Ecobank Zimbabwe Privacy Note

1. Ecobank Zimbabwe Privacy Notice

At Ecobank Zimbabwe we recognize the importance of privacy and security of our customers' personal information. We value the trust you place in us to protect your personal information and respect your right to privacy. While new technologies have dramatically changed the way information is gathered, used, and stored, preserving customer trust and the privacy of personal information at Ecobank Zimbabwe remains a core objective. We believe it is important to make clear to our customers how information is being collected, used, and shared at Ecobank Zimbabwe, the benefits such use provides, and the protections put in place against unauthorized access and use. We respect your privacy and the confidentiality of your personal information, and we appreciate the opportunity to do business with you.


2. Our Privacy Principles

We will only collect, transfer, process and store your personal information with your express permission unless legally required to do so and will only use such information for the lawful purpose for which it is required. We will disclose the specific purpose for which we use, request, and store your personal information. We will also keep a record of that personal information and the specific purpose for which we collect it. We will not use your personal information for any other purpose, other than that which we disclosed to you, unless you give us your express consent to do so, or unless we are permitted to do so by law.


3. Information We Collect

To provide you with our financial products and services, we need to collect, record, use, share and store personal and financial information about you (“Personally Identifiable Information”). Your information may include Personal Data and Sensitive Personal Data as defined in the Cyber and Data Protection Act of 2021 (as may be amended, replaced, or re-enacted from time to time) and any other law or regulation governing Data Protection in Zimbabwe. Our use of such information is governed by the applicable laws and regulations, and we, Ecobank Zimbabwe are the Data Controller in respect of such information.

This include information which is obtained from you or from third parties, such as employers, joint account holders, credit reference agencies , fraud prevention agencies, intermediaries who refer you to us and who have collected your information from you as part of that referral process, intermediaries who facilitate communication of information relating to your account between us and you, or other organizations or other parties associated with you, when you apply for an account or any other product or service, or which you or they give to us at any other time.

3.1 The categories of personal data that we collect

Ecobank Zimbabwe may collect, use, transfer and disclose the following categories of personal data where permitted by applicable law:

Category of Personal Data Data Collected
Personal details Title, Surname, First Name, Date of Birth, Place of Birth, Phone Number, Email, Nationality, Country of Residence, House Number, Gender, Marital Status, Name of Spouse, Spouse’s Phone Number, Spouse’s ID Type & Number, or other tax identifier number.
Mode of Identification National ID, License or Passport Number, Date of Issue, Place of Issue, Expiry date.
Employment Details Employment status, Salary Range, Employer’s Address, Other Sources of Funds.
Next of Kin Address, telephone, and email details.
Customer Administration Customer tracking records and query management records, reference letters.
Physical Security and Life Safety Data Static photos, motion pictures through the CCTV systems.
Technical Information Including usernames, passwords, and IP addresses as they are generated by online transacting devices.

3.2 The Purposes of collection

Ecobank Zimbabwe will use your information to manage your account(s), give you statements, provide financial products and services, for assessment and analysis purposes (including credit , loan and other financial structures ), for administration purposes, to prevent and detect fraud, money laundering and other criminal or prohibited activity, to carry out regulatory checks, meet our obligations to any relevant legal or regulatory authority and to develop and improve our services to you and other customers and protect our interests

Ecobank Zimbabwe collect, use, transfer and disclose personal data for the following purposes:

Purpose Description of Use
Authentication We use your data we have collected to authenticate you and authorize access to our services on the channels.
Communication To contact you through email, short message services (SMS), phone call, and other ways through our services, including text messages and push notifications. We will send you messages about the availability of our services, security, or other service-related issues.
Banking products marketing To serve you tailored advertisements on our services. We target advertisements to our customers through a variety of ad networks and exchanges, using data from advertising technologies on our services and data from advertising partners, publishers, and data aggregators.
Complaints management We use the data needed to investigate, respond to and resolve complaints and service issues.
Security and fraud management We use your data for security purposes or to investigate possible fraud or other violations of our terms and agreements or this Privacy Policy and attempts to harm our customers and/or visitors.
Promotional services We use data and content about our customers for invitations, promotions, and communications solely for promoting our services.
Compliance with regulations Complying with applicable government reporting and other local and foreign law requirements and other legal obligations.
Legal proceedings Defending, preparing for, participating in, and responding to potential legal claims, investigations, and regulatory inquiries (all as allowed by applicable law).
KYC requirements Conducting background screening (including verifying criminal history, employment, education, credit and litigation history, bankruptcy, directorships, sanctions, politically exposed persons, financial regulatory and media checks).
Investigations Incident management (including threat/fraud investigations, medical emergencies, and crisis reporting).

