We have updated our privacy notice on 22 June 2021 to provide for and include the following:

1. The lawful bases for processing your personal information.
2. What personal information is collected and how.
3. Your data protection rights. We have included your right to:
   • ask that we correct or delete personal information when that information is incorrect, irrelevant, or no longer needed; and
   • ask that we destroy or delete your information when we are no longer authorised to keep it.
4. Access requests are now included in our updated information manual.
5. The Nedbank Contact Centre knows how you can lodge complaints and has the contact details of the Information Regulator if you are not happy with how we handled your complaint.

Introduction

Nedbank treats its clients' confidential information with the utmost discretion. This is in line with the South African Constitution, which protects the right to privacy. The Protection of Personal Information Act (Popia), 4 of 2013, which operationalises the constitutional right to privacy, further strengthens our resolve to protect our clients’ information. Popia promotes the fair and transparent use of personal information and requires us to safeguard it appropriately. Personal information as defined by Popia is any information that can be used to identify you as an individual, and, where applicable, legal entities. Examples of personal information is your identity number, account number, telephone number, email address, physical address, or other unique identifier.

As part of our commitment to safeguard our clients' personal information and continue to comply with the law, our processing activities involving personal information are aligned to the provisions of Popia.

What is personal information?

Personal information is data that can be used to identify you. This includes information you share with us, information that we gather during our relationship with you as our client, as well as information about your marketing preferences. This information includes:

• your gender as may be required for statistical purposes or by law;
• your marital status, nationality or social origin;
• your age, physical or mental health and well-being, disability, religion, conscience, belief, culture, and language;
• your education or any medical conditions;
• your financial information (like your income and expenses, loan repayments, investments, assets or your financial needs);
• any identifying number, symbol (like account, identity or passport numbers);
• your email address, physical address or telephone number (as this may be needed for us to communicate with you);
• your location and online identifiers [this can be Internet Protocol (IP) addresses or geolocations]
• your employment history (this is specifically relevant when you apply for credit);
• biometric information (eg fingerprints, and facial or voice recognition); and
• your personal opinions or views.

There may be circumstances in which we will collect your special personal information. Such information may include:

• your race or ethnicity (as required by law and for statistical purposes);
• your physical health (eg when you apply for life insurance); and
• criminal behaviour where it relates to the alleged commission of any offence; or any proceedings regarding any offence allegedly committed by you, or the disposal of such proceedings.

The collection and processing of your special personal information will only happen with your consent and this is necessary to establish, exercise or defend a right or obligation in law. We may also need to collect and process your special personal information where it is necessary to comply with a law, or for historical, statistical or research purposes.

Aim and objective of this privacy notice

It is to give you and our stakeholders guidance and information on how we collect, use and protect personal information. The privacy notice will tell you:

1. why we collect your personal information and how we may process it;
2. how we share your information with third parties;
3. how we protect your information;
4.  how long we hold onto your information; and
5. of your rights.

Why do we collect and process your personal information?  

For us to offer you financial products and services, we need to collect, use, share and store personal and financial information about you so that we can:

• enter into banker-client relationships with you;
• contractually engage you for loans and credit;
• gain an understanding of your financial needs to offer you the best services and products;
• develop suitable products and services to meet your needs;
• market relevant products and services to you;
• conduct market research and client satisfaction surveys;
• search, update or place your records at credit reference bureaus and government agencies;
• verify your identity and to assess your ability to get credit or to give collateral of any kind, including guarantees or suretyships;
• offer any other related banking and insurance services;
• record and monitor any communications between you and us and use these recordings to verify your instructions to us to analyse, assess and improve our services to clients, and for training and quality purposes; and
• communicate with you by post, phone, SMS, email and other electronic media, including our ATMs, mobile applications or online banking services, about products that may be of interest to you.

It is your right to refuse to provide personal information, but this refusal may limit our ability to provide the required financial services to you. We will only collect information from you that is necessary and relevant to the service or product we have to provide.

No information will be collected without your permission or if not prescribed by law. We will not use information for marketing purposes via unsolicited electronic media that you have not agreed to.

If we use third-party data providers, we will ensure that they have the consent to share the information with us.

The lawful bases we rely on for processing this information are:

• we have your consent to do so;
• we have an obligation to carry out actions for the cancellation or performance of a contract with you;
• we are required by law to process your personal information;
• the processing protects your legitimate interest; and
• we have a legitimate interest to pursue.

Processing information of children

We will only collect and process the personal information of a child with the consent of a competent person. We may also need to process the information of a child where it is necessary to exercise or defend a right or obligation in law, or where the personal information has been made public by the child with the consent of a competent person.

We may also process the information of a child of 16 years or older if they want to be a depositor with us as authorised by the Banks Act, 94 of 1990.

How do we collect your personal information?

We collect your personal information in the following ways:

• Directly from you when you complete a product application form on paper.
• Indirectly from you when you interact with us electronically. When you are browsing our website (including our mobile application), we may collect information from you, like your IP address and server logs.
• Directly from other sources, such as public databases, data aggregators and third parties, as well as other financial institutions, credit bureaus, fraud prevention agencies; or indirectly through your interactions with third parties.

