This notice was last updated on 1 December 2021. Key revisions include how we use your personal information when you participate in feedback sessions and sharing your personal information between Boubyan Bank Group companies for specific purposes, such as to assist with account opening. We have also provided clarity on your use of account information or payment services
We are Bank of London & The Middle East PLC ("we”, “our”, “us”, “BLME”) and we own and operate NOMO.
We’re registered in the UK and our registered address is at Cannon Place, 78 Cannon Street, London, United Kingdom, EC4N 6HL. Our company registration number is 05897786. We are also registered with the UK data protection authority (the Information Commissioner’s Office or “__ICO__”) under number Z9829862. BLME is a member of the Boubyan Bank Group.
This notice applies when you download and use our App or Website and it sets out who we are, and how and why we use your personal data. We would recommend that you read through this notice carefully so that you fully understand our data protection practices. This notice, our Cookie Notice, Website and App Terms and Conditions of Use, the Current Account Terms and Conditions and Fixed Term Deposit Account Terms and Conditions, outline how we provide services to you through our App and Website.
If you have any questions about this notice or our use of your data, please contact us using the details set out below.
We may collect, use, store and transfer different kinds of personal data about you. This information:
May be provided by you to register on our Early Access List or when using our App to open your account – for example, when you register for the Early Access List you will need to provide us with your email address and can choose to provide your phone number. When onboarding via the App we will ask you for basic information such as your name, address, date of birth, contact details and country of residence. We will ask you to provide details such as your personal wealth, tax status, assets, income, expenditure, source of wealth, your intended use of the account and other financial information. We will also collect your identity documents and visual images and a short video of yourself or audio file. You will also need to confirm whether you are a current customer of the Boubyan Bank Group.
May be provided by you when you contact us – the personal data we may collect here include your email address and any information you provide in the email (if you contact us by email) or your phone number and any information you provide on the call (if you call us).
May be collected or created when you use our App or Website – this includes any unique identifiers (such as your IP address), type of device, location data, language and login details, and any information you provide when engaging with the App or Website. Also, information we learn about you through our relationship with you and the way you operate your account.
May be collected or created when you use our App and the services offered on it – this includes details about any payments to and from your account, your saving activities and any financial products that you apply for using our App. It also includes your login details and any information you provide when engaging with the App.
May be obtained from the technology you use to access our App or Website – this includes login details, details of your phone network, your IP address, location data, device identification numbers and any other unique identifiers.
May be collected using cookies – cookies are pieces of information stored directly on your device. Most browsers allow individuals to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. Please refer to www.aboutcookies.org or www.allaboutcookies.org for more information. Declining cookies may cause certain parts of the Website to cease working. Information about the cookies we use and their purposes can be found in our Cookie Notice.
May be collected from other parties – for example, we obtain data from credit reference agencies, companies providing fraud prevention and ‘KYC’ (know your client) and AML (anti-money laundering) checks (we will also need to share data with these types of agencies). For more information about data we collect from and share with credit reference agencies, see ‘Other parties who we share your data with’ below.
May be collected from public sources – for example, we may review information available on public and government registers or information you have made public on social media, such as Facebook, Twitter or LinkedIn.
May be collected through your participation in testing Nomo products and services – we will record your feedback and opinions in relation to existing Nomo products and services, and the development of new products and services.
We may also collect, use and share aggregated data (for example, statistical or demographic data) for any purpose. Aggregated data could be based on a subset of your personal data but is not considered personal data in law because it will not directly or indirectly reveal your identity (because it’s combined with the data of other people – none of whom are identifiable). For example, we may aggregate your usage data to calculate how many people are using a particular part of our App or Website.
However, if we combine or connect aggregated data with your personal data so that it directly or indirectly identifies you, we treat the combined data as personal data which will be used in accordance with this notice.
We only process your personal data when the law allows us to do so. Data protection laws require that we have a “lawful basis” for processing your personal data. The lawful bases include processing for a contract, to comply with law, legitimate interest, vital interest, substantial public interest, or consent. We have explained below what lawful bases we rely on to use your personal data.
Contractual requirement – we use your personal data to fulfil a contract that we have with you or in order to enter into a contract with you (for example, to provide online banking services to you). This includes using details about you to: (i) consider whether we can provide services to you; (ii) provide the services that we say we will provide in our terms; (iii) exercise our rights under a contract with you; (iv) resolve complaints and other disputes; and (v) contact you.
Compliance with law – we use your personal data to meet our obligations which we are required to do under law. For example, as a bank, we are required to make sure that we run appropriate KYC and AML checks on all our customers. We collect personal data under this heading to: (i) verify your identity when you register for our services (including by cross checking the details you have provided with immigration, credit check and fraud prevention agencies); (ii) prevent illegal activities like fraud and money laundering; (iii) check your credit history and other details about your financial circumstances so that we can make responsible lending decisions; and (iv) comply with our legal obligations (for example, banking laws). These can include legal record keeping obligations. We may be required to share information with other third parties where we are compelled to do so or we consider this necessary – further details can be found in the “Other parties who we share your data with” section below.
