Privacy notice

Last updated: May 2025

1. The lawful bases for processing your personal information.
2. What personal information is collected and how.
3. Your data protection rights. We have included your right to:
   • ask that we correct or delete personal information when that information is incorrect, irrelevant, or no longer needed; and
   • ask that we destroy or delete your information when we are no longer authorised to keep it.
4. Access requests are now included in our updated information manual.
5. The Nedbank Contact Centre knows how you can lodge complaints and has the contact details of the Information Regulator if you are not happy with how we handled your complaint.

Introduction 

Nedbank treats its clients' personal information with the utmost discretion. This is in accordance with the South African Constitution, which protects the right to privacy. The Protection of Personal Information Act 4 of 2013 (POPIA), which operationalises the constitutional right to privacy, further strengthens our resolve to protect our clients’ and stakeholder’s personal information. POPIA promotes the fair and transparent use of this information and requires us to safeguard it appropriately. Personal information as defined by POPIA is any information that can be used to identify you as an individual, and, where applicable, a legal entity. Examples of personal information is your identity number, account number, telephone number, email address, physical address, or other unique identifier.  

As part of our commitment to safeguard our clients' personal information and continue to comply with the law, our processing activities involving personal information are aligned to the provisions of POPIA. 

This Privacy Notice sets out how your personal information will be used by Nedbank and applies to any information, including personal and special personal information, you give to Nedbank or which Nedbank may receive from third parties. 

It is important that you read this Privacy Notice carefully before submitting any personal information to Nedbank. 

By submitting any personal information to Nedbank, you provide consent to the processing of your personal information as set out in this Privacy Notice and the detailed terms and conditions for the relevant products that you will sign.  

The provisions of this Privacy Notice are subject to mandatory, unalterable provisions of applicable laws. 

Please do not submit any personal information to Nedbank if you do not agree to any of the provisions of this Privacy Notice. If you do not consent to the provisions of this Privacy Notice, or parts of the Privacy Notice, Nedbank may not be able to provide its products and services to you. 

What is personal information? 

Personal information is data that can be used to identify you. This includes personal information you  share with us, personal information that we gather during onboarding and our relationship with you as our client, as well as information about your marketing preferences. This information includes, but not limited to:  

• your gender as may be required for statistical purposes or by law;
• your marital status, nationality or social origin;
• your age, physical or mental health and well-being, disability, religion, conscience, belief, culture, and language; 
• your education or any medical conditions; 
• your financial information (like your income and expenses, loan  repayments, investments, assets or your financial needs);
• any identifying number, symbol (like account, identity or passport numbers);
• your email address, physical address or telephone number (as this may be needed for us to communicate with you);
• your location and online identifiers [this can be Internet Protocol (IP) addresses or geolocations]
• your employment history (this is specifically relevant when you apply for credit); 
• biometric information (eg fingerprints, and facial or voice recognition); and
• your personal opinions or views.

There may be circumstances in which we will collect your special personal information. Such information may include: 

• your race or ethnicity (as required by law and for statistical purposes);  
• your health (eg when you apply for life insurance); and 
• criminal behaviour where it relates to the alleged commission of any offence; or any proceedings regarding any offence allegedly committed by you, or the disposal of such proceedings. 

The processing of your special personal information will only happen with your consent, if this is necessary to establish, exercise or defend a right or obligation in law, to comply with a law, for historical, statistical or research purposes or if it is otherwise lawful to do so.  

Aim and objective of this privacy notice 

It is to give you and our stakeholders guidance  on how we collect, use, and protect personal information. The privacy notice will tell you: 

1. why we collect your personal information and how we may process it; 
2. how we share your personal information with third parties; 
3. how we protect your personal information; 
4. how long we hold onto your personal information; and  
5. of your rights. 

Why do we process your personal information?   

