Privacy Statement

The Standard Bank of South Africa Limited, its successors and assigns (the Bank, we, us, our) treat the personal information we collect through our Channels (this website, associated websites, mobile sites, mobile applications and other channels) as private and confidential. This Privacy Statement and our Cookie Notice applies when you use our Channels.

1. Lawful processing of personal information

The Standard Bank of South Africa Limited is committed to processing personal information in keeping with its responsibilities under the applicable data protection laws.

The following conditions of lawful processing of personal information are the principles in terms of which we will be processing the collected personal information. They are:

  • Accountability – the Bank as the responsible party and through its employees will make sure that personal information is processed in a lawful and responsible manner.
  • Processing limitation – we shall lawfully collect personal information for a defined purpose and where applicable, with the consent of our clients and third parties.
  • Purpose specification – we will only use personal information for the purposes that our clients, third parties and employees expect us to use it for. Further processing limitation – where a processing activity is seen as further processing (means a new purpose for processing personal information) and this new purpose is inconsistent with the original purpose (original reason we collected personal information), we will make sure that our processing activities meet the requirements of the applicable data protection laws.
  • Information quality – we will take reasonable steps to ensure your personal information is accurate, complete and updated and not misleading.
  • Openness – from the start, we will be open, clear and honest with our clients, third parties and employees on how and why we use their personal information and how we protect their personal information.
  • Security safeguards – we will apply and follow appropriate and reasonable technical and organisational measures to make sure that the confidentiality, integrity and availability of personal information are secured. These measures will also be applied to protect personal information against loss, damage, unauthorised destruction or unlawful access.
  • Data subject participation – we have processes in place for our clients, third parties and employees to access, correct and delete personal information and exercise their rights in terms of applicable data protection laws.

2. Collection

We collect and process the following categories and types of personal information through the relevant Channels, including:

  1. personal details (this can be your name, age, passport information, biometric information,
    information about personal interests);

  2. contact details (this can be your mobile number and email address);

  3. details related to a client (this can be the business contact details of an agent or representative,
    relationship with the client or related parties, shareholder information); and

4. transactional details (this can be information about products, services, requests, queries or complaints).

We will collect personal information in the following ways:

  • directly from you, and
  • where lawful and reasonable, from third parties and public sources. This includes credit reporting and government agencies.

3. If you decide to give us express consent, we will use your personal information to:

  • Meet our responsibilities to you.
  • Process your personal information for ordinary business purposes (this includes to open and maintain your account, execute transactions, administer claims where applicable, manage our risks and maintain our overall relationship with you).
  • Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services). Consent will not be obtained if we anonymise/de-identify the personal information.
  • Tell you about similar services and products available within The Standard Bank of South Africa, Standard Bank Group or partner services and products. If you wish, you may opt out from receiving such information at any time by choosing the “Unsubscribe” option provided in every communication that we send to you.
  • Comply with applicable laws and regulations.

The Standard Bank of South Africa Limited will not intentionally or knowingly collect personal information directly from minors (anyone under the age of 18). The personal information of minors will be collected through their legal guardian or parent only where products or services are obtained for the minors.

Standard Bank will only use and share your personal information where it is necessary for us to carry out our lawful business activities. To enable you to fully understand the way in which we process your personal information, we have described the different lawful grounds for such processing in detail below:

  1. Consent – We may process your personal information for a specific and explicitly defined purpose where you, or a competent person in the case of personal information relating to a minor, provide us with your express consent for such processing or where law requires.

  2. Contractual need - We may process your personal information where it is necessary to enter into a contract with you in order for us to provide our products or services to you or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.

  3. Compliance with an obligation imposed by law- When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.

  4. Legitimate interests of the Bank - We may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms (for example, for marketing purposes, site maintenance, etc.).

When can we process or share your personal information?

We will process your personal information if you give us your consent willingly or according to the grounds of lawful processing highlighted above. If we need your consent, we will notify you through our product and services agreements or application processes through our various authorised Channels.

We will only share your personal information if:

  • the law requires it;
  • we have a public duty to share the personal information;
  • our or your legitimate interests require us to share the personal information;
  • it is necessary to conclude or perform due to an agreement between you and us; or
  • you agreed that we may share your personal information.

