Newcastle Building Society - Home

We're sorry, but our website is not compatible with the browser you are using.

To get the best experience we would strongly advise using a more recent and compatible browser such as Google Chrome, Mozilla Firefox, Microsoft Edge or iOS Safari.

Customer Privacy Policy

Last updated 15 July 2022

The Newcastle Building Society (the Society) respects your privacy rights and takes its data protection obligations very seriously.

The Society’s Privacy Policy sets out our current policies and procedures about how we use your personal data and how we support your rights under data protection law in the UK. Any personal data that we hold about you will be stored and held securely by us on our computer systems.

The Society collects your personal data when you apply for one of our products, request a service, when you visit our website/app, or communicate with us.  The personal data we collect from you is data relevant to the provision of our products or services and will be kept securely and retained as long as is necessary for our contract with you, for our legitimate business purposes or to comply with any legal obligations around retaining data.

The Society’s Privacy Policy applies to personal data which is supplied by you to the Society by any means whether via this website, by telephone, by email or letter, or face-to-face with our branch staff. It also applies to your personal data that we receive from others, such as your mortgage intermediary, financial advisers, credit reference agencies, or any joint account holders.  In certain circumstances we may securely share your personal data with third parties and more detail around this can be found elsewhere in our Privacy Policy.

It is important that you revisit the Society’s Privacy Policy regularly, as we may change the content to reflect how we deliver our products and services.  A full copy of our Privacy Policy can be found via the links below, which provides more information about how we collect and process your personal data.

Cookies

For details about how the Society uses cookies and other tracking technologies, please see our specific page on Cookies and similar technologies.

Visitors to our website

In order that we can monitor and improve the site, we gather certain information about you when you use it, including details of your domain name and IP address, operating system, browser, version and the name of the website that you visited prior to our website (if you came to us through a search engine or another website for example).

What is a web beacon?

Web beacons (sometimes known as clear or transparent gifs) are used to identify whether a recipient has opened an HTML email. When the email is opened the web beacon generates a record showing that the email has been viewed. Web beacons may also recognise when the email was opened, how many times it was forwarded and which URLs (links within the email) were clicked.

These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a campaign.

How do I disable web beacons?

If you do not wish to receive web beacons you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

Newcastle Financial Advisers Limited

Our subsidiary company, Newcastle Financial Advisers Limited (“NFAL”), may provide you with financial advice services upon your request.  This will always be arranged by introduction from the Society and it will be made clear to you when you are dealing with NFAL. 

NFAL is an appointed representative of the Openwork Limited network of financial advisers and when you enter into a relationship with NFAL, you will also enter into a relationship with Openwork and will be provided with a copy of the Openwork terms and privacy policy at that time. In this Privacy Policy, we refer to the Society which means both the Society and NFAL, whichever business you have a relationship with.

Your personal data will be recorded on both Newcastle Building Society and Openwork systems.  When you advise your NFAL adviser of any changes to your personal data, these changes will be reflected across both organisations’ systems. 

This is to ensure our records are accurate and up-to-date  and enables Newcastle Building Society staff to assist you with any queries.  This data may also be used for collating management information for business reporting purposes.

If you have given us your consent to receive marketing communications from Newcastle Building Society about its own products, or NFAL’s or those of third parties, then your personal data may be used for marketing purposes.  It will never be shared with other organisations for marketing purposes. You can withdraw this consent at any time.

We also use a third party provider called VouchedFor to collect customer reviews on NFAL’s advisers. As such, we may share your personal data with VouchedFor so you can leave a review on their website. We will only invite you to do this if you have given us your consent to do so. VouchedFor will process your data in accordance with their privacy policy which can be found here on VouchedFor’s website. 

More information on how we process your personal data can be found in the other sections of this privacy policy.

What personal data does the Society collect?

