Privacy Policy of Legacy Cornerstone gte financial Bank

1. Introduction

This Privacy Policy explains how Legacy Cornerstone gte financial Bank ("Legacy Cornerstone", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you use our banking services, visit our websites, interact with our mobile or online platforms, or otherwise engage with us. We are committed to protecting your privacy and handling your information in a transparent and lawful manner.

By using our services, including any products or services offered under or in connection with the name "gte financial", you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Legacy Cornerstone gte financial Bank is a banking institution operating in England. We provide a range of financial products and services to individual and business customers, including but not limited to current accounts, savings accounts, loans, credit facilities, and digital banking solutions.

Legacy Cornerstone gte financial Bank acts as a "data controller" in respect of the personal data we process, which means we determine the purposes and means of processing your personal data.

3. Legal Basis and Applicable Law

We process your personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Privacy and Electronic Communications Regulations (PECR)
• Any other applicable data protection and banking regulations in England

We will only process your personal data where we have a valid legal basis, which may include:

• Performance of a contract: to provide you with banking and related financial services.
• Compliance with a legal obligation: to meet regulatory, anti-money laundering, and fraud prevention requirements.
• Legitimate interests: to manage and improve our business, develop services, and protect our operations, provided that such interests are not overridden by your rights.
• Consent: where required, for specific purposes such as certain forms of marketing or data sharing.

4. Personal Data We Collect

The type of personal data we collect will depend on the services you use and your relationship with us. This may include:

4.1 Identification and Contact Information

• Full name, date of birth, nationality
• Residential and correspondence addresses
• Email address and telephone numbers
• Identification documents (passport, driving licence, national ID) and identification numbers

4.2 Financial and Account Information

• Bank account numbers and sort codes
• Account balances and transaction histories
• Direct debits, standing orders, and payment instructions
• Credit history and credit scoring information

4.3 Regulatory and Compliance Information

• Information obtained for Know Your Customer (KYC) and Customer Due Diligence (CDD) purposes
• Information relating to anti-money laundering (AML) checks and sanctions screening
• Records of suspicious activity reports (where applicable)

4.4 Technical and Usage Information

• IP address, device identifiers, browser type and version
• Login credentials and authentication data (in encrypted form)
• Usage data related to our websites, mobile apps, online portals, and communication tools

4.5 Communication and Interaction Data

• Records of your communications with us (including emails, messages, phone calls, and online chats)
• Feedback, complaints, queries, and survey responses

4.6 Special Categories of Data In limited circumstances, we may process special categories of personal data (for example, information relating to health or criminal convictions) where required for regulatory compliance, fraud prevention, or to provide specific services, and only where permitted by law and where appropriate safeguards are in place.

5. How We Collect Your Personal Data

We collect personal data in various ways, including:

5.1 Directly from You

• When you open an account or apply for products and services
• When you complete forms, submit documents, or update your details
• When you contact us by phone, post, online chat, email, or in person
• When you use our websites, mobile applications, or online banking services

5.2 From Third Parties

• Credit reference agencies
• Fraud prevention agencies and identity verification providers
• Publicly available sources (such as electoral registers or public databases)
• Other financial institutions and intermediary partners, where authorised

5.3 Through Automated Means

• Cookies and similar technologies on our websites and digital platforms
• System logs, security monitoring tools, and analytic services

6. Purposes for Which We Use Your Personal Data

We use your personal data for the following purposes:

6.1 Providing Banking and Financial Services

• To open, administer and manage your accounts
• To process payments, transfers, deposits, withdrawals, and card transactions
• To assess and process applications for loans, credit, and other financial products
• To provide statements, notices, and other account-related communications

6.2 Regulatory, Legal and Risk Management

• To comply with applicable laws and regulations, including those relating to banking, anti-money laundering, fraud, and sanctions
• To verify your identity and conduct due diligence checks
• To prevent, detect, and investigate fraud, financial crime, and misuse of our services
• To manage risk and conduct internal audits, reviews, and reporting

6.3 Service Improvement and Business Operations

• To monitor, maintain, and improve our products, services, and systems
• To conduct market research, data analysis, and statistical assessments
• To test and develop new features, products, and technologies
• To ensure the security, integrity, and resilience of our IT and banking systems

6.4 Marketing and Communications

• To send you information about our products, services, and offers that may be relevant to you, including those associated with our brand or services marketed under "gte financial"
• To conduct customer satisfaction surveys and gather feedback
• To personalise content, communications, and offers based on your preferences and usage

Where required by law, we will obtain your consent before sending you direct marketing communications. You may opt out of marketing at any time (see Section 11 below).

