Personal
Business
Wealth

Protection Of Personal Information

The Protection of Personal Information Act 4 of 2013 (POPIA) aims to promote the right to protection of personal information stipulated in the Constitution of South Africa. POPIA introduces conditions for minimum requirements in for the processing of personal information. POPIA also established the Information Regulator South Africa who will exercise its powers in terms of POPIA.

Standard Bank may be subject to code of conducts for the processing of personal information of industry bodies and associations that it may be affiliated with and which codes are approved and issued by the Information Regulator. In 2022, the Information Regulator approved the Code of Conduct for the Processing of Personal Information by the Banking Industry of the Banking Association South Africa.

Standard Bank’s compliance with POPIA is constructed on the conditions in the legislation.

Accountability

We have necessary frameworks and policies to ensure your personal information is processed correctly.

We have accordingly appointed the Information Officer and Deputy Information Officer as well as established the Data Privacy Office to keep us accountable.

 

Processing limitation

We will never ask for more personal information than what we need or use your personal information beyond what we need to.


Your personal information is processed within the ambits of the law, moderately and to your knowledge. We will only share your information, locally or internationally, where necessary. There are special rules for the processing of special information such as your religious or philosophical beliefs, your race or ethnic origin, your trade union membership, your political persuasion, health or sex life, your criminal or biometric information. We also treat children’s personal information is also processed with caution.

The Bank does rely on automated decision-making, as our strategy centres around digitizing our service provision to enhance convenience in your interactions with us.

Purpose specification

We will tell you what we need your information for and not keep it longer than necessary.

Personal Information is collected for a clear, legitimate purpose that is also openly stated. Unless specific exceptions apply, the collected personal information about you won't be kept any longer than is required to fulfil the purpose for which it was acquired or processed.

Further processing limitation

We will only use your information for another purpose if justified.

If we need to process your personal information for secondary purposes, it will only be with your permission or justified in POPIA.

Information quality

We strive to always keep your information accurate.

To ensure that the personal information in our possession is comprehensive, accurate, not misleading, and updated as needed, we have taken reasonable procedures and rigorous processes. We also need you to update your details when it changes in accordance with our terms and conditions.

Openness

We will tell what information we have about you, how we use it and how you can access it.

At Standard Bank you are entitled to know how we process your personal information when we collect it as well as in our Privacy Statement and PAIA Manual

Security safeguards

We take the protection of your personal information seriously.

The security of your personal information is important to us and we take reasonable steps to keep your personal information safe and to prevent loss, destruction of and damage or unlawful access to your personal information by unauthorised parties.

We require the same level of security to be implemented by our service providers and other third parties. However, you must not share or send us any personal information through unauthorised channels, as these are not a secure way of communication and carry a risk of interception and unauthorised access. You should only share personal information through our authorised channels.

Should it happen that your personal information has been accessed by any unauthorised person, we will immediately notify you and guide you on additional measures to take to prevent further unauthorised access. We have an obligation to report the unauthorised access to the Information Regulator.

Data subject participation

Your voice matters.

You have the right to ask that any personal information kept about you that is incorrect, out-of-date, excessive, irrelevant, or was obtained illegally be corrected or deleted. You can also ask us to delete any personal information we no longer have permission to keep.


POPIA provides the following rights to data subjects:

Right to be informed of how your information is being processed

Right of access to personal information that we hold.

Right to correct any incorrect personal information held by us

Right to request deletion or destruction of your personal information if we no longer have a lawful reason to have, use, or store it.

Right to object to the processing of your personal information if we no longer have a lawful reason to have or use for direct marketing purposes

Right to opt out of direct marketing

Right to complain to the Information Regulator, but we urge to you exhaust Standard Bank’s internal processes.

Visit Data Privacy Centre to request to exercise your rights.