Privacy Policy
1. Introduction
At African Banking Corporation of Zimbabwe Limited (“we”, “our”, “us”), we are committed to safeguarding your privacy and ensuring that your personal data is handled in a secure
and transparent manner. This Privacy Policy outlines how we collect, use, protect, and share your personal data in accordance with the Cyber and Data Protection Act (Chapter 12:07) of Zimbabwe and other relevant laws, including international data protection standards. By using our banking services, you agree to the terms of this Privacy Policy. Please read it carefully to understand how we handle your personal information.
2. Data Collection
We collect personal data from you in the course of providing banking services. This data
may include:
a) Identification Information: Full name, date of birth, gender, nationality, identity document details (e.g., national ID or passport).
b) Contact Information: Physical address, email address, phone number.
c) Financial Information: Bank account details, transaction history, credit scores, employment details, and income data.
d) Technical Information: IP address, browser type, device type, location data, and cookies.
e) Transactional Information: Data related to the use of banking products, including payment history and details of financial transactions.
3. Purpose of Data Collection
Your personal data is collected and processed for the following purposes:
a) Provision of Banking Services: To open and manage your account, process payments, and offer products like loans and debit cards.
b) Legal and Regulatory Compliance: To comply with legal obligations such as anti-money laundering (AML) and countering the financing of terrorism (CFT), tax reporting, and customer due diligence (CDD).
c) Communication: To communicate with you about your account, services, updates, and promotions.
d) Fraud Prevention: To detect and prevent fraud, unauthorized transactions, or other activities that may compromise the security of your accounts
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
a) Contractual Necessity: To fulfill our contractual obligations to provide banking services.
b) Consent: Where you have provided explicit consent for us to process your data.
c) Legal Obligations: To comply with legal and regulatory requirements.
d) Legitimate Interests: To protect our business operations and ensure security of our services.
5. Data Protection and Security
We implement robust measures to protect your personal data from unauthorised access, loss, or alteration.
6. Retention of Personal Data
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by the Banking Act, Money Laundering and Proceeds of Crime Act, tax and other banking-related legislation. After the retention period, your data will be securely deleted or anonymised.
7. Your Data Protection Rights
Under the Cyber and Data Protection Act of Zimbabwe, and other related data protection regulations, you have the following rights regarding your personal data:
a) Right to Access: You can request access to the personal data we hold about you.
b) Right to Rectification: You can request the correction of inaccurate or incomplete data.
c) Right to Erasure: You can request the deletion of your personal data, subject to certain legal exceptions.
d) Right to Restrict Processing: You can request the restriction of processing your personal data under specific circumstances.
e) Right to Object: You can object to the processing of your personal data in certain situations, such as for marketing purposes.
f) Right to Data Portability: You can request a copy of your personal data in a machine-readable format and transfer it to another data controller. To exercise these rights, please contact us using the contact details provided in Section 12
8. Sharing of Personal Data
We may share your personal data with third parties for the following purposes:
a) Service Providers: We may share your data with third-party providers that assist us in providing services (e.g., cloud storage, payment processors, customer support).
b) Legal and Regulatory Authorities: To comply with legal obligations, including reporting to regulatory authorities, tax agencies, or law enforcement.
c) Affiliates and Business Partners: To offer joint services or promotions in compliance with data protection laws. We ensure that any third party with whom we share your data implements appropriate safeguards to protect your privacy.
9. International Transfers of Personal Data
In certain circumstances, we may transfer your personal data to countries outside of Zimbabwe. These transfers are necessary to provide you with the full range of banking services and to meet legal and regulatory requirements.
a) Countries Involved: We may transfer personal data to the following countries, which have adequate data protection laws or appropriate safeguards in place:
b) South Africa: As a member of the Southern African Development Community (SADC), South Africa has strong data protection regulations under its Protection of Personal Information Act (POPIA), which ensures a high standard of privacy protection.
c) Kenya: Kenya has enacted the Data Protection Act, which aligns with global data protection standards, providing strong protections for personal data.
d) European Union (EU)/European Economic Area (EEA): The EU and EEA have robust data protection laws, including the General Data Protection Regulation (GDPR), providing an adequate level of protection.
e) United States: We may transfer data to the United States where our service providers are based, subject to the implementation of Standard Contractual Clauses (SCCs) or other lawful mechanisms to protect your data.
9.1 Safeguards for International Data Transfers
When transferring your personal data across borders, we ensure compliance with the Cyber and Data Protection Act (Chapter 12:07) and take appropriate safeguards such as:
a) Binding Corporate Rules (BCRs): If applicable, we may use BCRs within our group of companies to govern the transfer and protection of personal data.
b) Standard Contractual Clauses (SCCs): These are legal agreements that ensure the protection of your personal data when transferred outside Zimbabwe. BancABC 9 Privacy Policy Version pp1/2025
c) Encryption: We encrypt personal data during transfers to ensure its security.
d) Data Processing Agreements: We enter into data processing agreements with third party service providers to ensure they meet the necessary data protection standards.
9.2 Your Rights Regarding International Transfers
You have the right to inquire about the safeguards in place for any international transfers of your personal data. If you are concerned about such transfers, you may contact us to discuss your rights and options.
10. Cookies and Tracking Technologies
We use cookies and other tracking technologies to enhance your experience on our website and applications. These technologies help us to:
a) Understand how you use our services.
b) Improve the functionality and performance of our website.
c) Personalize content and advertisements based on your preferences. You can control the use of cookies through your browser settings. However, please note that blocking certain cookies may affect your ability to use some features of our services.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Any updates will be posted on our website, and the date of the most recent revision will be indicated at the top of the policy. Please review this Privacy Policy periodically to stay informed about how we are protecting your personal data.
12. Contact Us
If you have any questions or concerns about how we handle your personal data, or if you wish to exercise any of your data protection rights, please contact us:
Fadzai K. Bhebhe
Data Protection Officer
1 Endeavour Crescent, Mount Pleasant Business Park, Mount Pleasant, Harare
dpo@bancabc.co.zw
13. Data Protection Authority
If you are not satisfied with how we handle your personal data, you may lodge a complaint with the Data Protection Authority.
14. Data Subject Access Request Form (DSAR)
To uphold your data privacy rights, please complete the DSAR form with the required information and submit it to our data privacy team: dpo@bancabc.co.zw for processing. By clicking HERE, you will be directed to the DSAR Form. This enables you to request access to your personal information in line with data protection regulations. Protecting your privacy is a priority. We handle your personal data with transparency and in compliance with data protection laws.