The Society collects the following categories of personal data about visitors to our website and branches, callers to our telephone service, and our applicants and customers:

  • Personal details are provided to the Society when applying for one of our products or services or a product or service of one of our trusted third party providers, including name, date of birth, address history and contact information.
  • Identification documents including passport, drivers licence and other proof of address documents which you provide us with when applying for a product or service with us.
  • Communications between you and the Society where you have contacted us or we have contacted you.
  • Details of meetings or calls or recordings of calls you may have with the Society to enquire about, apply for, administer or discuss one of our products and services.
  • Contractual details including the products and services provided where you are or have been a customer of the Society.
  • Your membership details if you are a member of the Society, including details of whether you have voted in the Society’s AGM (but not details of your vote).
  • Your security information, including usernames, PIN numbers, passwords, answers to secret questions,  used to keep information relating to your account safe and secure.
  • Financial information including transaction history, account details, balances, payee information, payer information, credit history where you are a savings or mortgage customer, relating to current products and services or products and services you previously held with the Society. 
    If you have multiple accounts with us, this information will be kept for as long as your relationship with us is ongoing and for 7 years after the end of the final account closure.
  • Income and credit history. For example, we may ask for copies of employment contracts, self-assessed tax returns, accounts, payslips and P60 forms, proof of pension provision, gifted deposit details and consent to let forms when you are applying for a mortgage with us.
  • Property ownership information if you are a mortgage customer.
  • Details of any customer service issues, or complaints that you might make to us.
  • Family and lifestyle details, which we may ask for as part of your application for life cover if you are an NFAL customer.
  • Details of the device being used where you access our services online but not details of who is using it.
  • User activity details and user preferences at trend level, i.e. which pages on our site are being visited and how long they are being viewed for, but we cannot personally identify you.
  • The website which you were referred to us by. 
  • Location details at trend level, i.e. which location you might be visiting our website from, but this is not necessarily accurate as it may come from server or data centres and we would not be able to identify you. 
  • Electronic identification data including IP address and information collected through cookies.
What sensitive data does the Society collect?

Sensitive personal data

We also collect certain sensitive types of personal data (which are known as special categories of personal data). This would include:

  • Information we ask for as part of your application such as criminal or health issues that may affect our ability to offer third party insurance products.
  • Information you provide for accessibility requirements.
  • Information you provide which is necessary for us to record so that we can make appropriate adjustments for you in relation to the administration of our products and services. For example, if you request copies of documentation in large print, or in braille.
  • Information which we ascertain from you which is necessary for us to record so that we can make appropriate adjustments for you in relation to the administration of our products and services. For example, if you have a disability and require accessibility adjustments to be made when visiting our branches. 
  • Information that we may hold by virtue of your communications with us or your transaction history which may reveal sensitive information about you or others.    
Where does the Society collect my personal data from?

The Society collects personal data from you, from others about you, and from your use of our products and services.

Personal data supplied by you

The Society collects personal data from you such as:

  • When you enquire about or apply for our products and services.
  • When you apply for third party products and services via the Society.
  • When you arrange an appointment with an NFAL adviser via the Society.
  • When you talk to us on the phone or in branch.
  • When you use our website.
  • In emails and letters to us.
  • When you communicate with us via social media.
  • When you vote in the AGM.
  • In financial reviews and interviews.
  • In customer surveys.
  • If you attend a seminar.
  • If you take part in our competitions or promotions.
  • If you make an enquiry or a complaint.
  • When you visit a branch if CCTV is in operation.

