Security and Privacy

Fraud monitoring

We're here to give you peace of mind with your finances. That includes when you're spending your money.

We monitor your account and raise the alarm if we spot any suspicious transactions. Suspicious behaviour can include logging onto online banking from a different device or IP address, or making high value transactions which are not chip and PIN.

If we see any suspicious account activity our anti-fraud automated call service will call you asking you to confirm the transactions. If you don't recognise the transaction(s), you'll be put straight through to one of our team.

If we can't get in touch with you, we'll leave a message, or send you a text message to let you know we're trying to contact you, and to ask you to contact us as soon as you can.

This really does help to stop fraud in its tracks. That's why we're not the only bank that uses this service. Plus, the automated system is much quicker than ones which use customer service agents.

Please note: to protect your money, some suspicious transactions may be declined or referred until we can contact you.

The system will never ask you to reveal your security number, passwords, card expiry date or card security number

Some scams involve fraudsters who attempt to convince you to make transactions yourself. These transactions are harder for us to spot as suspicious as they often involve you using your PIN, verifying your security details, or using your normal device. If you've any suspicions over the legitimacy of a request please call us immediately on 0330 678 2811 or 0800 9 173 489 (freephone) before you make any payments.

What does 'this page contains both secure and non-secure items' mean?

This message occurs when your secure banking webpage (the security is indicated by the https:// before the web address) has a non-secure element in it, such as a picture. You should click 'yes' to view the page. Your financial details with cahoot are completely secure and in no way compromised.

cahoot will never send you an email asking you to enter, reconfirm or change your security details or other personal information. As an additional security measure every customer email sent to you by cahoot will be addressed to you personally. If you receive an email claiming to be from us that you are suspicious about, please forward it to phishing@cahoot.com. If you believe that you may have disclosed your details in any way, please call us immediately on 0330 678 2811 or you can call us on 0800 9 173 489 (freephone).

Calls may be recorded or monitored. 

Don't be a victim of phone fraud

Telephone scams - where fraudsters pretending to be banks, building societies or the police - try to get people to reveal their financial information, are on the rise. We'll never ask you for information such as your 4-digit card PIN or to withdraw or transfer money to a new account. To learn more about what we'll never request on the phone, take a look at the joint declaration published by UK banks and the police on the ActionFraud website

Stay aware of common threats

More than ever banks are seeing an increase in incidents where criminals are using ingenious ways of persuading customers to part with their personal details, their credit and debit cards and ultimately their money.

Prevention through awareness is the best way to avoid becoming a victim of a scam. If you think you've responded to a scam email or given your details to the wrong people, call us immediately on 0330 678 2811 or you can call us on 0800 9 173 489 (freephone).

Strengthen your defences against online identity theft

Online fraudsters are using more sophisticated methods to commit online fraud. They use hard to detect techniques to steal your online identity, when you bank online. They do this without you even being aware that it's happened.

While it's important to have anti-virus software and firewalls installed on your computer, they can't always protect you from these attacks, as fraudsters are developing more sophisticated ways of stealing your online identity.

Get added protection when shopping online with cahootSecure

This service gives you added protection when you are shopping online using your card. From time to time you may be prompted to provide some additional information when you make a purchase at a participating retailer.

Rapport security software

We strongly recommend you download the free Rapport security software to help guard yourself against internet banking identity theft and fraud. It can be used alongside your existing anti-virus and firewall protection to strengthen your defences.

Rapport has been developed by the financial security experts at Trusteer and has been described as 'a major boost in fraud prevention' and 'Best of the Web' by the Online Banking Report.

How Rapport works

Rapport strengthens your online security by 'locking down' the connection between your computer, keyboard and cahoot internet banking. It helps stop your data going to counterfeit sites, so you can be safe in the knowledge that nobody else can view your account, or make transactions in it.

Anti-virus software helps to stop threats by scanning your computer and looking for suspicious files, whereas firewalls hide your computer from attackers, and help stop criminals getting data in and out of your computer.

Rapport doesn't replace the benefits of anti-virus and firewall software or your unique image and phrase when accessing our internet banking - it works alongside them to provide increased protection when transacting online.

Why choose Rapport?

