This notice is relevant to you if you are:
- an individual associated with a client or potential client of Nedbank London or N.B.S.A. Limited, such as an employee, director, officer, other representative or beneficial owner of a client; or
- an individual whose personal data is given to Nedbank London or N.B.S.A. Limited by a client or potential client, or which we otherwise receive, in the course of our dealings with that client or potential
Nedbank Group Limited, its subsidiaries and their respective offices (the “Nedbank Group”) is strongly committed to protecting personal data.
“N.B.S.A. Limited” refers to N.B.S.A. Limited, a company incorporated in England and Wales (with company number 00307296) with registered office at 7th Floor, 12 Arthur Street, London, EC4R 9AB.
“Nedbank London” refers to Nedbank Limited (a company incorporated in South Africa (with registration number 1951/000009/06)) acting through its London Branch (with registration number BR001334/FC004124) with registered office at 7th Floor, 12 Arthur Street, London, EC4R 9AB.
“we”, “us” or “our” refers to Nedbank Limited or
N.B.S.A. Limited (as applicable).
Nedbank London and N.B.S.A. Limited are both part of the Nedbank Group.
This privacy notice explains how Nedbank London and N.B.S.A. Limited processes client-related personal data.
Where we refer to “process”, it means how we use, store, make available, destroy, update, disclose, transfer or otherwise deal with personal data.
This notice provides important information about how we process your personal data and your personal data protection rights.
For the sake of clarity, any reference to “Client” in the privacy notice is a reference to our client or potential client whom you represent, or with whom you are otherwise associated.
If you are providing us with personal data about other individuals, you confirm that you have (i) that individual’s express consent to do this (ii) informed them of the purpose for which you are providing us the personal data and (iii) made them aware of this notice.
This privacy notice was last updated on 26 February 2021.
Personal data is any information that identifies you or specifically relates to you.
We may collect and process the following personal data about you:
- your name, physical address (like residential address, work address or your physical location), email address and telephone number;
- information about your (or the Client’s) business relationship with us;
- information about your professional role and background;
- limited details of your personal life;
- identification documentation for Know Your Customer (KYC) and other verification and authorisation purposes, including records such as passport details (including a photograph of your face and shoulders), identification documentation (including an identifying number (like an account number, identity number or passport number)), online identifiers, social media profiles, marital status, age, date and place of birth, language, nationality, domicile, source of funds/wealth, financial history, prominent political links and criminal record;
- your tax identity (e.g. National Insurance Number or Social Security Number) and tax status;
- your specimen signature;
- interactions such as face-to-face meetings with us;
- telephone calls, emails, instant messages, chat rooms or other electronic communications with us and our staff members, which may be recorded by our information technology systems;
- closed circuit TV systems and building access controls for security and safety purposes which may record you if you visit our premises;
- your cookies and IP addresses if you visit any Nedbank Group webpage, and some other information such as your browser type and the pages on the Nedbank Group webpage that you visit. Please see our separate cookie statements on our webpages if applicable.
We may collect personal data about you in the following manner:
- you give us the personal data:
- when filling in forms that we (or the Client on our behalf) asks you to complete;
- communicating with us in person, or by email, telephone, post or otherwise.
- our systems collect the personal data about you;
- the Client or your colleagues provide us with the personal data;
- third parties provide us with the personal data – these would be:
- our service providers, agents and sub- contractors like couriers and other persons we use to offer and provide products and services;
- Nedbank Group members, any connected companies, associates, affiliates or successors in title and/or appointed third parties (like their authorised agents, partners, contractors and suppliers);
- other financial institutions or other credit providers in the course of a transaction relating to the Client or its business;
- third party data providers, international sanctions lists, the internet, the media, public registers of companies and assets, third-party screening solutions (e.g. World-Check and SafeWatch) or other publicly available sources;
- attorneys, tracing agents, debt collectors and other persons that assist with the enforcement of agreements;
- payment processing services providers, merchants, banks and other persons that assist with the processing of payment instructions from the Client;
- insurers, brokers, other financial institutions or other organisations that assist with insurance and assurance underwriting, the providing of insurance and assurance policies and products, the assessment of insurance and assurance claims and other related purposes;
- law enforcement and fraud prevention agencies and other persons tasked with the prevention and prosecution of crime;
- regulatory authorities, governmental departments, local and international tax authorities;
- credit bureaux;
- courts of law or tribunals; and
- marketing list providers.
We collect and process your personal data for the following purposes (the “Permitted Purposes”):
- our legitimate interests, which involves:
- evaluating whether to offer credit or a product or service to, or to enter into a transaction with, the Client or its business;
- providing our products and services to the Client, including arranging finance, acting as account bank, acting as documentation, facility or security agent or trustee, obtaining credit risk insurance and ensuring that agreements with and instructions from the Client are authorised and validly executed;
- business development (including marketing of our products and services to the Client – we will not send marketing communications to you in your personal capacity) and managing our relationship with the Client;
- assessing and managing the risks, including detecting and preventing theft, fraud, money laundering and other financial crimes;
- managing and improving our systems and processes, including through monitoring and managing their usage;
- complying with, or directly or indirectly facilitating compliance with, the requirements in any jurisdiction of any exchange, trading facility, trading system, organised market, clearing house, settlement system, exchange or other infrastructure provider to facilitate clearing and settlement (a “Market");
- protecting the security and integrity of our premises, information technology systems and information;
- investigating and responding to complaints and other incidents affecting our or our clients' businesses;
- complying with our internal policies and standards; and/or
- enforcing and defending our legal rights and those of our clients, staff and affiliates, including potential legal claims or disputes.
