Privacy notice

Last updated: October 2022

1. The lawful bases for processing your personal information.
2. What personal information is collected and how.
3. Your data protection rights. We have included your right to:
   • ask that we correct or delete personal information when that information is incorrect, irrelevant, or no longer needed; and
   • ask that we destroy or delete your information when we are no longer authorised to keep it.
4. Access requests are now included in our updated information manual.
5. The Nedbank Contact Centre knows how you can lodge complaints and has the contact details of the Information Regulator if you are not happy with how we handled your complaint.

Introduction

Nedbank treats its clients' confidential information with the utmost discretion. This is in line with the South African Constitution, which protects the right to privacy. The Protection of Personal Information Act 4 of 2013 (POPIA), which operationalises the constitutional right to privacy, further strengthens our resolve to protect our clients’ information. POPIA promotes the fair and transparent use of personal information and requires us to safeguard it appropriately. Personal information as defined by POPIA is any information that can be used to identify you as an individual, and, where applicable, a legal entity. Examples of personal information is your identity number, account number, telephone number, email address, physical address, or other unique identifier.

As part of our commitment to safeguard our clients' personal information and continue to comply with the law, our processing activities involving personal information are aligned to the provisions of POPIA.

This Privacy Notice sets out how your personal information will be used by Nedbank and applies to any information, including personal and special personal information, you give to Nedbank or which Nedbank may collect from third parties.

It is important that you read this Privacy Notice carefully before submitting any personal information to Nedbank.

By submitting any personal information to Nedbank, you provide consent to the processing of your personal information as set out in this Privacy Notice.

The provisions of this Privacy Notice are subject to mandatory, unalterable provisions of applicable laws.

Please do not submit any personal information to Nedbank if you do not agree to any of the provisions of this Privacy Notice. If you do not consent to the provisions of this Privacy Notice, or parts of the Privacy Notice, Nedbank may not be able to provide its products and services to you.

What is personal information?

Personal information is data that can be used to identify you. This includes information you share with us, information that we gather during onboarding and our relationship with you as our client, as well as information about your marketing preferences. This information includes:

• your gender as may be required for statistical purposes or by law;
• your marital status, nationality or social origin;
• your age, physical or mental health and well-being, disability, religion, conscience, belief, culture, and language;
• your education or any medical conditions;
• your financial information (like your income and expenses, loan repayments, investments, assets or your financial needs);
• any identifying number, symbol (like account, identity or passport numbers);
• your email address, physical address or telephone number (as this may be needed for us to communicate with you);
• your location and online identifiers [this can be Internet Protocol (IP) addresses or geolocations]
• your employment history (this is specifically relevant when you apply for credit);
• biometric information (eg fingerprints, and facial or voice recognition); and
• your personal opinions or views.

There may be circumstances in which we will collect your special personal information. Such information may include:

• your race or ethnicity (as required by law and for statistical purposes);
• your health (eg when you apply for life insurance); and
• criminal behaviour where it relates to the alleged commission of any offence; or any proceedings regarding any offence allegedly committed by you, or the disposal of such proceedings.

The collection and processing of your special personal information will only happen with your consent , if this is necessary to establish, exercise or defend a right or obligation in law, to comply with a law, for historical, statistical or research purposes or if it is otherwise lawful to do so.

Aim and objective of this privacy notice

It is to give you and our stakeholders guidance and information on how we collect, use and protect personal information. The privacy notice will tell you:

1. why we collect your personal information and how we may process it;
2. how we share your information with third parties;
3. how we protect your information;
4. how long we hold onto your information; and
5. of your rights.

Why do we collect and process your personal information?  

For us to offer you financial products and services, we need to collect, use, share and store personal and financial information about you so that we can:

• assess the risk of fraud, money laundering and the like;
• enter into banker-client / banker-third party relationships with you;
• contractually engage you for loans and credit;
• gain an understanding of your financial needs to offer you the best services and products;
• develop suitable products and services to meet your needs;
• market relevant products and services to you;
• conduct market research and client satisfaction surveys;
• search, update or place your records at credit reference bureaus and government agencies;
• verify your identity and to assess your ability to get credit or to give collateral of any kind, including guarantees or suretyships;
• offer any other related banking and insurance services;
• record and monitor any communications between you and us and use these recordings to verify your instructions to us to analyse, assess and improve our services to clients, and for training and quality purposes; and
• communicate with you by post, phone, SMS, email and other electronic media, including our ATMs, mobile applications or online banking services, about products that may be of interest to you.

It is your right to refuse to provide personal information, but this refusal may limit our ability to provide the required financial services to you. We will only collect information from you that is necessary and relevant to the service or product we have to provide.

We will only collect and use personal information, if we are lawfully permitted to do so.

We may send you direct marketing, but you can unsubscribe by opting out on the relevant Internet-based platform or advising Nedbank directly.

If we use third-party data providers, we will ensure that they are lawfully allowed to share the information with us.

The lawful bases we rely on for processing this information are:

• we have your consent to do so;
• we have an obligation to carry out actions for the cancellation or performance of a contract with you;
• we are required by law to process your personal information;
• the processing protects your legitimate interest;
• we have a legitimate interest to pursue; and/or
• a third party has legitimate interest to pursue.

Processing information of children

We will only collect and process the personal information of a child with the consent of a competent person or if we are lawfully allowed to do so.

We may, for example, process the information of a child of 16 years or older if they want to be a depositor with us as authorised by the Banks Act, 94 of 1990.

How do we collect your personal information?