For us to offer you financial products and services, we need to process (collect, use, share and store) personal and financial information about you so that we can: 

• assess the risk of fraud, money laundering and the like; 
• enter into banker-client / banker-third party relationships with you; 
• contractually engage you for loans and credit: any other related banking and insurance services; 
• gain an understanding of your financial needs to offer you the best services and products, including the use of artificial intelligence tools; 
• develop suitable products and services to meet your needs; 
• market relevant products and services to you; 
• conduct market research and client satisfaction surveys; 
• search, update or place your records at credit reference bureaus and government agencies; 
• verify your identity and to assess your ability to get credit or to give collateral of any kind, including guarantees or suretyships; 
• record and monitor any communications between you and us and use these recordings to verify your instructions to us to analyse, assess and improve our services to clients, and for training and quality purposes; and 
• communicate with you by post, phone, SMS, email, and other electronic media, including our ATMs, mobile applications, or online banking services, about products that may be of interest to you. 

It is your right to refuse to provide personal information, but this refusal may limit our ability to provide the required financial products and services to you. We will only collect personal information from you that is necessary and relevant to the service or product we have to provide. 

We will only collect and use your personal information if we are lawfully permitted to do so. 

We may send you direct marketing, but you can unsubscribe by opting out on the relevant Internet-based platform or advising Nedbank directly via the Nedbank Contact Centre. 

If we use third-party data providers, we will ensure that they are lawfully allowed to share the information with us. 

The lawful basis we rely on for processing this information are: 

• we have your consent to do so; 
• we have an obligation to carry out actions for the conclusion or performance of a contract with you; 
• we are required by law to process your personal information; 
• the processing protects your legitimate interest; 
• we have a legitimate interest to pursue; and/or 
• a third party has legitimate interest to pursue. 

Processing personal information of children 

We will only process the personal information of a child with the consent of a competent person or if we are lawfully allowed to do so.  

We may, for example,  process the personal information of a child of 16 years or older if they want to be a depositor with us as authorised by the Banks Act, 94 of 1990. 

How do we collect your personal information? 

We collect your personal information in the following ways: 

• Directly from you when you complete a product application form, unless the information is in the public domain; you consented to us collecting the information from another source; collecting directly from you will prejudice the lawful basis of collecting the information and/or collecting the information directly from you is not reasonably practical. 
• Indirectly from you when you interact with us electronically, i.e. use of cookies (refer to details below)  
• From other sources, such as public databases, data aggregators and third parties, as well as other financial institutions, credit bureaus, fraud prevention agencies; or indirectly through your interactions with third parties in a manner that does not prejudice your legitimate interest and/or when it is necessary to collect information from these third parties .  
• Through agents or third parties who collect personal information on our behalf. 
• Through other entities in the Nedbank Group or divisions/clusters of entities within the Nedbank Group. 

Third parties from which we may collect your personal information may include: 

• law firms; 
• other financial institutions and service providers; 
• data brokers; 
• business partners; 
• insurance companies; 
• credit bureaus; 
• payment associations; 
• social media; 
• the South African Police Service; 
• local or foreign regulators; 
• public or government entities;  
• South African Fraud Prevention Services; 
• Payments Association of South Africa;  
• media publications; and 
• tracing agents. 

To whom will we disclose your personal information? 

Protecting our interests may sometimes require the disclosure of specific client information to third parties, for example, if payment failed due to insufficient funds in an account. Where required to protect the public interest, information regarding a client’s debt may be disclosed to credit bureaus or debt collection agencies. Entities and third parties with whom we may share your information may include:  

• banks and financial institutions; 
• regulatory authorities; 
• the regulator, industry bodies and the Ombudsman; 
• law firms and auditors; 
• insurers; 
• the South African Police Service;  
• South African Fraud Prevention Services; 
• Payments Association of South Africa; and 
• other third parties as may be required either contractually, by law, or legitimate interest.  

When sharing your personal information with recipients in other jurisdictions, we will ensure compliance with applicable laws.  