Personal Information sharing and data transfers

  1. We will not share your personal information to external organisations that are not our service providers, unless business operations require the processing of your personal information in other countries, either to carry out processing based on your instructions or for ordinary business purposes. As specified by the above purposes, we may share your personal information with any of the parties mentioned below, located in any jurisdiction: Any member of Standard Bank Group.

  2. Professional advisers like auditors, third-party vendors, or independent contractors who process personal information on behalf of Standard Bank to support our business.

  3. Our business partners who provide their products and services to you.

  4. An employee of a card distributor or vendor where the personal information is shared in

    connection with the use of a card.

  5. Any individual who needs your personal information due to foreign or local law or regulation.

  1. Any court of justice, regulatory body, taxation authority (including any authority investigating an offence) or their agents.

  2. Any debt collection agency, credit bureau, insurer or broker, direct or indirect provider of credit protection and fraud prevention agencies.

  3. Any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes for the group.

The third party, who is located outside of South Africa and receives the personal information, will need to comply to either a law, or binding corporate rules or a binding agreement which states that they will provide an adequate level of protection to your personal information. This means that they have to agree to lawfully process your personal information and protect your personal in the same manner as we do. The transfer of your personal information will be based one of the following conditions:

  1. You provide your consent to the transfer.

  2. The transfer is necessary for the conclusion or performance of a contract to which you are a

    party.

  3. The transfer is for your benefit, and it is not reasonably practical to obtain your consent to that

    transfer; and if it were reasonably practicable to obtain such consent, you would be likely to give it.

Storing personal information

We will store and keep your personal information according to the retention (holding) periods defined by law for legitimate business purposes and will take reasonably practicable steps to make sure that it is kept up to date and deleted and archived according to our defined retention schedules.

Our security practices

The security of your personal information is important to us. We have implemented appropriate and reasonable technical and organisational measures to prevent loss, unauthorised destruction, damage or access to your personal information by unauthorised third parties. The security of your personal information is important to us. We make sure that we implement organisational and technical procedures to keep your personal information safe.

However, you must not share or send us any personal information over unauthorised channels, since it is not a secure way of communication and carries a risk of interception and unauthorised access. You should only share personal information over authorised channels of Standard Bank of South Africa Limited.

Marketing by electronic means

We would like to share information about our own products, services and special offers that are similar to the products or services used by you, via your preferred method of communication (as indicated to us), such as email, text message, social media platforms or notification on your mobile application. Subject to your express consent and the option to opt-out or unsubscribe at any time, we may also share information with you about similar products, services and special offers of our partner companies. If you have opted-in to receive marketing communications, you may always opt out at a later stage using the link shared below or clicking on the “Unsubscribe” option included in every marketing communication sent to you. You have the right at any time to stop us from contacting you for marketing purposes or giving your data to other members of Standard Bank Group. If you no longer wish to be contacted for marketing purposes, please request for us to mark you as ‘No’ to Marketing by visiting any branch, calling us on 0860 123 000 or emailing us on [email protected].

Use of Cookies on our website

A “cookie” is a small text file that is stored on your computer, smartphone, tablet, or other device when you visit a website or use an app. They contain specific information related to your use of our website or app, such as login credentials, your preference settings or tracking identifiers. Cookies make it easier for us to give you a better experience online. For all optional types of cookies, we will obtain your consent before these cookies can be used or stored on your device.

For this reason, we limit our use of cookies as explained below to:

  • provide products and services that you request;
  • deliver advertising via marketing communications;
  • provide you a better online experience and track website performance; and
  • help us make our website more relevant to you.

To learn more about our site's cookies and how you can manage them, visit our Manage Cookies page.

Links to other websites

Our website, related websites and mobile applications may have links to or from other websites. Although we try to link only to websites that also have high privacy standards, we are not responsible for their security, privacy practices or content. We recommend that you always read the privacy and security statements on these websites.

Monitoring of electronic communications

We communicate with you through different methods and Channels. Where permitted by law, we may record and monitor electronic communications to make sure that we comply with legal and regulatory responsibilities and internal policies.

Monitoring and analysis

We will monitor and analyse your account for credit, fraud, compliance and other risk-related purposes as required by law. However, you may not be subject to a decision which results in legal consequences for you or which affects you to a great degree, which is based only on the automated processing of personal information.

Social media

We operate and communicate through our designated profiles, pages and accounts on some social media sites (such as Facebook and Twitter) to inform, help and engage with our clients. We monitor and record comments and posts made about us on these channels so that we can improve our services.

