Ikano Bank Privacy Notice

Ikano Bank (referred to in this notice as ‘Ikano’, ‘we’, ‘us’ and ’our’) takes the handling and protection of personal information very seriously. This Privacy Notice provides you with important information about what personal information we process, the purposes for which we will process your personal information, and who we will share it with, as well as giving you information about your rights in relation to your personal information.

This Privacy Notice was last updated on 21st August 2025.

This Privacy Notice may be updated from time to time. We may tell you about the changes if it is appropriate to do so but you can also find the current version at www.Ikano.co.uk/auxiliary-pages/legal/privacy-policy.

What should you do if your personal information changes?

You should tell us without delay so that we can update our records. For details of how to contact us, please see our Contact us page.

If you are an Ikea Financial Services customer or a Savings Account customer you can also update your personal information directly by logging into your online account.

Please note that it is not always possible to update information immediately, so if you have provided us with updated personal information please allow a month for us to update your records.

Who we are and how to contact us and our Data Protection Officer

Ikano Bank AB (publ) is a data controller of your personal information and can be contacted at Ikano Bank AB (publ), PO Box 7221, Willenhall WV1 9DR or at dpo@ikano.se.

This privacy notice describes how we deal with your personal information. We are the data controller of this information under relevant data protection laws because in the context of our business relationship with you we decide how and why your personal information is processed in the ways explained in this privacy notice.

Our Data Protection Officer can be contacted if you have queries about this privacy notice or wish to exercise any of the rights mentioned in it.

For more information about how Fraud Prevention Agencies and Credit Reference Agencies use your personal information and to read their privacy notices, please see the sections on Credit Reference Agencies and Fraud Prevention Agencies below. These are separate organisations who will process your personal information for their own purposes and separately from us.

What do we mean by personal information and what kinds of personal information about you do we process?

Personal information, sometimes known as ‘personal data’ means information that is about you or from which we can identify you.

Some personal information known as ‘special category data’ is more sensitive, we need to have additional reasons for processing this type of personal information. Special category data is personal data relating to your ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data used to identify you, health data or data relating to your sexual life. There are also additional restrictions around collecting and using data about criminal convictions.

The types of information we hold and process about you will depend on the products or services you apply for and (if your application is successful) obtain from us. The personal information that we generally process in connection with our savings accounts, loan, credit and store card products are:

  • Your title, full name, your contact details, including for instance your email address, home and mobile telephone numbers.
  • Your home address, correspondence address (where different from your home address) and address history.
  • Your photograph and photo ID such as your passport or driving licence.
  • Your date of birth and/or age, e.g., to make sure that you are eligible to apply for the product and help us to locate your records at Credit Reference Agencies.
  • Records of how you have contacted us and, if you get in touch with us online, details such as your mobile phone location data, device identifiers including IP address and MAC address.
  • Personal information which we obtain from Fraud Prevention Agencies. See the section below on Fraud Prevention Agencies for more information.
  • Technical information including your Internal Protocol (IP) address, information about the device you are using, your mobile phone network, information about the country your device is located in, your interaction with the website or App, the way you use the App and our products and services.
  • Some special categories of personal data such as
    • about your health if you are a vulnerable customer.
    • Biometric data used to verify your identity as part of the application process.
  • Your financial details e.g., your salary, your employment and details of other income, details of your savings, details of your expenditure.
  • Details about all your existing borrowings and loans.
  • Personal information about your credit history which we obtain from Credit Reference Agencies. See the section below on Credit Reference Agencies for more information.
  • Information about your employment status including whether you are employed, retired, or receive benefits.
  • Personal Information we obtain from our Open Banking Partners regarding your banking transactions (where you have consented to the use of open banking in connection with your application. See the section below on Open Banking for more information.
  • Your marital status, family, lifestyle or social circumstances if relevant to the product (e.g., the number of dependents you have).
  • Personal information provided by you to us in correspondence, whether by email, social media, written letter, or telephone call (as telephone calls to and from us are recorded for training, monitoring and security purposes).

