Synovus Global Bank

Privacy Policy

  1. Introduction

This Privacy Policy explains how Synovus Global Bank ("Synovus", "we", "us", or "our") collects, uses, shares, and protects your personal data when you use our banking products and services, visit our branches, websites, or mobile applications, or otherwise interact with us. We are committed to safeguarding your privacy and processing your personal data in accordance with applicable data protection laws in England, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services or interacting with us, you acknowledge that you have read and understood this Privacy Policy.

  1. Who we are (Data Controller)

Synovus Global Bank acts as the data controller in relation to the personal data we process. This means that we determine the purposes and means of processing your personal data.

If you have any questions about this Privacy Policy or how we handle your personal data, you may contact us using the contact details provided in Section 13 (Contact Us).

  1. Personal data we collect

We may collect and process the following categories of personal data, depending on your relationship with us and the products or services you use:

3.1 Identification and contact details

  • Full name, title, date and place of birth
  • Residential and correspondence address
  • Email address and telephone numbers
  • Nationality and residency status
  • Identification documents (e.g. passport, driving licence, national ID) and identification numbers

3.2 Regulatory and compliance data

  • Information required for Know Your Customer (KYC), Anti-Money Laundering (AML), and sanctions checks
  • Tax identification numbers and tax residency information
  • Information about political exposure (PEP status)
  • Information obtained from sanctions, fraud prevention, and credit reference databases

3.3 Financial and transactional information

  • Bank account details (account numbers, sort codes, IBANs, BICs)
  • Payment and transaction history
  • Loan, credit card, mortgage, and investment information
  • Account balances and statements
  • Salary, income, and employment information provided in connection with credit and banking services

3.4 Online and technical data

  • Login credentials, security questions and answers (stored securely)
  • IP address, device identifiers, browser type, and operating system
  • Information about your use of our websites, mobile apps, and online banking platforms (including cookies and similar technologies, as described in our Cookies Policy)

3.5 Communication and interaction data

  • Records of communications with Synovus (phone calls, emails, messages, in-branch interactions, and online chats)
  • Complaints, queries, and feedback
  • Marketing preferences and responses to surveys or promotions

3.6 Special category data (limited circumstances) We generally avoid collecting special category data (e.g. data about health, racial or ethnic origin, religious beliefs) unless it is strictly necessary for a specific purpose, and we have a lawful basis and additional safeguards. For example, we might collect health information where it is relevant to assessing financial vulnerability or providing tailored support.

  1. How we collect your personal data

We collect personal data from a variety of sources, including:

  • Directly from you when you apply for an account or product, complete forms, communicate with us, or use our services
  • From your use of Synovus online and mobile banking platforms, ATMs, and payment cards
  • From third parties such as credit reference agencies, fraud prevention agencies, sanctions lists, public databases, and other financial institutions
  • From employers, professional advisers or intermediaries acting on your behalf
  • From publicly available sources (e.g. company registries, public records, media)
  1. Legal grounds for processing

We process your personal data only when we have a lawful basis to do so. Depending on the context, this may include:

5.1 Performance of a contract To enter into and perform contracts with you, including:

  • Opening, maintaining, and closing bank accounts
  • Providing payment services, loans, mortgages, credit cards, and investments
  • Executing your instructions and managing transactions

5.2 Compliance with legal and regulatory obligations To comply with laws and regulations applicable to banks in England and internationally, including:

  • KYC, AML, counter-terrorism financing, and sanctions screening
  • Tax reporting and information sharing with tax authorities
  • Regulatory reporting and record-keeping obligations

5.3 Legitimate interests To pursue our legitimate business interests, provided that your rights and freedoms do not override these interests. This may include:

  • Managing risk, preventing fraud, and ensuring security of accounts and systems
  • Improving and developing our products, services, and internal processes
  • Conducting analytics, reporting, and management information
  • Handling queries, complaints, and customer service
  • Marketing similar products or services to existing customers (where permitted by law)

5.4 Consent Where required by law, we will ask for your consent before processing your personal data, for example:

  • Sending certain types of electronic marketing communications
  • Using some categories of cookies and similar technologies on our digital platforms You may withdraw your consent at any time; this will not affect the lawfulness of processing carried out before withdrawal.
  1. How we use your personal data

We may use your personal data for the following purposes:

  • To assess and process applications for accounts, loans, mortgages, credit cards, and other Synovus products
  • To verify your identity and carry out KYC and AML checks
  • To manage and operate your accounts and provide day-to-day banking services
  • To process payments, transfers, standing orders, and direct debits
  • To monitor and analyse transactions to prevent fraud and financial crime
  • To comply with regulatory, legal, and tax obligations
  • To respond to your enquiries, complaints, and service requests
  • To provide you with statements, notifications, alerts, and updates
  • To personalise and improve our services, including customer support and digital experiences
  • To conduct customer surveys, market research, and statistical analysis
  • To send you marketing communications, offers, or information about Synovus products and services, subject to your preferences and applicable law
  1. How we share your personal data

We may share your personal data with the following categories of recipients, always on a need-to-know basis and subject to appropriate safeguards:

7.1 Within Synovus

  • Group companies, branches, and subsidiaries of Synovus Global Bank, where relevant to providing our services, risk management, and regulatory reporting.