Legitimate interests – we may need to use your data for our legitimate interests or those of a third party. These include:
Consent – We may sometimes need to ask for your consent to use your data. We will always make clear what data we wish to use and how we wish to use it. In these cases, you don’t have to share information about yourself if you don’t want to. If you choose to give consent, you can withdraw it at any time by contacting us using the “Contact Us” section of the App or Website. However, if you don’t consent (or later withdraw your consent), you may not be able to use some (or any) of our services.
Vital interest – We may share information about you with other parties (e.g. law enforcement) if it is necessary to protect your or another person’s life.
Substantial public interest and vital interests – We may need to process ‘special category’ personal data in some cases. Special category personal data is data that can reveal your or another person’s racial or ethnic origin, religious or philosophical beliefs, trade union membership, political opinions, genetic or biometric data, health information, or sex life or sexual orientation. We process this type of data where it is necessary to prevent or detect crime or unlawful acts, or where it is necessary to protect your financial wellbeing (and obtaining your consent would be unreasonable or otherwise impact our ability to help you).
Exercising legal rights – We may also need to process special category personal data to establish, defend or conduct legal claim (this includes obtaining legal advice).
Further information on the lawful bases for processing personal data can be found on the ICO website.
Your personal data may be shared and processed by other companies within our group, for example, where they provide services to us, for marketing purposes or for entering into a contract with you for the provision of our products or services, or to perform obligations under that contract. When you open an account with us and you already have an account within the Boubyan Bank group, we may request your KYC documentation from that group company to assist in the account opening process or ongoing maintenance of your account.
We may share your personal data with the following parties:
When we refer to automated decisions, we mean any decisions relating to you which don’t involve any people (for example, by only using computers).
We use automated decision making to verify your identity and the information you provide in your application, prevent fraud and money laundering, and check whether you are eligible for our products.
We do this by taking information contained in your application or that we have received from third parties (for example, publicly available registers like the Public Authority of Civil information (PACI)) or credit reference agencies and passing this onto third parties who perform fraud prevention, ‘KYC’ (know your client) and ‘AML’ (anti-money laundering) services. These third parties provide us with relevant information about your identity and may include your financial history, credit information, and fraud prevention information.
If these third parties believe you are a fraud or money laundering risk, or if we otherwise believe you have adverse credit, we may reject your application for an account, decide not to offer you a product or change your existing products or services.
Some service providers above may also keep records of your credit history, fraud or money laundering risk on file, which may result in other parties refusing to provide services or financing to you.
We may build profiles about you so that we can better understand your circumstances, behaviours and preferences in relation to marketing and improve the relevance of products and services offered to you. We do this by collecting information you provide to us or our affiliates (or information that we otherwise obtain) and, in some cases, combining this with other information we know about you.
You may have a right to request human intervention and to challenge the decisions made by us on the basis of automated decision making. You can do this by contacting us using the “Contact Us” section below.
How long we hold your personal data for will depend on the circumstances. The retention period we apply will be based on many factors including:
To work out how long we keep different categories of data, we consider why we hold it, how sensitive it is, how long the law says we need to keep it for, and what the risks are.
You have a number of legal rights in relation to the personal data that we hold about you. These rights include:
You can exercise your rights by contacting us using the details set out in the “Contact us” section below.
You can find out more information about your rights by contacting the ICO, or by searching their website.
We may transfer and store the data we collect about you to organisations outside the United Kingdom or outside the European Economic Area (“__EEA__”).
When we do this, we make sure that your data is protected and that the transfer is subject to appropriate safeguards or is otherwise permitted under applicable law. For example, in the context of personal data transferred outside the United Kingdom or the EEA, the country to which the personal data is transferred may be approved by the ICO or the European Commission, or the recipient may have agreed to model contractual clauses approved by the European Commission or the ICO that oblige them to protect the personal data.
If you’d like a copy of the relevant data protection clauses, please get in touch using the “Contact us” section below.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, or would like to speak to our Data Protection Officer, please address questions, complaints, comments and requests by email to email@example.com or by post to Data Protection Officer, Bank of London and the Middle East plc, Cannon Place, 78 Cannon Street, London, EC4N 6HL.
If you have a complaint and you are not happy with our response, you can refer your complaint to the ICO. For more details, you can visit their website at ico.org.uk.
We will post any changes we make to this notice on this page. We will also email you to let you know if we make significant changes to this notice.
To visit our policies related to our products, visit this page.