• safeguard your identity: identity theft is one of the fastest-growing threats in the UK.
• peace of mind: Rapport tells you that you really are connected to your bank, and not a fraudulent website.
• protect your passwords: helps stop fraudsters accessing on your online banking details.
• well proven: Rapport was developed by the online security experts at Trusteer.
• easy to use and install: it's a simple and free download to each computer you use to bank online. Technical support is also available.
• specially configured for cahoot: it's ready to help protect your online banking with cahoot.
• flexible: you only need to download Rapport once and you can set up the software to protect any website that uses private or personal data.
• ahead of the game: Rapport doesn't rely on constant updates to stop fraudsters.
• fast: Rapport is a small piece of software. It's designed to let your computer work just as quickly as before.
• compatible: works alongside your existing valuable anti-virus and firewall protection.

Using Rapport

To download Rapport simply click the download link above and follow the onscreen instructions. The software is specially configured and ready to use with cahoot internet banking.

You should download it to each computer you use for online banking to ensure that you're protected at all times. If you want to download Rapport to a work computer, check with your employer as some don't allow downloads.

When you download Rapport, you'll never be asked to provide any of your personal details.

Look out for the Rapport icon, which appears next to your browser's address bar.

If the icon is green, you’re protected and your information is safe:

If the icon is grey, then Rapport is not safeguarding your information:

If you need help once you’ve downloaded Rapport you can email support@trusteer.com

Which browsers and operating systems are supported by Rapport?

Details of supported browsers and systems can be found on the Trusteer website

cahoot privacy statement

We are cahoot which is a division of Santander UK plc, the data controller.  You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions. 

This is our Privacy Statement which explains how we obtain, use and keep your personal data safe in relation to the cahoot website (cahoot.com) and cahoot Online Banking website.

Your personal data is data which by itself or with other data available to us can be used to identify you.

We're committed to keeping your personal information safe in accordance with applicable data protection laws.

The types of personal data we collect and use

The types of personal data we capture and use will depend on what you are doing on the website. We’ll use your personal data for some or all of the reasons set out in this Privacy Statement.  If you become a customer we’ll also use it to manage the account, policy or service you’ve applied for and we’ll provide you with a separate data protection statement specifically in relation to that as part of the online application journey. Some of the information relevant to that is included in this Privacy Statement for consistency.
 
Examples of the personal data we use in relation to our websites may include:

• Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers);
• Date of birth and/or age (e.g. to make sure that you are eligible to apply for a product or service);
• Financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us);
• Records of products and services you’ve obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
• Biometric data (e.g. fingerprints and voice recordings for Touch ID and voice recognition);
• Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us;
• Family, lifestyle or social circumstances if relevant to the product or service you apply for (e.g. the number of dependants you have);
• Education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us; and
• Personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Privacy Statement and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf.

Providing your personal data

We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your application, query or service.

Monitoring of communications

Subject to applicable laws, we’ll monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We’ll do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations. 

Using your personal data: the legal basis and purposes

We’ll process your personal data:
1. As necessary to perform our contract with you for the relevant account, policy or service:
    a) To take steps at your request prior to entering into it;
    b) To decide whether to enter into it;
    c) To manage and perform that contract;
    d) To update our records; and
    e) To trace your whereabouts to contact you about your account and recovering debt.

2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
    a) For good governance, accounting, and managing and auditing our business operations;
    b) To search at credit reference agencies at your home and business address (if you are a business customer) if you’re over 18 and apply for credit;
    c) To monitor emails, calls, other communications, and activities on your account;
    d) For market research, analysis and developing statistics; and
    e) To send you marketing communications and for marketing to you in-branch, including automated decision making relating to this.

3. As necessary to comply with a legal obligation, e.g.:
    a) When you exercise your rights under data protection law and make requests;
    b) For compliance with legal and regulatory requirements and related disclosures; 
    c) For establishment and defence of legal rights; 
    d) For activities relating to the prevention, detection and investigation of crime;
    e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
    f) To monitor emails, calls, other communications, and activities on your account.

4. Based on your consent, e.g.:
    a) When you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
    b) When we process any special categories of personal data about you at your request (e.g. your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation); and
    c) To send you marketing communications where we’ve asked for your consent to do so.
 
You’re free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you. 