Third parties from which we may collect your personal information may include:

• law firms;
• other financial institutions and service providers;
• data brokers;
• business partners;
• insurance companies;
• credit bureaus;
• payment associations;
• social media;
• the South African Police Service;
• regulators;
• public or government entities; and
• tracing agents.

To whom will we disclose your information?

Protecting our interests may sometimes require the disclosure of specific client information to third parties, for example, if payment failed due to insufficient money in an account. Where required to protect the public interest, information regarding a client’s debt may be disclosed to credit bureaus or debt collection agencies. Entities and third parties with whom we may share your information may include:

• banks and financial institutions;
• regulatory authorities;
• the regulator, industry bodies and the Ombudsman;
• law firms and auditors;
• insurers;
• the South African Police Service; and
• other third parties as may be required either contractually, by law, or legitimate interest.

When sharing your information with recipients in other jurisdictions, we will ensure that they adhere to similar privacy protection requirements as we do – either by law or by legal agreement.

We will not sell your information to third parties and will only market to you in line with our legal obligations and your marketing preference, using the communication method you chose.

How do we protect your information?

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put suitable physical, electronic and managerial procedures in place to safeguard and secure the information we collect.

All online transacting sessions are encrypted, and personal information is stored according to internationally accepted banking information security practices.

How long will we keep your information?

We will keep your information only for as long as we need it, given the purpose for which it was collected, or as required by law (including tax legislation) and any other statutory obligations (including anti-money-laundering and counter-terrorism requirements). We may keep your personal information for longer than required if you have agreed to this.

If we need to keep your personal information for longer than required, and more specifically for historical, statistical or research purposes, we will do so with the appropriate safeguards in place to prevent the records from being used for any other purpose.

Your information may be kept for varying periods from the end of our relationship, depending on regulatory requirements. We will take all reasonable steps to destroy or de-identify the personal information that we hold when it is no longer required.

Your data protection rights

You have the right to ask us to confirm whether we hold any information about you. You may also request a record from us about the personal information we hold about you, as well as information about all third parties with whom we have shared your personal information. Once we have given the information to you, you may ask that we :

• correct or delete the personal information in our possession or under our control if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained unlawfully;
• destroy or delete a record of your personal information that we are no longer authorised to keep in terms of the Act or other regulatory requirements; or
• stop or start sending you marketing messages by informing us in writing or through our branch network, call centres or website.

If you want to verify the information we have about you or want us to update or change it, you may:

• refer to our Access to Information Manual here
• call the Nedbank Contact Centre on 0860 555 111; or
• go to a Nedbank branch.

Complaints

You may submit complaints about the processing of your personal information by phoning the Nedbank Contact Centre on 0860 555 111 or sending an email to privacy@nedbank.co.za.  

Or you can contact the Information Regulator at inforeg@justice.gov.za  or complaints.IR@justice.gov.za.

Our contact details

The contact details of the information and deputy information officers are:

Information Officer:

Daleen Du Toit 

Deputy Information Officer:

Neelesh Mooljee

Physical address:

135 Rivonia Road

Sandown

Sandton

Johannesburg

Postal address:

PO Box 653640

Benmore Gardens

2196

Tel: +27 (0)11 294 7130

Email: privacy@nedbank.co.za

Website: nedbank.co.za

Cookies

We make use of cookies to personalise your repeat visits to our website by determining how you use the site. Cookies are very small text files that may be stored on your computer or mobile device when you visit a website, enable images or click on a link in an email.

We use cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to meet your needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, they help us give you a better website by enabling us to monitor which pages you find useful and which not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept them, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

About us

Nedbank Group is incorporated in the Republic of South Africa and our registration number is 1966/010630/06. Our ordinary shares have been listed on JSE Limited (the JSE) since 1969 under the share code: NED and on the Namibian Stock Exchange since 2007 under the share code: NBK. Our ISIN is ZAE000004875.

We offer a wide range of wholesale and retail banking services, as well as a growing insurance, asset management and wealth management offering.

These services are offered via frontline clusters:

• Nedbank Corporate and Investment Banking
• Nedbank Retail and Business Banking
• Nedbank Wealth
• Nedbank Africa Regions

The Group’s business partners include the following:

• Old Mutual Limited
• Ecobank
• Ecobank Nedbank Alliance
• Bank of China

Our presence

• Nedbank Group's primary market is South Africa, but we are continuing to expand into the rest of Africa.
• We have a presence in five countries in the Southern African Development Community (SADC) and East Africa region where we own subsidiaries and banks in Namibia, eSwatini, Mozambique, Lesotho, Zimbabwe, as well as representative offices in Angola and Kenya.
• In West and Central Africa, we follow a partnership approach and concluded the acquisition of an approximate 21% shareholding in Ecobank Transnational Incorporated (ETI) in 2014, enabling a unique one-bank experience to our clients across the largest banking network in Africa, comprising more than 2 000 branches in 39 countries.

Outside of Africa we have a presence in key global financial centres to provide international financial services for Africa-based multinational and high-net-worth clients. These include:

• Guernsey;
• Isle of Man;
• Jersey; and
• London.

We also have a representative office in Dubai.