Synovus Growth Bank

Privacy Policy of Synovus Growth Bank

  1. Introduction

This Privacy Policy explains how Synovus Growth Bank ("Synovus", "we", "us", or "our"), a banking institution operating in England, collects, uses, discloses, and protects your personal data when you use our banking products and services, visit our branches, contact us, or interact with us through our websites, mobile applications, or other channels (collectively, the "Services").

We are committed to protecting your privacy and handling your personal data lawfully, fairly, and transparently, in accordance with applicable data protection laws in England, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

  1. Data Controller and Contact Details

The data controller responsible for your personal data is:

Synovus Growth Bank

If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your rights, you may contact our Data Protection Officer (DPO) using the contact details provided in our customer communications or through our official website.

  1. Categories of Personal Data We Collect

We may collect and process the following categories of personal data about you, depending on your relationship with Synovus Growth Bank and the Services you use:

3.1 Identification and Contact Information

  • Full name, date and place of birth
  • Residential and mailing addresses
  • Email address, telephone numbers
  • Nationality and country of residence
  • Identification documents (such as passport, national ID, driving licence), including numbers and copies where legally required

3.2 Regulatory and Verification Information

  • Information required for know-your-customer (KYC), anti-money laundering (AML), and sanctions screening
  • Tax identification numbers and tax residency information, where legally necessary
  • Information from public registers or official databases as required by law

3.3 Financial and Transaction Information

  • Bank account numbers and sort codes
  • Payment card details (stored and processed in accordance with security standards)
  • Account balances, transaction histories, payment instructions, and standing orders
  • Loan, mortgage, investment, and savings product details
  • Information about income, assets, liabilities, and credit exposure

3.4 Credit and Risk Information

  • Information from credit reference agencies
  • Credit scores and creditworthiness assessments
  • Information relating to defaults, arrears, and insolvency where applicable

3.5 Online and Technical Information

  • Login credentials and security information (such as usernames, passwords, PINs, security questions)
  • IP address, device identifiers, browser type, and operating system
  • Usage data relating to our websites and mobile applications
  • Cookies and similar technologies used for authentication, security, analytics, and personalization (see also our Cookie Policy, where applicable)

3.6 Communication and Interaction Information

  • Records of communications with us by phone, email, online chat, secure messaging, or correspondence
  • Details of complaints, requests, and feedback
  • Call recordings, where permitted or required by law, for quality assurance, training, and evidence purposes

3.7 Special Categories of Personal Data We generally do not seek to collect special categories of personal data (such as health data, biometric data, or data relating to racial or ethnic origin) unless:

  • You provide it to us directly and voluntarily in connection with a banking product or service; or
  • We are legally required to collect or process such data; or
  • It is necessary for reasons of substantial public interest, in line with applicable laws.

Where we do process special categories of personal data, we will do so only with an appropriate legal basis and with enhanced safeguards.

  1. How We Collect Your Personal Data

We collect personal data about you from a variety of sources:

4.1 Data You Provide Directly

  • When you apply for or open an account or other banking products
  • When you register for or use online and mobile banking
  • When you update your details or preferences
  • When you communicate with us by any channel

4.2 Data We Collect Automatically

  • Through your use of our websites, mobile applications, and online Services
  • Through security and monitoring tools (for example, fraud detection, access logs, and cookies)

4.3 Data from Third Parties

  • Credit reference agencies and fraud prevention agencies
  • Public registers and official bodies
  • Other financial institutions and payment service providers involved in your transactions
  • Professional advisers or intermediaries acting on your behalf
  • Regulatory and law enforcement authorities, where permitted or required by law
  1. Legal Bases for Processing Your Personal Data

We process your personal data only when we have a valid legal basis under applicable law. The main legal bases we rely on are:

5.1 Performance of a Contract To take steps at your request before entering into a contract and to perform our contractual obligations to you, including:

  • Opening and managing accounts
  • Executing payments and transactions
  • Providing loans, mortgages, and other banking products
  • Providing online and mobile banking services

