Privacy Policy

How Future Funds – B.B. Bank plc. collects, uses, protects and stores your personal data.

Contents of this page

1. Data controller
2. Categories of data
3. Purposes & legal basis
4. Data sharing
5. Data retention
6. Your rights
7. Security
8. Updates

1. Data controller

Future Funds – B.B. Bank plc. (“the Bank”, “we”, “us”) is the organisation responsible for determining the purposes and means of processing your personal data. As an FCA-regulated financial institution, we apply strict security, confidentiality and governance controls over all information we hold.

Future Funds – B.B. Bank plc.
B.B. Bank plc., West Street, Sheffield S1 2GQ, United Kingdom
Email: info@depot.capital

The Bank operates in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, relevant FCA and PRA requirements, and international rules relating to secure information exchange for cross-border payments.

2. Categories of data we process

Depending on your relationship with us, the Bank may collect and process a wider set of personal data in order to provide compliant, secure and efficient banking services. These categories include, but are not limited to:

Identification & onboarding data: full name, date and place of birth, nationality, residential address, identity documents (passport, ID card, driving licence), tax residency, customer identifiers, and—where applicable—video identification recordings.
Contact & communication data: your email address, telephone numbers, postal address, messages exchanged with customer support, internal portal communication, and notes generated during our interactions with you.
Banking & transaction data: account numbers, balances, transfer history, SEPA/SWIFT payments, card usage, ATM withdrawals, limits, authorisations, failed or blocked transactions, and beneficiary information.
Compliance & due diligence data: KYC documents, AML/CTF screening results, sanctions and PEP checks, source-of-funds documentation, and enhanced due diligence information where required.
Technical & security-related data: IP addresses, device fingerprints, browser metadata, login timestamps, session identifiers, behavioural risk signals, geolocation approximations and cookie data used for authentication, security and fraud-prevention purposes.
Communication & preference data: enquiry history, notification settings, preferences regarding digital services and communication channels.

3. Purposes and legal basis of processing

Your personal data is used exclusively for lawful banking, operational and regulatory purposes. The main processing activities are based on contract, legal obligations, legitimate interests or your consent (where explicitly required). We process data in order to:

Provide and maintain banking services: operating accounts, processing transfers, card transactions, standing orders, international payments and multi-currency balances.
Meet regulatory obligations: performing mandatory AML/CTF checks, KYC verification, sanctions screening, fraud monitoring, statutory reporting and compliance with UK and international financial legislation.
Ensure security and platform integrity: detecting unusual activity, preventing unauthorised access, monitoring login behaviour, maintaining accurate logs, and protecting customers and the Bank from fraud.
Provide customer support and communication: responding to enquiries, processing requests, handling complaints, sending important service notifications and informing you about policy updates.
Improve service quality and infrastructure: analysing anonymised or aggregated data to enhance system stability, user experience, performance and product development.

4. Data sharing

We only share personal data where strictly necessary and always under secure, contractual and legally compliant conditions. Your information may be disclosed to:

Payment and banking partners: SEPA clearing systems, SWIFT network participants, correspondent banks and financial intermediaries involved in executing international or cross-border payments.
Technology and security providers: regulated IT infrastructure partners, cloud hosting providers, cybersecurity firms, fraud-detection vendors and card scheme operators (e.g., Visa, Mastercard).
Regulators and authorities: FCA, HMRC, NCA, UK law enforcement and, where relevant, international authorities—strictly when required by law or regulation.
Professional advisors: auditors, compliance consultants or legal advisors supporting the Bank in meeting regulatory obligations.

All third parties are contractually required to protect your data and process it only for the purpose for which it was shared.

5. Data retention

Personal data is stored only for the duration for which it is necessary to fulfil legal, regulatory or contractual obligations. Financial institutions are subject to extended retention periods, which may vary depending on the type of data:

AML/CTF and KYC documentation may be retained for 5–10 years.
Transaction logs and account statements are retained according to accounting and audit rules.
Technical logs are kept only as long as needed for security, diagnostics or regulatory purposes.

Once retention periods expire, data is securely deleted or irreversibly anonymised.

6. Your rights

Under the UK GDPR, you have the right to exercise control over your personal data. You may:

Request access to all personal data we hold about you.
Request rectification of inaccurate or incomplete information.
Request erasure where legally permissible.
Request restriction of certain processing activities.
Object to processing that is based on legitimate interests.
Request portability of your data to another provider where applicable.
Withdraw consent for processing where consent is the legal basis.

Requests can be submitted using the contact information provided above. The Bank may need to verify your identity before fulfilling your request.

7. Security

The Bank employs a multi-layered security framework designed to protect personal and financial data from unauthorised access, misuse or loss. Safeguards include:

End-to-end encrypted communication and secure TLS channels.
Advanced fraud detection powered by behavioural analytics.
Device fingerprinting and multi-factor authentication.
Segregated data environments and strict access controls.
Regular penetration testing and external security audits.
Continuous monitoring of infrastructure and network activity.

While strong measures are in place, no digital system can guarantee absolute protection. The Bank continuously evaluates and enhances its safeguards to reduce risks.

8. Updates

This Privacy Policy may be updated from time to time to reflect regulatory developments, new banking features or enhancements to our security and operational processes. The most recent version will always be published on this page, and material changes may be communicated via email or through your online banking portal.