Classified as internal use only The Standard Bank of South Africa Limited, its successors and
assigns Privacy Statement
The Standard Bank of South Africa Limited, its successors and assigns (the Bank, we, us, our) treat the
personal information we collect through our Channels (this website, associated websites, mobile sites,
mobile applications and other channels) as private and confidential. This Privacy Statement
and our Cookie Notice applies when you use our Channels.
- Lawful processing of personal information
The Standard Bank of South Africa Limited is committed to processing personal information in keeping with
its responsibilities under the applicable data protection laws.
The following conditions of lawful processing of personal information are the principles in terms of
which we will be processing the collected personal information. They are:
- Accountability – the Bank as the responsible party and through its employees will make sure that
personal information is processed in a lawful and responsible manner.
- Processing limitation – we shall lawfully collect personal information for a defined purpose and where applicable, with the consent of our clients and third parties.
- Purpose specification – we will only use personal information for the purposes that our clients, third parties and employees expect us to use it for. Further processing limitation – where a processing activity is seen as further processing (means a new purpose for processing personal information) and this new purpose is inconsistent with the original purpose (original reason we collected personal information), we will make sure that our processing activities meet the requirements of the applicable data protection laws.
- Information quality – we will take reasonable steps to ensure your personal information is accurate, complete and updated and not misleading.
- Openness – from the start, we will be open, clear and honest with our clients, third parties and employees on how and why we use their personal information and how we protect their personal information.
- Security safeguards – we will apply and follow appropriate and reasonable technical and organisational measures to make sure that the confidentiality, integrity and availability of personal information are secured. These measures will also be applied to protect personal information against loss, damage, unauthorised destruction or unlawful access.
- Data subject participation – we have processes in place for our clients, third parties and employees to access, correct and delete personal information and exercise their rights in terms of applicable data protection laws.
We collect and process the following categories and types of personal information through the relevant Channels, including:
- personal details (this can be your name, age, passport information, biometric information, information about personal interests);
- contact details (this can be your mobile number and email address);
- details related to a client (this can be the business contact details of an agent or representative, relationship with the client or related parties, shareholder information); and
- transactional details (this can be information about products, services, requests, queries or complaints).
We will collect personal information in the following ways:
- directly from you, and
- where lawful and reasonable, from third parties and public sources. This includes credit reporting and government agencies.
- If you decide to give us express consent, we will use your personal information to:
- Meet our responsibilities to you.
- Process your personal information for ordinary business purposes (this includes to open and maintain your account, execute transactions, administer claims where applicable, manage our risks and maintain our overall relationship with you).
- Carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services). Consent will not be obtained if we anonymise/de-identify the personal information.
- Tell you about similar services and products available within The Standard Bank of South Africa, Standard Bank Group or partner services and products. If you wish, you may opt out from receiving such information at any time by choosing the “Unsubscribe” option provided in every communication that we send to you.
- Comply with applicable laws and regulations.
The Standard Bank of South Africa Limited will not intentionally or knowingly collect personal information directly from minors (anyone under the age of 18). The personal information of minors will be collected through their legal guardian or parent only where products or services are obtained for the minors.
Standard Bank will only use and share your personal information where it is necessary for us to carry out our lawful business activities. To enable you to fully understand the way in which we process your personal information, we have described the different lawful grounds for such processing in detail below:
- Consent – We may process your personal information for a specific and explicitly defined purpose where you, or a competent person in the case of personal information relating to a minor, provide us with your express consent for such processing or where law requires.
- Contractual need - We may process your personal information where it is necessary to enter into a contract with you in order for us to provide our products or services to you or to perform our obligations under that contract. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.
- Compliance with an obligation imposed by law- When you apply for a product or service, we are required by law to collect and process certain personal information about you. Please note that if you do not agree to provide us with the requested personal information, it may not be possible for us to continue to operate your account or provide services to you.
- Legitimate interests of the Bank - We may process your personal information where it is in our legal interests to do so as an organisation and without harming your interests or fundamental rights and freedoms (for example, for marketing purposes, site maintenance, etc.).
- When can we process or share your personal information?
We will process your personal information if you give us your consent willingly or according to the grounds of lawful processing highlighted above. If we need your consent, we will notify you through our product and services agreements or application processes through our various authorised Channels.
We will only share your personal information if:
- the law requires it;
- we have a public duty to share the personal information;
- our or your legitimate interests require us to share the personal information;
- it is necessary to conclude or perform due to an agreement between you and us; or
- you agreed that we may share your personal information.
- Personal Information sharing and data transfers
- We will not share your personal information to external organisations that are not our service providers, unless business operations require the processing of your personal information in other countries, either to carry out processing based on your instructions or for ordinary business purposes. As specified by the above purposes, we may share your personal information with any of the parties mentioned below, located in any jurisdiction: Any member of Standard Bank Group.
- Professional advisers like auditors, third-party vendors, or independent contractors who process personal information on behalf of Standard Bank to support our business.
- Our business partners who provide their products and services to you.
- An employee of a card distributor or vendor where the personal information is shared in connection with the use of a card.
- Any individual who needs your personal information due to foreign or local law or regulation.