For loan agreements specifically, we will collect and process the following information:

  • details of any purchases that are linked to your loan and of any retailer who processed the sale of these goods.

For credit cards specifically, we will collect and process the following information:

  • If your credit card has reward points, details of your reward points, including the details of the points you earn and how and when you redeem them.
  • transaction data, that is information about the nature, cost, date and time of any transactions made.

For store cards specifically, we will collect and process the following information:

  • transaction data, that is information about the nature, cost, date, and time of any purchases made.

For savings accounts specifically, we will collect and process the following information:

  • your National Insurance number, whether you are liable for the payment of taxes in another country, and if so which country and your tax identification number that relates to this, details of your nominated bank account for the purposes of funding and funds withdrawal.

Where do we obtain your personal information?

We collect personal information from you in a number of ways. We will collect personal information from you directly through our application process, information you provide when you download our App, correspondence that is exchanged between us, including telephone calls (which may be recorded), letters, emails, SMS messages, web forms, social media platforms and feedback and responses to research surveys which you provide to us. When you visit our website, use our App or access your online account, we may collect technical information, including the Internal Protocol (IP) address used to connect to the internet, information about your visit such as page interaction information, information about the device you are using, including information relating to your mobile phone network. Our App collects certain information when you install, use or uninstall it (including information about your device and the way you use the App and our products and services) and it may periodically contact our servers automatically and we may collect and store information (including information about you). In some cases, we collect this data through cookies, pixels, tags, and similar tracking technologies that create and maintain unique identifiers. To learn more about these technologies, please see our Cookie Notice.

In addition, we obtain your personal information indirectly from third parties including Fraud Prevention Agencies, Credit Reference Agencies, tracing and debt recovery agents, government bodies and agencies, the electoral roll and other, publicly available directories and information (e.g. telephone directory, social media, internet, news articles). See the sections below on Fraud Prevention Agencies and Credit Reference Agencies for more information.

Some of the personal information obtained from Credit Reference Agencies will have originated from publicly accessible sources such as information on court judgments, decrees, administration orders and bankruptcy registers and the electoral register (also known as the electoral roll). See the section below on Credit Reference Agencies for more information. Some of the information we receive from Credit Reference Agencies will have originated from third parties such as Royal Mail for UK postal addresses, the Insolvency Service, Companies House, and other lenders and providers of credit who provide data to the credit reference agencies.

Sometimes we may also use Open Banking as it helps us make a more efficient and informed decision on our lending. See the section below on Open Banking for more information.

What are the legal grounds for our processing of your personal information (including when we share it with others)?

Data protection laws require us to explain what legal grounds justify our processing of your personal information (this includes sharing it with other organisations). For some processing more than one legal ground will be relevant.

Here are the legal grounds that are relevant to us:

1. Processing necessary to perform our contract with you

This processing is necessary for entering into or performing the savings, loan, credit, or store card agreement with you. It includes processing that is undertaken prior to entering into our agreement with you during the application stage. The processing will include:

  • Checking your identity as part of the application process. This may include your taking a photograph of yourself and providing us with photographic ID to allow us to check that you are who you claim to be. We will only use your photograph and photographic ID for this purpose;
  • All stages of and activities relevant to managing your savings loan, credit or store card account (as applicable) and services relating to it including enquiry, eligibility checks, application, administration and management of accounts, communicating with you about your account and processing information relating to your purchase transactions and payments (where related to a loan, credit or store card account);
  • Updating your records, tracing your whereabouts to contact you about your account including where this is necessary for debt recovery.
  • Some of our profiling and other automated decision making. See the section below on Profiling and Automated Decision Making for more information.
  • Market research and analysis and developing statistics.
  • If you have a Credit Card which features reward points, to keep records of your transactions to enable your rewards to be calculated and administered.
  • When we share your personal information (to achieve the above purposes) with these other people or organisations:
    • If you have a Credit Card which features reward points with the provider of the reward points scheme, for the purposes of administering the reward scheme, calculating reward points and fulfilling rewards.
    • Companies who provide a service to you, for example when you use your credit or store card to make a purchase.
    • Companies we work with to provide your loan, credit card or savings account and who’s name or logo appears on our products.
    • Other organisations and businesses (together with their sub-contractors) who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions such as sending letters, statements and other correspondence.
    • Credit Reference Agencies (Experian, Equifax and TransUnion) See the section below on Credit Reference Agencies for more information;
    • Fraud Prevention Agencies for the purposes of preventing fraud and money laundering and to verify your identity See the section below on Fraud Prevention Agencies for more information;