We will never sell your personal information to third parties and will only market to you in compliance with applicable laws and your marketing preference, using, where practicable, the communication method you chose. 

When we correct, destroy or delete your information, if reasonably practicable, we will inform each third party to whom the personal information has been disclosed to. 

How do we protect your personal information? 

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put reasonable physical, electronic, and managerial procedures in place to safeguard and secure the information we collect. 

All online transacting sessions are encrypted, and personal information is stored according to internationally accepted banking information security practices. 

How long will we keep your personal information?  

We will keep your information only for as long as we need it for a lawful business purpose or as required by law (including tax legislation). 

If we need to keep your personal information for longer than required, and more specifically for historical, statistical or research purposes, we will do so with the appropriate safeguards in place to prevent the records from being used for any other purpose. 

Your personal information may be kept for varying periods from the end of our relationship, depending on regulatory requirements or legitimate business requirements. We will take all reasonable steps to delete, destroy, correct or de-identify the personal information that we hold when it is no longer required. 

We will restrict processing of your personal information if it is not accurate, no longer needed for the purpose we collected it, the processing is unlawful and you oppose its destruction or deletion and request the restriction of its use instead of the information or you have requested us to transmit the information to another automated processing system. We will inform you before lifting the restriction on processing of your information. 

Your data protection rights 

You have the right to ask us to confirm whether we hold any information about you. You may also request a record from us about the personal information we hold about you, as well as information about all third parties with whom we have shared your personal information, including the right to: 

• be notified when your personal information is being collected; 
• withdraw your consent to process your personal information at any time provided that, it does not affect the lawful basis of processing the information before your withdrawal or us pursuing our legitimate interest and/or that of a third party; 
• be notified when your personal information has been accessed by an unauthorised third party; 
• correct or delete the personal information in our possession or under our control if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained unlawfully; 
• destroy or delete a record of your personal information that we are no longer authorised to keep in terms of regulatory requirements; 
• object at any time to the processing of your personal information for protecting your legitimate interest, for pursuing our legitimate interest or that of a third party and we will no longer process your information;  
• for us not to rely solely (for decisions) on the basis of the automated processing of your personal information; 
• stop or start sending you marketing messages by informing us in writing or through our branch network, call centres or website; 
• you will be informed of the outcomes of any objections or withdrawals we receive from you to process your personal information and confirmation of any corrections made. 
• submit  a complaint to the Information Regulator regarding any interference with the protection of your personal information to POPIAComplains@inforegulator.org.za or visit their website on www.inforegulator.org.za ; and 
• institute civil proceedings regarding the alleged interference with the protection of your personal information 

If you want to verify the information we have about you or want us to update, change, or delete it, you may: 

• refer to our Promotion of Access to Information Manual which is available on www.nedbank.co.za  
• call the Nedbank Contact Centre on 0860 555 111; or 
• go to a Nedbank branch. 

Cookies 

Cookies are very small text files that may be stored on your computer or mobile device when you visit a website, enable images, or click on a link in an email. We use cookies to identify which pages are being used. This helps us analyse data about web page traffic to improve our website and give you a better user experience.  

We use this information for statistical analysis purposes only and the data is then removed from the system. Nedbank does not record your internet usage after you leave our website. 

Cookies play a crucial role in enhancing the functionality of our website and improving your overall experience across our online channels. 

We want to be transparent about our cookie usage, so here’s how we handle them: 

1.      Strictly necessary cookies 

• These cookies are mandatory for the effective operation of our website on your device. They let you use the website and its features, and cannot be switched off. 

2.      Performance cookies 

• These cookies collect anonymous information about how you use our website. They help us improve website performance without gathering personal data.  
• Temporary session cookies exist only while you browse our website. They remember your activities during the session and are deleted when you close our website or move to a different one.