Personal data supplied by others

The Society collects personal data about you from others such as:

  • Mortgage intermediaries, and other intermediaries which introduce you to us.
  • Any company, partnership, corporation or business that applies for our products or services or a product or service of one of our trusted third party providers.
  • Any professional instructed by you such as your solicitor, conveyancer or financial adviser.
  • The solicitor or conveyancer of the other party to any transaction we are involved in.
  • Your surveyor or conveyancer or other professionals involved in your house purchase.
  • Your trustees.
  • Any claims management company instructed by you.
  • Your next of kin or power of attorney.
  • Credit reference agencies.
  • Insurers.
  • Comparison websites.
  • Social media sites i.e. if you like our Facebook page.
  • Fraud prevention agencies.
  • Land agents.
  • Public information sources such as Companies House, the Land Registry, the Electoral Register, the Insolvency Service or register of County Court Judgments.
  • Loyalty scheme operators.
  • Agents working on our behalf.
  • Law of Property Act Receivers working on your behalf.
  • Market researchers.
  • Government and law enforcement agencies.
What personal data does the Society collect about my use of its products and services?

We collect information about you when you use our services. This is also your personal data. This includes:

Payment and transaction data, including amounts, frequency, date and time, location, the person or business making or receiving the payment.

What if I choose not to give personal data?

We may need to collect personal data by law (for example to identify who you are), or under the terms of a contract we have with you (for example your contact details).

If you choose not to give us this information, it may delay or prevent us from providing our services to you. It could mean that we cancel a product or service you have with us.

What happens with personal data I provide about joint account holders, or family members, or others?

If you provided personal data on behalf of a joint applicant or joint account holder or personal data about any other person, we understand you had their permission to do so and they have agreed that we are authorised to process their personal data as necessary to manage your accounts, or comply with your requests.

For example:

  • We may search, link and record information about joint account holders or joint mortgage applicants at credit reference agencies.
  • We may contact your advisers (such as your solicitor or mortgage intermediary) using the details you have given us.
  • We administer your account on the instructions of a third party where you have given them authority to do so, for example if they are a power of attorney.
How does the Society use my personal data?

The Society processes your personal data for many different purposes. Data protection law only allows us to use your personal data if we have a lawful reason. 

We have explained these purposes and the lawful reasons that we rely on to carry out that processing under data protection law below:

Processing of your personal data for the performance of a contract

The Society processes your personal data for purposes to fulfil its contract with you to provide services to you. For example, this includes:

  • Carrying out application processes.
  • Making a decision about your application.
  • Entering into a contract with you.
  • Opening your account(s).
  • Providing our products and services to you.
  • Managing our relationship with you.
  • Communicating with you to administer and manage our products and services. For example, we may send you an email containing your User ID when you open an account online.
  • Handling service requests or complaints.
  • Recovering debts from you and collecting payments from you.
  • Closing your account(s).
  • Making and receiving payments on your behalf.
  • Dealing with other banks or merchants on your behalf. For example, where you have disputed a transaction.
  • Providing mortgage redemption statements to you or your solicitor upon request.
  • Where we carry out certain decision-making or profiling only by automated means, and this has a legal effect or similar significant effect on you.

Processing of your personal data for legal and regulatory purposes

The Society is required to process your personal data for various legal and regulatory purposes. For example, this includes:

  • Keeping accurate and up-to-date records, contact details and records of contractual and statutory rights.
  • To detect, investigate, report and prevent financial crime.
  • To adhere to laws and regulations which apply to us.
  • Retaining information for a specified amount of time.
  • To run our business in an efficient manner, including audit, corporate governance, risk and financial management, planning and business capability.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.

 Processing of your personal data where you have consented to that processing

The Society processes your personal data in certain circumstances where you have given your consent. For example, this includes:

  • Providing you with information about our special offers, products and services that we feel may be of interest and benefit to you (unless you inform us that you do not want to receive such direct marketing).
  • If you have provided sensitive personal data (also known as special categories of personal data) which we have recorded so that we can make appropriate adjustments for you in relation to the administration of our products and services.
  • Where you have asked us to execute a transaction from your account, we may use the payment information (account/payee details) provided by you. By agreeing to us opening and operating an account for you, you consent to the payment information (account/payee details) provided by you being used to execute payment transactions from your account.
  • Where you have consented to share your details with journalists as part of a case study, we will share your basic information and contact details with journalists for them to contact you about publishing an article about your experience, to find out more visit www.newcastle.co.uk/media-centre/tell-us-your-story