7.2 Service providers and professional advisers

  • IT, hosting, cloud, payment processing, and operational service providers
  • Customer service, communication, and security solution providers
  • Professional advisers, including lawyers, auditors, and consultants

7.3 Financial institutions and partners

  • Other banks, payment networks, card schemes, correspondent banks, and clearing systems involved in your transactions
  • Insurance companies, investment managers, and other partners where relevant to the products or services you use

7.4 Authorities and regulators

  • Regulatory, supervisory, and law enforcement authorities in England and other jurisdictions, where we are required or permitted by law
  • Tax authorities for reporting and information sharing obligations
  • Courts, tribunals, and legal bodies where disclosure is required in connection with legal proceedings

7.5 Fraud prevention and credit reference agencies

  • Credit reference agencies to assess creditworthiness and manage lending risk
  • Fraud prevention agencies and sanctions screening providers to detect and prevent financial crime

We do not sell your personal data.

  1. International transfers

Given the global nature of banking services, your personal data may be transferred to and processed in countries outside the United Kingdom and the European Economic Area, including locations that may have different data protection standards.

Where we transfer your personal data internationally, we will ensure appropriate safeguards are in place, such as:

  • Adequacy regulations issued by the UK Government; or
  • Standard contractual clauses or equivalent safeguards approved by competent authorities, together with additional security measures where appropriate.

You may contact us for further information on the specific safeguards used for any international data transfers involving your personal data.

  1. Data security

We implement technical and organisational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • Encryption and secure transmission of data
  • Access controls and authentication procedures
  • Segregation of duties and role-based access management
  • Regular security assessments, monitoring, and testing
  • Staff training on data protection, confidentiality, and information security

While we take reasonable steps to protect your personal data, no system or transmission of data over the internet can be guaranteed to be completely secure.

  1. Data retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, and to meet legal, regulatory, accounting, or reporting requirements.

In determining the appropriate retention period, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorised use or disclosure
  • The purposes for which we process your data and whether we can achieve those purposes through other means
  • Applicable legal and regulatory retention periods for banks in England and relevant international standards

When personal data is no longer required, we will securely delete or anonymise it.

  1. Your rights

Subject to conditions and exceptions defined by law, you have the following rights in relation to your personal data:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data
  • Right to rectification: to request correction of inaccurate or incomplete personal data
  • Right to erasure: to request deletion of your personal data in certain circumstances
  • Right to restriction: to request that we restrict the processing of your personal data in certain circumstances
  • Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible
  • Right to object: to object to processing based on our legitimate interests or for direct marketing purposes
  • Right not to be subject to automated decision-making: to request human intervention and contest decisions based solely on automated processing, including profiling, where such decisions have legal or similarly significant effects on you

To exercise any of these rights, please contact us using the details in Section 13 (Contact Us). We may need to verify your identity before processing your request. We aim to respond within the timeframes required by law.

  1. Marketing communications

We may use your personal data to inform you about Synovus products, services, offers, and events that may be of interest to you.

Where required by law, we will obtain your consent before sending you electronic marketing communications (email, SMS, app notifications). You can manage your marketing preferences or opt out at any time by following the unsubscribe instructions in our communications or by contacting us.

Opting out of marketing will not affect service-related communications necessary for the administration of your accounts and products.

  1. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, or if you wish to exercise your data protection rights, you can contact Synovus Global Bank’s data protection contact point using the contact details made available on our official website or through your usual branch or relationship manager.

You also have the right to lodge a complaint with the UK data protection supervisory authority, the Information Commissioner’s Office (ICO), if you believe that your data protection rights have been infringed. We encourage you to contact us first so we can address your concerns.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. When we make material changes, we will take appropriate steps to inform you, such as posting an updated version on our website with a revised effective date.

Your continued use of Synovus services after any changes have taken effect will signify your acceptance of the updated Privacy Policy.

Your privacy at Synovus Global Bank

Synovus Global Bank uses cookies and similar technologies to improve site performance, analyse traffic, and provide a more personalised experience. We also process certain personal data when you interact with our website and services. You can learn in detail which data we collect, for what purposes, and how we protect it by reading our full Privacy Policy. You may choose to accept or reject non‑essential cookies at any time. Essential cookies are necessary for the secure and proper functioning of the Synovus website. View Synovus Privacy Policy