When you apply for an account with Zempler

When you apply for an account with us, we need certain information to progress your application, much of which is required by law.

Information and Purposes

We collect the following information for the following reasons:

Online Interactions: information collected when you use our website or Zempler Bank app, participate in customer surveys or competitions, focus groups, feedback sessions, prize draws, or other promotions.

Application information: information such as your name, address, date of birth, contact details, financial information, and employment details when you apply for our products and services including you registering secondary adult or child (13+) user and information you provide when you register a secondary user of your account.

Identity Verification: copies of your identification documents, for example, your passport or driving license and any other information you provide to prove you are eligible to use our services.

Open Banking: access you give us to your other financial accounts.

Communication: details you provide when you communicate with us via phone (including recorded calls) email, letters, web chat, social media, or other channels.

Lawful Basis

We process this information in pursuit of contract between Zempler and you and so rely on the lawful basis of Contract.

We also use your personal data to fulfil our regulatory obligations and so process this information either under Legal Obligation or Legitimate Interest.

In some limited circumstances we use our legitimate interests in setting up an account for a service you have requested.

Third Parties

During your application we may also receive and share information about you with and from:

Introducers: companies or individuals that introduce you to us. For example, we work with ClearScore Technology Limited to introduce customers to our credit card products. ClearScore may process personal data in accordance with its own privacy policy, available at https://www.clearscore.com/privacy-policy.
Card Schemes or associations
Credit Reference Agencies (CRAs): Equifax Limited for credit referencing and risk assessment purposes under a contractual agreement. Equifax processes this data in accordance with its own privacy policy, which can be found at https://www.equifax.co.uk/privacy.html.
Service Partners: we partner with Wise Payments Limited to facilitate international payment services. Wise processes data independently under its own regulatory obligations. For details on Wise’s data handling practices, please visit https://wise.com/privacy-policy.
Comparison Websites
Social Networks
Fraud Prevention Agencies: for example, CIFAS, whose fair processing notice can be found here: http://www.cifas.org.uk/fpn
Public Information Sources: including Companies House and media outlets.
Agents and Advisers: working on our behalf or yours.
Market researchers
Government and Law Enforcement Agencies
Open Banking: when you ask us to, we’ll also collect personal data from accounts you hold with third party financial institutions (when you create a linked account by activating Open Banking in the Zempler Bank app).

Automated Decision Making

We may use automated processes to make decisions about your application; we do this to process your request quickly and fairly. We may use automated decision making in the following circumstances:

Assessing your creditworthiness for credit application or other products
Fraud and anti-money laundering detection
Personalising services or product recommendations based on your preferences of financial history.

International Transfers

We primarily store and process your personal data within the United Kingdom (UK) or the European Economic Area (EEA). However, in certain circumstances, we may need to transfer your personal data to countries outside of the UK or EEA, for example, if:

Our Service Providers or business partners have operations in third countries
Cloud hosting or IT support services are provided from international data centres

Where we transfer your personal data to a country outside of the UK (meaning its data protection laws may not be equivalent to those in the UK), we put appropriate safeguards in place to ensure your rights and freedoms remain protected. These may include:

International data transfer agreements (IDTAs) or Standard Contractual Clauses (SCCs) approved by the UK (or, where applicable, the European commission) that contractually bind the recipient to protect your personal data.
Additional technical and organisational measures, such as encryption, restricted access protocols, or data minimisation.
Reliance on a country specific adequacy decision, if applicable, which recognises that the country provides a sufficient level of data protection.

Retention

If your application is unsuccessful then we are obliged by law to keep information about your application for up to 6 years after the application is made.

If your application is successful, we will retain your information in order to service your account. Please see below for more information on how long we will retain your data.

Your Rights

If you successfully open an account with us, you can go to the ‘when you are a customer’ section of this notice to read your full rights. If you apply for an account with us, but the application is not successful, you still have certain rights. While these rights may not always be absolute, they include:

You have the right to be informed about how your personal data is collected, used, shared and stored. This includes clear, accessible information about:

The types of data we collect
How long it is stored
Why we collect it
How we use it
Who we may share it with
Your rights under data protection law

We are committed to transparency and will provide this information at the time we collect your data or as soon as possible thereafter.

You have the right to ask us whether we are processing your personal data, and if so, to request a copy of the data, along with relevant details about how and why we use it.

If the personal data we hold about you is inaccurate or incomplete, you are entitled to ask us to correct or complete it.

In certain circumstances, you can request that we erase your personal data. This might apply if the data is no longer necessary for the purpose for which it was collected, or if you withdraw your consent (where our processing relies on your consent).

You can ask us to limit the use of your personal data in certain situations – for example if you believe the data we hold is incorrect or if you have objected to our processing.

You have the right to object to the processing of your personal data, for example, when our lawful basis for processing your personal data is our Legitimate Interests, or if you have previously consented to direct marketing.

You have the right to receive your personal data in a way that is accessible and machine-readable, for example as a csv file if our lawful basis for processing that data is based on your consent, or contractual obligation.

This right only applies if the data:

is held electronically, and
you have provided it to us, such as your registration details.

In certain circumstances, you have the right not to be subject to a decision based solely on automated processing (including profiling) if it produces legal or similarly significant effects, you can request human intervention or challenge any automated decision that affects you in such a way.

If you have any concerns or have any questions about your rights and how we handle your personal data, please contact us first using the details in the ‘contact’ section of this notice so that we can address your concerns. If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights. For more information, visit: https://ico.org.uk/make-a-complaint/

Fees for Access Requests

You have the right to request access to your personal data. In most cases, we will provide this information free of charge. However, in accordance with the Data Use and Access Act 2025, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive, or if it involves significant administrative effort. Any applicable fees will be clearly communicated in advance and will reflect the actual cost of processing your request. You will have the opportunity to revise or narrow your request to avoid incurring a fee.

Your right to complain

Under the Data Use and Access Act 2025, you have a statutory right to complain if you believe your personal data has been mishandled or your rights under UK data protection law have been infringed. We are committed to handling complaints fairly, transparently and promptly. If you wish to raise a concern about how we process your personal data, please follow the steps below.

You can submit a complaint to us using any of the following methods:

Email: [email protected]
Post: Cottons Centre, Cottons Lane, London, SE1 2QG
Telephone: Zempler - Contact us

We will acknowledge your complaint within 30 days of receipt, and:

Take appropriate steps to investigate your complaint without undue delay
Keep you informed of the progress of the investigation
Notify you of the outcome once the investigation is complete

If you are not satisfied with our response, you may escalate your complaint to the information commissioner's office: https://ico.org.uk

Security

As a bank, we take the security of your data extremely seriously. We use the latest technical and organisational measures, in line with industry best practice, to safeguard the information we collect against unauthorised access, disclosure, or misuse.

For more detailed information on how we keep your data safe, and what steps you can take to do the same, please visit our security page.