5.2 Compliance with Legal Obligations To comply with our legal and regulatory obligations, including those relating to:

  • Anti-money laundering (AML), counter-terrorist financing (CTF), and sanctions screening
  • Tax reporting and information sharing duties
  • Consumer protection and banking regulations
  • Record-keeping and reporting to supervisory and regulatory authorities

5.3 Legitimate Interests Where processing is necessary for our legitimate interests or those of a third party, provided that your interests and fundamental rights do not override those interests. These interests may include:

  • Managing our business operations, risk, and compliance
  • Preventing, detecting, and investigating fraud and financial crime
  • Protecting the security and integrity of our systems, networks, and premises
  • Developing and improving our products, services, and customer experience
  • Performing data analytics, research, and statistical analysis
  • Establishing, exercising, or defending legal claims

5.4 Consent Where required by law, we will seek your consent for certain types of processing, such as:

  • Certain forms of direct marketing communications
  • The use of certain cookies and similar technologies You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5.5 Vital Interests and Public Interest In rare cases, we may process personal data to protect your vital interests or those of another person, or where the processing is necessary for reasons of substantial public interest under applicable law.

  1. How We Use Your Personal Data

We may use your personal data for the following purposes:

6.1 Providing and Managing Banking Services

  • Processing applications for accounts, cards, loans, mortgages, and other products
  • Managing and maintaining your accounts and profiles
  • Executing transactions and payment instructions
  • Providing customer support and service communications

6.2 Compliance, Risk Management, and Security

  • Conducting identity verification, KYC, AML, and sanctions checks
  • Monitoring transactions and activities for fraud, financial crime, and misuse
  • Complying with legal, regulatory, and supervisory obligations
  • Protecting the security of our systems, premises, and communications

6.3 Communication and Customer Relationship Management

  • Sending operational communications regarding your accounts and Services
  • Responding to your enquiries, requests, and complaints
  • Informing you about changes to our terms, policies, and features

6.4 Marketing and Service Improvement

  • With your consent or where permitted by law, sending you information about products, services, offers, or events that may be relevant to you
  • Analysing usage patterns and preferences to improve our Services and customer experience
  • Conducting satisfaction surveys and market research, where allowed

6.5 Analytics, Reporting, and Business Management

  • Performing internal reporting, audit, and quality control
  • Conducting data analytics and statistical analysis
  • Supporting corporate governance, strategic planning, and business operations
  1. Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate safeguards:

7.1 Within Synovus Growth Bank

  • Our internal departments and authorised staff who need access to your data to perform their duties

7.2 Service Providers and Professional Advisors

  • IT, payment processing, cloud hosting, and other technical service providers
  • Customer support and communication service providers
  • Professional advisors such as lawyers, auditors, and consultants These third parties are bound by contractual and legal obligations to protect your data and to process it only in accordance with our instructions.

7.3 Other Financial Institutions and Payment Networks

  • Correspondent banks, intermediary banks, and payment service providers involved in the execution of your transactions
  • Card schemes and payment networks where necessary for card and payment services

7.4 Credit Reference and Fraud Prevention Agencies

  • Credit reference agencies to assess your creditworthiness and manage credit risk
  • Fraud prevention agencies and similar bodies for the detection and prevention of financial crime

7.5 Public Authorities and Regulators

  • Supervisory, regulatory, tax, and other governmental authorities where required by law
  • Law enforcement authorities, courts, and tribunals when responding to lawful requests or to protect our rights and the rights of others

7.6 Business Transfers

  • In the context of a merger, acquisition, restructuring, or transfer of all or part of our business, where permitted by law and subject to appropriate safeguards

We do not sell your personal data.

  1. International Transfers of Personal Data

If we transfer your personal data outside the United Kingdom or the European Economic Area (EEA), we will do so in compliance with applicable data protection laws and ensure that an adequate level of protection is in place. This may involve:

  • Transfers to countries with an adequacy decision by the UK government; or
  • Using approved standard contractual clauses or equivalent safeguards; or
  • Relying on other lawful transfer mechanisms where appropriate.

You may contact us for more information about the safeguards applied to international data transfers.