- Any court of justice, regulatory body, taxation authority (including any authority investigating an offence) or their agents.
- Any debt collection agency, credit bureau, insurer or broker, direct or indirect provider of credit protection and fraud prevention agencies.
- Any financial institution to conduct credit checks, anti-money laundering related checks, for fraud prevention and detection of crime purposes for the group.
The third party, who is located outside of South Africa and receives the personal information, will need to comply to either a law, or binding corporate rules or a binding agreement which states that they will provide an adequate level of protection to your personal information. This means that they have to agree to lawfully process your personal information and protect your personal in the same manner as we do. The transfer of your personal information will be based one of the following conditions:
- You provide your consent to the transfer.
- The transfer is necessary for the conclusion or performance of a contract to which you are a party.
- The transfer is for your benefit, and it is not reasonably practical to obtain your consent to that transfer; and if it were reasonably practicable to obtain such consent, you would be likely to give it.
- Storing personal information
We will store and keep your personal information according to the retention (holding) periods defined by law for legitimate business purposes and will take reasonably practicable steps to make sure that it is kept up to date and deleted and archived according to our defined retention schedules.
- Our security practices
The security of your personal information is important to us. We have implemented appropriate and reasonable technical and organisational measures to prevent loss, unauthorised destruction, damage or access to your personal information by unauthorised third parties. The security of your personal information is important to us. We make sure that we implement organisational and technical procedures to keep your personal information safe.
However, you must not share or send us any personal information over unauthorised channels, since it is not a secure way of communication and carries a risk of interception and unauthorised access. You should only share personal information over authorised channels of Standard Bank of South Africa Limited.
- Marketing by electronic means
We would like to share information about our own products, services and special offers that are similar
to the products or services used by you, via your preferred method of communication (as indicated to us),
such as email, text message, social media platforms or notification on your mobile application. Subject
to your express consent and the option to opt-out or unsubscribe at any time, we may also share information
with you about similar products, services and special offers of our partner companies. If you have opted-in
to receive marketing communications, you may always opt out at a later stage using the link shared below
or clicking on the “Unsubscribe” option included in every marketing communication sent to you. You have
the right at any time to stop us from contacting you for marketing purposes or giving your data to other
members of Standard Bank Group. If you no longer wish to be contacted for marketing purposes, please
request for us to mark you as ‘No’ to Marketing by visiting any branch, calling us on 0860 123 000 or
emailing us on email@example.com.
A “cookie” is a small text file that is stored on your computer, smartphone, tablet, or other device
when you visit a website or use an app. They contain specific information related to your use of our
website or app, such as login credentials, your preference settings or tracking identifiers. Cookies
make it easier for us to give you a better experience online. For all optional types of cookies, we
will obtain your consent before these cookies can be used or stored on your device.
- provide products and services that you request;
- deliver advertising via marketing communications;
- provide you a better online experience and track website performance; and
- help us make our website more relevant to you.
- Types of cookies used on our website
Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.
||Cookie description and purpose
||Unique user ID that recognises the user on returning visits.
||Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
||Used to check if the user's browser supports cookies.
||Collects statistics on the visitors visits to the website, such as the number of visits, average time spent on the website and what pages have been read.
||Registers a unique ID that identifies the user's device for return visits.
||Saves information on what vertical percentage of a page has been displayed to the user.
||This cookie is used to collect information on the user. This information will be stored for internal analytics at the website's operator. Internal analytics is used by websites to optimise their domains.
||Registers how the user has reached the website.
Marketing cookies are used to track visitors across websites. The intention is to display advertisements that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
||Cookie description and purpose
||Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.
||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
||The user’s navigation on the website is registered and linked to offline data from surveys and similar registrations to display targeted ads. This is done with a unique ID used for semantic content analysis.
||Collects information on user preferences or interaction with web-campaign content. This is used on CRM-campaign-platforms used by website owners for promoting events or products.
||This cookie is set by the audience manager of the website to determine the time and frequencies of visitor data synchronisation. Cookie data synchronisation is used to synchronise and gather visitor data from several websites.
||Used for targeted ads and to document efficacy of each individual ad.
||Used for targeted ads and to document efficacy of each ad.
- Optional cookies
Session cookies - These cookies are temporary and only exist while you browse our website. As soon as you close your browser or move to a different website, they are removed. They allow our website to link your actions during a browser session.
Persistent cookies - These are permanent cookies that are stored on your device until they reach a set expiry date or until you delete them. They remember your preferences or actions across our site (or in some cases across different websites). We may use them for various reasons, such as remembering your preferences and choices when using our site, or to display only relevant advertising messages to you.
First-party cookies – We own and create these cookies.
Third-party cookies - These cookies are owned and created by another company that provides a service to us, such as social media sharing, website analytics or content marketing.
- How to disable cookies
You can stop your browser from accepting cookies by changing the settings on your web browser. Please note that restricting cookies may impact the functionality of our websites. We recommend that you allow cookies, to enable the efficient and proper functioning of the website. Explore the settings and options on your browser to disable or enable them, or visit https://www.aboutcookies.org for detailed information about managing cookies on different browsers.