 Processing of your personal data where we have a legitimate interest to do so

The Society processes your personal data for various purposes where we believe we have a legitimate interest, and we have balanced this against your rights as an individual.  For example, this includes:

  • Using third party account details to execute transactions from your account, which you ask us to make.
  • To monitor your use of our services and systems to ensure they are functioning correctly and efficiently.
  • To monitor, develop and improve our services to ensure the correct customer outcomes are being achieved, and for training and quality purposes and to ensure our legislative and regulatory obligations are being adhered to, for example, we may conduct customer surveys, monitor underwriting decisions, record and review calls, review complaints and perform user / optimisation testing.
  • To prevent and detect fraud, money laundering and other crime. This may include checking your location when you use a mobile device to help prevent fraud.
  • Recovering debts from third parties.
  • Business management and planning, including accounting, risk reporting and auditing to ensure our business is run efficiently and in accordance with best practices.
  • To conduct data analytics studies to review and better understand our customers and how our products and services are delivered.
  • Dealing with legal disputes.

Please note, we may continue to process your personal data where we have a legitimate interest to do so, even when you don’t have a relationship with us or your relationship has ended with us. You can object to our processing of your data under this basis at any time, please see below “What are my data protection duties and rights and what can I do to enforce them?”

Processing of your personal data to protect yours or another person’s vital interests

The Society will process your personal data in very limited circumstances where we feel you or another individual may be at serious risk, (for example, life or death circumstances) and no other lawful basis can be relied upon in the circumstances.

How does the Society use my sensitive personal data?

Some of your personal data which we hold will be sensitive personal data (or what is known as special categories of personal data). We will use your sensitive personal data in the following ways:

  • Where we have your explicit consent. For example, to enable us to make necessary and appropriate adjustments for you in the administration of our products and services.
  • Where we have a legal requirement to use it.
  • Where it is necessary to safeguard your economic wellbeing. 

What happens if the purposes change?

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. 

If we need to use your personal data for an unrelated or incompatible purpose, we will notify you and we will explain the lawful reason which allows us to do so.

How do you use profiling or automated decision-making?

Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

  • Where we are required to make a decision by law, and we have notified you that a decision has been based on automated processing and given you 21 days to request a reconsideration or that a new decision is taken not based solely on automated processing.
  • Where it is necessary to perform a contract with you and appropriate measures are in place to safeguard your rights.
  • In limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
  • If we make an automated decision on the basis of any particularly sensitive personal data, we must have your explicit written consent, and we must also put in place appropriate measures to safeguard your rights.

We use profiling and automated decision-making processes including:

  • To complete credit checks where you apply for mortgages or loans, so we can assess credit risk.
  • To complete our identification process when you apply for a mortgage or open an account with us, as part of our money laundering and fraud prevention requirements.
  • To tailor marketing we send you, so it is relevant to you.
How do you use my personal data for fraud prevention?

The Society wants to protect its customers and its business from financial crime and therefore maintains systems and controls in relation to anti-money laundering, fraud and terrorist financing. 

The personal data which you provide in your applications for products and services will be checked against a national fraud detection system and your identity will be checked and confirmed. 

In certain circumstances your details could be shared with other lenders or crime prevention agencies or law enforcement agencies to assist in the prevention of financial crime.

The Money Laundering Regulations require us to take appropriate steps to identify and assess the risks of money laundering and terrorist financing.  We are obliged to ensure that we have adequate policies, controls and procedures in place to prevent money laundering and detect fraud.

How do you use my personal data for credit checks and identity checks?

When you apply for a mortgage or savings account with the Society, we use a third party identification system which allows us to automatically run a check of your personal data, including your name, address and date of birth, against several databases to produce a score.

If the score is a pass then the application will progress.  If it doesn’t attract a pass score then we will ask you to provide additional identification and verification documentation.

Please contact us if you would like to understand how we produce your score, and the impact it may have on you.