7. Cookies and Similar Technologies

We may use cookies and similar technologies on our websites and digital platforms to:

• Enable core functionality such as login, navigation, and security
• Remember your preferences and improve your user experience
• Analyse usage patterns and performance to enhance our services

You can manage your cookie preferences through your browser settings and, where available, through our cookie management tools. Certain essential cookies are necessary for the proper functioning of our services and cannot be disabled.

8. How We Share Your Personal Data

We may share your personal data with the following categories of recipients, always under appropriate safeguards and only where lawful and necessary:

8.1 Within Legacy Cornerstone gte financial Bank

• Group entities, departments, and branches for administrative and operational purposes

8.2 Service Providers and Professional Advisers

• IT service providers, cloud hosting providers, and data centres
• Payment processors and card scheme operators
• Customer support, call centre, and communication service providers
• Legal advisers, auditors, consultants, and other professional service firms

8.3 Other Financial Institutions and Partners

• Correspondent banks and intermediary banks
• Credit reference agencies and fraud prevention agencies
• Business partners and intermediaries involved in providing or distributing our services

8.4 Regulatory and Public Authorities

• Regulators, supervisory authorities, and law enforcement agencies
• Tax authorities and other governmental bodies
• Courts and tribunals, where required by law or in connection with legal proceedings

8.5 Business Transfers In the event of a merger, acquisition, restructuring, or transfer of business, your personal data may be transferred as part of that transaction, subject to continued protection consistent with this Privacy Policy.

We do not sell your personal data.

9. International Transfers of Personal Data

Where we transfer your personal data outside the United Kingdom or the European Economic Area, we ensure that appropriate safeguards are in place, such as:

• Transfers to countries deemed to provide an adequate level of protection by the UK government or relevant authorities; or
• Standard contractual clauses or other approved contractual safeguards; or
• Other lawful bases and appropriate protection measures, as permitted under applicable data protection law.

You may contact us for further information about the safeguards we use for international data transfers.

10. Data Security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include:

• Encryption and pseudonymisation of data where appropriate
• Access controls and authentication mechanisms
• Firewalls, intrusion detection systems, and security monitoring
• Regular security assessments and staff training

Despite our efforts, no system can be guaranteed to be completely secure. We will notify you and any relevant authorities of data breaches where we are legally required to do so.

11. Your Rights

Subject to certain conditions and exceptions under applicable law, you have the following rights in relation to your personal data:

• Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data.
• Right to rectification: to request correction of inaccurate or incomplete personal data.
• Right to erasure: to request deletion of your personal data where there is no longer a lawful basis for us to keep it.
• Right to restriction: to request restriction of processing in certain circumstances.
• Right to data portability: to receive personal data you have provided in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
• Right to object: to object to processing based on our legitimate interests or for direct marketing.
• Rights regarding automated decision-making: to request human intervention, express your point of view, and contest decisions where processing involves automated decision-making with legal or similarly significant effects.

To exercise your rights, please contact us using the details provided in Section 14. We may need to verify your identity before responding to your request. We will respond within the time limits set by law.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or another competent data protection authority if you believe your rights have been violated.

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal, regulatory, and operational requirements. Factors that influence our retention periods include:

• Regulatory and statutory retention periods applicable to banking and financial records
• Time limits for potential legal claims or disputes
• Operational needs and historical record keeping

When personal data is no longer required, we will delete it securely or anonymise it so that it can no longer be associated with you.

13. Marketing and Communication Preferences

We may use your personal data to send you marketing communications about products and services offered by Legacy Cornerstone gte financial Bank, including those related to gte financial-branded services, which we believe may be of interest to you.

You can manage or opt out of marketing communications at any time by:

• Following the unsubscribe or opt-out instructions included in our emails or messages; or
• Adjusting your communication preferences in our online or mobile banking platforms (where available); or
• Contacting us directly using the details described in Section 14.

Even if you opt out of marketing, we will still send you service-related communications that are necessary for the management of your accounts and services.

14. Contacting Us

If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise your rights, you may contact our designated privacy or data protection contact at:

Legacy Cornerstone gte financial Bank Data Protection / Privacy Enquiries [Insert Postal Address] [Insert Email Address] [Insert Telephone Number]

Please include sufficient detail in your request so that we can identify you and respond appropriately.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we do so, we will revise the "last updated" date and, where appropriate, notify you via our website, online banking platforms, or other suitable means.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal data.

16. Last Updated

This Privacy Policy was last updated on: [Insert Date].