Privacy Policy of Synovus Vertex Bank

1. Introduction

This Privacy Policy explains how Synovus Vertex Bank ("Synovus", "we", "us", or "our"), a banking institution operating in England, collects, uses, stores, and protects your personal data. We are committed to safeguarding your privacy and handling your information in a transparent and lawful manner.

By using our services, visiting our websites, mobile applications, or otherwise interacting with Synovus, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Synovus Vertex Bank [Registered address in England]

If you have any questions about this Privacy Policy or how we process your data, you may contact us using the details provided in Section 12 (Contact Us).

3. Personal Data We Collect

The types of personal data we collect depend on your relationship with Synovus and the products and services you use. We may collect and process the following categories of data:

3.1 Identification and Contact Details

• Full name, title, date of birth, and gender
• Residential and correspondence addresses
• Email address and telephone numbers
• National identifiers (such as passport number, national insurance number, or other government-issued ID numbers), where required by law

3.2 Financial and Transaction Data

• Bank account numbers and sort codes
• Payment card details (processed using secure, compliant systems)
• Account balances and transaction histories
• Incoming and outgoing payments, transfers, standing orders, and direct debits
• Credit history, credit scores, and information from credit reference agencies, where permitted

3.3 Regulatory and Compliance Data

• Information collected for anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, and sanctions screening
• Documentation used for Know Your Customer (KYC) checks (e.g. identity documents, proof of address)
• Records of due diligence checks and risk assessments

3.4 Technical and Usage Data

• IP address, browser type and version, device identifiers, time zone settings, and operating system
• Information about how you use our websites, apps, and online banking services
• Login information, security logs, and authentication data

3.5 Communication Data

• Records of communications with Synovus, including telephone calls, emails, secure messages, and online chats
• Feedback, complaints, and survey responses

3.6 Marketing and Preference Data

• Your communication and marketing preferences
• Records of your responses to marketing campaigns

We may also collect data from publicly available sources, other banks, business partners, payment networks, and official registers where lawful to do so.

4. How We Collect Your Data

We collect personal data in several ways, including:

• Directly from you when you open an account, apply for a product or service, communicate with us, or complete forms
• Indirectly from third parties such as credit reference agencies, fraud prevention agencies, and public databases
• Through your use of Synovus online and mobile banking services, websites, and digital platforms
• Through cookies and similar technologies (see Section 9)

5. Legal Bases for Processing Your Data

We process your personal data only when we have a lawful basis to do so under applicable data protection laws in England and the United Kingdom. These legal bases include:

5.1 Performance of a Contract To provide you with banking products and services you request and to fulfil our contractual obligations, such as:

• Opening and managing accounts
• Processing payments and transactions
• Providing customer support and account maintenance

5.2 Compliance with Legal Obligations To meet our legal and regulatory duties, including:

• Anti-money laundering, fraud prevention, and sanctions screening
• Reporting to regulatory, tax, and law enforcement authorities
• Keeping statutory records and complying with banking regulations

5.3 Legitimate Interests Where necessary for our legitimate interests or those of a third party, and where your interests and fundamental rights do not override those interests, for example:

• Managing our business operations and IT infrastructure
• Preventing, detecting, and investigating fraud or security incidents
• Improving our products, services, and customer experience
• Defending or establishing legal claims

5.4 Consent Where you have given explicit consent, for example:

• Sending you certain types of marketing communications
• Using optional cookies for analytics or personalisation

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

6. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

• To open, manage, and administer your Synovus accounts and banking relationships
• To process deposits, withdrawals, transfers, payments, and other transactions
• To verify your identity and conduct KYC and due diligence checks
• To comply with AML, CTF, sanctions, and other regulatory requirements
• To manage risk, detect and prevent fraud, and monitor for suspicious activities
• To provide and improve online and mobile banking services
• To respond to your enquiries, requests, complaints, and feedback
• To communicate important information regarding your accounts, security alerts, and service updates
• To conduct internal reporting, auditing, and governance
• To carry out market research, service analysis, and product development
• To send you marketing communications, where lawful and in line with your preferences