How do you use my personal data obtained via CCTV monitoring?

We have 24/7 CCTV surveillance in operation in our branches and outside of our offices.  We have a legitimate interest to operate CCTV surveillance to ensure the safety of our staff and customers, the security of our premises and to prevent and assist with the investigation of crime.

We record video images of the premises which may include public areas outside of our premises.  From those images we may be able to imply information which reveals special category data but we will not use the data for any purpose than the purpose stated above.

We do not share the CCTV images with anyone other than law enforcement officials for the investigation of alleged or actual crimes and occasionally auditors if requested.

We do not transfer CCTV images outside of the EEA.

The CCTV images are recorded for one month at which point the disc automatically overwrites.

Who do you share my personal data with?

The personal data we hold about you is confidential. We will only disclose it outside the Society when:

  • We are required to share it with a third party product provider to take steps as requested by you prior to you entering into a contract with them – for example if you are a customer of the Society, and you wish to purchase products or services from NFAL or any other external product provider (such as for insurance or funeral care or will writing services), and you would like us to provide your details to them.
  • We use a supplier to provide services which support our products and services which we provide to you. In this case, we remain responsible for your personal data.
  • We or others need to investigate or prevent crime (e.g. to fraud prevention or law enforcement agencies). 
  • We need to carry out credit checks when you are applying for a mortgage and we may continue to share information with credit reference agencies for as long as you are a customer, including details about your settled accounts or any debts not repaid on time, your account balances and repayments.  Credit reference agencies (CRAs) will give us information about you such as your financial history. 

    We use this information to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.

    Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain.
  • The law permits or requires it, or any other regulatory body requires it, even without your consent. For example, HM Revenue and Customs, or other authorities or regulatory bodies or so that we can check your identity for fraud prevention before opening a new account or taking a mortgage.
  • There is a duty to the public to reveal the information.
  • As we do not currently provide payment accounts, your accounts held with us are not accessible to Account Information Service Providers (AISPs) or Payment Initiation Service Providers (PISPs). However, we are an active participant of the Credit Payment Recovery Scheme and will seek to cooperate fully with requests for payment information from fellow Payment Service Providers who are members of this scheme.

    This approach is aligned to the regulatory requirement for Payment Service Providers (PSP) to cooperate with each other in efforts to trace and recover unauthorised or incorrectly executed payment transactions. Where we receive a request for information from another Payment Service Provider in relation to a payment to or from your account with us, we will inform you of this request and our arrangements and timeline for response.

 Businesses which provide services directly to you

  • We introduce our customers to various third party businesses so that they can provide their products and services to you. We will always inform you before we share your personal data with these businesses and we require them to respect the security of your data and treat any such disclosures in accordance with the applicable data protection legislation. 
  • You can find out more about our third party product providers by visiting our website and clicking on the Financial Planning or Insurance sections or by contacting us by phone or in writing or asking us for information in one of our branches.

 Businesses which support the Society in providing services to you

We operate a complex yet robust and secure range of services. To deliver our services efficiently, we use various suppliers. All our suppliers and other entities in our corporate group acting which process personal data on our behalf are required to take appropriate security measures to protect your personal data.

We do not allow them to use your personal data for their own purposes such as marketing. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

These include:

  • Newcastle Strategic Solutions Limited (a subsidiary of the Society), which provides savings management solutions and information systems and support to the Society.
  • Mailing and print houses.
  • Research and data analytics providers.
  • Credit reference agencies and identity checking systems.
  • Corporate insurance providers.
  • Data centres.
  • Rant and Rave – our customer survey partner. Where you consent for us to do so we may use any feedback provided, on an anonymised basis, in our marketing communications/literature.

 Others that we may provide your personal data to

  • We may share your personal data where we are required to by law, or where we have a legitimate interest.
  • For example, we may report suspicions of money laundering to the National Crime Agency or Action Fraud.  We may also be required to support law enforcement agencies in their investigations. We may not be able to inform you of this in advance.
  • We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.
  • We may share your personal data with regulatory bodies or ombudsman services or to otherwise comply with the law.