The general public can access, read, share, and comment on any information posted on these sites. We are not responsible for any information posted on those sites, except for the information posted by our designated officials. We do not endorse the social media sites themselves nor any information posted on them by third parties or other users.

We do not give investment, tax or other professional advice on social media sites. You should always get independent advice before making any decisions.

When you engage with us through social media your personal information may be processed by the site owner. This process is outside our control and may be in a country outside South Africa that may have different privacy principles. For more information about the privacy practices of a social media site, please refer to and read the terms and conditions of that site.

Social media sites are not appropriate forums to discuss our clients' products or financial arrangements. We will not ask you to share personal, account or security information on social media sites in a public post. We may ask you to message us in private through one of our official accounts, profiles or pages on a social media site.

We regularly update and monitor our social media presence and welcome feedback and ideas sent to us through these channels. We try to join conversations whenever possible but cannot guarantee that we will read or reply to all messages sent to official Standard Bank social media accounts. Emerging themes and helpful suggestions will be given to the relevant people within the Standard Bank Group for consideration but we cannot guarantee that any themes or suggestions will be acted on.

Your rights

We want to ensure that you are aware of your rights in relation to the personal information that we process about you.

  1. Right to access - You have a right to get access to the personal information that we hold about you. If you would like a record or description of the personal information that we hold about you, please request this through 1. our customer service channels. OR 2. the [email protected] We may, if allowed by law, charge a fee for this.

  2. Right to rectify/correct/ update - You have a right to correct inaccurate personal information and to update incomplete personal information. Please request this through 1. Our customer service channels. OR 2. the [email protected] to exercise your rights.

  3. Right to be notified – You have the right to be notified that your personal information is being collected by us or has been accessed or acquired by an unauthorised person.

  4. Right to object - You have a right to object to us processing your personal information where we have relied on one of the lawful grounds above for legitimate interest or where we perform a public law duty (and to request us to restrict processing). Please note that if you request us to restrict processing your personal information, we may have to stop or suspend the operation of your account or the products and services we provide to you. Please note that where the law permits us to process your personal information, we will have a legal obligation to do so. Please request this through 1. Our customer service channels. OR 2. the [email protected] to exercise your rights.

  5. Right to deletion - You have a right to request that we delete your personal information. Please request this through 1. Our customer service channels. OR 2. the [email protected] to exercise your rights.

  6. Right to object to the processing of personal information for the purposes of direct marketing - You have a right to object at any time to the processing of your personal information for direct marketing purposes, including profiling you for the purposes of direct marketing. Please request this through 1. our customer service channels. OR 2. the [email protected] to exercise your rights.

  1. Right not to be subject, under certain circumstances, to automated-decision-making processes. You have rights in relation to automated decision-making, including a right to appeal if your application is refused. You can exercise your right by submitting your request to [email protected]

  2. Right to lodge a complaint with the Regulator. If you wish to raise a complaint on how we have handled your personal information, you can contact our Deputy Information Officer who will investigate the matter. We hope that we can address any concerns you may have.

Queries and complaints

If you have any queries or complaints about privacy, please contact:

Melindie Esterhuyse
Deputy Information Officer
The Standard Bank of South Africa Limited P O Box 1155
Johannesburg
2000

Physical address:
Standard Bank Centre
5 Simmonds Street
Johannesburg
2001
Telephone: +27 11 636 7385
Email: [email protected]

Right to change this privacy statement

We may change this privacy statement from time to time. We will publish all changes on our website. The latest version of our privacy statement will replace all earlier versions, unless it says differently.

* Standard Bank Group subsidiaries and their subsidiaries:
Diners Club (S.A.) (Pty) Ltd, Standard Bank Financial Services Holdings (Pty) Ltd, Standard Offshore Finance Company (Pty) Ltd, Melville Douglas Investment Management (Pty) Ltd, FHPManagers (Pty) Ltd, Standard Trust Limited, Standard Insurance Limited, Stanhold Investments (Pty) Ltd, Greenfield Newgate (Pty) Ltd, The Unisec Group Limited, Standard Bank Properties (Pty) Ltd, Blue Waves Properties 78 (Pty) Ltd, SBG Securities (Pty) Ltd.

Regulatory

Version: 2
Date published: 15 February 2016
Standard Bank of South Africa Limited Privacy Statement