Privacy Policy of Momentum Centrier Bank

1. Introduction

This Privacy Policy explains how Momentum Centrier Bank ("Momentum Centrier Bank", "we", "us", or "our") collects, uses, discloses, and protects your personal information when you use our banking products, services, websites, mobile applications, and when you otherwise interact with us. We are committed to safeguarding your privacy and handling your data in a lawful, fair, and transparent manner.

Momentum Centrier Bank operates in England and is subject to applicable UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, visiting our branches or service centers, or interacting with us online (including through our digital Center platforms), you acknowledge that you have read and understood this Privacy Policy.

2. Who We Are

Momentum Centrier Bank is a banking institution established and operating in England. We provide a wide range of banking and financial services to individual and business customers.

For data protection purposes, Momentum Centrier Bank is the "data controller" of your personal information. This means we determine how and why your data is processed.

3. Information We Collect

We may collect and process the following categories of personal information:

3.1 Identification and contact information

• Full name
• Title
• Date of birth and place of birth
• Residential and correspondence addresses
• Email address
• Telephone and mobile numbers
• Nationality and residency status
• Identification documents (e.g., passport, driving licence, national ID) and identification numbers

3.2 Financial and account information

• Bank account numbers and sort codes
• Card numbers (partially masked where appropriate)
• Account balances and transaction histories
• Payment instructions and standing orders
• Direct debits, loan and mortgage details
• Investment, savings, and deposits information

3.3 Regulatory and compliance information

• Information collected as part of Know Your Customer (KYC) and anti‑money laundering (AML) checks
• Tax identification numbers and tax residency
• Information about the source of funds and source of wealth
• Information obtained from sanctions, fraud, and politically exposed person (PEP) screening

3.4 Online and technical information

• IP address and approximate location derived from it
• Device identifiers, browser type and version
• Operating system and platform
• Log data (date and time of access, pages visited, features used)
• Cookies and similar technologies data when you use our websites, mobile apps, or digital Center services

3.5 Communication and interaction information

• Records of emails, letters, and other correspondence
• Phone call recordings, where permitted by law
• Chat logs and messages through our digital Center or online banking platforms
• Feedback, complaints, and survey responses

3.6 Special categories of data (only where necessary and lawful) In limited circumstances, and only where permitted by law, we may process:

• Biometric data for identification or authentication (e.g., facial recognition, fingerprint) when you use our secure digital Center services
• Information relating to criminal convictions and offences (e.g., for fraud prevention, AML checks), as required by law

4. How We Collect Your Information

We collect personal information from various sources, including:

4.1 Information you provide directly

• When you open an account or apply for our products or services
• When you complete forms in a branch, service center, or online
• When you use our websites, mobile apps, or digital banking platforms
• When you contact us via phone, email, chat, or post
• When you participate in promotions, surveys, or customer feedback programmes

4.2 Information collected automatically

• Through cookies and similar technologies when you visit our websites or use our mobile apps
• Through security and access systems when you visit our branches or offices

4.3 Information from third parties

• Credit reference agencies and fraud prevention agencies
• Public registers and databases
• Other financial institutions and payment service providers involved in your transactions
• Our service providers, business partners, and intermediaries
• Government bodies, regulators, and law enforcement agencies where permitted or required by law

5. Legal Bases for Processing

We process your personal information only where we have a lawful basis to do so under the UK GDPR. These bases include:

• Performance of a contract: To provide you with our banking and financial services and to fulfil our contractual obligations.
• Legal obligations: To comply with applicable laws and regulatory requirements, including AML, KYC, tax reporting, and consumer protection laws.
• Legitimate interests: To operate, improve, and protect our business, services, and customers, provided that our interests do not override your fundamental rights and freedoms.
• Consent: Where required by law, we will seek your explicit consent (for example, for certain marketing activities or use of specific cookies not strictly necessary for our services). You can withdraw your consent at any time.
• Vital interests or public interest: In limited cases, to protect someone’s life or for reasons of substantial public interest, where allowed by law.

6. How We Use Your Information

We use your personal information for the following purposes:

6.1 Providing and managing banking services

• Opening, administering, and closing accounts
• Processing payments, transfers, and card transactions
• Providing overdrafts, loans, mortgages, and credit facilities
• Operating savings, investment, and deposit products
• Providing online and mobile banking access via our digital Center

6.2 Customer service and communication

• Responding to your queries, requests, and complaints
• Sending you service messages, alerts, and notifications (e.g., security alerts, transaction confirmations, changes to terms)
• Managing your preferences for communications

6.3 Risk management, security, and fraud prevention

• Verifying your identity and conducting due diligence checks
• Detecting, preventing, and investigating fraud, money laundering, and other financial crime
• Monitoring transactions and accounts for suspicious or unusual activity
• Maintaining secure systems, networks, branches, and service centers

6.4 Legal and regulatory compliance

• Meeting our legal and regulatory obligations in England and other relevant jurisdictions
• Responding to requests from regulators, law enforcement, courts, and other public authorities
• Maintaining records as required by banking and financial regulations

6.5 Improving our products and services

• Analyzing usage patterns of our websites, mobile apps, and digital Center platforms
• Conducting market research and surveys
• Testing and enhancing systems, processes, and security measures

6.6 Marketing and offers

• Providing you with information about products and services that may be of interest to you, subject to your marketing preferences
• Personalizing marketing content using limited profiling (e.g., based on product usage or account type)
• Conducting promotions, competitions, or customer reward programmes

Where required by law, we will ask for your consent before sending you electronic marketing communications, and you can opt out at any time.

