Do you know your data privacy rights?
With the expansion in technology across global markets, there has been a requirement for governments to develop legislation which ensures individuals rights to data privacy are protected. Data privacy protection is essential for any organization in ensuring any personal information processed is handled correctly, and appropriate safeguards are put in place.
Legislation across the world puts specific obligations to organizations regarding how they handle individuals’ personal information. Generally, in terms of international data privacy best practice, organizations have an obligation to:
- ensure that the personal information is collected from the person to whom the information belongs (data subject) or from a source as authorized by the data subject;
- ensure that the information is kept confidential and only accessed by the people with the adequate authorization to access the person information;
- ensure that the personal information will be used in line with the purpose for collection; and
- ensure that the organization has adequate safeguards in place to keep personal information safe from cyber-attacks, data leaks, loss and damage.
Over and above the requirements imposed on organizations that process personal information, individuals whose information are process also have specific rights which they can exercise, such as:
- The Right to be informed - The data subject has the right to know what data is collected about them, why it is being collected, how long it will be kept and with whom the data will be shared.
- The right of access – the data subject has the right to gain access to the information that the organization is holding him/ her.
- The right of rectification- the data subject has the right to correct his or her information that is held by any organization, the data subject can also ask the organization to update any inaccurate or incomplete data the organization has on him or her.
- The right to object to processing - the data subject can object to the processing of his or her personal data at any time, in certain situations, and it will depend on the purpose of processing and the lawful base for processing.
- Rights in relation to automated decision-making and profiling – the data subject has the right not to be subject to automated decision-making.
- The right to be forgotten – the data subject has the right to request for his or her information to be erased from the possession of the organization (subject to certain exceptions).
- The right to restrict processing - The data subject can request that an organization limits the way it uses his/her personal data, for example the data subject can object to his or her personal details being used for any direct marketing campaigns.
At Absa, we ensure that all your personal information is treated with care and responsibly, whilst upholding your data protection rights. To exercise your data privacy rights or if you need assistance with any other data privacy matters, please reach out to the Absa Group Privacy Office at firstname.lastname@example.org or request to be directed to a Privacy Representative at one of our Branches.
Absa's commitment to information privacy
At Absa, the collection and processing of your personal information is important to us. We are committed to handling your personal information in the right way, for the right reasons. Our Privacy Statement outlines Absa’s practices in this regard.
Previously updated - January 2016
Reviewed and updated - October 2021
1. Absa Group Limited, including Absa Bank Limited, and all entities and subsidiaries, Registration Number 1986/003934/06 (Absa, it, we, us or our) has its head office at 15 Troye Street, Johannesburg, South Africa.
2. Absa promises to treat all your personal information carefully and responsibly.
3. Personal information includes but is not limited to any information that lets Absa identify you, such as your name/s and surname combined with your physical address, contact details and/or passport/identity number.
4. Personal information (in South Africa) also refers to the personal information that uniquely identifies a legal entity, such as the trading name of a company combined with the company registration number.
5. Special personal information includes information about your race or ethnic origin, religious and philosophical beliefs, political persuasion, trade union membership, health or sex life, biometric information (for example, your voice or fingerprints), any criminal behaviour which relates to alleged criminal offences or proceedings.
6. Personal information may be given to or collected by Absa in writing as part of a written application form, electronically (email), telephonically, online (absa.co.za or absa.africa) or via the Absa Banking App.
7. Processing of personal information includes any initial processing that Absa does when we first collect your personal information. It also includes any further and ongoing processing that Absa is allowed to carry out legitimately in terms of the reasons listed in paragraph 9 (below). The term ‘processing’ includes collecting, using, altering, merging, linking, organising, disseminating, storing, retrieving, disclosing, erasing, archiving, destroying or disposing of personal information.
8. Absa will only collect and process your personal information for the reason you provided, or to enable us to comply with the requirements of specific local or foreign laws that we are governed by; or to comply with any regulations, directives, judgments or court orders, government sanctions or embargoes, reporting requirements under financial transactions legislation, and demands of any supervising authority, regulator, tribunal, enforcement agency or exchange body.
9. Absa may process your personal information to protect your or our legitimate interests. Absa will not collect and process personal information about you that we do not need. The general purposes for which Absa collects and processes your personal information include:
9.1. Creating a record of you on our system to verify your identity, assess your application for products and/or services, provide you with the products and/or services you have applied for or enquired about (where you do not currently hold, or have not applied for, such products and services), and then communicate with and keep you informed about these products and/or services.
