DATA PRIVACY STATEMENT

Purpose of This Statement
The purpose of this statement is to inform you about the types of personal data Bank of Africa Tanzania Limited (the bank) collects, from whom it is collected, the purposes for which it is used, and how the data is handled.

By submitting your personal data, you consent to the practices described in this Statement.

If you do not agree with any part of this Privacy Statement, you should refrain from providing your personal data.

Data Collected
The bank collects, processes and controls personal data that uniquely identifies you as an individual including your name, age, date of birth, address, telephone number and other relevant information necessary or desirable for the bank to provide its services. In specific cases, sensitive personal data (special category of personal data) may also be collected, in compliance with applicable law.

Sensitive personal data includes but is not limited to information relating to your religious or philosophical beliefs, race, ethnic origin, trade union membership, political persuasion, health, sex life or biometric information. Additionally, information related to criminal offenses or related legal proceedings may also be processed when relevant.

Data Collection Methods;
The bank may collect personal data directly from you through various means including written forms, electronically via email, telephone conversations, online platforms (such as website, internet banking, mobile applications) and video conferencing. We may also collect data from third parties lawfully such as international sanctions list, publically available websites, databases and other public data sources. for the purpose of providing bank services and products.

Use of Data Collected;
The bank collects and processes your personal data for the purposes of providing you with our products and services that include but are not limited to; 
1)Establishing and managing your relationship with the bank.
2)Identifying and verifying you for the provision of bank services and products.
3)Understanding your financial stand to help the bank give suitable financial advice.
4)Assessing your creditworthiness for lending purposes.
5)Profiling you for risk assessment purposes in compliance with legal and regulatory obligations.
6)Assisting with statutory and regulatory reporting as required by law.
7)Detecting and preventing financial crimes, including money laundering, terrorism financing, and fraud.
8)Conducting background checks for employment-related purposes to help the bank make an informed decision.
9)Performing due diligence and risk assessment for Suppliers and Partners.
10)For marketing of the bank products and services, subject to your consent.
11)Handling and Resolving complaints.
12)Conducting market research to improve the bank’s products or services from time to time.

Disclosure of Your Personal Data;
Your personal data may be shared within the bank and with authorized third-party service providers (Data Processors) acting on the bank’s behalf, solely for the purposes outlined in this Privacy Statement.

We may also share your personal data within BOA Group and its respective service providers to manage client, service provider and other business relationships;

When necessary to deliver our services, your personal data may be disclosed to counterparty banks, payment infrastructure providers, or other parties involved in processing payments on your behalf.

In cases where you apply for credit products, we will share your personal data with credit reference bureaus to assess your creditworthiness.

Furthermore, the bank may disclose your personal data to regulators, including those in foreign jurisdictions as required by applicable laws or regulations.

Data Retention;
As a general rule, the bank will retain your personal data in accordance with retention periods set out in applicable laws and regulations, your personal data will not be kept longer than necessary, unless required for legal purposes, including complaint handling, legal proceedings, or for purposes stipulated by law.

Privacy and Indemnity;
The bank takes the protection of your personal data seriously and implements appropriate technical and organizational measures to safeguard it. However, you are required to take all necessary and appropriate steps to ensure protection of your Personal data by ensuring confidentiality of your passwords and access codes.

You hereby indemnify the bank from any loss, damages or injury that you may incur as a result of any security compromise of your Personal data to unauthorized persons attributable to you or resulting from your acts or omissions during the provision of incorrect or incomplete Personal data to the bank.

Your Rights;
In accordance with regulatory requirements, you may exercise the following rights by submitting a written request to the bank:
1)Right to Access: You have the right to request a copy of the personal data we hold about you.
2)Right to Rectification: You may request that we correct or update your personal data if it is inaccurate or incomplete.
3)Right to Erasure: You can request the deletion of your personal data, subject to legal and regulatory obligations.
4)Right to Object to Processing: You have the right to object to the processing of your personal data, particularly in cases of direct marketing.
5)You may opt out of receiving marketing communications, such as SMS or emails, by contacting us via the toll-free number 0800 78 11 22, the Data Protection Officer’s contact details below, or by visiting your nearest branch.
6)Right to Restriction of Processing: You may request the restriction of processing your personal data in certain circumstances, such as when you contest the accuracy of your data or if the processing is unlawful.
7)Right to Data Portability; You have the right to request that a copy of your personal data provided to us be transferred to another data controller.
8)Right to Withdraw Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing that took place prior to withdrawal.
9)Right Not to be Subject to Automated Decision-Making: If we make automated decisions based on your personal data, and you are dissatisfied with the outcome, you are encouraged to contact us.
10)Right to Lodge a Complaint: If you believe your personal data has been processed in violation of this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with the Personal Data Protection Authority (PDPC).These rights may not apply in all circumstances. If we are unable to fulfill your request, we will provide an explanation. When responding to your request, we may ask you to verify your identity and provide additional information to help us better understand and process your request.

Statement Revisions:
This Privacy Statement is effect from 26th November 2024. The bank reserves the right to amend this Privacy Statement periodically. Any updates will be published on this website.

Contact Information:
For any questions or concerns about this Privacy Statement, or if you wish to exercise your data protection rights, please reach out to us using the contact information below:

Attention: Data Protection Officer
Bank of Africa Tanzania Limited
NDC Development House
Ohio Street /Kivukoni Front
P.O. Box 3054
Dar es Salaam
Email: dpo@boatanzania.co.tz;