NatWest Markets Plc
250 Bishopsgate, London, EC2M 4AA, UK
Data Protection Authority:
We are NatWest Markets, a member of the NatWest Group. You can find more information about NatWest Group companies (referred to as ‘Affiliates’) in the ‘About Us’ section of our website: www.natwestgroup.com.
This Privacy Notice:
For individuals, this Privacy Notice applies to our processing of your personal information.
For companies and organisations, this Privacy Notice applies to our processing of any personal information you provide to us or that we otherwise process in connection with the products and services we provide to you. That includes personal information about your legal representatives, directors, employees, authorised personnel, beneficial owners, trustees, fund managers, partners, other associates, or people exercising control over your company or organisation. In respect of any personal information that you provide to us, please ensure that you:
We might update our Privacy Notice from time to time and, if we do, we’ll communicate the changes to you and publish the updated Privacy Notice at https://www.natwest.com/corporates/your-privacy.html. We encourage you to visit our website regularly for an update about what we use your personal information for and the rights that you have.
We collect and process various categories of personal information throughout your relationship with us. We will limit the collection and processing to information that’s necessary to achieve one or more legitimate purposes outlined in this notice.
Personal information[1] includes, but isn’t limited to:
We might also process more sensitive categories of information for specific and limited purposes. For example, PEP checks might reveal information that indicates a person’s political opinions. Also, when we organise client events, we might collect personal data about dietary or accessibility requirements that could indicate religious or philosophical beliefs, health details or medical conditions. We’ll only process special categories of information if we have your consent or are lawfully permitted to do so.
We might use biometric technologies, such as voice or facial recognition, for identification and verification purposes and to help prevent fraud or other crimes. For example, we might use mobile apps that use facial recognition technology as a security control, and telephony systems that use voice recognition.
Where permitted by law, we might process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as carrying out checks to prevent and detect crime and to comply with laws on money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. This might involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.
[1] Although the categories of information specified herein may be collectively referred to as “personal information,” such information may be referred to and defined differently under local applicable law, for example, among others, the GDPR in the UK or the CCPA in the U.S.
Your personal information includes anything we collect and hold about you. It includes information:
To fulfil our Customer Due Diligence (CDD) or Know Your Customer (KYC) obligations, by confirming and verifying the identity of individual customers (natural persons) and individuals who are the ultimate beneficial owners (UBOs) and representatives of institutional clients. We’re required to screen those individuals’ details against government, supranational bodies (such as the European Union and the United Nations Security Council) and/or law enforcement agency sanctions lists and other legal restrictions.
We are required to identify individual clients and UBOs that are Politically Exposed Persons (PEPs).
We have to complete these activities during the application / onboarding stage for new or prospective customers and on an ongoing basis for existing customers.
Our legal basis for processing:
The processing is necessary to comply with a legal or regulatory obligation.
This can include:
To assess applications for products and services, to obtain and record the necessary account opening documents - including the correct customer contact details - and setting up customers and their employees and representatives with the necessary authorisations and permissions (such as systems access).
Our legal basis for processing:
For individual customers, the processing is necessary to enter into a contract
For corporate and institutional customers, the processing is necessary for our legitimate interests. We need to collect all the necessary personal data about the employees and representatives.
So that we’re able to provide you with products and services, relationship management, trade execution, statements and other operational communications, as well as resolving any queries and complaints.
Our legal basis for processing [2]:
For individual customers, the processing is necessary to fulfil a contract, or is necessary for our legitimate interests to manage our customer relationships.
For corporate and institutional customers, the processing is necessary for our legitimate interests. We need to process some personal data about employees and representatives, such as contact information, to manage the customer relationship.
[2] Doesn’t apply to NatWest Markets Plc Singapore Branch which relies on the individual’s consent or one or more exemptions under the Singapore Personal Data Protection Act (Cap 26 of 2012) to collect, use, disclose or share personal information.
Communicating the following to you:
(1) details of products and services we think might be of interest to you or your business (which might include products and services offered by other NatWest Group companies)
(2) strategy views across FX, credit and economics, as well as sales commentary and trade ideas.
