Privacy notice

Introduction

Marks & Spencer Financial Services plc (‘M&S Bank’, ‘we’, ‘our’ and ‘us’) collects, uses and shares information about you so that we can provide you with an account and other services. This app Privacy Notice explains how we collect, use and share your information when you use our app, including information about the device that the app is installed on, for example, your mobile phone or tablet. You can find full information in the M&S Bank Privacy Notice, including details of the data controller(s) for the products and services you hold with us. This app is provided by HSBC Global Services (UK) Limited for us and on our behalf, but all products and services accessed via this app are provided by us, HSBC group companies or selected partners.

How we secure your information

We use a range of measures to keep your information safe and secure, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information and apply appropriate measures for the use and transfer of information.

Who we might share your information with

As M&S Bank is part of the HSBC Group, we may share your information with other HSBC group companies and any sub-contractors, agents or service providers who work for us or other HSBC group companies (including their employees, sub-contractors, service providers, directors and officers) to provide you with products or services that you ask for (such as accounts and payments).

How long we’ll keep your information

We’ll keep your information in line with our data retention policy. For example, we’ll normally save your main banking information for a period of 7 years from the time our relationship ends with you. This allows us to comply with legal and regulatory requirements or use it for legitimate purposes, such as managing your account and dealing with any disputes or concerns that may arise. We may need to keep your information for longer if we need the information to comply with regulatory or legal requirements, detect or prevent fraud and financial crime, answer requests from regulators etc. If there is no need for us to keep the information for this length of time, we may destroy, delete or anonymise it sooner.

Permissions we need before using your information

The list below explains what information we collect from your device, how we use it and whether we share it. In some cases, we’ll seek your permission.

Permissions for all devices:

  • Location: Allows us to detect your location and prevent fraud when you’re using the M&S Banking App
  • Microphone: Allows you to send recorded voice messages when you’re chatting with us
  • Device information and internet access: Allows us to check if you have a working internet connection
  • Push messages: Allows you to receive notifications of messages from M&S Bank and alerts about activity on your account
  • Speech Recognition: Allows us to convert spoken language into text in mobile chat

Permission specific to iOS devices:

  • Biometric information: Allows you to use your biometric credentials, such as Face ID or Touch ID, to sign in
  • App tracking transparency: Allows you to grant us the permission to track your activities across other companies’ apps and websites (iOS14.0 and above)
  • Microphone: Allows you to record voice messages to send to us via ‘Chat with us’

Permission specific to Android devices:

  • External storage device (for example memory card): Allows the app to save files, such as statements, on your device's external storage so that you can view or send them
  • Biometrics: Allows you to use your biometric credential, such as fingerprint recognition, to sign in
  • Application permission: Allows Google Play Store to keep a record from where you downloaded the M&S Banking App.

Cookies and similar technologies

We collect data through cookies and similar technologies, and use the following tools to collect information about your device and the way you use it online, which you can control in the Cookies section of the app.

  • Transmit Security - Helps make sure your sign in and authentication are more secure
  • Tealium (tag manager) - Allows us to manage cookies based on your preferences
  • AppDynamics - Helps track app performance so that it can keep running smoothly
  • LivePerson – Allows us to provide chat support and messaging services
  • Optimizely - Allows us to deliver personalised content in various forms across our apps
  • Tealium AudienceStream – Allows us to collect data about how you use this app, to create profiles based on your behaviour and measure the performance of our digital advertising
  • Tealium EventStream - Allows us to collect data to personalise our app
  • Firebase (Android only) – Allows us to send push notifications on Android devices

How to contact us

For further information on anything related to this app Privacy Notice, or to contact our Data Protection Officer (DPO), you can write to M&S Bank, PO Box 325, Wymondham, NR18 8GW or M&S Bank, Kings Meadow, Chester, CH99 9FB addressed ‘For the attention of Rights of Individuals Fulfilment (ROIF)’. Alternatively, you can contact us using the M&S Banking App where you can chat with us 24/7 or via telephone to talk to our customer support team (lines open 8am-8pm).

Last updated: 25 July 2023