Arvest Oceanic Bank
AdvantagesTestimonialsFAQContactsBlog

Privacy Policy for Arvest Oceanic Bank

  1. Introduction

This Privacy Policy explains how Arvest Oceanic Bank ("Arvest", "we", "us", or "our"), a banking institution operating in England, collects, uses, discloses, and protects your personal data when you use our products, services, websites, mobile applications, or otherwise interact with us.

We are committed to protecting your privacy and handling your information in a transparent and lawful manner in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By engaging with Arvest products or services, you acknowledge that you have read and understood this Privacy Policy.

  1. Who we are and contact details

Arvest Oceanic Bank is a bank established and operating in England.

If you have any questions about this Privacy Policy or how we process your personal data, you can contact us by:

  • Writing: Arvest Oceanic Bank, Data Protection Officer, [Insert Postal Address], England
  • Email: [Insert Data Protection Email]
  • Telephone: [Insert Contact Number]
  1. Personal data we collect

We may collect and process the following categories of personal data about you (depending on your relationship with us and the services you use):

3.1 Identification and contact details

  • Full name, title, date of birth, gender
  • Residential and correspondence addresses
  • Email address and telephone numbers
  • National identifiers (such as passport number, national ID number, tax identification number, driving licence details) where required by law

3.2 Financial and account information

  • Bank account numbers, sort codes, IBANs, and other account identifiers
  • Account balances, transaction histories, payment instructions
  • Credit and debit card details (subject to security and tokenisation measures)
  • Loan, mortgage, and credit product information
  • Direct debit and standing order details

3.3 Regulatory and due diligence data

  • Information required for Know Your Customer (KYC), anti‑money laundering (AML), and sanctions screening
  • Information from identity verification and fraud prevention agencies
  • Information about your status under applicable sanctions or watchlists

3.4 Socio‑demographic and professional information

  • Occupation, employment status, employer details
  • Education and professional qualifications (where relevant)
  • Marital status, dependants (for certain products, such as mortgages or lending)

3.5 Digital interaction and technical data

  • IP address, device identifiers, browser type and version
  • Time zone setting and approximate location data
  • Operating system, platform, and device characteristics
  • Usage data (pages viewed, clicks, login times, session duration)
  • Mobile app usage data and crash logs

3.6 Communication and interaction data

  • Records of correspondence and communications with us (phone calls, emails, chat, in‑branch notes)
  • Service requests, complaints, feedback, and survey responses

3.7 Marketing and preferences data

  • Marketing communication preferences (channels, topics)
  • Records indicating whether you open or interact with marketing communications

3.8 Special category data In limited circumstances, we may process special category data (such as information about health or biometric data) where required, for example:

  • To offer support and appropriate services to vulnerable customers
  • To verify identity using biometric methods (e.g., facial recognition or voice authentication), where legally permitted and with appropriate safeguards and, where needed, your explicit consent

We will only process special category data where we have a lawful basis and, where required, your explicit consent.

  1. How we collect your personal data

We may collect personal data from you and about you through various sources:

4.1 Data you provide directly

  • When you apply for an account, card, loan, mortgage, or other Arvest products or services
  • When you register for and use online banking or mobile banking
  • When you contact us by phone, email, post, in-branch, or via our website or apps
  • When you participate in surveys, promotions, or feedback activities

4.2 Data collected automatically

  • Through your use of our websites and apps (cookies, log files, analytics tools)
  • Through security and fraud monitoring tools when you access your accounts or carry out transactions

4.3 Data from third parties

  • Credit reference agencies and fraud prevention agencies
  • Public databases and registers
  • Other financial institutions and payment service providers involved in your transactions
  • Employers (for example in connection with payroll services or employment-based products)
  • Introducers, brokers, and other intermediaries where they refer you to us
  1. Lawful bases for processing

We process your personal data only where we have a lawful basis under data protection law, which may be:

5.1 Performance of a contract To enter into and perform our contract with you, or to take steps at your request before entering into a contract, for example:

  • Opening, maintaining, and administering your accounts
  • Processing payments, transfers, and card transactions
  • Providing online and mobile banking services
  • Assessing applications for loans, mortgages, and other credit products

5.2 Legal obligations To comply with legal and regulatory obligations, including those imposed by banking and financial services regulators, tax authorities, law enforcement, and courts, for example:

  • Anti‑money laundering (AML), counter‑terrorist financing (CTF), and sanctions checks
  • Reporting obligations to regulators and authorities
  • Record‑keeping and accounting requirements

5.3 Legitimate interests Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, for example:

  • Preventing and detecting fraud, financial crime, and abuse of our services
  • Ensuring network and information security
  • Developing and improving our products, services, and customer experience
  • Handling customer queries, complaints, and disputes
  • Conducting internal reporting, analytics, and management information

5.4 Consent Where you have given us clear consent for a specific purpose, for example:

  • Sending you certain types of direct marketing communications
  • Using certain cookies or similar technologies (where consent is required)
  • Processing specific special category data (where lawfully required)

You can withdraw your consent at any time where we rely on consent for processing. This will not affect the lawfulness of processing based on consent before its withdrawal.

5.5 Vital interests and public interest In rare situations, we may process data to protect your vital interests or those of another person, or where it is necessary for reasons of substantial public interest as permitted by law.

  1. How we use your personal data

We may use your personal data for the following purposes:

  • To identify you and verify your identity
  • To assess your eligibility for and provide you with banking products and services
  • To manage your accounts, execute transactions, and provide statements and notifications
  • To perform credit assessments, affordability checks, and risk evaluations
  • To monitor and protect the security and integrity of our systems, services, and premises
  • To detect, investigate, and prevent fraud, money laundering, sanctions breaches, and other financial crime
  • To respond to your inquiries, provide customer support, and resolve complaints
  • To send you service messages and important information about your accounts or changes to our terms, fees, or policies
  • To conduct research, modelling, and analytics to improve our services and offerings
  • To provide you with information about products and services that may be of interest to you, in accordance with your marketing preferences and applicable law
  • To comply with legal and regulatory obligations, including responding to lawful requests from authorities
  1. Automated decision‑making and profiling

We may use automated decision‑making and profiling in certain circumstances, for example:

  • Credit scoring and affordability assessments
  • Fraud and financial crime detection and prevention
  • Transaction monitoring and risk rating

Where automated decisions produce legal effects concerning you or similarly significantly affect you, we will ensure that such decisions are made in accordance with legal requirements. You may have the right to:

  • Obtain human intervention
  • Express your point of view
  • Contest the decision

Details of such processing will be provided to you where it applies.

  1. Cookies and similar technologies

We may use cookies and similar technologies on our websites and apps to:

  • Enable core functionality and security
  • Remember your preferences and improve user experience
  • Perform usage analytics and performance monitoring
  • Support targeted or personalised content and, where allowed, marketing

Where required by law, we will ask for your consent before placing non‑essential cookies on your device. You can manage your cookie preferences through your browser or device settings and our cookie management tools. For more information, please refer to our separate Cookie Policy (where available).

  1. How we share your personal data

We may share your personal data with third parties in the following circumstances and always subject to appropriate safeguards:

9.1 Within Arvest Oceanic Bank

  • With our branches, departments, and internal teams for operational, risk, compliance, and customer service purposes

9.2 With service providers and processors

  • IT and technology service providers (cloud hosting, data storage, security services)
  • Payment processors, card schemes, and clearing and settlement systems
  • Communication and mailing providers
  • Identity verification, KYC, and fraud prevention service providers
  • Professional advisers (lawyers, auditors, consultants) bound by confidentiality obligations

9.3 With other financial institutions and partners

  • Banks, building societies, payment service providers, and intermediaries involved in your transactions
  • Credit reference agencies and fraud prevention agencies
  • Business partners, brokers, or introducers involved in providing or arranging products and services

9.4 With authorities and regulators

  • Law enforcement, courts, regulators, tax authorities, and other public authorities where we are required or permitted by law to do so

9.5 Business transfers

  • In connection with any merger, acquisition, restructuring, or transfer of our business or assets, where such disclosure is necessary and subject to appropriate protections

We do not sell your personal data.