7. Cookies and Similar Technologies

We use cookies and similar technologies on our websites and digital Center platforms to:

• Enable core site functionality and secure login
• Remember your preferences and improve user experience
• Analyse website traffic and usage patterns
• Support security and fraud prevention

You can manage your cookie preferences through your browser settings and, where available, through our cookie management tool. Some cookies are essential for the functioning of our services and cannot be disabled without affecting performance.

8. Sharing Your Information

We may share your personal information with the following categories of recipients, only to the extent necessary and subject to appropriate safeguards:

8.1 Within Momentum Centrier Bank

• Group entities and controlled affiliates involved in providing our services and managing risk

8.2 Service providers and professional advisers

• IT and technology providers (including hosting, cloud, security, and data Center services)
• Payment processors and card issuers
• Credit reference agencies and fraud prevention agencies
• Legal, tax, audit, and other professional advisers
• Document storage, archiving, and shredding providers

8.3 Other financial and commercial parties

• Correspondent banks, payment networks, and clearing systems
• Other banks and financial institutions involved in your transactions
• Insurance providers and brokers where you use such services through us

8.4 Public authorities and regulators

• Regulatory bodies, tax authorities, and law enforcement agencies
• Courts, arbitration bodies, and dispute resolution services

8.5 Business transfers

• In connection with a merger, acquisition, reorganisation, or sale of some or all of our business or assets, subject to confidentiality obligations and applicable laws

We do not sell your personal data to third parties.

9. International Transfers

Your personal information may be transferred to and processed in countries outside the UK. Where we transfer your data internationally, we will ensure that:

• The destination country has been deemed to provide an adequate level of protection by the UK government; or
• We use appropriate safeguards, such as UK‑approved standard contractual clauses; or
• Another lawful exception applies.

You may contact us (see the "Contact Us" section) for more information about international transfers and the safeguards we use.

10. Data Security

We use a range of technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration, or destruction, including:

• Encryption of data in transit and at rest, where appropriate
• Access controls based on roles and need‑to‑know principles
• Secure data Center and infrastructure management
• Regular security testing, monitoring, and risk assessments
• Staff training on data protection and information security

While we take appropriate measures to protect your information, no system can be completely secure. You are also responsible for keeping your login details, passwords, and PINs confidential and for using secure networks and devices when accessing our services.

11. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to:

• Provide our services and manage our relationship with you
• Comply with legal and regulatory requirements in England and other relevant jurisdictions
• Resolve disputes, enforce our agreements, and protect our legal rights

In many cases, banking and financial regulations require us to retain certain records for minimum periods after your relationship with us ends. Once retention periods expire, we will securely delete or anonymise your data unless we are legally required to retain it for longer.

12. Your Rights

Under the UK GDPR and applicable data protection laws, you have several rights in relation to your personal information, subject to certain conditions and exemptions:

• Right of access: To obtain confirmation of whether we process your data and to receive a copy of your personal information.
• Right to rectification: To have inaccurate or incomplete data corrected.
• Right to erasure: To request deletion of your data where there is no longer a lawful basis for processing.
• Right to restriction: To request that we limit the processing of your data in certain circumstances.
• Right to data portability: To receive your data in a structured, commonly used, machine‑readable format and to transmit it to another controller where technically feasible.
• Right to object: To object to processing based on our legitimate interests or for direct marketing purposes, including profiling related to such marketing.
• Rights in relation to automated decision‑making: To request human intervention, express your point of view, and contest a decision where we make decisions solely by automated means that have legal or similarly significant effects.

To exercise your rights, please contact us using the details in the "Contact Us" section. We may need to verify your identity before responding to your request.

13. Marketing Preferences

We may use your contact details to send you information about our products, services, and offers that may be relevant to you, including services available through our digital Center platforms.

You can manage your marketing preferences or opt out of receiving marketing communications at any time by:

• Following the unsubscribe instructions in our emails or SMS messages
• Adjusting your settings in your online or mobile banking profile, where available
• Contacting us directly using the details provided below

Opting out of marketing will not affect service‑related communications that are necessary for the operation and security of your accounts.

14. Children’s Privacy

Our services are generally not directed at children under 18 years old, except where a parent or legal guardian opens and manages an account on their behalf. Where we process personal data of minors, we do so only with appropriate consents and safeguards, in accordance with applicable laws.

15. Third‑Party Websites and Services

Our websites and digital Center platforms may contain links to third‑party websites, applications, or services. These third parties have their own privacy policies and practices, which we do not control. We encourage you to review their privacy policies before providing them with your personal information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, our practices, or our services. When we make significant changes, we will notify you by appropriate means, such as a notice on our website, an update within our digital Center, or direct communication.

The "Last updated" date at the end of this document indicates when this Privacy Policy was most recently revised.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our data protection contact Center using the following details:

Data Protection Contact Momentum Centrier Bank England

You may also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), the data protection supervisory authority in the United Kingdom. We encourage you to contact us first so that we can address your concerns directly.

Last updated: 09 May 2026