Sharing of your personal data

Subject to applicable data protection law we may share your personal data with:

• The Santander group of companies* and associated companies in which we have shareholdings;
• Sub-contractors and other persons who help us provide our products and services;
• Companies and other persons providing services to us;
• Our legal and other professional advisors, including our auditors;
• Fraud prevention agencies, credit reference agencies, and debt collection agencies at account opening and periodically during account or service management;
• Other organisations who use shared databases to do income verification and affordability checks and to manage/collect arrears;
• Law enforcement bodies; 
• Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
• Courts, to comply with legal requirements, and for the administration of justice;
• The Financial Services Ombudsman;
• In an emergency or to otherwise protect your vital interests;
• To protect the security or integrity of our business operations;
• To other parties connected with your account (e.g. guarantors and other people named on the application); joint account holders will see your transactions;
• When we restructure or sell our business or its assets or have a merger or re-organisation;
• Market research organisations who help to improve our products or services;
• Payment systems (e.g. Visa or MasterCard) if we issue cards linked to your account; they may transfer your personal data to others to process transactions, resolve disputes and for statistical purposes, including by sending your personal data overseas; this is necessary to operate your account and for regulatory purposes; and
• Anyone else where we have your consent or as required by law.

International transfers

In some instances your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection.  More details can be found in our ‘Using my personal data’  booklet.

Online applications

If you apply for an account online, before you enter any personal details into the online form, we'll tell you how your information will be used in our data protection statement relevant to that account, in the ‘Using My Personal Data’ booklet and sometimes in the relevant terms and conditions. You’ll be asked to confirm that you have read these and you’ll be asked to agree to our terms and conditions before your application can proceed.

The data protection statement, in conjunction with the ‘Using My Personal Data’ booklet, includes details of the uses we may make of your data, the legal basis we are relying upon to carry out that processing, and who we may share your personal data with. For instance, for credit account applications like loans and bank accounts, we may pass your details to a recognised credit reference agency to help process your application.

We may occasionally send you information about accounts and services which we think would be of interest to you but only where we have your consent or if this is within our legitimate interests (see above for more details about lawful reasons).  You can choose to stop receiving information at any time by contacting us.

Contacting us by phone

You can call our customer services team on 0330 678 2811 or you can call us on 0800 9 173 489 (freephone). To help us improve our service we may record or monitor phone calls as explained in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests. View our call charges

Contacting us by email

When you contact us, we may need to collect some personal details like your name, address and phone numbers. Email isn't 100% secure so you shouldn’t send personal data such as your account information using normal email. Please consider another method, such as sending us a secure message through Online Banking or calling us, if you need to share personal information.
 
Emails are stored on our standard internal contact systems which are secure and can't be accessed by external parties. We store this information to identify trends, and for the purposes set out in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests.  For more information on the criteria we use to determine our retention periods, see below.

Automated decision making and processing

Automated decision making involves processing your personal data without human intervention to evaluate your personal situation such as your economic position, personal preferences, interests or behaviour, for instance if you have accounts with us, in relation to transactions on your accounts, your payments to other providers, and triggers and events such as account opening anniversaries and maturity dates. We may do this to decide what marketing communications and marketing in-branch is suitable for you, to analyse statistics and assess lending and insurance risks. All this activity is on the basis of our legitimate interests, to protect our business, and to develop and improve our products and services, except as follows; when we do automated decision making including profiling activity to assess lending and insurance risks, this will be performed on the basis of it being necessary to perform the contract with you or to take steps to enter into that contract. Further details can be found in the ‘Using My Personal Data’ booklet.

Using our calculators, decision tools, guides and budget planners

To use our range of calculators, tools, guides and budget planners, you'll have to give us details of your financial situation and needs. The information we ask for will depend on what type of product or account you're interested in. By providing any personal data you do so on the basis of your consent. You’re free at any time to withdraw your consent but if you do you won’t be able to use these services.
 
When you use a calculator, guide, decision tool or budget planner all of the details you provide are anonymous - and once you leave we never store your details, unless, for example, you decide to save a quote.

Using our video services

You can apply for some of our products and services using a video session from your mobile device where you see and hear your Santander adviser in high quality two-way video. If you use our video services, both the images and the audio will be recorded and may be used for training and monitoring purposes. We’ll use any personal data captured about you for the performance of a contract or/with a view to entering into a contact with us as well as for our legitimate interests for good governance, accounting, managing and auditing our business operations, and to monitor emails, calls, other communications in relation to your dealings with us. Please see the monitoring of communications section for more information and the criteria for retention periods section for more information on the criteria we use to determine our retention periods.
 
