Privacy Notice

Melli Bank PLC Privacy Notice

Melli Bank Plc (‘Melli’) is incorporated in England & Wales with registration number 4152338. We are authorised by Prudential Regulation Authority (‘PRA’) and regulated by Financial Conduct Authority (‘FCA’) and PRA.

This privacy notice explains how your personal data will be used by us.

What is personal data

Your personal data is data which by itself or with other data available to us can be used to identify you. The data we hold will vary according to the account and relationship you have with us. It can include but isn’t limited to:

  • Full name and personal details including, date of birth, home address, phone numbers and email address
  • Unique identifiers and reference numbers that we or others have allocated to you (e.g. account numbers and national insurance number).
  • Financial details, (e.g. details of salary, other income details of accounts held with other providers, credit history, and transactions with us and other organisations).
  • Data about other people you are financially linked to (e.g. your spouse) or who have an interest in or association with any of your accounts (e.g. joint account holder).

Personal data that the law regards as being in a special category because of its sensitivity to you can only be collected and used where you have given us explicit consent or where permitted by the law. If you provide us with documents that contain, or otherwise volunteer to us, personal data that constitutes a special category of personal data, then you will be regarded as giving your explicit consent to us processing that data as described in this privacy notice.

Where we collect your personal data from

We collect personal data as described below directly from you and others.

    You may give us personal data in:
  • Applications to open an account or request a service emails, letters, phone calls and conversations in our office, including personal data provided on your behalf by someone else, e.g. an employer, financial adviser and accountant.
  • Recorded images (e.g. CCTV at our office).
    We may also collect personal data from:
  • Credit reference or fraud prevention agencies, electoral roll, court records of debt judgments and bankruptcies and other publicly available sources as well as information on any financial associates you may have.
    We also collect personal data in relation to education and employment details/employment status for credit and fraud prevention purposes from:
  • The government and their agencies (e.g. HM Revenue & Customs).
  • Public records (e.g. The electoral roll, Sanctions lists).
  • Other companies that provide a service to us.
Using your personal data – the legal basis and purpose

    Data Protection law says that we are allowed to use your personal data only if it is for one or more of the following purposes.
  • To perform our contract with you, or
  • When we have to comply with a legal obligation, or
  • When it is in our legitimate interest or
  • When you consent to it.

Below is a list of the ways we use your personal data

To check your identity and eligibility for an account - (Purpose: Contract performance; Legal obligation)

The law requires us to verify the identity of our new customers and to re-verify the identity of our existing customers from time to time. This is so we know who our customers are and to make it more difficult for criminals to use false or impersonated identities for criminal purposes, such as hiding the proceeds of crime or committing fraud.

To verify your identity, we may check the information you provide to us with credit reference and fraud prevention agencies and publicly available information.

To manage your account and relationships with us - (Purpose: Contract performance; Legal obligation)

We will use your personal data to manage any account, product, service or relationship you have with us, in line with the terms of that arrangement and the rules of our regulators. Examples of these are:

    a) Administering your account including:
  • authorising your payments;
  • keeping an accurate history of transactions and sending you account statements; and
  • communicating with you about your account and your relationship with us, including notifying you of changes to interest rates, limits or charges

b) Helping to resolve any problems or complaints you may have.
c) Administering any offers or promotions you’ve agreed to participate in.

To carry out risk & credit assessment - (Purpose: Contract performance; Legal obligation; Legitimate interest)

We have a legitimate interest in only lending money to customers who are able to repay it. Our regulators also require us to lend money in a responsible manner. So, whenever you apply for one of our products, we will use the personal data you give us and that we may already hold to assess the risk to us. We may also get personal data from credit reference and fraud prevention agencies to undertake credit/risk assessments of your application.

To prevent financial crime and the funding of terrorism - (Purpose: Legal obligation; Legitimate interest)

The law requires us to screen applications and to monitor accounts to help combat the threats posed to our society by terrorism and money-laundering and other financial crime. We also have a legitimate interest in avoiding losses caused by financial crime such as fraud.

We may check and share personal data held by us with fraud prevention agencies, law enforcement and other government agencies for the purpose of preventing, detecting and prosecuting financial crime and the funding of terrorism.

To recover money that is owed to us - (Purpose: Contract performance; Legitimate interest)

We have a legitimate interest in recovering debts that are due to us if there is not a satisfactory plan in place to repay them. We may instruct a debt collection agent or solicitor to act for us in recovering the debt, including by bringing legal proceedings in the courts and we will provide relevant personal data to them to help recover any money that is owed to us.