3.3 The categories of unaffiliated third parties

To provide our financial services and products as outlined above Ecobank Zimbabwe will share your information with our Group Data Processor, eProcess International SA, 2 Morocco Lane, Ridge Ministerial Area, Ridge, Accra, Ghana. We will only share the minimum amount of your information necessary for us to achieve these purposes.

Ecobank Zimbabwe will also share your information with any statutory, governmental, or regulatory bodies, as required by law or for other legitimate purposes. We will share your Personal Data and Sensitive Personal Data with credit reference and fraud prevention agencies. We and other organizations may access and use this information to make credit assessments and to prevent and detect fraud, money laundering and other crimes.

Ecobank Zimbabwe may share Personal Information with the following categories of entities

Category Type of Third Parties
Professional Advisors Accountants, auditors, lawyers, and other outside professional advisors in all the countries in which Ecobank Transnational Inc operates.
Service Providers Companies that provide products and services to the bank in the countries in which the bank operates, such as customer support services, IT systems suppliers and support, security services, logistics services providers, marketing services consultants, or background screening providers and others.
Governmental Authorities Entities that regulate or have jurisdiction over the Bank in the countries in which the Bank operates, such as regulatory authorities, law enforcement agencies, tax authorities, licensing and registration bodies, judicial bodies, and third parties appointed by such authorities.
Parties Related to a Corporate Transaction A third party in connection with any proposed or actual reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of the Bank’s business, assets, or stock (including in connection with any bankruptcy or similar proceedings), e.g., stock exchanges and business counterparties.

4. Legal basis for data collection and processing

Ecobank is bounded by the following legal basis for processing the personal data we collect:

  • Legal obligation – Necessary for compliance with the requirements of the law
  • Data subjects’ consent - Necessary for processing sensitive, genetic, biometric and health data or where data subject is a child
  • Contractual obligations – Necessary for the fulfilment of a contractual obligation
  • Legitimate interest – Necessary for processing for legitimate business purposes

5. Consent

Ecobank Zimbabwe requires your explicit consent to process collected personal data during the account opening process which gives us the permission to use or process your personal data specifically for the purpose identified before collection. If, for any reason, Ecobank Zimbabwe is requesting sensitive personal data from you, you will be rightly notified why and how the information will be used. You may withdraw consent at any time by via email address ezw-dpo@ecobank.com .


6. Disclosure

Ecobank will not pass on your personal data to third parties without first obtaining your consent.


7. Data Subject Rights

At any point while Ecobank Zimbabwe is in possession of or processing your personal data, you, the data subject, have the right to:

  • Be informed of the use to which your personal information is to be put.
  • Give and withdraw consent
  • Access their personal information in custody of data controller or data processor.
  • Not to be subject to automated processing
  • Object to the processing of all or part of their personal information.
  • Correction of false or misleading personal information.
  • Deletion of false or misleading data about them.
  • Right to complain to the Data Protection Authority of Zimbabwe

8. Complaints

If for any reason you wish to make a complaint about how Ecobank Zimbabwe processes your personal data, or how your complaint has been handled, you have the right to lodge a complaint directly with the Data Protection Officer of Ecobank on the email address ezw-dpo@ecobank.com or Office line 0242 851644-9 . Ecobank Zimbabwe shall contact you within fourteen days to validate the request for processing.


9. Online Privacy Statement

9.1 How We Use Your Information

This privacy notice tells you how we, Ecobank, will collect and use your personal data for relationship management, profiling, business analytics or development, communication, registration, subscription, cookies, and all-round efficient service delivery.

9.2 Information We Collect On Our Various Channels

We may collect some personal information from you directly. We may collect information from you when you register on our various platforms which includes Internet banking portal, Mobile App, Rapid Transfer, Personal banking channels, WhatsApp or Facebook.