2. Where processing is necessary for our legitimate interests

This will include processing which, on balance, we consider is in our legitimate interests or those of a third party and your rights and interests do not override those interests. Our legitimate interests are:

  • Administering and managing your savings, loan, credit or store card account (as may be applicable) and services relating to that, updating your records, tracing your whereabouts to contact you about your account and doing this for recovering debt.
  • To test the performance of our products, services and internal processes and to ensure that the App, our websites, content and services are as effective and relevant as possible and give you the best experience possible.
  • To develop our credit scoring process;
  • To collect and monitor Cybersecurity Threat Intelligence and take steps to reduce the risk of security incidents impacting our systems.
  • For management and audit of our business operations including accounting.
  • To carry out searches at Credit Reference and/or Fraud Prevention Agencies pre-application, at the application stage, and periodically after that.
  • To make decisions about credit worthiness and ensure we lend responsibly, at the application stage and periodically after that.
  • To carry out monitoring and to keep records. For more information about monitoring. See the section below on Monitoring for more information.
  • To administer our good governance requirements such as internal reporting and compliance obligations or administration.
  • For market research and analysis and developing statistics. Please note your data may be retained and processed at a later date for analytical purposes whether or not your application succeeds.
  • For establishment, defence and enforcement of our legal rights.
  • For some of our profiling and other automated decision making (such as assessing creditworthiness for credit limit increase offers) where this does not have a legal effect or otherwise significantly affect you. Please see the section below on Profiling and Automated Decision Making for more information, and
  • When we share your personal information (to achieve the above purposes) with these other people or organisations:
    • Our legal and other professional advisers, auditors and actuaries.
    • Financial institutions and trade associations.
    • Legal and regulatory bodies, such as the Swedish Financial Supervision Authority (SFSA), the Financial Conduct Authority, (FCA), the Prudential Regulation Authority (PRA), HMRC, the Information Commissioner’s Office (ICO), the UK Financial Services Compensation Scheme (FSCS), the Financial Ombudsman Service (FOS), or the Courts.
    • Other organisations and businesses (together with their sub-contractors) who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions such as sending letters, statements and other correspondence;
    • Buyers and their professional representatives as part of any restructuring or sale of our business or assets.
    • Credit Reference Agencies (Experian, Equifax and Transunion) See the section below on Credit Reference Agencies for more information;
    • Fraud Prevention Agencies for the purposes of preventing fraud and money laundering and to verify your identity. See the section below on Fraud Prevention Agencies for more information.
    • Third party service providers and intermediaries for the purposes of dealing with complaints and disputes, and repairing or otherwise resolving issues with products or services purchased using our products;
    • Market research organisations who help us to develop and improve our products and services;
    • Our retail partners who provide a service to you, for example if you use our products to make a purchase or payment, and
    • Other companies within our group for the purposes of enabling our parent entities to exercise oversight of our business.
    • If you have a credit card, with MasterCard as part of their Automatic Billing Updater (ABU) programme which enables retailers, who you have a subscription with, to update your payment details automatically when you are issued with a replacement card unless you opt out. If you want to opt out of the ABU programme, please call us.

3. Processing necessary to comply with our legal obligations

Where we need to process your personal information to comply with a legal or regulatory obligation.