- complying with local and foreign laws and regulations, to co-operate with our regulators and other authorities, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets;
- carrying out know-your-client (“KYC"), anti-money laundering, anti-terrorism, anti-market-abuse, anti-bribery and corruption, anti-fraud / other financial crime and sanctions compliance activities, including identity checks and background screening;
- monitoring transactions and reporting on them to competent authorities;
- keeping records of communications with the Client, including recording telephone, emails and instant messaging; and
- responding to enquires from, and otherwise co- operating with, regulatory, tax, law enforcement and other governmental agencies, Markets, brokers or other intermediaries or counterparties and courts.
We may disclose personal data about you for the Permitted Purposes, to:
- other members of the Nedbank Group. Details of the Nedbank Group may be found at:
- representatives of the Client, including your colleagues;
- counterparty financial institutions, Markets and other persons from whom we receive, or to whom we make, payments, or with whom we conduct other transactions;
- actual or potential assignees, transferees or sub- participants of any of our rights, obligations, security or other interests relating to the Client;
- actual or potential providers of credit to the Client, where we are arranging credit for the Client or acting as account bank or documentation, facility or security agent or trustee;
- brokers, insurers, reinsurers and other credit support providers;
- our legal, accounting, insurance and other professional advisors;
- service providers who hold or process your personal data on our behalf, under strict conditions of confidentiality and security. We will, as appropriate, use third-party providers appointed by us or another Nedbank Group member for functions such as data and file systems, electronic communications, storage, back-up, destruction and other similar services;
- persons who take over our business and assets, or relevant parts of them;
- regulatory, supervisory, tax, law enforcement or other governmental agencies, which may include suspicious activity reports and suspicious transaction reports containing personal data for the purpose of combatting financial crime, such as money laundering, terrorist financing or market abuse;
- courts or litigation counterparties; and
- other persons where we are required by law or regulation to
These disclosures may involve transferring and/or processing your personal data to or in countries outside the United Kingdom, including, for example, the Republic of South Africa. These countries may not have data protection laws as strict as those applicable in the United Kingdom. In such cases, we will put in place appropriate safeguards such as data transfer agreements based on the UK Information Commissioner’s Office (ICO) standard contractual clauses in accordance with article 46(2) of the UK General Data Protection Regulation (“UK GDPR”). You may contact us for further information in this regard.
We retain personal data only for as long as reasonably necessary for the Permitted Purposes or as long as required by law or to resolve potential legal claims or disputes.
Depending on the data protection laws that are relevant to your situation and residence, you may have certain rights in respect of your personal data. If you are within the scope of UK GDPR, you have the following rights:
- Right to be informed – the right to ask us for information about what personal data of yours is being collected and processed by us, and why it is being collected and processed;
- Right of access – the right obtain access to your personal data;
- Right of rectification – the right to have your personal data corrected if it is inaccurate or incomplete;
- Right to erasure or ‘to be forgotten’ – the right to request that we erase your personal data in certain circumstances, such as when the data is no longer necessary for the Permitted Purposes, the data was unlawfully processed or there are no longer lawful grounds for us to collect or process the personal data (this includes instances where you withdraw your consent).
- Right to data portability – the right to receive a copy of your personal data from us, and to transfer your personal data from us to a third party (or from a third party to us), in each case in a commonly used machine-readable format;
- Right to restrict processing – the right to request that we restrict the way we process your personal data. This right might be used when you contest the accuracy of your personal data, our processing is unlawful but you do not want the data erased or when we no longer need the data but you require it to establish, exercise or defend a legal claim;
- Right to object to processing – the right to object to processing of your personal data in circumstances where the processing is (i) based on legitimate interests, the performance of a task in the public interest or the exercise of official authority (including profiling); (ii) direct marketing (including profiling); or (iii) processing for scientific/historic research or statistic;
- Right not to be subjected to automated decision making – the right not to be subject to a decision based solely on automated processing which produces legal effects for you or significantly affects you;
- Right to withdraw consent – if you have provided us with consent for the processing of your personal data, you are free to withdraw this consent at any time, although this may have a material impact on the ability of the Nedbank Group to continue to provide products or services to the Client.
Please contact us if you wish to exercise any of these rights.
You have the right to lodge a complaint with the UK ICO of an alleged infringement of your data protection rights. You can also lodge complaints with the local data protection authority, either where you live or work.
If you have any questions about this privacy notice or our collection or processing of your personal data, or if you wish to exercise your data protection rights, our contact details are below. We are committed to working with you to obtain a fair resolution of any complaint or concerns about privacy.
Head of Compliance: London Nedbank Limited, London Branch 7th Floor
12 Arthur Street London
Alternatively, you may contact your Nedbank London or N.B.S.A. Limited (as applicable) relationship manager and explain that your communication relates to data protection. This includes when you would like us to update your personal data.
We may need to update this privacy notice from time to time such as when laws and regulations change or when we change our internal policies, systems or processes.
You will be able to access the latest version of our privacy notice on our website (www.nedbank.co.uk).
Copyright 2021 Nedbank Limited, London Branch. All rights reserved