  • We may collect information from you when you register on our Internet Banking portal.

We may collect, amongst others, your name, e‐mail address, phone number, date of birth, nationality, gender, residential address, identity (ID) number, copy of your ID and a photograph, biometric data, device ID, device location, and details of your Debit/Credit/Prepaid Card. We collect information about you based on your use of our products, services, or service channels (like our websites, applications, ATMs). In addition to creating an Internet Banking Profile, we collect and process your Debit/ Credit/Prepaid Card information such as the Card PAN, Expiry Date, Card Currency, Name on Card, and Card Billing Address

In certain circumstances, we collect information about you whereas you do not have a direct relationship with us, for example if you are a beneficiary of transfer of funds made by our customer.

  • We may collect information from you when you register on our mobile app.

We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, Facial photo Data, device ID, Biometric data and device location when onboarding on our Mobile Applications.

The use of your personal data collected as a result of this is to ensure liveness and confirm that the user is a real person. This data is used exclusively for real-time analysis during the verification process and is not stored. We use technology to capture your face 3D spatial orientation and facial expressions. Once liveness is verified, we proceed to capture your facial image. Importantly, the captured data is never persistently stored on the user's device nor transmitted outside the device. Its usage is strictly limited to ensuring that the captured selfie image is of a live user.

For debit card onboarding, we may collect debit card number and PIN from you and collect other personal information from our core banking system as part of your profile creation in the mobile app. For internet banking onboarding, we collect username and password from you and collect other personal information from our core banking system as part of the profile creation. For Xpress account onboarding we may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location.

  • We may collect information from you when you register on our channels.

We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location (when onboarding on our Xpress Account service).

  • We may collect information from you when you register on our Rapid transfer App.

We may collect, amongst others, your name, e‐mail address, phone number, date of birth, nationality, gender, residential address, identity (ID) number, copy of your ID and a photograph, biometric data, device ID, device location, and details of your Debit/Credit/Prepaid Card. We collect information about you based on your use of our products, services, or service channels (like our websites, applications, ATMs). To create a Rapid transfer Profile, we collect and process your Debit/Credit/Prepaid Card information such as the Card PAN, Expiry Date, Card Currency, Name on Card and Card Billing Address.

  • We may collect information from you when you register on our chatbot.

  • We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location. When onboarding on our Xpress Account service, we may also collect information about you from your profile on Facebook.

  • We may collect information identifiers and information such as IP address, browser version, operating system, and software data. When we collect information about you from your profile on Facebook, the privacy notice between you and Facebook shall apply.

  • We may collect and combine information when you register on our mobile banking services including information, you provide to us, device IDs, cookies, and other signals, including information obtained from third parties, to associate accounts and/or devices with you. We collect information about you when we receive it from third parties and affiliates. We may collect information about you based on how you engage or interact with us on social media, emails, telephone calls and surveys.

  • We collect information from devices such as mobile phones and tablets about how you interact with our services and those of our third-party partners and information that allows us to recognize and associate your activity across devices and services. This information includes device specific identifiers and information such as IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data.

  • In certain circumstances, we collect information about you whereas you do not have a direct relationship with us, for example if you are a beneficiary of transfer of funds made by our customer.

9.3 Why Does Ecobank Need to Collect and Store Personal Data?

At Ecobank Zimbabwe we need to collect your personal information to enable us to provide you with our services. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose(s) only and will in no way invade your privacy. If there is a need to use your personal data for marketing purpose, Ecobank Zimbabwe will ensure to seek additional consent from you.

9.4 Will Ecobank Share My Personal Data with Anyone Else

Ecobank Zimbabwe only shares personal information with other companies or individuals in the following limited circumstances:

We have your consent. We require consent for the sharing of any sensitive personal information. Ecobank Zimbabwe may pass your personal data to third-party service providers contracted by us. Any third party that we may share your personal data with is under an obligation to secure your details and use them only to fulfil the service for which they were contracted. When they no longer need your details to fulfil this service, the data will be disposed in line with the Ecobank Zimbabwe ’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are required to do otherwise, legally.

We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Ecobank Zimbabwe , its users or the public as required or permitted by law.

