out by automated means. This right is different from the right of access as you are not able to obtain through the information portability right all of the personal information that you can obtain through the right of access.

RIGHTS OVER AUTOMATED DECISION MAKING

Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. This right allows you in certain circumstances to access safeguards against the risk that a potentially damaging decision is taken solely without human intervention.  You may have the right to obtain human intervention and an explanation of the decision and you may be able to challenge that decision.

EXERCISING THESE RIGHTS

To exercise any of these rights, please email the Society’s Data Protection Officer at privacy@harpendenbs.co.uk, or put your request in writing and send it to:

The Data Protection Officer
Harpenden Building Society
Mardall House
9-11 Vaughan Road
Harpenden
Hertfordshire
AL5 4HU

If you wish to exercise any of these rights against the Credit Reference Agencies, a broker or other intermediary who is data controller in its own right, you should contact them separately.