- Links to other websites
Our website, related websites and mobile applications may have links to or from other websites. Although we try to link only to websites that also have high privacy standards, we are not responsible for their security, privacy practices or content. We recommend that you always read the privacy and security statements on these websites.
Monitoring of electronic communications
We communicate with you through different methods and Channels. Where permitted by law, we may record and monitor electronic communications to make sure that we comply with legal and regulatory responsibilities and internal policies.
- Monitoring and analysis
We will monitor and analyse your account for credit, fraud, compliance and other risk-related purposes as required by law. However, you may not be subject to a decision which results in legal consequences for you or which affects you to a great degree, which is based only on the automated processing of personal information.
- Social media
We operate and communicate through our designated profiles, pages and accounts on some social media sites (such as Facebook and Twitter) to inform, help and engage with our clients. We monitor and record comments and posts made about us on these channels so that we can improve our services.
The general public can access, read, share, and comment on any information posted on these sites. We are not responsible for any information posted on those sites, except for the information posted by our designated officials. We do not endorse the social media sites themselves nor any information posted on them by third parties or other users.
We do not give investment, tax or other professional advice on social media sites. You should always get independent advice before making any decisions.
When you engage with us through social media your personal information may be processed by the site owner. This process is outside our control and may be in a country outside South Africa that may have different privacy principles. For more information about the privacy practices of a social media site, please refer to and read the terms and conditions of that site.
Social media sites are not appropriate forums to discuss our clients' products or financial arrangements. We will not ask you to share personal, account or security information on social media sites in a public post. We may ask you to message us in private through one of our official accounts, profiles or pages on a social media site.
We regularly update and monitor our social media presence and welcome feedback and ideas sent to us through these channels. We try to join conversations whenever possible but cannot guarantee that we will read or reply to all messages sent to official Standard Bank social media accounts. Emerging themes and helpful suggestions will be given to the relevant people within the Standard Bank Group for consideration but we cannot guarantee that any themes or suggestions will be acted on.
- Your rights
We want to ensure that you are aware of your rights in relation to the personal information that we process about you.
- Right to access - You have a right to get access to the personal information that we hold about you.
If you would like a record or description of the personal information that we hold about you, please
request this through 1. our customer service channels. OR 2. the firstname.lastname@example.org We may,
if allowed by law, charge a fee for this.
- Right to rectify/correct/ update - You have a right to correct inaccurate personal information and
to update incomplete personal information. Please request this through 1. Our customer service channels.
OR 2. the email@example.com to exercise your rights.
- Right to be notified – You have the right to be notified that your personal information is being
collected by us or has been accessed or acquired by an unauthorised person.
- Right to object - You have a right to object to us processing your personal information where we
have relied on one of the lawful grounds above for legitimate interest or where we perform a public
law duty (and to request us to restrict processing). Please note that if you request us to restrict
processing your personal information, we may have to stop or suspend the operation of your account
or the products and services we provide to you. Please note that where the law permits us to process
your personal information, we will have a legal obligation to do so. Please request this through 1.
Our customer service channels. OR 2. the firstname.lastname@example.org
to exercise your rights.
- Right to deletion - You have a right to request that we delete your personal information.
Please request this through 1. Our customer service channels. OR 2. the email@example.com
to exercise your rights.
- Right to object to the processing of personal information for the purposes of direct marketing -
You have a right to object at any time to the processing of your personal information for direct
marketing purposes, including profiling you for the purposes of direct marketing. Please request
this through 1. our customer service channels. OR 2. the firstname.lastname@example.org
to exercise your rights.
- Right not to be subject, under certain circumstances, to automated-decision-making processes.
You have rights in relation to automated decision-making, including a right to appeal if your application
is refused. You can exercise your right by submitting your request to email@example.com
- Right to lodge a complaint with the Regulator. If you wish to raise a complaint on how we have
handled your personal information, you can contact our Deputy Information Officer who will investigate
the matter. We hope that we can address any concerns you may have.
- Queries and complaints
If you have any queries or complaints about privacy, please contact:
Deputy Information Officer
The Standard Bank of South Africa Limited
P O Box 1155
Standard Bank Centre
5 Simmonds Street
Telephone: +27 11 636 7385
- Right to change this privacy statement
We may change this privacy statement from time to time. We will publish all changes on our website. The
latest version of our privacy statement will replace all earlier versions, unless it says differently.
* Standard Bank Group subsidiaries and their subsidiaries:
Diners Club (S.A.) (Pty) Ltd, Standard Bank Financial Services Holdings (Pty) Ltd, Standard Offshore Finance Company (Pty) Ltd, Melville Douglas Investment Management (Pty) Ltd, FHPManagers (Pty) Ltd, Standard Trust Limited, Standard Insurance Limited, Stanhold Investments (Pty) Ltd, Greenfield Newgate (Pty) Ltd, The Unisec Group Limited, Standard Bank Properties (Pty) Ltd, Blue Waves Properties 78 (Pty) Ltd, SBG Securities (Pty) Ltd.
Date published: 15 February 2016
Standard Bank of South Africa Limited Privacy Statement