Website privacy notice
Hello. Nice to see you here.
When you browse the web, you leave a digital footprint. It's information about your device and the way you use it online.
We just want to let you know that we'll collect this information about you. Most websites do this.
We use this information to deliver the website to you. We also use it for other things, which we think help you and us.
We've put this notice together to explain this. Don't worry. It takes a little over 7 minutes to read.
By the way, when we say "we" this means M&S Bank, other HSBC group companies and our trusted partners who provide services to us.
These include our:
- Technology providers.
- Cybersecurity companies.
- Social media partners.
- Advertising partners.
Our Privacy Notices
This is our website notice.
We have other notices. Some of these may apply to you as well. It depends on how you choose to interact with us.
- Public website notice (you are here): This notice covers parts of this website where you don't need a password (like this page).
- Full privacy notice: Our full privacy notice contains more information to read alongside this notice. It will tell you more details, such as the full company names of M&S Bank's data controllers. It also tells you how M&S Bank uses your personal information in general. You can read that at: bank.marksandspencer.com/pdf/MSBPrivacyNotice.pdf
- Cookie notice: This notice covers how we collect information from your web browser or mobile device.
- Other notices: Some of our apps or parts of our websites have their own privacy notices. For example, our mobile apps have privacy notices. So does our careers section of our website at bank.marksandspencer.com/careers/.
You can usually find our notices in the footer of the webpage. If you're using an app, it will usually be in the menu. Our full privacy notice is our main one and can be found at bank.marksandspencer.com/pdf/MSBPrivacyNotice.pdf
Personal information collected by this website
We collect information when you use our website. We also do this when you visit one of our social media sites.
When you view our website or social media sites, we can see:
- What you click.
- What you view.
- How long you spend on pages.
- Your device & internet connection details such as: type of device you're using, IP address and details about your internet connection, technical details such as your screen size and the software you're using, such as your web browser.
- Your country or region (not exactly where you are unless we ask permission).
- Your unique advertising or other identification numbers allocated to your browser or device.
If you follow a link to this website, we know the last site you visited. You may have reached this website by following a link from an e-mail. When you open an email from us, we may be able to tell:
- that you've opened it.
- what links in the email you click on.
When you fill in a form on our website, we can see what you type.
If you send us a message, we may collect information you tell us.
Some of this data is collected by:
Our partners: These may be website hosts or social media sites.
Cyber-security filtering technology: This keeps our website safe from fraud and crime.
Cookies and similar technology: These are set on your device by us and our trusted partners.
We don't often know exactly who you are from this data. But sometimes we may connect this data with other information we hold about you.
- If you browse our website and then access online banking, we may connect this data to you. The next time you visit, we may still link that data to you.
- If you browse our website while logged into social media accounts, then our partners may be able to connect this data to those accounts.
It might be possible to connect your browsing data to personal data held by third parties. We use your data when it is in our legitimate interests.
This means we need to have a valid and lawful reason to use your data and balance this with your interests.
How we use this personal information
To deliver the website
We use your information to operate the website and monitor how well it is working. Most websites do this.
To improve our business
We use your information to:
- Understand how you use our services.
- View trends in product offerings.
- Develop well targeted offers and products.
- Find offers and products that may be of interest to you.
- Make our services better for you.
- Learn how useful our marketing is and make it better.
Security & protection
We use your information to help protect you and ourselves against fraud or crime. For example, our service providers look at all use of our website to help block malicious activity. This helps keep you and us safe.
Personalising our website
When you visit our website, we may use data we collect to make the site reflect you. This could include:
- Tailoring our website content and services for you.
- Showing your information or updates that might be useful for you.
- Showing products or services that we think will be of interest to you.
When we advertise online, we may share your information with our advertising partners.
We may ask our advertising partner to use that information to:
- Check if you hold an account with them.
- Choose which adverts to send to you.
- Send our adverts to you.
- Exclude you from adverts, e.g. if the advert is for a service you already use.
- Advertise to people who have a similar profile to you or share your interests.
- Identify what other marketing may be of interest to you.
- Understand how useful our marketing is and make it better.
M&S Bank uses social media to:
- Help connect with you.
- Share information about our products and services.
- Sometimes these involve using your data.
Social media platforms may let you choose what advertising you receive. You should contact them for more information.
When you use an M&S Bank Page on Facebook, Facebook Ireland and M&S Bank collect information about you. This includes:
- What you click on: if you start a messenger conversation.
- What you view: when you hover over a link or have an event page on screen.
- What you say: like comments or reactions.
- Your actions: like sharing or recommending.
- Your activity: how long you spend on pages, date and time of actions or websites you visited before you took the action.
- Your location: Country or region. This is not your precise location unless you have provided this in your user profile and you are logged-in.
- Your device and internet connection.
- Your Facebook profile details and user ID.
M&S Bank has access to this information to use for reporting, insights and marketing purposes and so does Facebook.
This helps M&S Bank improve our offering on Facebook and create better marketing. M&S Bank may also see this information if M&S Bank has communicated with you on Facebook. M&S Bank does this because it helps us know who we're speaking to.
Facebook Ireland is a ‘joint controller' with us in law for processing where we collect information about you:
- From your actions on our Facebook page.
- Through the Facebook pixel on our website.
We and Facebook have agreed to share some responsibilities to protect your personal data, by:
- Making sure we each have a legal basis for joint processing.
- Honouring your legal rights in respect of your data.
- Ensuring security of joint processing.
You can contact M&S Bank about how we do this. You can also contact Facebook about what they do. This includes exercising your legal rights in respect of the data Facebook collects and retains itself.
Further details of how Facebook processes your personal information, the legal basis it relies on, your rights and Facebook's contact details can be found at: www.facebook.com/about/privacy (link opens in a new tab).
We think carefully about how we use your information. We always aim to use it in a way that's fair to you. You might prefer us not to use it for some purposes.
You have a legal right to:
- Ask us to provide you with copies of your personal information, make corrections or sometimes ask us to delete it.
- Object to our processing of your information in some circumstances. For example to ask us not to share your personal information for online advertising.
- Complain to the UK Information Commissioner's Office by visiting ico.org.uk (link opens in a new tab).
- We may not always be able to stop processing your information, such as if we're using it to help protect you or others.
Other important information
We have a couple more things to tell you.
- Transfers: We transfer your information outside of the UK and the European Economic Area. If this happens your information may not have the same level of protection.
- Security: We'll use a range of measures to keep your information safe and secure, such as encryption.
- Storage: We keep your information in line with our data retention policy. We do this to comply with legal and regulatory requirements, and for our legitimate purposes.
Our full privacy notice contains more information about these topics.
We're always happy to hear from you.
You can contact our Data Protection Officer at:
For the attention of: the DPO
P.O. Box 10565,
51 Saffron Road,
Wigston, LE18 9FT
This privacy notice may be updated from time to time, and you'll always be able to find the most recent version on this site.
Last updated: 01/04/2021
Thank you for reading this privacy notice.