We are data-driven and will analyse data gained from your interactions and engagements with us to gain insights and identify trends. We will use this data to enhance and personalise the communications we send to you.
We will not share your details with third parties for their direct marketing purposes.
Our legal basis for processing:
The processing is necessary for our legitimate interests, though you can opt out of receiving marketing communications at any time.
So that we can organise and manage events, such as webinars, conference calls and in-person events.
Our legal basis for processing:
The processing is necessary for our legitimate interests, so we can invite individuals to our events, and run those events.
Also:
With the individual’s explicit consent. For in-person events, we might need to ask for information about attendees’ dietary and/or mobility requirements. In some cases this could result in us processing personal information that infers an individual’s religious or philosophical beliefs, health details or medical conditions. This information will only be used to meet those attendees’ requirements during the event, after which it will be deleted.
Conducting market, product, industry or customer satisfaction research, normally by email.
Our legal basis for processing:
The processing is necessary for our legitimate interests – we want to get the views of our customers on how we are performing and how we can improve, and to gather their thoughts and opinions on wider matters.
So that we can comply with our legal and regulatory obligations under applicable law. This includes complying with non-binding codes of practice, guidance, and to assist in law enforcement and investigations by relevant authorities.
Our legal basis for processing:
The processing is necessary for compliance with a legal obligation, including but not limited to trade reporting, tax reporting and market abuse requirements, and other laws relating to financial markets and instruments.
So that we’re able to run our business effectively, including:
Our legal basis for processing:
The processing is necessary for our legitimate interests, so that we can run our business and serve our customers effectively.
To determine what products and services we can offer and under which terms, to prevent financial crime, and to protect our reputation.
This might include processing your personal information to:
Our legal basis for processing:
The processing is necessary for our legitimate interests, so that we can manage our risks effectively.
Litigation proceedings such as claims, actions, proceedings (including obtaining legal advice and facilitating dispute resolution), protecting, enforcing or defending our contractual and legal rights and obligations.
Our legal basis for processing:
The processing is necessary for our legitimate interests, so that we can exercise our legal rights.
We might transfer your personal information to organisations in other countries (including to Affiliates) but only if the organisation we pass it to protects it in the same way we would and in line with regulations which include the rules of any relevant regulatory authority or exchange (such as the UK Financial Conduct Authority (FCA) and the UK Prudential Regulation Authority (PRA) Rules) and any applicable laws, rules, procedures, guidance, codes, standards and regulations (such as accounting rules and anti-money laundering and sanctions legislation) in force from time to time (we’ll refer to these as ‘Applicable Regulations’).
If we need to transfer your personal information across international borders, we will only do so where one or more of these apply:
We might contact you using any of the contact details we hold about you. If you change your contact details, you should tell us as soon as you can.
As permitted by applicable law, electronic communications and telephone conversations we have with you will be monitored and/or recorded to evidence transactions, trades and instructions, for training purposes, internal investigations, for legal reasons or to meet Applicable Regulations. We might use these recordings as evidence if there’s a dispute between us and you / the customer you’re associated with. If you want a copy of the personal data that’s held in these recordings you can ask for one, subject to Applicable Regulations (see Section 9).
We carefully manage all of our records, including personal information, to help us serve our customers well and comply with Applicable Regulations. Records help us demonstrate that we’re meeting our responsibilities. They also serve as evidence of our business activities.
Retention periods for records are determined by the type of record, the nature of the activity, product or service, the country we’re located in and Applicable Regulations. We (and our Affiliates) normally keep customer account records for a defined period after your relationship with us ends. Retention periods might change from time-to-time based on business or legal and regulatory requirements.
We might, in exceptional circumstances, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is so that we can produce records as evidence, if they’re needed.
Depending on where you are located and subject to Applicable Regulations, you might have certain rights relating to the personal information we collect and process about you, including:
We might continue to process your personal information if we are entitled to or are required to retain it
Some of the rights above will only apply in some jurisdictions. Where you’re granted privacy rights by Applicable Regulations, some of those rights might not be absolute, in which case exemptions might apply. For example, the right to ask us to delete your personal information is not absolute and can be refused in some circumstances.
