1. INTRODUCTION
1.1. The People’s Own Savings Bank (hereinafter referred to as POSB or the Bank) treats the personal information of its clients with utmost discretion in line with the Constitution of Zimbabwe, which protects the right to privacy.
1.2. The Cyber and Data Protection Act [Chapter 12:07] (CDPA), which operationalises the constitutional right to privacy, further strengthens our resolve to protect our clients’ information. The CDPA promotes the fair and transparent use of personal information and requires us to safeguard it appropriately.
1.3. As a responsible bank, our processing activities involving personal information done by our employees, contractors or authorised agents acting on behalf of POSB, or any third party and partners with whom we have contracted are aligned with the provisions of the CDPA and the regulations.
2. WHAT IS THE AIM OF OUR PRIVACY NOTICE?
2.1. This Privacy Notice guides you and our stakeholders on how we collect, use and protect personal information. It sets out the following:
a) Why we collect your personal information and how we may process it.
b) How we share your information with third parties.
c) How we protect your information.
d) How long we keep your information.
e) Your privacy rights.
2.2. It is important that you read our Privacy Notice carefully before giving us any personal information. If you give us your personal information, you consent to our processing your personal information as set out in this notice.
2.3. If you do not agree to all the provisions of our Privacy Notice, please do not submit any personal information to us and note that, as a result, we may not be able to provide our products and services to you.
3. WHOM DOES THIS NOTICE APPLY TO?
3.1. This Privacy Notice applies to you if you are:
a) A visitor to our website or a user of any POSB digital channels.
b) A prospective client who has applied to use the products and services offered by us, either directly with us or through a partner or agent of POSB.
c) An existing client who uses the products and services that we provide.
d) An existing or potential employee of POSB.
e) A natural person whose personal information we process to provide you with products and services, e.g. contractors or authorised agents, vendors, approved partners or suppliers.
f) A natural person whose personal information you have provided to us for the purposes of using a product or service e.g. your spouse, dependants, beneficiaries and lives assured, where applicable.
g) A natural person whose personal information you have provided to us for the delivery of products e.g. vehicle license documents or electronic devices.
h) A natural person whose personal information we may have obtained from the public domain (e.g. social media sites in the public domain or from a public record).
4. WHAT IS PERSONAL INFORMATION?
4.1. Personal information refers to information, in any format, that can be used to identify you as a living natural person.
4.2. It is information that you voluntarily share with us, information that we collect when we take you on as a customer and during our ongoing relationship with you, as well as information about your marketing preferences.
4.3. Your personal information includes the following:
a) Name and identification details (e.g., passport, national identity, or driver’s license number).
b) Gender (as required for statistical purposes or by law).
c) Marital status, nationality, or social origin.
d) Age, physical and mental health and well-being, and disability.
e) Religion, conscience, belief, culture, and language.
f) Education details.
g) Financial information (like your account numbers, income and expenses, credit records/history, investments, assets and financial needs).
h) Email address, physical address, or telephone number (for communicating with you).
i) Your location and online identifiers (this can be internet protocol (IP) addresses or geolocations, browsing habits).
j) Employment history (especially if you apply for credit).
k) Details of interactions with the bank, including product use, transactions, applications, and complaints.
l) Sensitive personal information, including biometrics (like your fingerprints and facial and voice recognition), race, ethnic origin, criminal history, health details, and personal beliefs.
m) Details of nominees, witnesses, guarantors, guardians, and next of kin including their addresses and relationship with the customer.
n) CCTV footage and other electronic information.
4.4. Personal information excludes:
a) Statistical Information: de-identified information that we collect and compile for statistical purposes.
b) Aggregate Information: Information in aggregated form that does not identify you.
c) De-identified Information: Information that has been permanently altered to remove any identifiable information so that it cannot be traced back to you.
5. WHEN DO WE COLLECT PERSONAL INFORMATION?
5.1. We will collect your personal information when:
a) You visit our website or use any POSB digital channels.
b) You apply for a bank account, take out an insurance policy, or use any of our products or services.
c) You register or apply for a POSB Career through our recruitment channels.
d) We communicate with you and to act on your instructions when you contact us by phone, WhatsApp, email or social media.
e) You voluntarily supply us with optional information e.g. email addresses, opinions, or alternative contact details.
f) You perform transactions on your account, we will collect your transaction history and transacting activities.
g) You use our products and services or engage with us, and we establish personal preferences or behavioural trends about you.
