Banking is personal and it involves data about you - nearly every interaction and transaction you will have with us or perform using our app or banking products will involve the collection, creation, use, or sharing of data. Data about you - whether you give it to us, we collect it through your use of our services, receive it from others, or we create it such as through data analytics - helps us provide you with the best possible customer experience, understand you better, and anticipate your needs. It also helps us secure your accounts, improve our app and product offerings, create relevant marketing and advertising, and meet our legal obligations.
Our objective with this policy is to explain how and why collect, create, use, share, store, and delete data as well as to outline the controls we offer to help you take advantage of the important rights you have in regard to your data including privacy settings, notifications, marketing elections, cookies management, and customer support.
This policy is provided by J.P. Morgan Europe Limited (25 Bank Street, Canary Wharf, London, E14 5JP, UK) as data controller and applies to all of our consumer banking and related services (referred to as the “Chase Services”). The terms governing your use of the Chase Services are set forth in the General Account Terms and Conditions.
Over time we expect to develop new products and services and improve the ones we already offer. If these developments materially change our practices in regard to how we collect, create, use, share, store, and delete your data we will update this policy. If you ever have questions or concerns – please contact us in accordance with the 'Contact details' section below.
This policy is applies to:
Your data is just that – your data. That’s why the Data Protection Act provides you with certain rights in regard to your data, including these rights.
You can confirm the data we process about you and request a copy of your data and information relating to how it is processed
You can request that any inaccuracies in the data we hold about you be corrected.
You can request that we delete your data
You can request that we stop processing your data temporarily or permanently.
You can object to our processing of your data under certain circumstances.
You can request a copy of your data is shared with a third party.
Where we are relying on your consent to process your data, then you can withdraw your consent at any time.
You may object to our processing of your data for marketing at any time. If you do object we will stop processing your data to market to you.
This section shows the categories of data we collect, create, use, and share along with a description of each category. The sources of your data varies – there is data you give to us, data we collect through your use of Chase Services, data we receive from others, data that is publicly available, and data we create such as through analytics.
Your full name, home address, email address, phone number, social media profile details and information that is used to verify your identity such as photo ID, passport number, national insurance number, driving licence number, and nationality.
The data used to access the Chase Services and including your pin number password, security questions and answers, PIN numbers and biometric data (as further explained below).
Information used to assess your credit worthiness, including: your salary, employment status, credit rating, CCJs or bankruptcy.
Details relating to any account that you hold with us, including account number, sort code, debit card information, account balance and overdraft limit.
Records of payments made and received, including the identities of payees and payers; interest payments, direct debits and standing orders.
Information regarding your stated preferences and relating to your use of our services, including analysis of your spending habits, spending limits that you set, your budgets and stacks and insights into your spending and saving activity.
Data that you may provide to us relating to a disability or health which is relevant to your use of the Chase Services such as accessibility of our app or a change in your health status.
Records of any communications between you and us, including via email, telephone, inapp chat, social media, and letter.
Details we collect from your devices, such as cookies, activity logs, use of our website and mobile application, online and unique device identifiers.
We create temporary facial recognition templates when we match your selfie to your photo ID as part onboarding or when you reset your pin, unlock your account or change your device.
Your IP address, location data from your payment transactions, from your device as part of our security and fraud prevention checks and from you directly if you turn on/allow location sharing within the app.
Your in app activity, such as what screens you click on or how long you spend in the app using certain features, your IP address or location, device identifier, device type, your activity on our website or social media pages, transaction and spending history.
We use automated decision making in the following scenarios:
You have the right to request information about the existence of and an explanation of the logic involved in, the significance of and any envisaged consequences of, any automated decision making using your data that has a legal effect or a similar effect on you.
You also have the right to object to automated-processing, provide additional information or ask us to review a decision which may result in us ceasing to carry out that processing or correcting the decision made. In certain circumstances you also have the right not to be subject to a decision based solely on automated processing.
The purposes for which we may use your data are as follows:
Setting up your account with us; fulfilling our regulatory compliance obligations, including ‘KYC’ checks; confirming and verifying your identity (including by using credit reference agencies); authenticating your use of our services; screening against government, supranational bodies and/or law enforcement agency sanctions lists as well as internal sanctions lists and other legal restrictions.
Conducting credit reference checks and other financial due diligence.
Provide you with customer service; helping you manage your account; assistance relating to Chase Services; to inform you about important details relating to your account; review and respond to any queries, issues and complaints you may have.
Providing our core banking/account services to you via our app and service centre; sending service messaging in relation to our services, refining our processes and procedures, administering relationships and related service; performance of tasks necessary for the provision of the requested services and communicating with you in relation to those services.
