Website privacy notice

When you browse the web, you leave a digital footprint. It's information about your device and the way you use it online.

We just want to let you know that we'll collect this information about you. Most websites do this.

We use this information to deliver the website to you. We also use it for other things, which we think help you and us.

We've put this notice together to explain this.

By the way, when we say "we" this means M&S Bank, other HSBC group companies and our trusted partners who provide services to us.

These include our:

  • Technology providers.
  • Cybersecurity companies.
  • Social media partners.
  • Advertising partners.

Our Privacy Notices

This is our website notice.

We have other notices. Some of these may apply to you as well. It depends on how you choose to interact with us.

  • Public website notice (you are here): This notice covers parts of this website where you don't need a password (like this page).
  • Full privacy notice: Our full privacy notice contains more information to read alongside this notice. It will tell you more details, such as the full company names of M&S Bank's data controllers. It also tells you how M&S Bank uses your personal information in general. You can find this at: marksandspencer.com/bankprivacynotice
  • Cookie notice: This notice covers how we collect information from your web browser or mobile device. You can find this at: marksandspencer.com/bankcookiepolicy
  • Other notices: Some of our app or parts of our websites have their own privacy notices. For example, our mobile app has a privacy notice. So does our careers section of our website at bank.marksandspencer.com/careers/.

You can usually find our notices in the footer of the webpage. If you're using our app, it will usually be in the menu. Our full privacy notice is our main one and can be found at marksandspencer.com/bankprivacynotice

Personal information collected by this website

We collect information when you use our website. We also do this when you visit one of our social media sites.

When you view our website or social media sites, we can see:

  • What you click.
  • What you view.
  • How long you spend on pages.
  • Your device & internet connection details such as: type of device you're using, IP address and details about your internet connection, technical details such as your screen size and the software you're using, such as your web browser.
  • Your country or region (not exactly where you are unless we ask permission).
  • Your unique advertising or other identification numbers allocated to your browser or device.

If you follow a link to this website, we know the last site you visited. You may have reached this website by following a link from an e-mail. When you open an email from us, we may be able to tell:

  • that you've opened it.
  • what links in the email you click on.

When you fill in a form on our website, we can see what you type.

If you send us a message, we may collect information you tell us.


Some of this data is collected by:

Our partners: These may be website hosts or social media sites.

Cyber-security filtering technology: This keeps our website safe from fraud and crime.

Cookies and similar technology: These are set on your device by us and our trusted partners.

We don't often know exactly who you are from this data. But sometimes we may connect this data with other information we hold about you.


For example:

  • If you browse our website and then access online banking, we may connect this data to you. The next time you visit, we may still link that data to you.
  • If you browse our website while logged into social media accounts, then our partners may be able to connect this data to those accounts.

It might be possible to connect your browsing data to personal data held by third parties. We use your data when it is in our legitimate interests.

This means we need to have a valid and lawful reason to use your data and balance this with your interests.

How we use this personal information

To deliver the website

We use your information to operate the website and monitor how well it is working. Most websites do this.

To improve our business

We use your information to:

  • Understand how you use our services.
  • View trends in product offerings.
  • Develop well targeted offers and products.
  • Find offers and products that may be of interest to you.
  • Make our services better for you.
  • Learn how useful our marketing is and make it better.

Security & protection

We use your information to help protect you and ourselves against fraud or crime. For example, our service providers look at all use of our website to help block malicious activity. This helps keep you and us safe.

We also use BioCatch and LexisNexis (Threatmetrix).

Personalising our website

When you visit our website, we may use data we collect to make the site reflect you. This could include:

  • Tailoring our website content and services for you.
  • Showing your information or updates that might be useful for you.
  • Showing products or services that we think will be of interest to you.

Online advertising

When we advertise online, we may share your information with our advertising partners.

We may ask our advertising partner to use that information to:

  • Check if you hold an account with them.
  • Choose which adverts to send to you.
  • Send our adverts to you.
  • Exclude you from adverts, e.g. if the advert is for a service you already use.
  • Advertise to people who have a similar profile to you or share your interests.
  • Identify what other marketing may be of interest to you.
  • Understand how useful our marketing is and make it better.

Social Media

M&S Bank uses social media to:

  • Help connect with you.
  • Share information about our products and services.
  • Sometimes these involve using your data.

You can find out more about how we use information from social media in our full privacy notice at marksandspencer.com/bankprivacynotice
Social media platforms may let you choose what advertising you receive. You should contact them for more information.

Your rights

We think carefully about how we use your information. We always aim to use it in a way that's fair to you. You might prefer us not to use it for some purposes.

You have a legal right to:

  • Ask us to provide you with copies of your personal information, make corrections or sometimes ask us to delete it.
  • Object to our processing of your information in some circumstances. For example to ask us not to share your personal information for online advertising.
  • Complain to the UK Information Commissioner's Office by visiting ico.org.uk (link opens in a new tab).
  • We may not always be able to stop processing your information, such as if we're using it to help protect you or others.

Other important information

We have a couple more things to tell you.

  • Transfers: We transfer your information outside of the UK and the European Economic Area. If this happens your information may not have the same level of protection.
  • Security: We'll use a range of measures to keep your information safe and secure, such as encryption.
  • Storage: We keep your information in line with our data retention policy. We do this to comply with legal and regulatory requirements, and for our legitimate purposes.

Our full privacy notice contains more information about these topics.

Contact us

We're always happy to hear from you.

You can contact our Data Protection Officer at:

For the attention of: the DPO

M&S Bank,
PO Box 325
Wymondham
NR18 8GW

This privacy notice may be updated from time to time, and you'll always be able to find the most recent version on this site.


Last updated: 12/12/2024