5.2. POSB may also collect your personal information from agents, partners or other entities with whom it conducts business.
5.3. When you provide us with the personal information of other people (like dependents, beneficiaries, or lives assured), you confirm that you have their permission, where applicable, to share this information with us for the purposes outlined in this Privacy Notice.
5.4. You also agree to indemnify us from any loss or damage that might occur if you share a third party’s information without the necessary consent or proper authorisation.
5.5. If you have an employment application, we may gather additional information about you from various sources. This could include public records, career platforms, social media, and other third parties. For instance, we might obtain insights from your professional or academic references, such as previous employers or educational institutions, as well as through third-party pre-employment background checks.
6. WHAT INFORMATION DO WE COLLECT AND PROCESS?
6.1. We will only collect your information in line with relevant regulations and laws. The information we collect, and process could include:
a) Personal details, for example, your name and surname, previous names and surnames, gender, date of birth, and occupation.
b) Information concerning your identity, for example, an identification or passport number, tax identification number, employee number.
c) Contact details, for example, your home/work/postal/email addresses and telephone numbers.
d) Biometric information linked to your account, for example, photographic identification and biometric fingerprint information.
e) Demographic information, for example, your gender and/or marital status.
f) Credit bureau information, data about you held at a registered credit bureau.
g) Transactional behaviour data, data about how you interact with our products and services and the actions you perform in relation to any POSB service or product.
h) User login data, for example, your login credentials for the POSB Mobile App or Remote Banking Site.
i) Location information, the approximate geographic location at the time of using the POSB App or performing a POSB transaction.
j) Other information about you that you give us by filling in forms, surveys, competitions or by communicating with us, whether face-to-face, by telephone, email, online, live chat etc.
k) Financial information such as your bank account details.
6.2. Depending on the products and services that you require, we may also collect special personal information about you, for example:
a) Demographic information, your race or ethnicity, or health-related information for insurance purposes.
b) Criminal information, your commission or alleged commission of any criminal offence or about any related legal proceedings.
c) Personal information of children under the age of 18 (eighteen) , whose information is provided to us by a legal guardian or competent person to open a bank account or as an insurance product beneficiary.
6.3. Depending on the products and services that you use, we may also collect or generate the following information about you:
a) Information about you or those you represent, their relationship with us, the channels you use and your ways of interacting with us, including the POSB digital channels, as well as information concerning complaints, disputes and insurance claims.
b) Life insurance and non-life insurance information related to policy content for yourself and your beneficiaries, claims information, previous policy and information that confirms if you have passed away to enable us to pay out insurance benefits to your beneficiaries.
c) Authentication information such as your biometric information, which includes your voice for voice ID, photographic identification and biometric fingerprint information to verify you as a POSB client.
d) Cookies, and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you.
e) Investigation data, for example, due diligence checks, fraud, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, and organisations, including emails, voicemails and live chat.
f) Records of correspondence and other communications between us , including emails, telephone conversations, live chat, instant messages, and social media communications.
g) Information that we require to support our regulatory obligations , for example, information about transaction details, purpose of payment, counterparty/beneficiary information, identification documents, detection of any suspicious and unusual activity, and information about parties connected to you or these activities.
h) Information about the devices you use to access the POSB digital channels or website, for example, software and Internet Protocol (“IP”) address.
i) Employment information such as status and remuneration when you take out a credit product with us, for a retrenchment claim or medical and other information for when we assess a lump sum disability or temporary disability claim.
j) Education, lifestyle and financial health information which you may provide to us when you do participate in POSB programs or activities.
7. WHAT IF WE CANNOT OBTAIN YOUR PERSONAL INFORMATION?
7.1. If we are unable to collect your personal information, or if you request that we restrict the processing of your personal information necessary to provide the products and services you have requested, we may not be able to offer you our products and services.
