Close Your web browser is out of date. Updating your browser will improve how you can view and use this website. Find out how to do this


Privacy notice

Read this page to find out how we manage your personal details

When you apply to save or invest with us, we ask you to give us some of your personal details so that we can open and administer your account. We also collect your personal details at other times, for example when you contact us. We are committed to keeping all the information we hold about you secure, private and confidential.

This page explains why we need to collect your personal details and what we do with them. It also sets out the legal basis on which we collect and use your information and outlines the rights you have under current data protection legislation.

If you are a financial adviser please go to:

Adviser privacy notice

If you are a prospective NS&I employee please go to:

Prospective NS&I employee privacy notice

How we use your information

Which of my details do you collect?

We’ll ask for your full name (title, forename(s) and surname), date of birth, postal address, phone number, email address and nominated bank account details. We ask for your bank details so that we can make payments to you, for example when you make a withdrawal or win a Premium Bonds prize. When you’re making a deposit by debit card, we’ll need your card details. And when making a cheque deposit to open an account, we’ll ask for details of the account on which the cheque is drawn.

We need this personal information so that we can provide you with the accounts or services that you have asked for. We also need some of this information to meet our legal obligation to check your identity, address and source of funds. If you don't provide it, then we won't be able to provide you with our accounts or services.

  • When do you collect these details?

    We’ll collect them when you apply to open an account through our website, by phone or by completing a form and posting it to us. We’ll also collect some of your details whenever you make a transaction or contact us about your accounts. This can be online (including live chat), by phone, by post, by email or secure message, through social media, or when you use our apps or an Open Banking service.

  • Using our website, emails, apps and social media

    Our website, and the emails we send out, use cookies and other tracking technologies to collect information. When you visit our website, you can choose to decline cookies, but our online application forms and other processes need to use cookies to work properly. You can find out more about our cookie policy at

    When you use our website or apps, we collect information such as the browser you are using and the date, time and your IP address (a label used to identify your device on the internet).

    We may use social media, for example Twitter and Facebook, to communicate with you. We may also use posts on social media to find out how people view our products and services.

  • What do you do with my information?

    The main reasons we use your information are to open and administer your account(s), process your deposits and withdrawals, and keep you up to date with information about your account(s).

    We may also use your information to:

    • meet our legal obligation to check your identity, address and source of funds
    • prevent or detect fraud or other crime
    • develop, test and improve our products, systems and services
    • invite you to take part in market research and surveys
    • carry out anonymous statistical analysis (we won’t be able to identify individuals when we do this)
    • create customer-type profiles to help us improve existing products and services, and develop new ones
    • send you marketing messages about NS&I accounts which may be tailored to your circumstances (unless you have opted out)
    • run competitions, events and promotional activities

    When you call us, we may monitor or record your call for training or quality assurance. We also record calls so that we have a record of your consent in certain circumstances, for example when you agree to allow us to talk to a member of your family on your behalf.

  • Who do you share my details with?

    We use selected organisations to help us deliver the service we provide to you. We may share your personal information with:

    • our service providers who provide data processing services to us, for example helping to administer your account and investments, printing and sending warrants and statements to you, and sending you emails about your accounts. We only share the information that's necessary for them to provide their services
    • credit reference agencies to check your identity, address and source of funds, and to prevent fraud

    We may also share your information with government bodies, law enforcement agencies, courts or other third parties to comply with our legal obligations or lawful disclosure requests, for example.

    You can also ask us to share your information with anyone else, for example a financial adviser.

  • How long do you keep my information for?

    We keep your personal information where we have an ongoing legitimate or lawful need to do so. For example, we keep some records for audit purposes for up to seven years after you have closed an account with us.

    When we no longer have a legitimate or lawful need to keep your personal information, we will delete it.

  • Premium Bonds and the prize draw

    We keep records of Premium Bonds holdings for longer than seven years. This is to allow us to reallocate prizes where we discover that one or more prizes paid out were not valid. This can happen, for example, when a Bond holder dies but no one tells us.

    Each month we publish the winning Premium Bonds numbers on our website, together with the value of the prize, the value of the holding, the date the Bond was bought and the area where the Bond holder lives. We do not publish the names or other details of Premium Bonds winners.

  • Do you send my information outside Europe?

    We may sometimes send your information outside Europe to process transactions or correspondence. These countries may have data protection laws that are different to those in Europe, which may be less protective. In these cases we will ensure that your information is processed in line with data protection law in Europe.

    For example, our operational partner carries out some processing for us in India. They have in place ‘Binding Corporate Rules’ (contractual obligations) which require them to process your information in line with European data protection law. If you want to see these rules, please contact us.

  • Keeping each other informed

    We will give you information about your accounts and provide regular statements. If we need to get in touch, we will call you, write to you by email or letter, send you a text message, or contact you through our online service.

    In the event of a data breach that could lead to a high risk to your rights and freedoms, for example the risk of financial loss, we will let you know as soon as we reasonably can.

    To make sure you can receive information and communications from us, please make sure you tell us whenever you change your name, address, phone number, email address or nominated bank account. Giving us your most up to date details will also help protect your account(s) by making sure any information we send you doesn’t fall into the wrong hands.

    You can update your details online or by contacting us.