If Ecobank Zimbabwe becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

9.5 How Will Ecobank Use the Personal Data It Collects About Me

We will process (collect, use, and store) the information you provide in a manner that complies with the CYBER AND DATA PROTECTION ACT [CHAPTER 12:07] of Zimbabwe and any other applicable local data protection and privacy laws and regulations. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Ecobank is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. The retention period for certain kinds of personal data may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.


10. Under what circumstances will the bank contact me.

We do not intend to be intrusive, and we will not ask irrelevant or unnecessary questions. Moreover, we will subject the information you provide to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.


11. Can I Find Out the Personal Data That Ecobank Holds About Me

Ecobank, at your request, can confirm what information we hold about you and how it is processed. If we do hold your personal data, you have the right to request the following information:

  • Contact details of the data protection officer, where applicable.
  • The purpose of the processing as well as the legal basis for processing.
  • Information about interests, if the processing is based on the legitimate interests of Ecobank or a third party.
  • The categories of personal data collected, stored, and processed.
  • Recipient(s) or categories of recipients that the data is or will be disclosed to.
  • Information about how we intend to securely transfer the personal data to a third party or international organizations.
  • How long the data will be stored.
  • Details of your rights to correct, erase, restrict or object to such processing.
  • Information about your right to withdraw consent at any time.
  • How to lodge a complaint with the supervisory authority
  • Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
  • The source of personal data if you didn’t provide it directly.
  • Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

12. How long will Ecobank Store My Personal Data

We keep most of your personal data for as long as your account is active. We retain the personal data you provide while your account is in existence or as needed to provide you with our services.


13. Forms of ID Needed to Provide data access

Ecobank accepts the following (but not limited to) forms of ID when information on your personal data is requested: International Passport, Driving License, National Identity Card.


14. Account Closure

We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, and prevent fraud.


15. Protecting Children’s Privacy

Our services are for a general audience. We do not knowingly collect, use, or share information that could reasonably be used to identify children without prior parental consent consistent with applicable law.


16. How do we secure your information

Ensuring the security of our systems and safeguarding our users' information is of utmost importance to Ecobank Zimbabwe. It is fundamental to upholding the integrity of our brand and providing our customers with a secure and trustworthy experience across all our platforms, including our websites, apps, advertising services, products, and technologies. Our commitment to protecting user data is integral to maintaining the trust our customers place in us:

  • Ecobank Zimbabwe has technical, administrative, and physical safeguards in place to help protect against unauthorized access, use or disclosure of customer information we collect or store.
  • We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
  • We offer the use of a secure transmission, processing and storage services using standardized security safeguards.
  • All supplied sensitive/credit information are encrypted via transaction layer security (TLS) technology during transmission to avoid misuse of your data. Card Number (PAN), CVV and expiry date of any debit, credit and prepaid cards attached to our apps are tokenized and stored on our backend systems at our data processor.
  • Your personal information may be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. Information such as PINs and passwords are not accessible to our authorized personnel.

16.1 Technical and Organizational controls

We will treat your information as confidential and will not use it for any purpose incompatible with those outlined in these terms. Reasonable technical and organisational measures will also be taken to safeguard against unauthorized or unlawful processing and accidental loss or destruction or damage to your information. Ecobank Zimbabwe has implemented international time-tested frameworks to safeguard personal data and its ICT infrastructure. The following frameworks are integrated into the Ecobank Zimbabwe information security and privacy framework:

  • ISO 27001:2022 Information Security Management system (ISMS) – Certified
  • ISO 27701:2019 Privacy Information Management System (PIMS) Certified
  • Payment Card Industry Data Security Standard ver 4.0 (PCIDSS) – Certified

17. Changes to our Privacy Policies

We may update this Privacy Notice to reflect changes to our information practices, if we make any material changes, we will notify you by an email (sent to the email address specified in your account) or by means of a notice on this website or via a link from your mobile application prior to the change becoming effective. We encourage you to periodically review this page for updates on our privacy practices.


18. Contact us

If there are any questions regarding this Privacy Notice, any further information you would need, or a data breach incident you would like to report on, please contact us using the information provided below.

Data Protection Officer ezw-dpo@ecobank.com"

Ecobank Zimbabwe Limited

No. 2 Piers Road

Block A, Sam Levy's Office Park

Borrowdale, Harare

Zimbabwe

Tel:0242 851644-9