Privacy Notice

1. Who we are

We are Bank of London & The Middle East PLC (“we”, “our”, “us”, “BLME”) and we own and operate Nomo.

You may have been referred to Nomo by one of our partners. When you apply for a Nomo account, the Data Controller is BLME and the personal data collected to open and maintain the account will be owned by BLME. Your personal data will not be shared with our partners and will be managed in accordance with applicable data protection laws and regulations.

We’re registered in the UK and our registered address is at 20 Churchill Place, Canary Wharf, London, E14 5HJ. Our company registration number is 05897786. We are also registered with the UK data protection authority (the Information Commissioner’s Office or “ICO”) under number Z9829862. BLME is a member of the Boubyan Bank Group.

This notice applies when you download and use our App or Website and it sets out who we are, and how and why we use your personal data. We would recommend that you read through this notice carefully so that you fully understand our data protection practices. This notice, our Cookie Notice, Website and App Terms and Conditions of Use, the Current Account Terms and Conditions and Fixed Term Deposit Account Terms and Conditions, outline how we provide services to you through our App and Website.

If you have any questions about this notice or our use of your data, please contact us using the details set out below.

2. What personal data do we use?

We may collect, use, store and transfer different kinds of personal data about you. This information:

We may also collect, use and share aggregated data (for example, statistical or demographic data) for any purpose. Aggregated data could be based on a subset of your personal data but is not considered personal data in law because it will not directly or indirectly reveal your identity (because it’s combined with the data of other people – none of whom are identifiable). For example, we may aggregate your usage data to calculate how many people are using a particular part of our App or Website.

However, if we combine or connect aggregated data with your personal data so that it directly or indirectly identifies you, we treat the combined data as personal data which will be used in accordance with this notice.

3. Why do we use your data?

We only process your personal data when the law allows us to do so. Data protection laws require that we have a “lawful basis” for processing your personal data. The lawful bases include processing for a contract, to comply with law, legitimate interest, vital interest, substantial public interest, or consent. We have explained below what lawful bases we rely on to use your personal data.

Further information on the lawful bases for processing personal data can be found on the ICO website.

4. Who we may share your personal data with?

Your personal data may be shared and processed by other companies within our group, for example, where they provide services to us, for marketing purposes or for entering into a contract with you for the provision of our products or services, or to perform obligations under that contract. When you open an account with us and you already have an account within the Boubyan Bank group, we may request your KYC documentation from that group company to assist in the account opening process or ongoing maintenance of your account. On occasion, Boubyan Bank may contact you in relation to your Nomo account(s).

We may also share your personal data with the following parties:

5. Automated decisions and profiling

When we refer to automated decisions, we mean any decisions relating to you which don’t involve any people (for example, by only using computers). We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. We use automated decision making to verify your identity and the information you provide in your application, prevent fraud and money laundering, and check whether you are eligible for our products.

We do this by taking information contained in your application or that we have received from third parties (for example, publicly available registers like the Public Authority of Civil information (PACI)) or credit reference agencies and passing this onto third parties who perform fraud prevention, ‘KYC’ (know your client) and ‘AML’ (anti-money laundering) services. These third parties provide us with relevant information about your identity and may include your financial history, credit information, and fraud prevention information.

If these third parties believe you are a fraud or money laundering risk, or if we otherwise believe you have adverse credit, we may reject your application for an account, decide not to offer you a product or change your existing products or services.

Some service providers above may also keep records of your credit history, fraud or money laundering risk on file, which may result in other parties refusing to provide services or financing to you.

Our appropriateness questionnaire automatically assesses your knowledge and experience of the type of investment product offered. The outcome will determine whether we can offer you our investment service. If the outcome is not favourable you can access our educational material to increase your understanding and knowledge of investment products and re-take the questionnaire at your convenience.

We may build profiles about you so that we can better understand your circumstances, behaviours and preferences in relation to marketing and improve the relevance of products and services offered to you. We do this by collecting information you provide to us or our affiliates (or information that we otherwise obtain) and, in some cases, combining this with other information we know about you. You can opt-out of profiling activity at any time by contacting us using the “Contact Us” section below.

You have rights in relation to automated decision making for example, you may have a right to request human intervention and to challenge the decisions made by us on the basis of automated decision making. You can do this by contacting us using the “Contact Us” section below

6. Consequences of processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us by using the “Contact Us” section below.

7. How long we keep your personal data

How long we hold your personal data for will depend on the circumstances. The retention period we apply will be based on many factors including:

To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

8. Your rights

You have a number of legal rights in relation to the personal data that we hold about you. These rights include:

Please note that this right only applies to personal data which you have provided to us.

For more information or to exercise your rights contact us using the details set out in the “Contact us” section below.

You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data. You can find out more information about your rights by contacting the ICO, or by searching their website.

9. Where we store or send your data

We may transfer and store the data we collect about you to organisations outside the United Kingdom.

When we do this, we make sure that your data is protected and that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, in the context of personal data transferred outside the United Kingdom or the EEA, the country to which the personal data is transferred may be approved by the ICO or the European Commission, or the recipient may have agreed to model contractual clauses approved by the European Commission or the ICO that oblige them to protect the personal data.

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your information continues to be protected by ensuring appropriate safeguards are in place.

If you’d like a copy of the relevant data protection clauses, please get in touch using the “Contact us” section below.

10. Contact us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, or would like to speak to our Data Protection Officer, please address questions, complaints, comments and requests by email to dpo@blme.com or by post to Data Protection Officer, Bank of London and the Middle East plc, 20 Churchill Place, Canary Wharf, London, E14 5HJ.

If you have a complaint and you are not happy with our response, you can refer your complaint to the ICO. For more details, you can visit their website at ico.org.uk.

11. Changes to this notice

We will post any changes we make to this notice on this page. We will also email you to let you know if we make significant changes to this notice.