  • For compliance with laws that apply to us.
  • To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman, and the Information Commissioner’s Office.
  • For activities relating to the prevention, detection and investigation of crime.
  • To carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that. See the section below on Fraud Prevention Agencies for more information;
  • To carry out credit worthiness checks and ensure we are lending responsibly at the application stage and periodically after that;
  • To gather information, we are required to report to tax authorities;
  • To carry out monitoring and to keep records (see the section below on Monitoring for more details).
  • To deal with requests from you to exercise your rights under data protection laws.
  • To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and
  • When we share your personal information (to achieve the above purposes) with these other people or organisations:
    • Other payment services providers such as when you ask us to share information about your account with them.
    • Tax authorities in the United Kingdom (or overseas if you are subject to tax in another jurisdiction);
    • Law enforcement agencies and governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Financial Ombudsman, the Information Commissioner’s Office, Fraud Prevention Agencies (depending on the circumstances of the sharing);
    • Courts and to other organisations where that is necessary for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations; and
    • To credit brokers and/or our retail partners for the purposes of ensuring compliance with regulatory and legal obligations.
    • Credit Reference Agencies (Experian, Equifax and TransUnion) See the section below on Credit Reference Agencies for more information;
    • Fraud Prevention Agencies for the purposes of preventing fraud and money laundering and to verify your identity See the section below on Fraud Prevention Agencies for more information.

4. Processing with your consent

We will process your personal information for the following purposes when you have given us your consent to process your personal information.

  • For marketing communications purposes and to personalise and improve your digital experience;
  • To carry out profiling for the purposes of targeting offers.
  • To carry out user experience testing.
  • To gather and analyse your responses to our requests for feedback on our products and services.
  • When we share your personal information (to achieve the above purposes) with these other people or organisations.
    • To carry out profiling for the purposes of targeting marketing offers if we have your consent to do so.
    • For some of our processing of special categories of personal data such as about your health if you are a vulnerable customer (and the reason(s) why we are asking for your consent will be explained to you when we ask for that explicit consent).
    • To pass your data for marketing purposes to our retail partners only with your consent.

5. Processing special categories of personal information and personal information relating to criminal convictions

  • We may process special categories of personal information in the following circumstances:
    • With your explicit consent, special categories of personal information, for example in relation to your health if you are a vulnerable customer.
    • We will use personal information about your health and disability status to where needed to comply with legal obligations, for example to treat you fairly and ensure we lend to you responsibly.
    • When we share your personal information (to achieve the above purposes) with these other people or organisations.
      • other people and organisations if they need to know that you are a vulnerable customer, and.
      • your relatives, social services, your carer, the person who has power of attorney over your affairs if you have given the third party authorisation to act on your behalf.
    • When the processing is for reasons in the substantial public interest for the prevention and detection of crime, we will use biometric data to identify you as part of the application process for Ikea Financial Services products.
  • We may process personal information relating to criminal convictions in the following circumstances:
    • With your explicit consent during the application process.
    • When the processing is for reasons in the substantial public interest, for the prevention and detection of financial crime.

How do we share your information with Credit Reference Agencies?

To process your application, we will carry out credit and identity checks on you with one or more credit reference agencies (CRAs). The three main credit reference agencies in the UK are Equifax, Experian and TransUnion.

Where you take banking services from us we will also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your loan/store card application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Make sure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information will be supplied to other organisations by CRAs.

When CRAs receive a search from us your credit file will be updated to show that we have made a credit search and this will be seen by other lenders.

Equifax, Experian and Transunion, the ICO and the major financial services trade association have developed a common statement, Credit Reference Agency Information Notice (CRAIN).  This notice defines the standards all three Credit reference Agencies will apply across all products and services in relation to processing consumer data.   A copy of this notice, which explains the ways in which the CRAs use and share personal information, data retention periods and your data protection rights with the CRAs data can be  found on the links below.

Experian

Equifax

Transunion

How to see your credit history and the information CRAs hold about you

How do we share your information with Fraud Prevention Agencies?

Before we provide services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crimes.

As part of processing of your personal data, decisions may be made by automated means. You have rights in relation to automated decision making. See the section on Profiling & Automatic decision making for more information.

If we or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or may stop providing existing services to you. Other organisations may use the information we share with fraud prevention agencies to refuse their services, finance, or employment.