9.2. Assessing whether you qualify for credit, or an increase or decrease of your credit limit.
9.3. Delivering your credit or debit card to you at your chosen address, where you have applied for a credit or debit card.
9.4. Meeting your financial services needs by providing you with customised offers, experiences, and communications.
9.5. Providing discretionary and administrative financial services.
9.6. Identifying you and verifying your physical address, source of funds, income, and similar information.
9.7. Assessing your personal financial circumstances and needs before providing either advice and/or products or services to you. In this regard, we may collect your personal information from you in your capacity as our prospective customer.
9.8. Any purpose related to the prevention of financial crime, including fraud detection and prevention, sanctions screening, adverse media screening, monitoring of anti-money laundering and any financing of terrorist activities.
9.9. Managing our business and identifying potential trends within the market, to ensure our products are future-fit.
9.10. Enforcing our obligations, including without limitation the collection of amounts outstanding from you and your provision of security for banking facilities.
9.11. Further processing for historical, statistical or research purposes where the outcomes will not be published in an identifiable format.
9.12. Conducting analytics operations to better understand you as our customer so that we can tailor our product and/or service offerings to you, where relevant and applicable.
9.13. Providing income tax-related information to tax authorities.
9.14. For purposes relating to the sale or transfer of any of our businesses, legal entities or assets as part of corporate transactions.
9.15. Conducting surveys to gauge customer or employee sentiment or to improve our product and service offering.
9.16. Where you have applied for employment at Absa or for an Absa scholarship, we perform applicant screening and background checks, and such screening may include social media screening and screening relating to any information about you obtained from publicly available sources such as search engine results.
9.17. Where you are a student, graduate or employment seeker, we will process your personal information only for socio-economic development purposes, to assist you with job placements through Absa’s designated youth employment agencies, for entrepreneurial upliftment purposes, skills development as well as to comply with Absa’s legal obligations in terms of applicable Broad-Based Black Economic Empowerment laws.
9.18. Where you are an Absa employee (including contractors), we create an employment record of you on our system to facilitate continuous monitoring during your employment with us.
9.19. Where you are an Absa director, we create a record of you as a director on our system.
9.20. Where you’ve been identified as a next of kin by an employee or customer, we create a record of you on our system; and
9.21. Where you are a supplier to Absa, we process your personal information for due diligence, risk assessment, administrative and payment purposes.
10. Furthermore, Absa will not process your special personal information unless:
10.1. You have consented to Absa processing it (in circumstances where we are legally obliged to obtain your consent); or
10.2. It is necessary to exercise or defend a right or obligation in law; or
10.3. It is necessary to comply with an international legal obligation of public interest; or
10.4. It is for certain historical, research or statistical purposes that would not adversely affect your privacy; or
10.5. You have deliberately made your personal information public.
11. There are some personal information fields that you have to fill in or provide if you want Absa to provide you with your chosen product and/or service or onboard you as an employee, supplier, director or job applicant. This information can be provided in writing, electronically or telephonically, but it must be accurate and complete. These fields are indicated by an asterisk (or as otherwise indicated) on the respective forms/websites. If Absa does not receive the necessary personal information, we will not be able to continue with your application. If you are already a(n) customer/employee/supplier/director and Absa asks you for this information and you do not provide it, Absa will have to suspend the provision of the product and/or services for a period of time, or as the case may be, even terminate our relationship with you.
12. In most cases, personal information will be collected directly from you, but there may be other instances when Absa will collect personal information from other sources. These may include public records, places where you may already have made your personal information public (for example, on social media where your settings on such social media are set to ‘public’), credit bureaus, or individuals/directors whom you have appointed as your representative, where you are a corporate entity. Absa will only collect your personal information from other sources where we are legally entitled or obliged to do so, and you are entitled to ask Absa which sources Absa used to collect your personal information.