8. WHY DO WE PROCESS (USE) YOUR PERSONAL INFORMATION?
8.1. To offer you personalized financial products and services, we need to collect, use, share and store your personal and financial information to:
a) Verify your identity.
b) Assess the risk of fraud and money laundering.
c) Enter a banker/client or a banker/third-party relationship with you.
d) Contractually engage with you in terms of employment, loans and credit.
e) Understand your financial needs to offer you the best services and products.
f) Develop suitable products and services to meet your needs.
g) Market relevant products and services to you.
h) Do market research and conduct client satisfaction surveys.
i) Search for, update or place your records at credit reference bureaus and government agencies.
j) Assess your ability to receive credit or to give collateral of any kind, including guarantees or suretyships.
k) Offer other related banking and insurance services to you.
l) Record and monitor communication between you and us and use these recordings to verify your instructions to analyse, assess and improve our services to you, as well as for training and quality purposes.
m) Communicate with you about products that may be of interest to you via post, phone, SMS, email and other electronic media, including social-media platforms, our ATMs, mobile applications and online banking services.
n) Assess how you use our digital channels so we can offer enhanced services and client experience.
8.2. You have the right to refuse to give us your personal information, but your refusal may limit our ability to provide the required financial services to you.
8.3. We will collect from you only information that is necessary and relevant to the services or products that we offer. And we will collect and use your personal information only if we are lawfully allowed to do so.
8.4. We may send you direct marketing, but you can unsubscribe at any time by opting out on the relevant internet-based platform or by informing us directly.
8.5. If we use third-party data providers, we will ensure that they are lawfully allowed to share your information with us.
8.6. POSB will only process your personal information where it has a lawful reason for doing so and on a justifiable ground as explained below:
a) We have your consent to do so.
b) We have an obligation to take actions in terms of a contract with you.
c) We are required by law to do so.
d) Doing so will protect your legitimate interest ; and/or
e) We or a third party has a legitimate interest to pursue.
f) Where the purpose of the further processing is compatible with the purposes for which your personal information was initially collected.
g) Where the personal information is available in or derived from a public record or has been deliberately made public.
h) When processing is needed to protect the public from financial loss due to dishonesty or malpractice.
i) When the processing is required for statistical purposes.
9. WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH?
9.1. We may share your personal information with third parties. Where we do share your personal information with third parties, we ensure that the correct due diligence is in place, such as appropriate security safeguards and confidentiality obligations.
9.2. Your information may be shared with third parties in the following instances:
a) To provide you with products or services you have requested, for example, fulfilling a payment request or sharing information with third-party vendors who POSB utilises.
b) Where POSB has a public or legal duty to do so, for example, for credit assessments or to assist with detecting and preventing fraud, tax evasion and financial crime.
c) Where POSB must do so in connection with regulatory reporting, litigation, governmental audit or asserting or defending legal rights and interests in compliance with legal obligations, for example if a court order or subpoena directs POSB to share the information.
d) Where POSB has a legitimate business reason for doing so.
e) Where POSB is required to do so to either manage risks, verify your identity, provide you with services requested, or to assess your suitability for products and services.
f) Where POSB has asked your permission to share the personal information, and this was consented to.
9.3. Entities and third parties we may share your information with may include the following:
a) Banks and other financial institutions.
b) Regulatory authorities.
c) Industry bodies and ombudsmen.
d) Law firms and auditors.
e) Insurers.
f) The Zimbabwe Republic Police.
g) Courts of Law
h) Other third parties (contractually, by law, or for protecting a legitimate interest).
9.4. Your information may be transferred to and stored in locations outside of Zimbabwe. When we do this, we will ensure that the third-party recipient of the information is subject to adequate data protection laws to ensure that your personal information is protected at the level of protection as required in terms of Zimbabwe data protection laws and that the transfer is lawful.
9.5. We will not sell your information to third parties and will market to you only in line with applicable laws and your marketing preferences, using your preferred communication method if it is practicable.
10. HOW DO WE SECURE YOUR PERSONAL INFORMATION?
10.1. We are committed to ensuring that your information is secure. We will take the appropriate, reasonable, technical and organisational steps to prevent your personal information from being accessed or shared without authorisation in line with applicable laws and regulations.
10.2. All online transacting sessions are encrypted, and your personal information is stored in line with internationally accepted banking information security practices.