If you want to exercise any of your privacy rights, we will not treat you any differently. For example, we won’t give you a different level or quality of products or services. Please note that if you don’t want us to process personal information that we consider necessary to provide certain services or products, it might not be possible for us to carry on providing them to you or your business.
If you want to exercise any of these rights, please refer to Section 13 (Contact us).
Requests can be made by you or by your authorised representative. We might, in some cases, ask for proof of identity, residency and/or authority. Also, you’ll need to give us enough detail about what it is that you want so that we can review, understand, assess, and respond to it.
We will follow the legal and regulatory data protection requirements that apply in any jurisdiction we’re established in (‘Local Jurisdiction’). If this Privacy Notice conflicts with the data protection requirements in any Local Jurisdiction, the requirements of that Local Jurisdiction will take precedence. We’ve listed our locations and their data protection authorities in Schedule A.
We will respond to all requests as soon as we can and within timescales required in any Local Jurisdiction.
Unless you’ve told us you don’t want to hear from us, we might send you relevant marketing information. This might include details of other products or services – provided by us or by other NatWest Group companies – which we believe might be of interest to you. We might send them to you by post, phone, email and/or other forms of electronic communication.
If you change your mind about receiving this information or how you’d like us to contact you, please tell us at any time by emailing us at SARS@natwestmarkets.com.
We do not sell or share personal information to/with third parties for their own marketing purposes.
We endeavour to keep your personal information safe, and require that any third parties who act on our behalf do so also. If you’d like to know more about the steps we’re taking to protect your information, please visit https://www.natwest.com/business/security.html
If you want to exercise your privacy rights, to the extent you have any under applicable law, please email us at SARS@natwestmarkets.com or write to us at either of the postal addresses below:
NatWest Markets Privacy Officer, 1st Floor, Hardman Boulevard, Manchester, M3 3AQ, UK
NatWest Markets N.V. Data Protection Officer, 7th Floor, Claude Debussylaan 94, 1082 MD, Amsterdam, The Netherlands
In the U.S., if you are a resident of California, you can exercise your rights under the California Consumer Privacy Act by contacting us at SARS@natwestmarkets.com, or write to us at:
Privacy Officer, NatWest Markets Securities Inc, 600 Washington Blvd, Stamford, Connecticut, U.S. 06901
If you want to complain about how we’ve handled your personal information, please speak to your usual contact within NatWest Markets or, if you prefer, email the NatWest Markets Privacy Officer or the NatWest Markets N.V. Data Protection Officer. We hope we can address your concerns but, if we don’t, you can contact the relevant data protection authority – see Schedule A for further details.
There might be specific terms and conditions in our agreements with you that govern the collection and use of your personal information. Unless otherwise agreed, these other terms must be read in conjunction with this Privacy Notice.
Our websites and device applications are not created for or directed at children. To our knowledge, we do not collect information online from children under 18. If you are a parent or guardian and think we have information about your child, please email the NatWest Markets Privacy Officer.
If you are a California resident, please see our US Privacy Policy.
From time to time we might change the way we use your personal information. If we make a material change, we’ll let you know and give you at least 30 days to raise any objections before we make the change. However, please note that in some cases, if you don’t agree to the changes we might not be able to carry on providing certain products and services to you or your business.
This privacy notice was last updated on 1 January 2023.
250 Bishopsgate, London, EC2M 4AA, UK
LHT Tower, 31 Queen's Road, Unit 702, Central, Hong Kong
Office of the Privacy Commissioner for Personal Data, Hong Kong
One Raffles Quay, #23-10, South Tower, Singapore 048583
Claude Debussylaan 94, 1082 MD, Amsterdam, The Netherlands
1st Floor, Block B, George’s Quay, Dublin 2, D02 VR98, Republic of Ireland
32 Rue de Monceau, 75008 Paris, France
Commission nationale de l'informatique et des libertés (CINL)
Norrlandsgatan 15, Box 5324, SE-102 47 Stockholm, Sweden
600 Washington Boulevard, Stamford, CT, 06901, United States
N/A – there is no federal data protection authority in the USA. Information about the California Consumer Privacy Act (CCPA) is available at: California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
Shin-Marunouchi Center Building, 1-6-2 Marunouchi, Chiyoda-ku, Tokyo, Japan