You’re entitled to record your video session only for your own personal use and you should avoid sharing any footage with third parties or posting it on any websites. For your own privacy and protection please ensure that your location doesn't include items and images that you don't wish to be recorded.

Using your personal information for direct marketing

We’ll tell you if we intend to use your information for marketing purposes and we'll give you the opportunity to opt out if you want to (unless we need a consent to use your information for marketing purposes – if we do we’ll seek one). If you receive marketing emails and don't want to in future, please use the unsubscribe link within the email and we’ll remove you from future campaigns.

Surveys and competitions

We'll treat any survey or competition information you provide with the same high standard of care as we do all other customer information, using any details provided strictly within the terms of the competition and this Privacy Statement

Cookies

Cookies are small text files placed on your computer, smartphone or other device and are commonly used on the internet. We use cookies and similar technologies to:

• collect information that will help us understand visitors' browsing habits on our website;
• compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
• temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
• in some cases, remember information about you when you visit our site. We may need to do this to provide some of our services e.g. if you use the 'Remember my ID' tool when logging on to Online Banking.

We use cookies to enable us to perform our contract with you (e.g. if you apply for a product online or are an Online Banking customer) and for our legitimate interests (e.g. to help us improve our service). We’ll also ask your consent for non-essential cookies. To find out more about all types of cookies and how to control and delete them, including clearing your browsing history, you can read our cookie policy.

Criteria used to determine retention periods (whether or not you become a customer)

The following criteria are used to determine data retention periods for your personal data:

• Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to your online query and then deal with queries you raise upon receipt);
• Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
• Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.

Your rights under applicable data protection law

Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):

• The right to be informed about our processing of your personal data;
• The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
• The right to object to processing of your personal data;
• The right to restrict processing of your personal data;
• The right to have your personal data erased (the “right to be forgotten”);
• The right to request access to your personal data and information about how we process it;
• The right to move, copy or transfer your personal data (“data portability”); and
• Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk

For more details on all the above you can contact our DPO or view the ‘Using My Personal Data’ booklet

Data anonymisation and aggregation

Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.

Group companies

For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet.

Changes to this Privacy Statement

We’ll notify you if there are any material changes to this Privacy Statement if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.

Legal statement about this Privacy Statement

This Privacy Statement is not designed to form a legally binding contract between cahoot and users of our website or online services.

Links to other websites

Certain hypertext links in this website may lead you to websites which are not under the control of cahoot. When you activate these, you may leave the cahoot.com website. These links are provided solely for your convenience and do not represent any endorsement or recommendation by cahoot.
 
We accept no responsibility or liability for the contents of any website to which a hypertext link exists and gives no representation or warranty as to the information on such websites. We accept no responsibility or liability for any loss arising from any contract entered into with any website to which a hypertext link exists.

No liability for unavailability

We accept no liability for any loss that may arise if the goods or services advertised within this website become unavailable.

Contacting us about our Privacy Statement

You can call our customer services team on 0330 678 2811 or 0800 9 173 489 (freephone). Alternatively, you can or write to our DPO at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

Customer responsibility

It is your responsibility to ensure that your computer is virus protected. We accept no responsibility for any loss you may suffer as a result of accessing and downloading information from this site.

Easy ways to protect yourself from danger

There are some things you can do to protect your personal information online. It's by no means exhaustive but will help make sure you don't fall foul of Internet fraud:

• Never share a One Time Passcode (OTP) with another person, not even a Santander employee.
• Do not log on using a public computer.
• Always access Online Banking by typing https://www.cahoot.com into your web browser and logging on via our website.
• Never enter your Online Banking details after clicking on a link in an email or text message
• Do not send confidential information by email as it’s not secure and there is always a risk it could be intercepted.
• If you’re logged into any online service, do not leave your computer unattended. Close down your internet browser once you’ve logged off.
• Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

For more information about staying safe online you can visit cahoot.com/security_and_privacy

Secure online services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.
 
All information passed between you and cahoot when using our online services is sent using secure industry standard encryption.