DATA PRIVACY STATEMENT
NBS Bank recognizes the importance of protecting the privacy of the personal information which has been transmitted to us. We believe that the confidentiality and protection of information entrusted to us by our clients and Online Banking and Mobile Banking users (online users) is one of our fundamental responsibilities. This Privacy Statement describes how we, NBS Bank Plc, as Data Processor and Controller collect and process personal data and other information of you or of you in your capacity as the authorised representative / agent of the legal entity (hereinafter referred to as “you”), when using e Banking services via Online Banking (https://nbsib.mw) and Mobile Banking.
We will only collect, transfer, process and store your personal information with your express permission unless legally required to do so, and will only use such information for the lawful purpose for which it is required. We will also keep a record of that personal information and the specific purpose for which we collect it. We will not use your personal information for any other purpose, other than that which we disclosed to you, unless you give us your express consent to do so, or unless we are permitted to do so by law.
What categories of Personal Data do we collect and process ?
- We may collect information from you when you register on our channels. We may collect your name, e‐mail address, phone number, and date of birth, gender, residential address, ID number, device ID, serial number network status and device location. You will be provided with the Log in Data from us when you sign up for the Electronic Banking service
- We may collect and combine information when you register on our mobile banking services including information you provide to us, device IDs, cookies, and other signals, including information obtained from third parties, to associate accounts and/or devices with you.
- We collect information from devices such as mobile phones and tablets about how you interact with our services and those of our third-party partners and information that allows us to recognise and associate your activity across devices and services. This information includes device specific identifiers and information such as IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data.
- We also process the following Personal Data available in your Electronic Banking account including log in credentials, account data statements, portfolio data, and transaction data, which we received from you upon Electronic Banking opening and which depend on the transactions on your account. We also collect device and usage information, which includes information specific to the used device to access Online Banking and Mobile Banking (including language preferences) (“Usage Information”). We collect such information when you are browsing Online Banking and Mobile Banking.
Why does NBS Bank collect Personal Data and what is the legal basis?
We process the aforementioned personal data in compliance with the provisions of the Malawi Dat Protection Act(2024), Malawi Electronic Transactions and Communications Act (2016) and if applicable the EU General Data Protection Regulation (GDPR). We collect and process your Log in Data and Account Data to provide you with the electronic banking services and to better serve your financial needs, i.e. that you can access your account statements online, and to administer our business. We collect, retain and use Usage Data about you for the purposes of better serving you, e.g. to remember your language preferences. The legal basis for the processing of Log in Data and Account Data is E-banking enrollment. The legal basis for Usage Data are our legitimate interests which are the following: to maintain the performance of Online Banking and Mobile Banking and to analyze usage. The provision of Personal Data is compulsory. If you do not provide your Personal Data, you cannot use Online Banking and Mobile Banking. The legal basis for marketing is your consent. The provision of your Personal Data for marketing purposes is voluntary. You have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal. If you do not consent or withdraw your consent your data will not be used for that purpose any longer and you will not receive marketing materials by us.
How long will Personal Data be stored?
Log in Data and Account Data will normally be stored until it has fulfilled the purpose it was collected for, i.e. during the electronic banking enrollment with you. Once our relationship has come to an end, we will store your Log in Data and Account Data according to statutory limitation periods and then delete them, unless statutory retention periods apply or if necessary to establish, exercise or defend a legal claim. This also applies to Usage Data, unless you object to the respective processing in which case we will erase or anonymize such information.
What is a communication protocol and how do we use it?
NBS Bank is committed to the continuous improvement of our services. We use so-called tracking technologies such as cookies and tags for statistical purposes and to improve user experience. Technically, a cookie is a small text file that is used to store information about a website visit for a limited period of time. The stored information consists of at least two components, the name of the cookie and its content, including the accessed webpages. Cookies are used to improve the end-user experience by using the former mentioned tracking technologies. Users can configure their browser to prevent or warn against cookies. However certain functions or services might not be available in this case
Who will have access to my Personal Data?
The Personal Data gathered will be stored by NBS Bank and only accessed by the team responsible for you. Personal Data may be shared with service providers that provide IT services for us and act as processors. Those service providers are located in Malawi (for which an adequate Data Protection applies) and process Personal Data in Malawi. The Data will only be used according to the purpose for which the data has been collected. We reserve the right to disclose your information only in circumstances where disclosure is required under the law, to cooperate with regulators or law enforcement authorities or to protect our rights and property as permitted by law.
How is Personal Data protected?
Pages where we collect Personal Data from our website visitors are usually encrypted with your browser’s internal encryption module. These pages, as well as the internet banking-system of NBS Bank are certified by international accredited certification institutions. NBS Bank has implemented additional, comprehensive security procedures for our internet-banking-system. A firewall is deployed as a means to prevent external access to account information from NBS Bank’s system. We also deploy multiple layers of encryption and identification to address the concern of unauthorized inquiries or interception by the transmission of client information. If, at any time, you are not satisfied with our procedure to protect your privacy or if you have questions regarding the collecting and/or use of your Personal Data or regarding our privacy statement, please contact us. We will use all commercially reasonable efforts to promptly address your concern.
Your rights Pursuant to applicable data protection law
you may have the right (i) to request access to your Personal Data, (ii) to request rectification of your Personal Data, (iii) to request erasure of your Personal Data, (iv) to request restriction of processing of your Personal Data, (v) to request data portability, (vi) to object to the processing of your Personal Data (including objection to profiling) and (v) to withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
you may have the right (i) to request access to your Personal Data, (ii) to request rectification of your Personal Data, (iii) to request erasure of your Personal Data, (iv) to request restriction of processing of your Personal Data, (v) to request data portability, (vi) to object to the processing of your Personal Data (including objection to profiling) and (v) to withdraw consent at any time without affecting the lawfulness of the processing based on consent before its withdrawal.
Contact
Tel +265 111 812 222
+265 111 810 231
Call Centre 322/ 0888 800 322
WhatsApp 0888 322 322
Email- nbs@nbs.mw