3.        Marketing cookies (advertising cookies)

• These cookies deliver relevant and engaging advertisements to you. We measure the effectiveness of our advertising campaigns based on your interaction with these ads.  
• These cookies stay on your device until they reach their set expiry date or until you delete them. They remember your preferences and choices across visits, and display advertising campaigns relevant to your online activity. 

You can manage your cookie settings on your internet browser. Most web and mobile browsers automatically accept them. You can modify your browser settings to manage cookies. However, this may prevent you from taking full advantage of our website experience. Your cookie settings will also affect other websites you visit. 

This is how you can manage your cookie settings: 

Desktop or laptop 

1. Microsoft Edge

• Click on the ellipsis (⋯) in the upper-right corner of your browser.
• Choose Settings.
• Go to View advanced settings.
• Navigate to Cookies and choose Don’t block cookies.
• You may need to restart Microsoft Edge for the changes to take effect.

2. Google Chrome

• Click on the 3-dot menu in the upper-right corner.
• Choose Settings > Privacy > Cookies.
• Choose 1 of these options: Enabled, Enabled excluding 3rd party, or Disabled.
• To erase all cookies, tick the Clear private data on exit box and choose Cookies and active logins.

Mobile device on iOS or Android 

       1.   iOS (Safari) 

• Open the Settings app. 
• Scroll down and tap on Safari. 
• Under Privacy and security, choose Block all cookies or Allow from websites I visit. 

         2. Android (Chrome): 

• Open the Chrome app. 
• Tap on the 3-dot menu in the upper-right corner. 
• Go to Settings > Site settings > Cookies. 
• Choose your preferred option: Allow all cookies, Block 3rd-party cookies, or Block all cookies. 

Complaints 

You may submit complaints about the processing of your personal information by phoning the Nedbank Contact Centre on 0860 555 111 or sending an email to privacy@nedbank.co.za.   

Or, If you are not satisfied with the way we have dealt with your complaints, you can contact the Information Regulator at POPIAComplaints.IR@justice.gov.za . 

Our contact details 

The contact details of the information and deputy information officers are: 

Information Officer: 

Nomonde Hlongwa 

Deputy Information Officer: 

Neelesh Mooljee 

Physical address:  

135 Rivonia Road  

Sandown  

Sandton  

Johannesburg  

Postal address:  

PO Box 653640  

Benmore Gardens  

2196  

Tel: +27 10 234 8858 

Email: privacy@nedbank.co.za  

Website: nedbank.co.za 

About us 

Nedbank Group is incorporated in the Republic of South Africa and our registration number is 1966/010630/06. Our ordinary shares have been listed on JSE Limited (the JSE) since 1969 under the share code: NED and on the Namibian Stock Exchange since 2007 under the share code: NBK. Our ISIN is ZAE000004875. 

We offer a wide range of wholesale and retail banking services, as well as a growing insurance, asset management and wealth management offering. 

These services are offered via frontline clusters: 

• Nedbank Corporate and Investment Banking  
• Nedbank Retail and Business Banking  
• Nedbank Wealth  
• Nedbank Africa Regions 

Our presence  

• Nedbank Group's primary market is South Africa, but we are continuing to expand into the rest of Africa. 
• We have a presence in five countries in the Southern African Development Community (SADC) and East Africa region where we own subsidiaries and banks in Namibia, eSwatini, Mozambique, Lesotho, Zimbabwe, as well as representative offices in Angola and Kenya. 
• In West and Central Africa, we follow a partnership approach and concluded the acquisition of an approximate 21% shareholding in Ecobank Transnational Incorporated (ETI) in 2014, enabling a unique one-bank experience to our clients across the largest banking network in Africa, comprising more than 2 000 branches in 39 countries. 

Outside of Africa we have a presence in key global financial centres to provide international financial services for Africa-based multinational and high-net-worth clients. These include: 

• Guernsey 
• Isle of Man 
• Jersey and 
• London 

We also have a representative office in Dubai.