  1. Data Security

We take the security of your personal data very seriously and implement appropriate technical and organisational measures to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include:

  • Encryption, pseudonymisation, and secure storage
  • Access controls based on roles and need-to-know principles
  • Strong authentication and session management
  • Regular security testing, monitoring, and auditing
  • Staff training and internal policies on data protection and confidentiality

Despite our efforts, no system or transmission of data over the internet can be guaranteed to be completely secure. You are encouraged to take your own precautions, such as keeping login credentials confidential and using secure devices and networks.

  1. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

  • Provide you with banking products and Services
  • Comply with legal and regulatory retention requirements
  • Resolve disputes and enforce our agreements

Retention periods may differ depending on the type of data and the applicable legal obligations. When personal data is no longer required, we will delete it or anonymise it in a secure manner.

  1. Your Data Protection Rights

Under applicable data protection laws, you may have the following rights in relation to your personal data, subject to certain conditions and limitations:

11.1 Right of Access To obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data and certain related information.

11.2 Right to Rectification To request that inaccurate or incomplete personal data be corrected or completed.

11.3 Right to Erasure To request the deletion of your personal data where, for example, it is no longer necessary for the purposes for which it was collected, or where you have withdrawn consent (where consent was the legal basis), subject to legal and regulatory requirements.

11.4 Right to Restriction of Processing To request the restriction of processing under certain circumstances, such as when the accuracy of the data is contested or where processing is unlawful and you oppose erasure.

11.5 Right to Data Portability To receive personal data that you have provided to us, in a structured, commonly used, and machine-readable format, and to request that we transmit it to another controller where technically feasible and legally permitted.

11.6 Right to Object To object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for such purposes.

11.7 Rights Relating to Automated Decision-Making and Profiling To request human intervention, express your point of view, and contest a decision where we make decisions based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, where such processing occurs.

To exercise any of the above rights, please contact us using the details provided in our official communications or through our website. We may need to verify your identity before fulfilling your request.

  1. Direct Marketing

Where permitted by law and, where required, with your consent, Synovus Growth Bank may use your contact details to send you information about products, services, or offers that we believe may be of interest to you.

You can opt out of receiving direct marketing communications at any time by following the unsubscribe instructions provided in the communication or by contacting us directly. Even if you opt out of marketing, we may still send you non-promotional communications relating to your accounts and our Services.

  1. Cookies and Online Tracking

Our websites and mobile applications may use cookies and similar technologies to enable functionality, enhance security, improve user experience, and perform analytics.

Where required by law, we will ask for your consent to the use of non-essential cookies. You can manage your cookie preferences through your browser settings or our cookie management tools, but disabling certain cookies may affect the functionality of our online Services.

For more detailed information, please refer to our separate Cookie Policy, where available.

  1. Children’s Privacy

Our Services are not primarily directed at children, and we do not knowingly collect personal data from children except where necessary to provide specific banking products in accordance with applicable laws and with appropriate safeguards.

If we discover that we have collected personal data from a child without the necessary consent or legal basis, we will take reasonable steps to delete such data as soon as practicable.

  1. Links to Third-Party Websites

Our Services may contain links to third-party websites or applications that are not operated by Synovus Growth Bank. We are not responsible for the privacy practices or content of such third parties.

We encourage you to review the privacy policies of any third-party sites you visit or services you use.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory developments, or improvements in our Services.

When we make material changes, we will notify you through appropriate means, such as by posting a prominent notice on our website or contacting you directly, where required by law. The "last updated" date at the end of this Privacy Policy will indicate when it was most recently revised.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

  1. How to Contact Us and Lodge a Complaint

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the contact details provided in our official channels.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another competent supervisory authority if you believe that your data protection rights have been violated. We encourage you to contact Synovus Growth Bank first so that we can attempt to resolve your concerns.

Last updated: 09 May 2026

We value your privacy at Synovus Growth Bank

Synovus Growth Bank uses cookies and similar technologies to improve website performance, analyse how visitors use our services, and personalise content. We process your data in accordance with applicable English and UK data protection laws. You can choose which categories of cookies to allow, and you may change or withdraw your consent at any time in the settings. By accepting, you help Synovus create a more secure and convenient banking experience for you. View Synovus full privacy policy