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if they transfer your personal information to another country, the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found in detail at the link below:

Cifas’ Fair Processing Notice

Open Banking

We may use Open Banking as part of the application process. Our Open Banking provider is Experian who collects, with your explicit consent information from your bank or building society for the purpose of assessing your income and expenditure and performing credit risk decisions and anti-fraud assessments. This information is collected by Experian and submitted to us for review as part of the credit decisioning and affordability assessments. Further details of how Experian process your personal data for the purposes of Open Banking can be found in detail at the link below:

Experian Affordability Passport Privacy Notice

If an Open Banking provider known as a third party provider (TPP) or account information service provider (AISP) asks us for information about your account and you have given your consent to us to share the information we will provide them with the information. We may refuse to allow a TPP or AISP to access your account, if we are concerned that they may not be authorised to access your account, or we suspect they are acting in a fraudulent way. It is your responsibility to check that your TPP or AISP has the authorisations required to provide services to you.

How and when can you withdraw your consent?

For processing that is based on your consent, you have the right to withdraw your consent for future processing at any time. Withdrawing your consent will not mean that processing we have already undertaken on the basis of your consent becomes unlawful. If you have an Ikea Financial Services account or Savings account, you can withdraw your consent for marketing in the online account management system. For anything else you can withdraw your consent by contacting us using the details in the Who we are and how to contact us and our Data Protection Officer section above.

If you withdraw your consent the consequences might be that we cannot send you marketing communications or that we cannot take into account special categories of personal data such as about your health or if you are a vulnerable customer.

Is your personal information transferred overseas?

We are a Swedish Bank and operate in the UK but sometimes, your personal information may be transferred out of the UK and European Economic Area (EEA). Similar data protection standards apply in the EEA as in the UK.

We also use third party suppliers to process limited personal data about you. Some of these suppliers may be located in countries outside of the UK and EEA which may not have equivalent laws in place to protect your personal data.

Whenever we process personal data about you outside the UK and EEA, or use third party suppliers outside the UK and EEA to process personal data about you, we will ensure that your personal data is kept securely, is only used for the purposes set out in this Privacy Notice and is afforded equivalent protection as it would be if it were being processed in the UK and EEA. We do this through various mechanisms, for example making sure that the relevant approved standard contractual clauses are in place with the supplier; ensuring that we are transferring to countries that are considered to have adequate protection for personal data, and ensuring that there are contractual obligations in place.

The European Commission approved standard contractual clauses can be found here.

The UK government approved international data transfer agreement and international data transfer addendum to the European Commission's standard contractual clauses for international transfers can be found here.

Do you have to provide your personal information to us?

Your personal information is required before you can enter into the relevant contract with us, or it is required during the life of that contract for example we need to know your name and address in order to run your account. Some personal information is required by laws that apply to us, for example we need to check your credit history in order to ensure we are lending responsibly. We are unable to provide you with a savings account, loan credit or store card or to process your application without having personal information about you.

Do we do any monitoring which involves the processing of your personal information?

By monitoring, we mean any listening to, recording of, viewing of, intercepting of, or taking and keeping records of calls, emails, text messages, social media messages and other communications. We may also conduct short term carefully controlled monitoring of your activities on your savings account, loan, credit, or store card account where we suspect fraud, money laundering or other crimes.

We may monitor where permitted by law and we will do this to comply with our legal obligations. In particular, where we are required by the Financial Conduct Authority’s regulatory regime to record certain telephone calls (as relevant) we will do so.

Some of our monitoring may be to comply with regulatory rules, self-regulatory practices, or procedures relevant to our business, or where it is necessary for our legitimate interests. For example we use monitoring to prevent or detect crime, to protect the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.

Profiling and other automated decision making

As part of processing of your personal data, decisions may be made by automated means.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; is inconsistent with your previous behaviour; or you appear to have deliberately hidden your true identity.