  • Web chat

    If you have a question, sometimes it’s not convenient to call. That’s one reason we’ve introduced web chat – our online instant chat service. When using our web chat, we may ask you to provide personal information such as your name, address, date of birth, email address and other information such as the reason for the chat. We will also collect your IP address automatically. We ask for this information to help us identify you and give you the best service, and for training and quality purposes. We may also invite you to take part in an optional short survey after your web chat has finished.

    We are committed to keeping your personal information secure and confidential. We won’t share your personal information from web chat with any third parties or use it for marketing purposes. We will not transfer any of your personal information from web chat outside the European Economic Area.

    A transcript of each chat session is created automatically. You can download a copy of the transcript at any time during the chat. We keep a copy of the transcript for up to seven years, in line with our data retention policy.

The legal background and your rights

The legal background and your rights

Here we summarise the lawful basis on which we collect and use your information and outline the rights you have under current data protection legislation

  • Lawful basis

    We are allowed to use your personal information for a range of reasons, called ‘lawful bases’. These are:


    We need to collect and use your personal information to be able to provide you with the savings account(s) that you want to open and use. We cannot provide the service if you don’t give us the information we ask for.

    Legal obligation

    We may need to use your personal information to meet our legal obligations, for example if we need to check your identity, address and source of funds to comply with the Money Laundering Regulations.

    Legitimate interests

    We have a legitimate interest in promoting our accounts and services. For this reason, we may use your personal details to, for example, send you marketing information about our own accounts or services that we think you may be interested in. We may also invite you to take part in research or surveys to help us improve the products and services that we offer. You can ask us to stop sending you marketing and/or research invitations at any time.


    We only rely on consent as a lawful basis for using your personal information in a few limited circumstances, for example if you ask us to share your account information with an authorised third party who offers an Open Banking service; or if you want us to share information with your financial adviser or nominated representative. You can withdraw your consent at any time, and we make it as easy to withdraw consent as it is to give it.

    Public task

    There are times when we need to share information with other government bodies to allow them to meet their legal obligations, for example where HM Revenue & Customs need to know how much gross interest you have earned during a tax year.

  • Your rights

    You have a range of data protection rights in relation to the information we hold about you. You can exercise any of these rights by contacting us. Note that not all of the rights are absolute – some of them depend on which lawful basis we are using to process your information.

    Right of access

    You can ask us to provide you with a copy of the information we hold about you by making a ‘Data Subject Access Request’. You can download and print a form from or contact us with all information asked for on the form.

    Call us

    Right to data portability

    Where we process your personal information by automated means for contractual purposes, or with your consent, you can ask us to provide the information we hold about you in a structured, machine readable format (for example a CSV file).

    Right to rectification

    If the information we hold about you is incorrect, out of date or incomplete, please let us know and we will put it right.

    Right to restrict processing

    If you think the information we hold about you isn’t accurate, you can ask us not to process it until we have corrected any errors or verified that the information is accurate.

    Right to erasure

    You can ask us to delete your personal information when:

    • we no longer need it
    • you have given us consent and you later withdraw it
    • you have objected to us processing your information and we have no lawful basis to do so
    • we are legally obliged to delete it

    Right to object

    Where we have a legitimate interest or a public interest in processing your personal information (see Lawful bases), you can object to this.

    Right not to be subject to automated decision-making

    Some of our processes are partly or wholly automated, but we don’t make decisions that have a significant or legal effect without human involvement. For example, we may check your evidence of identity electronically, but if this is unsuccessful we will write to you to ask for documentary evidence instead.

    Right to lodge a complaint with a supervisory authority

    If you have a complaint about the way we have used your information, please contact us first and we will do our best to put things right for you. If you’re not happy with our response, you can escalate your complaint to the Information Commissioner’s Office (ICO) – see Useful contacts for their contact details.

Useful contacts

Data protection questions?

NS&I is the data controller of the information we hold about you. If you have any questions or concerns about how we process your information, you can contact us or write to:

Data Protection Officer
1 Drummond Gate

Frequently Asked Questions

Frequently asked questions

  • What is the GDPR?

    The General Data Protection Regulations (GDPR) is a set of regulations that changes how your personal information can be used, giving you more control over your data. It also ensures that organisations protect your personal information better. GDPR replaces the existing Data Protection Act, and came into force in the UK on 25 May 2018.

  • What does giving me more control mean?

    You already have a number of rights relating to the information we hold about you. The GDPR is designed to enhance those rights and make it easier for you to access your data and exercise your rights.

  • What do you mean by marketing preferences?

    We may occasionally contact you to send you marketing information about own accounts or investments that we think you may be interested in. We may send this to you by post, by phone, by email and online. By providing us with your marketing preferences we will know how best to send this information to you. Or you can choose to receive no marketing from us at all. You can change your marketing preferences at any time online or by contacting us.

  • What does online marketing mean?

    Online marketing means we may show you promotional messages that are tailored to you when you are logged in to our website. You can opt out of online marketing, but please note that you may still see online marketing messages – they just won’t be tailored to you specifically.

  • How can I change my marketing preferences?

    If you are registered for our online and phone service, you can amend your marketing preferences by logging in and going to the ‘Your details’ section. You can also do it by calling us. If you’re not registered, you’ll need to write to us – please make sure you include your name, address, NS&I number and/or account number.

  • You mention doing market research in the privacy notice, what is this?

    From time to time we may invite customers to take part in surveys and other research to help us understand how best to meet our customers’ needs, and to find out what our customers think about our accounts and services. If you don’t want to receive any market research invitations, or you only want to receive them a certain way (e.g. email), just let us know.