We collect your personal information in the following ways:

• Directly from you when you complete a product application form on paper.
• Indirectly from you when you interact with us electronically. When you are browsing our website (including our mobile application), we may collect information from you, like your IP address and server logs.
• From other sources, such as public databases, data aggregators and third parties, as well as other financial institutions, credit bureaus, fraud prevention agencies; or indirectly through your interactions with third parties.
• Through agents or third parties who collect Information on our behalf.
• Through other entities in the Nedbank Group or divisions/clusters of entities within  the Nedbank Group.
  
  

Third parties from which we may collect your personal information may include:

• law firms;
• other financial institutions and service providers;
• data brokers;
• business partners;
• insurance companies;
• credit bureaus;
• payment associations;
• social media;
• the South African Police Service;
• local or foreign regulators;
• public or government entities;
• South African Fraud Prevention Services;
• Payments Association of South Africa;
• media publications; and
• tracing agents.

To whom will we disclose your information?

Protecting our interests may sometimes require the disclosure of specific client information to third parties, for example, if payment failed due to insufficient money in an account. Where required to protect the public interest, information regarding a client’s debt may be disclosed to credit bureaus or debt collection agencies. Entities and third parties with whom we may share your information may include:

• banks and financial institutions;
• regulatory authorities;
• the regulator, industry bodies and the Ombudsman;
• law firms and auditors;
• insurers;
• the South African Police Service;
• South African Fraud Prevention Services;
• Payments Association of South Africa; and
• other third parties as may be required either contractually, by law, or legitimate interest.

When sharing your information with recipients in other jurisdictions, we will ensure compliance with applicable laws.

We will not sell your information to third parties and will only market to you in compliance with applicable laws and your marketing preference, using, where practicable, the communication method you chose.

How do we protect your information?

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put reasonable physical, electronic and managerial procedures in place to safeguard and secure the information we collect.

All online transacting sessions are encrypted, and personal information is stored according to internationally accepted banking information security practices.

How long will we keep your information?

We will keep your information only for as long as we need it for a lawful business purpose or as required by law (including tax legislation) and any other statutory obligations (including anti-money-laundering and counter-terrorism requirements). We may keep your personal information for longer than required if you have agreed to this or we are lawfully allowed to do so.

If we need to keep your personal information for longer than required, and more specifically for historical, statistical or research purposes, we will do so with the appropriate safeguards in place to prevent the records from being used for any other purpose.

Your information may be kept for varying periods from the end of our relationship, depending on regulatory requirements. We will take all reasonable steps to destroy or de- identify the personal information that we hold when it is no longer required.

Your data protection rights

You have the right to ask us to confirm whether we hold any information about you. You may also request a record from us about the personal information we hold about you, as well as information about all third parties with whom we have shared your personal information. Once we have given the information to you, you may ask that we :

• correct or delete the personal information in our possession or under our control if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained unlawfully;
• destroy or delete a record of your personal information that we are no longer authorised to keep in terms of regulatory requirements; or
• stop or start sending you marketing messages by informing us in writing or through our branch network, call centres or website.

If you want to verify the information we have about you or want us to update, change, or delete it, you may:

• refer to our Access to Information Manual here
• call the Nedbank Contact Centre on 0800 555 111; or
• go to a Nedbank branch.

Complaints

You may submit complaints about the processing of your personal information by phoning the Nedbank Contact Centre on 0800 555 111 or sending an email to privacy@nedbank.co.za.

Or, if you are not satisfied with the way we have dealt with your complaint, you can contact the Information Regulator by completing the prescribed POPIA form 5 and emailing it to POPIAComplaints@inforegulator.org.za. For more information visit the Information Regulator website at https://inforegulator.org.za.

Our contact details

The contact details of the information and deputy information officers are:

Information Officer:

Daleen Du Toit

Deputy Information Officer:

Neelesh Mooljee

Physical address:

135 Rivonia Road Sandown Sandton Johannesburg

Postal address: PO Box 653640 Benmore Gardens 2196

Tel: +27 (0)10 234 8858

Email: privacy@nedbank.co.za

Website: nedbank.co.za

Cookies

We make use of cookies to personalise your repeat visits to our website by determining how you use the site. Cookies are very small text files that may be stored on your computer or mobile device when you visit a website, enable images or click on a link in an email.

We use cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to meet your needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, they help us give you a better website by enabling us to monitor which pages you find useful and which not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept them, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

About us

Nedbank Group is incorporated in the Republic of South Africa and our registration number is 1966/010630/06. Our ordinary shares have been listed on JSE Limited (the JSE) since 1969 under the share code: NED and on the Namibian Stock Exchange since 2007 under the share code: NBK. Our ISIN is ZAE000004875.

We offer a wide range of wholesale and retail banking services, as well as a growing insurance, asset management and wealth management offering.

These services are offered via frontline clusters:

• Nedbank Corporate and Investment Banking
• Nedbank Retail and Business Banking
• Nedbank Wealth
• Nedbank Africa Regions

The Group’s business partners include the following:

• Old Mutual Limited
• Ecobank
• Ecobank Nedbank Alliance
• Bank of China

Our presence

• Nedbank Group's primary market is South Africa, but we are continuing to expand into the rest of Africa.
• We have a presence in five countries in the Southern African Development Community (SADC) and East Africa region where we own subsidiaries and banks in Namibia, eSwatini, Mozambique, Lesotho, Zimbabwe, as well as representative offices in Angola and Kenya.
• In West and Central Africa, we follow a partnership approach and concluded the acquisition of an approximate 21% shareholding in Ecobank Transnational Incorporated (ETI) in 2014, enabling a unique one-bank experience to our clients across the largest banking network in Africa, comprising more than 2 000 branches in 39 countries.

Outside of Africa we have a presence in key global financial centres to provide international financial services for Africa-based multinational and high-net-worth clients. These include:

• Guernsey;
• Isle of Man;
• Jersey; and
• London.

We also have a representative office in Dubai.