13. For the purposes outlined in paragraph 9 (above), Absa will, in most instances, collect and process your personal information internally. However, there are times when Absa needs to outsource these functions to third parties, including parties in other countries. Where your personal information is shared internally within the Absa Group, such sharing will be carried out only for the purposes outlined in paragraph 9 (above). Absa may also need to share your personal information with external organisations, such as credit bureaus, tax authorities or other regulatory or industry bodies, so that we can meet our due diligence or regulatory requirements. We may need to share your personal information with our business partners or counterparties, where we are involved in corporate transactions relating to the sale or transfer of any of our businesses, legal entities or assets, or to any party to whom we assign our rights under any of our agreements for particular products and services.
14. Absa will not share your personal information with third parties who do not need your personal information, or where Absa is not legally permitted to do so. When Absa decides to transfer your personal information to third parties, we will only provide it to organisations that have data privacy policies equivalent to Absa’s, or subject to appropriate contractual obligations, or to those who are subject to laws relating to the processing of personal information that are similar to those that apply to Absa.
15. There may be instances where Absa will process your personal information through a secure automated tool, or perform profiling and make decisions, based on such profiling, that may affect you significantly (for example, the automatic non-approval of a personal loan that you may have applied for through any of our online channels, or the automatic non-approval of an application for employment, or engagement as a supplier). If you are unhappy about the outcome of such a decision or would like further information on how such outcome was reached, please contact:
15.1. Your Local Customer Service centre (for customers).
15.2. Your resourcing consultant (for job applicants).
15.3. Your people business partner (for employees).
15.4. Your supplier relationship manager (for suppliers); or
15.5. Absa’s Group Secretariat office (for directors of Absa-owned companies).
16. Absa provides further protection in to personal information that Absa is collected from a child and/or children (i.e. those under 18 years of age). When Absa collects personal information from a child and/or children, Absa takes additional steps to protect a child and/or children’s privacy including:
- Reasonably notifying the parent and/or parents and/or the legal guardians about such collection that will be collected and processed from their child and/or children as well as Absa’s information privacy practices.
- Obtaining the requisite consent from the parent and/or the legal guardians for the collection of personal information from their child and/or children.
- Limiting Absa’s collection of personal information from the child and/or children to no more than it is necessary for lawful purposes and aligned to the purposes for which such personal information was provided or would be requested by Absa; and
- Giving parents access to, or the ability to request access to personal information which Absa would have collected from their child and/or children and the ability to be able to request the personal information be updated or deleted.
17. As a customer of Absa, we may use your personal information to tell you about products or services we think you might be interested in.
18. We may offer a personal loan to you if you’ve shown an interest in the market in a personal loan product. To do this, we may contact you via SMS, email, telephone, or post.
19. Should you not wish to receive direct marketing communication from us, you can immediately update your preferences via our website, banking app, by getting in touch with our contact centre or with a service representative at any of our branches.
20. As a non-customer, if you would like to know more about Absa’s products or services, please submit your details to us in writing.
21. We will adhere to your communication preferences whenever we can, but we may need to send you important communications via a channel that is not your preference. We will only do so in cases where we deem the information to be important and relevant for you.
22. To the extent that local legislation permits or if you are a resident of the European Union or United Kingdom, you have the following rights regarding your personal information:
22.1. The right to access your personal information that we have on record. Please refer to our PAIA manual for the process to access your personal information. These requests must be sent to us in writing using this form.
22.2. You have the right to ask Absa to correct any of your personal information that is incorrect. These requests must be sent to us in writing using this form.
22.3. You can ask Absa to delete or destroy your personal information. You can also object to Absa processing your personal information. These requests must be sent to Absa in writing using this form. However, the result of such a request will be that Absa may have to suspend the provision of products and/or services for a period of time, or even terminate our relationship with you. Absa’s records are subject to regulatory retention periods, which means that Absa may not be able to delete or destroy your personal information immediately upon request.
23. If you have a complaint relating to the protection of your personal information, including the way in which it has been collected or processed by Absa, please contact us using the local contact details as listed below. If you have not had your complaint dealt with satisfactorily, you may lodge a complaint with your local privacy regulator in terms of applicable privacy laws.
We do not offer, accept or solicit gifts or entertainment inappropriately as an incentive or means of influencing actions or opinions. Guidance on what is and is not acceptable is outlined in the Absa Gifts and Entertainment Policy, Standard and relevant business procedures.
Right to amend this privacy statement
Absa reserves the right to change this statement at any time. All changes to this statement will be posted on the website. Unless otherwise stated, the current version shall supersede and replace all previous versions of this statement.