Detecting, preventing and investigating fraud on your device, transactions and payments and detecting applicant fraud as part of our onboarding process.
Management of our communications systems; operation of IT security; IT security audits.
With your permission, provide Open Banking services with access to your account information.
Contacting you about Chase Services, new features via email, in app notification or online through social media ads or ads we place on websites you visit. Understanding how you interact with our app, our website, social media channels and our online ads allows us to understand our customers, people who are interested in becoming customers and helps us build our marketing campaigns and understand the people we are building ads and campaigns for.
Personalisation of Chase Services to you and how you can personalise your in app experience.
Internal and regulatory reporting and business oversight such as internal audits and to produce reports to analyse our performance and manage our finances.
Speaking to you to collect feedback on both new products and services we are looking to develop or how we are doing in relation to our existing products and your experience with us as a customer. We will collect this information directly through our brand communication channels or through specific research groups we create.
Maintaining the security of the app as downloaded onto your device.
Understanding how you as our users interact and use our app, website and social media pages; understanding how you interact allows us to improve on what works, what doesn’t and build new products and features for you.
Detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
Compliance with our legal and regulatory obligations under applicable law and for us to establish, exercise and defend our legal rights.
We will disclose your data to certain third parties from time to time. These include:
To help us run our business via sharing infrastructure or where we need to share information for reporting and business management purposes for our internal purposes, for example in connection with our anti-money laundering obligations.
To provide you with our services, such as processing payments that you make.
That you authorise to receive information relating to your account.
To assist us in providinge you with our services, such as our cloud service provider.
If you choose to interact any such plugins or content, your data will be shared with the third party provider of the relevant social media platform.
If they require us to share your data, if we are required to report any actual or suspected breaches of applicable law or regulation.
Including the UK Financial Conduct Authority, the UK Prudential Regulation Authority, the UK Financial Services Deposit Compensation Scheme and other deposit guarantee schemes and HMRC.
To check your creditworthiness.
In relation to the detection and prevention of criminal activities, including fraud and money laundering.
Including accountants, financial advisors, lawyers and other outside professional advisors for purposes of providing services to us.
If our business, or part of it, is sold or reorganised.
To receive more information about the third parties that we may share your data with, you can contact us through the information provided in the 'Contact details' section below.
We may receive certain data about you from various third parties from time to time, including:
We are part of a global banking business and we rely on shared infrastructure and systems and also have governance and reporting obligations as such, we will transfer your data within J.P. Morgan Europe Limited, and to third parties as set out above.
For this reason, we will transfer your data to other countries outside of the UK that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those enacted in the UK. These transfers will only take place for the purposes outlined in this Policy.
Where we transfer your data to other countries outside of the European Economic Area, we will do so on the basis of:
To receive more information about the safeguards that we apply to international transfers of your data, please contact us through the information provided in the 'Contact details' section below.
We have implemented appropriate technical and organizational measures designed to protect your data. We work hard to protect your information. We protect your data in line with our global security program built on our core principles of only using the data required for the processing in question, controlling access to systems and datasets to those who need to use the data, and using an encryption and other techniques to secure the data that we hold in our systems.
We take reasonable steps designed to ensure that any data that we process are accurate and, where necessary, kept up to date and that any of your data that we process that is inaccurate (having regard to the purposes for which they are processed) are erased or rectified without delay. From time to time we may ask you to confirm the accuracy of your data.
We take reasonable steps designed to ensure that your data that we process are limited to the data reasonably required in connection with the purposes set out in this notice.
We will retain your data in line with our data retention policy and for the minimum period required. The duration of the retention period is determined by a number of criteria including the nature of our relationship with you, UK law, the type of data and the Chase Services that the data relates to.
Once we no longer need to retain your data, we will either: permanently delete or destroy the relevant data; archive your data so that it is beyond use; or anonymize the relevant data.
We will update this Policy from time to time for example when we change the data we collect or the ways in which we process it.
Whenever there are significant changes to the policy then we will reach out and let you know.
---
Your deposit is eligible for protection by the Financial Services Compensation Scheme (FSCS). The information sheet and exclusions list are available to view in the app. For further information about the compensation provided by the FSCS, refer to the FSCS website at https://www.FSCS.org.uk
Chase is a registered trademark and trading name of J.P. Morgan Europe Limited. J.P. Morgan Europe Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 124579. Registered in England & Wales with company number 938937. Our registered office is 25 Bank Street, Canary Wharf, London, E14 5JP, United Kingdom.