To improve our services and computer systems - (Purpose: Legal obligation; Legitimate interest)

We have a legitimate interest in making improvements to how we provide our services and to improve the security and resilience of the computer systems we use. We must also respond to any changes in law or regulation that relate to the protection of the personal data we hold.

We may use the personal data we hold to help us develop and test our systems (including new technologies and services) to ensure that they are safe and will work in the ways in which we expect them to. When we do this we will use processes and technologies that are designed to keep this personal data secure.

To manage and organise our business - (Purpose: Legal obligation; Legitimate interest)

    We have a legitimate interest in organising and running our business in a correct and commercially sensible way and to comply with our legal and regulatory responsibilities to the UK financial system. We may use the personal data we hold to:
  • Train our team members.
  • Analyse trends or behaviours we can see.
  • Assess the profitability (or other indicators) of a particular product, service, sector or element of it when compared to others to inform our future commercial strategy.
  • Report to and communicate with our regulators, auditors and governmental agencies.
  • Help the preparation and confidential disclosure of personal data that supports our funding and other activities, e.g. the sale or transfer of our interests in some of our accounts or where we may want to re-organise some or all of our businesses through a merger, transfer or sale.

Sharing of your personal data

    We may subject to applicable data protection law share your personal data with other people or organisations such as the following:
  • Companies, subcontractors and other persons who provide products, services and administrative support to Melli;
  • The companies, organisations and professionals who provide other services to you;
  • Anyone we may transfer our rights and duties under any arrangement to;
  • Our legal and other professional advisers, including our auditors;
  • Credit reference agencies;
  • Fraud prevention agencies;
  • UK and overseas regulators, authorities and their service providers (e.g. the FCA, the Information Commissioners Office).
  • UK and overseas tax authorities (e.g. HM Revenue & Customs who may in turn share it with relevant overseas tax authorities).
  • UK and overseas law enforcement agencies (e.g. the National Crime Agency).
  • Anyone else with your permission.

How we work with credit reference agencies

We may carry out credit and identity checks when you apply for a product or service for you or your business with one or more credit reference agencies (‘CRAs’). We may also from time to time search personal data that CRAs have to help us manage those accounts. To do this we will share your personal data with CRAs and they will give us personal data about you. The personal data we exchange can include personal data from your application. CRAs will also supply us with public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

When we ask CRAs about you or your business, they will note it on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.

If you’re making a joint application, or you tell us that you have a spouse or financial associate, we will link your records together - so you should make sure they know what you are doing, and share this information with them, before applying. CRAs will also link your records together. If you later want to break this link you need to talk directly to the CRAs.

You can find more about the CRAs on their websites, in the Credit Reference Agency Information Notice.

Using personal data outside the European Economic Area (‘EEA’)

Your personal data may be transferred outside the UK and the EEA. While countries within the EEA, which includes the UK, have similar standards of legal protection for your personal data. In countries outside the EEA reasonable steps are taken to make sure your data is protected to UK standards. This include imposing contractual obligations of adequacy, or only allowing transfers to countries which have been officially recognised as having an adequate legal framework for the protection of personal data.

How long we hold personal data

We will keep your personal data for no longer than is necessary to manage your relationship with us, this will mean that we will continue to hold some personal data for a period of time after your account has closed or our relationship has ended. This is to comply with our legal and regulatory obligations to keep records of our relationship, to resolve disputes or where it may be needed for future legal proceedings.

Your rights in relation to your personal data

    Data protection law guarantees your rights in relation to your personal data. Details of your rights are set out below:
  • The right to be informed about our processing of your personal data;
  • The right to request access to your personal data and information about how we process it;
  • The right to have your personal data corrected if it is inaccurate and to have incomplete data corrected;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to move, copy or transfer your personal data (“data portability”);
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data; and
  • The right in relation to automated decision making and profiling.
    You have the right not to be subject to a decision when:
  • It is based on automated processing; and
  • It produces a legal effect or a similarly significant effect on you.

You can contact for more details on all the above

Who can you complain to

If for whatever reason you are unhappy with the way we are using your personal data, you should contact us in the first instance so that we can understand your issue and try and resolve it.

You can send your complaint to for the attention of Manager – Customer Services Department marked with private and confidential or write to the Manager – Customer Services at 98A High Street Kensington, London W8 4SG marked with private and confidential.

If you are not happy with the response from Melli following your complaint, you have the right to complain to the Information Commissioner’s Office (‘ICO’). It has enforcement powers and can investigate compliance with data protection law. For further information, visit or call ICO helpline on 0303 123 1113 or write to ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Making changes to this Privacy Notice

We will keep this information up to date and it will be available at or on request at any time.