 Information you provide to others

  • Please be aware that our site may link to other websites. You may also provide personal data to others directly where they provide services to you. For example, where you speak directly to someone we have introduced you to.
  • We are not responsible for the use of any personal data that you give directly to or are collected via such third parties.
  • You should read the respective data policies or procedures of these third parties to find out how they use your personal data.
Where do you process personal data and do you transfer personal data outside the European Economic Area?

We may transfer your personal data to third party data “controllers” or “processors” outside the European Economic Area. We do so in very limited situations. Where we do so, you can expect a similar degree of protection in respect of your personal data.

We currently transfer the personal data we collect about you in order to perform customer due diligence and anti-money laundering checks to our supplier in India in order to perform our contract with you. 

There is currently no adequacy decision by the European Commission in respect of that country. This means that the country to which we transfer your data is not deemed to provide an adequate level of protection for your personal data.

However, to ensure that your personal data does receive an adequate level of protection we have put in place the approved standard contractual clauses which constitute appropriate measures to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.

If you require further information about this, you can request it from the Legal Services department at the Society.

Newcastle Building Society employees may access our IT systems from outside the UK and European Economic Area from time to time. Where they do so, you can expect a similar degree of protection in respect of your personal data as if it were being processed in the UK.

How long does the Society keep my personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

The Society keeps your personal data which is necessary for providing your products and services, for as long as you have a relationship with the Society.  When that relationship ends, we keep your customer profile personal data for a specified period to enable the Society to either fulfil its legal obligations or to enable it to deal with any potential claims.

We may continue to process your personal data when you’ve never had a relationship with us, for example, if you’ve had an unsuccessful mortgage application we may continue to process your personal data to better understand our decision -making process to ensure we lend responsibly.

After you have closed all your accounts, we will keep your account specific personal data for a period of 7 years from the date of final account closure so that we can deal with any contractual claims.  

Details of periods of time for which we keep other aspects of your personal data are available in our data retention policy which is available from our Legal Services department upon request.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once the relevant retention period has passed we will securely destroy your personal data in accordance with our Data Retention policy and Data Destruction policy.

What are my data protection duties and rights and what can I do to enforce them?

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Your rights in connection with personal data

Under certain circumstances, by data protection law in the UK you have the right to:

  • Request access to your personal data (commonly known as a “subject access request”). You may ask for and receive a copy of the personal data we hold about you by filling in our subject access request form which you can obtain by writing to us at 1 Cobalt Park Way, Wallsend, NE28 9EJ, asking in your local branch, or calling us on 0345 734 4345. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee:
    • if your request for access is clearly unfounded or excessive – we may also refuse to comply with the request in those circumstances; or
    • in the event that you ask for further copies of the information.
  • Request correction of the personal data that we hold about you. You may ask us to correct any incomplete or inaccurate information we hold about you.  
  • Request erasure of your personal data. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it, or if you have objected to our processing (see below). We may have a legal reason or other legitimate reason to continue to process your personal data.
  • To withdraw your consent. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may withdraw your consent for that specific processing at any time. To withdraw your consent, please update your contact preferences via your online account, or contact us by telephone, in branch or in writing, whichever is easiest for you. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the original purpose, unless we have another legitimate basis for doing so in law.  This will not affect the lawfulness of the processing that you consented to before you withdrew your consent.
  • Object to processing of your personal data where we are relying on a legitimate interest to process your personal data and there is something about your particular situation which makes you want to object to processing on this ground.
  • Object to direct marketing. You may ask us to stop processing your personal data for direct marketing purposes.  To stop direct marketing, please update your contact preferences via your online account, or contact us by telephone, in branch or in writing.
  • Object to automated decision-making and profiling. You may ask us to stop processing your personal data to make decisions solely by automated means which have legal effects or similarly significant effects.
  • Request the restriction of processing of your personal data. You may ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party. You may ask us to provide your personal data in a form that you or another business can use.
  • Lodge a complaint with the UK’s Information Commissioner, or other applicable data protection regulator.