7. Sharing Your Personal Data

We may share your personal data with selected third parties when necessary and lawful, including:

7.1 Within Synovus Group

• Other Synovus entities or affiliates, where applicable, for centralised services, risk management, or regulatory compliance

7.2 Service Providers

• IT service providers, cloud service providers, and data hosting companies
• Payment processors, card scheme providers, and clearing and settlement systems
• Professional advisers such as lawyers, auditors, and consultants

7.3 Regulatory and Public Authorities

• Regulators, supervisory authorities, and law enforcement agencies in England, the UK, and other relevant jurisdictions
• Tax authorities and courts when required by law or to protect our legal rights

7.4 Credit and Fraud Prevention Agencies

• Credit reference agencies to assess creditworthiness and manage lending risk
• Fraud prevention and sanctions screening agencies

7.5 Other Third Parties

• Other banks and financial institutions involved in your transactions
• Third parties in connection with a business transfer, merger, restructuring, or acquisition, subject to appropriate safeguards

Whenever we share your data, we ensure that recipients process it in accordance with applicable data protection laws and under appropriate contractual and security safeguards.

8. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA). Some of these countries may not offer the same level of data protection as the UK.

Where we transfer data internationally, we take steps to ensure that your personal data remains protected, including:

• Using standard contractual clauses or other legally recognised transfer mechanisms
• Transferring data only to countries deemed to provide an adequate level of protection
• Applying additional technical and organisational safeguards where necessary

You may contact us for more information about the safeguards in place for international transfers.

9. Cookies and Similar Technologies

When you visit Synovus websites or use our digital services, we may use cookies and similar technologies to:

• Enable core site and online banking functions
• Remember your preferences and improve usability
• Analyse website and app usage to improve performance and security
• Support marketing and communication activities, where permitted

You can manage cookies through your browser or device settings. Some cookies are essential for the operation of our online services, and disabling them may limit your ability to use certain features.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include:

• Encryption, firewalls, and secure network architectures
• Access controls, authentication, and logging
• Regular security testing, monitoring, and staff training

Despite our efforts, no security system is entirely infallible. You also have a role in protecting your data: keep your login credentials, PINs, and passwords confidential, and notify us immediately if you suspect unauthorised access to your accounts.

11. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including:

• The duration of your relationship with Synovus
• The time needed to comply with legal, regulatory, tax, and accounting obligations
• The limitation periods for establishing, exercising, or defending legal claims

When personal data is no longer required, we will securely delete or anonymise it, in accordance with our data retention policies and applicable laws.

12. Your Data Protection Rights

Under applicable data protection laws in England and the UK, you may have the following rights with respect to your personal data, subject to certain conditions and exemptions:

• Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data
• Right to rectification: to have inaccurate or incomplete personal data corrected
• Right to erasure: to request deletion of your personal data in certain circumstances
• Right to restriction: to request that we limit the processing of your personal data in certain situations
• Right to data portability: to receive personal data you provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible
• Right to object: to object to certain processing activities based on legitimate interests or direct marketing
• Rights related to consent: where processing is based on your consent, you may withdraw that consent at any time

To exercise any of these rights, please contact us using the details in Section 13 (Contact Us). We may need to verify your identity before responding to your request.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you are dissatisfied with how we handle your personal data. We encourage you to contact us first so we can address your concerns directly.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, you may contact Synovus Vertex Bank using the following details:

Data Protection Officer Synovus Vertex Bank [Registered address in England] Email: [DPO email address] Telephone: [Contact number]

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, our banking services, or our data processing practices. When we make material changes, we will notify you through appropriate channels, such as our website, online banking platform, or direct communication.

The date of the latest update will be indicated at the top of this Privacy Policy. Your continued use of Synovus services after any changes take effect will constitute your acknowledgement of the updated Privacy Policy.