10.3. This includes, for example:
a) We ensure that known threats are accounted for to protect your personal information against loss, theft, access, and unauthorised use or changes.
b) We have implemented appropriate security controls to prevent the processing of your personal information from being accidentally or deliberately compromised. This includes security measures such as restricted user access, responsible information handling, malware controls, encryption or masking, vulnerability, and penetration testing.
c) We always use secure methods of transfer when storing or sharing your personal information.
d) Only approved POSB employees or consultants acting on behalf of POSB are allowed access to your personal information to perform their daily tasks for POSB.
e) We ensure that if we do share your personal information with third parties, the necessary safeguards, written agreements, and due diligence are in place to protect your personal information.
11. HOW LONG WE WILL KEEP YOUR PERSONAL INFORMATION?
11.1. We will keep your information only for as long as we need it for a lawful business purpose or as required by law (including tax legislation) and any other statutory obligations (including requirements relating to anti-money-laundering and combating the financing of terrorism).
11.2. If we need to keep your personal information for longer than required, and more specifically for historical, statistical or research purposes, we will do so with the appropriate safeguards in place to prevent the records from being used for any other purpose.
11.3. When it is not necessary for us to have your information, we will take all reasonable steps to destroy or de-identify it.
11.4. You can exercise your rights related to the retention of your personal information at any time with us by submitting a written instruction.
12. WHAT ARE YOUR DATA PROTECTION RIGHTS?
12.1. You have the right to ask us to confirm whether we have any information about you. If we do, you may also request a record of that personal information, as well as information about all third parties with whom we have shared your personal information.
12.2. Once we have given you the information, you have several rights in relation to the personal information that we hold about you. These rights include:
a) The right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another justifiable ground for doing so, although this may impact your ability to continue to have access to our products and services.
b) The right to request that we correct your information if it’s inaccurate or incomplete.
c) The right to request that we delete or destroy your information. However, we will retain information that is required for our lawful purposes and within the legally permissible retention period. This means that we may retain some of your information even if you requested us to delete or destroy it.
d) The right to object to, and to request that we restrict our processing of your information. There may be situations where you object to, or ask us to restrict, the processing of your information but we are entitled to lawfully continue processing your information and/or to refuse your request.
13. COOKIES
13.1. A cookie is a small text file stored on your device that helps websites or apps recognize your device and store information like login details and preferences.
13.2. We use cookies to personalise your repeat visits to our website by determining how you use the site.
13.3. We also use cookies to identify which pages on our website are being used. This helps us to analyse data about web page traffic and improve our website to meet your needs.
13.4. We use this information for statistical analysis purposes only, after which the data is removed from our system.
13.5. Overall, cookies help us give you a better website by enabling us to monitor which pages you find useful. A cookie does not give us access to your computer or any information about you other than the data you choose to share with us.
13.6. You can choose to accept or decline cookies. Most web browsers accept them automatically, but you can modify your browser settings if you prefer to decline cookies. However, this may prevent you from taking full advantage of our website.
14. PRIVACY NOTICE CHANGES
14.1. We regularly review our practices to make sure your personal information is safe and used responsibly.
14.2. Sometimes, we may need to update our data privacy policies. This may affect clauses in our contracts or terms and condition. If we do, we’ll let you know by posting a notice on our website or the POSB digital channels or through another communication method. These notices will show what changes we made and when they start.
14.3. Please note that POSB may not be able to continue a banking or insurance relationship with a client or provide clients with certain products or services if they object to or do not agree with the changes.
14.4. The latest version of this Privacy Notice is available at www.posb.co.zw/About-us/Privacy-Notice .
15. COMPLAINTS
15.1. You may submit a grievance about the processing of your personal information in relation to this Privacy Notice by contacting us through the following channels:
|
Physical Address |
6 th Floor, Causeway Building, Corner 3 rd Street / Central Avenue, Harare |
|
Telephone Number |
+263 (242)-793831-7 |
|
Email Address |
15.2. If you are not satisfied with the way we have dealt with your complaint, you also have the right to file a complaint with the Data Protection Authority (the Postal and Telecommunications Regulatory Authority) using the following contact details:
|
Physical Address |
1110 Performance Close P. O. Box MP843, Mount Pleasant, Harare |
|
Toll Free |
08004303 |
|
|