We use automated identity verification to validate your identity using specialist facial recognition software which compares submitted photographs to identification documentation. We carry out this automated decision process to comply with our regulatory requirements to detect and prevent crime and processing in this manner is necessary to enable us to verify your identity, to protect you against identity theft and fraud.

Our credit decisions are based on automated processing including profiling of customers. This is necessary in order to ensure greater consistency and fairness in the decision-making process, reduce the risk of customers failing to meet payments and also enable the delivery of decisions within a shorter timeframe. The automated decision-making is based on information you provide during your application, information from Credit Reference Agencies and Fraud Prevention Agencies. The credit scoring methods used are regularly tested and updated to ensure they remain fair, effective, and unbiased. As part of our credit decisioning process we may also use information provided by our open banking partner to perform affordability and anti-fraud assessments.

In connection with an automated decision, you have the right to obtain human intervention to express your point of view and to contest the decision. See the What are your rights under data protection laws? section below for more information.

We may also use your data to personalise and improve your digital experience, communications, or to carry out profiling and market research. We may also profile your data to send you marketing offers. You have a right to object to the use of your personal information for profiling in some cases. See the What are your rights under data protection laws? section below for more information.

What measures does Ikano have in place to protect my personal information?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those co-workers and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How long is your personal information retained by Ikano?

We keep most of your data for as long as you are a customer of Ikano, and for 6 years after that to comply with law if we face legal challenge. In some cases, for example, anti-money laundering or fraud we may keep data longer if we need to, and it is in our legitimate interests to do so, or we are legally required to.

If you make an application for a product but do not enter into a credit or savings agreement with us, your personal information will be deleted three months after the date of your application.

If you would like further information about our data retention practices, contact our Data Protection Officer using the details in the Who we are and how to contact us and our Data Protection Officer section above.

What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws:

  • The right to be informed about our processing of your personal information.
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
  • The right to object to processing of your personal information where we are relying on legitimate interests or substantial public interest as a legal basis. We only need to stop processing your personal information after your objection if we do not have an overriding legitimate reason to continue to process the information, we will carry out an assessment to decide whether this is the case. However, if you object to processing for marketing purposes then we will always stop the use of your data.
  • The right to restrict processing of your personal information, you can ask us to restrict our processing of your personal information if you think the personal information is inaccurate, our processing is unlawful, we no longer need the personal information but you want us to keep it so that you can use it in a legal claim or where you have objected to our use of the personal data;
  • The right to have your personal information erased. This right only applies in the following circumstances:
    • Where we are still processing your personal information after the time when it is necessary for the purpose for which it was originally collected.
    • If we rely on your consent to process the personal information and you have withdrawn your consent
    • If we rely on legitimate interests to process the personal information, you object, and we have no overriding reason to continue to process it.
    • We have processed your personal data unlawfully in breach of the requirements of data protection legislation.
    • It is necessary to delete your personal information to comply with a legal obligation.
  • The right to request access to your personal information and to obtain information about how we process it (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
  • The right to portability enables you to request a copy of certain personal information you have provided to us in a commonly used electronic format so that you can easily transfer it. This right only applies where the processing of your personal information is necessary for performing our contract with you or where we are relying on consent to process the personal information.
  • You have the right not to be subject to automated decisions which produce legal effects, or which could have a similarly significant effect on you. If you would like to appeal against a decision, please contact us. If you wish to appeal against an automated credit decision, please include a recent copy of your credit report (where you were applying for a loan or store card) and any other financial information that you feel we should be aware of. We will respond to your appeal within 14 days.

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: ico.org.uk

If you wish to exercise any of these rights against the Credit Reference Agencies or the Fraud Prevention Agencies who are data controllers in their own right, you should contact them directly.

Data anonymisation and use of aggregated information

Your personal information may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy notice.

Your marketing preferences and what this means

We may use your home address, phone numbers, email address and social media (e.g., Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. We do this only if we have your consent. You can withdraw your consent for marketing at any time by calling us or writing to us or by following the instructions in the marketing email or other communication. If you are an Ikea Financial Services customer or a Savings Account customer you can also with withdraw your consent in your online account.