If you want to make a request in relation to these rights, you can contact us at Principal Office,  1 Cobalt Park Way, Wallsend, NE28 9EJ, visit your local branch, or call us on 0345 734 4345. We will notify others of your request to rectify, erase or restrict the processing of your personal data if we have shared your personal data in accordance with your instructions.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Subject Access Request form

Under the applicable data protection legislation, you are entitled to ask for copies of the personal data that an organisation holds, shares or uses about you. If you would like access to personal data that the Newcastle Building Society Group (“NBS”) holds about you or you would like to make the request on behalf of someone else, please complete all relevant sections of the form below.

Subject Access Request form (PDF)

Direct marketing

Where you have given your consent to receive marketing from the Society, we may use your personal details to identify products and services which may be of interest to you. Depending on your chosen contact methods, we may contact you by letter, telephone or email. 

This includes informing you of products and services of our commercial partners which can be purchased through us. You can update your contact preferences at any time by contacting us at your local branch, by calling 0345 734 4345 or via your online account (if you have one).

We do not pass information on to other companies for their own research, analysis and marketing purposes. We may use external suppliers from time to time to process data on our behalf, for example to print and post mailings, conduct research or for data analysis. 

We only use reputable companies and always ensure they meet our stringent security standards. Companies who provide data analysis services for us may combine your data with data about you obtained from other sources, such as public databases. 

We may then use this information to help identify more relevant marketing communications, as well as assisting us with analysing customer trends and informing business decisions.

How does the Society protect and secure my personal data?

We have in place a range of security safeguards to protect your personal data against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification, regardless of the format in which we hold it.

The way we do this depends on the sensitivity of the information and the format in which it is contained. Security measures include technological measures such as Transport Layer Security (for example using HTTPS), which creates a secure connection with your web browser when you register and log in to our online services, physical measures like restricted access to offices and strategic measures such as our own clearances via a logical access process and limiting access to a “need-to-know” basis.

No data transmission over the internet or the telephone can be guaranteed to be perfectly secure. Any personal data you submit to us or access electronically or over the telephone is done at your own risk. You should also take care not to give any security credentials we provide you or you choose (such as a password) to anyone. 

We will never ask you for your full security credentials. If you are unsure, please end the session or call the Society straight away on 0345 734 4345.

We endeavour to take all reasonable steps to protect your personal information but cannot guarantee the security of any data you disclose online.

Further information can be found within this section of our website.

Links to external websites

Our website may be linked to or from third party websites. 

These links are provided as a convenience only. We are not responsible for the content or privacy principles of websites that are linked to or from our website.

You should review the privacy policies of any third party websites you visit.

Can the Society change its Privacy Policy?

We may change this Privacy Policy from time to time. If we make any material changes we will notify you by email (sent to the email address specified in your account) or your postal address, or by means of a notice on this website prior to the change becoming effective. 

We encourage you to periodically review this page for the latest information on our privacy practices.

How do I make a complaint?

If you have a complaint please tell us about it. 

We take all complaints seriously and investigate all complaints. You can contact us at 1 Cobalt Park Way, Wallsend, NE28 9EJ, visit your local branch, or call us on  0345 734 4345 or see our contact section of this Privacy Policy.

You also have the right to submit a complaint to the UK’s Information Commissioner’s Office (or ICO) or any other applicable data protection regulator.

How do I contact the Society about my personal data?

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy. If you have any questions about this Privacy Policy or how we handle your personal data, please contact the DPO.

You can contact the DPO for The Newcastle Building Society by sending an email to NBSDPO@newcastle.co.uk

You can contact the DPO for NFAL by sending an email to NFALDPO@newcastle.co.uk