Privacy Policy

NMBZ Holdings Privacy Notice

At NMBZ Holdings, we are committed to protecting your privacy and ensuring the security of your personal information in compliance with the Cyber and Data Protection Act [Chapter 12:07] (No.5 of 2021) CDPA. This policy explains how we collect, use, share, and protect your data, and your rights regarding this information.

1. Information We Collect

We collect and process the following categories of personal data:

  • Personal Identifiers: Name, ID number, passport number, and date of birth.
  • Contact Information: Address, phone numbers, and email addresses.
  • Financial Information: Bank account details, transaction history, and credit scores.
  • Digital Data: IP addresses, browser type, cookies, and online banking activity.
  • Sensitive Data: Biometrics (fingerprints) and health data for insurance-related products, where required.
  • Children’s Data: We do not knowingly collect personal data from individuals under the age of 18 without verifiable consent from a parent or guardian.

In addition to the information you provide to us directly and the data we collect automatically, we may obtain personal information about you from reputable third-party sources, where it is within lawful bounds. These sources include:

  • Business Partners and Affiliates: This includes organizations we collaborate with for joint ventures, loyalty programs, marketing campaigns, or promotional activities, as well as companies that we may merge with or acquire.
  • Service Providers and Industry Partners: These include payment processors, card network providers, debt collection agencies, credit rating agencies and bureau, electronic communication service providers, public and private data registries, data aggregators, search engines, social media platforms, and marketing service providers.
  • Professional and Legal Representatives: This includes your employer (for corporate banking services), advisers, agents, associates, assignees, cessionary, successors in title, trustees, executors, curators, and appointed third parties such as legal representatives and contracted service providers.
  • Regulatory and Government Authorities: We may receive data from government agencies, courts of law, regulatory bodies, law enforcement agencies, ombudsmen, and tax authorities, where required to comply with legal and regulatory obligations.

We ensure that any third parties providing us with your personal data do so in accordance with applicable data protection laws and privacy standards, maintaining confidentiality and security at all times.

 

2. How We Use Your Data

We use your data for:

  • Service Delivery: Providing banking services, including account management, loan applications, and digital banking.
  • Legal Compliance: Meeting regulatory requirements and responding to lawful requests.
  • Fraud Prevention: Detecting and preventing fraud or unauthorized activities.
  • Marketing and Personalization: Sending product updates and tailoring services to your preferences (with consent).

 

Lawful Basis:

  • Your consent (e.g., for marketing purposes).
  • The performance of a contract (e.g., to deliver banking services).
  • Compliance with legal obligations.
  • Legitimate interests pursued by NMB Bank, such as fraud prevention.

3. Data Sharing

We may share your data with:

  • Regulatory Authorities: To comply with legal obligations.
  • Service Providers: Vendors or contractors supporting our banking operations, bound by confidentiality agreements.
  • Partner Institutions: For co-branded services, subject to your consent.
  • Other Parties: As required by law or in case of a corporate transaction (e.g., mergers).

Third-Party Agreements:
All third parties are required to adhere to strict confidentiality agreements and comply with privacy laws equivalent to the CDPA. All third parties are vetted through a due diligence process to ensure they meet equivalent privacy and security standards as required by the CDPA.

4. Data Retention

Your personal information will be retained as follows:

  • Personal Identifiers: Retained for the duration of your relationship with us and up to seven years after account closure.
  • Financial Records: Retained for seven years to meet regulatory requirements.
  • Sensitive Data: Retained only as long as necessary and securely deleted thereafter, not surpassing the maximum period required by law.

 

5. Your Rights

Under the CDPA, you have the following rights:

  • Access: Request copies of your data we hold.
  • Correction: Rectify inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention requirements.
  • Objection: Object to data processing for specific purposes.
  • Right to be Informed: informed of the use to which your personal information is to be put. (What information is being collected, why it’s being collected, how it will be used, where it will be stored)
  • To give and withdraw consent: Empowers you to control the processing of your personal information
  • Right to complain: You have a right to lodge a complaint with the data protection authority (DPA), if you believe that any of your protection rights have been infringed.
  • Right not to be fully subjected to automated processing: You have the right not to be subjected to solely automated decisions, including profiling, that produce legal effects concerning them, or significantly affect them.

To exercise these rights, contact us at the address or email below. Requests to access, correct, delete, or transfer data will be acknowledged within 7 days and processed within 30 days.

6. Security Measures

We implement robust security protocols to protect your data, including:

  • Encryption standards.
  • Secure access controls.
  • Regular system audits and penetration testing.24/7 monitoring for potential cybersecurity threats.

 

7. Cookies and Tracking

We use cookies and other tracking technologies on our digital platforms to:

  • Enable secure logins.
  • Analyze website traffic and usage patterns.
  • Improve your overall online banking experience.

You can manage your cookie preferences through your browser settings.

 

 

8. International Data Transfers

When transferring your data internationally, we ensure it is protected through mechanisms such as:

  • Standard contractual clauses approved under international frameworks.
  • Intra-group data transfer agreements ensuring equivalent protection.

9. Updates to this Policy

We may update this policy periodically to reflect changes in our practices or regulatory requirements. The latest version will always be available on our website.

10. Contact Us

For inquiries, complaints, or to exercise your rights, please contact:

Data Protection Officer
NMB Bank
19207 Liberation Legacy Way
Borrowdale, Harare, Zimbabwe
Tel: (+263) 8677004195 / (+263) 8677008565-6
Email: dataprotection@nmbz.co.zw