  1. International transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom that may have different data protection standards. Where we transfer your data internationally, we will ensure that:

  • The destination country has been recognised as providing an adequate level of data protection; or
  • Appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities, together with any supplementary measures required; or
  • Another lawful transfer mechanism is used in accordance with applicable law.

You may contact us for more information about international transfers and the safeguards we use.

  1. Data security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include:

  • Encryption and pseudonymisation of data where appropriate
  • Access controls based on role and need‑to‑know
  • Secure network and system architecture, including firewalls and intrusion detection systems
  • Physical security measures at our premises
  • Regular security testing, monitoring, and staff training

Despite our efforts, no system is entirely secure. You are responsible for keeping your login details and authentication credentials (e.g., passwords, PINs, security tokens) confidential and for notifying us promptly of any suspected unauthorised access to your accounts.

  1. Data retention

We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including to:

  • Provide you with our products and services
  • Comply with legal, regulatory, tax, and accounting requirements
  • Resolve disputes and enforce our rights

In general, this means we will retain most account and transaction data for a number of years after your relationship with us has ended, in line with statutory and regulatory retention periods. When personal data is no longer required, we will either securely delete it or irreversibly anonymise it.

  1. Your data protection rights

Subject to certain conditions and exceptions under applicable law, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation as to whether we process your personal data and to access that data and certain information about how we use it.
  • Right to rectification: to have inaccurate or incomplete personal data corrected.
  • Right to erasure: to request the deletion of your personal data where, for example, it is no longer needed for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis for processing.
  • Right to restriction: to request the restriction of processing in certain circumstances (for example, while we verify the accuracy of your data or our legal basis for processing).
  • Right to data portability: to receive certain personal data in a structured, commonly used, and machine‑readable format and to have it transmitted to another controller where technically feasible.
  • Right to object: to object to processing of your personal data based on our legitimate interests (including profiling) and to object at any time to the use of your data for direct marketing.
  • Rights in relation to automated decision‑making: to obtain human intervention, express your point of view, and contest decisions made solely by automated means that produce legal or similarly significant effects.

To exercise your rights, please contact us using the details provided in section 2. We may need to verify your identity before responding to your request.

  1. Marketing communications

We may use your personal data to send you information about Arvest products, services, offers, and events that may be relevant to you, in accordance with your preferences and applicable law.

You can manage your marketing preferences or opt‑out of receiving direct marketing at any time by following the instructions in our communications or by contacting us. Even if you opt‑out of marketing, we may still send you service‑related communications (for example, about your accounts, transactions, security alerts, or changes to our terms and policies).

  1. Children’s data

Our services are generally not directed at children under the age of 18, and we do not knowingly collect personal data from children unless it is necessary for specific products (such as certain savings accounts) and then only with appropriate consent and safeguards in place.

  1. Third‑party websites and services

Our websites or apps may contain links to third‑party websites, applications, or services that are not controlled by Arvest. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third‑party services you use.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will take appropriate steps to inform you, such as posting a prominent notice on our website or contacting you directly.

The date of the latest version will be indicated at the end of this Privacy Policy.

  1. Complaints and your right to lodge a complaint

If you have concerns about how we handle your personal data, please contact us first so that we can try to resolve your issue. You also have the right to lodge a complaint with the UK data protection authority:

Information Commissioner’s Office (ICO) Website: https://ico.org.uk Telephone: +44 (0)303 123 1113

Last updated: [Insert Date]

Privacy and cookies at Arvest Oceanic Bank

Arvest Oceanic Bank uses cookies and similar technologies to improve website performance, analyse traffic, and personalise content. Some cookies are essential for secure login and navigation, while others help us understand how visitors use our services. You can manage or withdraw consent at any time in your browser or within our settings. For full details, please read our Privacy Policy, where we explain what data we collect, how we use it, and your rights under applicable UK and EU data protection laws. View Arvest Privacy Policy