1. Who We Are (Data Controller)
For all matters relating to personal information protection, we act as the Data Controller under the Personal Data Protection Act, 2022 (PDPA).
For all matters relating to personal information protection, we act as the Data Controller under the Personal Data Protection Act, 2022 (PDPA).
2. Scope of this Notice
This Notice applies to all visitors and users of our public website, mobile & internet-banking applications, branch Wi-Fi portals, and any digital channels that link to it. It explains:
3. Key Definitions
Term | Meaning |
Personal information | Any information that identifies or can identify you, either alone or combined with other data. |
Special-category information | Sensitive data such as health, biometrics, religious beliefs, etc. We do not intentionally collect these through our digital channels. |
Processing | Any action we perform on personal information (collect, store, use, share, delete, etc.). |
4. What We Collect & Why
Category | Examples | Purpose(s) | PDPA 2022 Legal Basis |
Identity & KYC | Names, Place of birth, date of birth, photo, physical address and NIDA/Passport. | -Account opening (AML/CFT/CPF) -Due diligence (AML/CFT/CPF) | -Legal obligation (AML/CFT/CPF) -Performance of contract |
Contact | Phone, email, and postal address | - Sending bank statements -alerts and service updates | - Legal obligation (Financial Consumer Protection) - Performance of contract |
Financial | -Account numbers -Account balances -transaction profile and history | -Provide banking services, -Detect fraud | - Performance of contract - Legal obligation (AML/CFT/CPF) -Legitimate Interest (Fraud control) |
Device & Technical | -Device ID, -IP address, -OS, browser, app version | -App security, troubleshooting, analytics | -Legitimate interests (security & service improvement) |
Location (GPS) | -Real-time location (only when you enable it) | -Show nearby ATMs/branches, detect unusual login locations | -Consent |
Behavioural & Preference | -Clickstream, language, and preferred branch | -Personalise content, UX optimisation, marketing (with consent) | -Legitimate interests -Consent |
CCTV images | Footage at branches, ATMs and the head office | -Premises security and -Crime prevention | Legal obligation, Legitimate interests |
We never sell your personal information.
5. How Long We Keep It
Data set | Typical retention | Rationale |
Core account & KYC records | 10 years after account closure | Anti-fraud & statutory record-keeping (BoT & FIU as per the AML/CFT/CPF) |
Transaction logs & audit trails | 10 years after account closure | Compliance with the AML/CFT/CPF |
Mobile / Internet-banking access logs | 10 years after account closure | Compliance with cybersecurity |
CCTV footage | 90 days (routine) | Compliance with the Physical Security Regulation |
Marketing consents | Until you withdraw | PDPA consent validity |
After expiry, we securely delete or irreversibly anonymise the information.
6. How We Share Information
No other third parties receive your data without your knowledge and a lawful basis.
7. Cross-Border Transfers
Where servers or support teams are located outside Tanzania, we ensure adequate safeguards such as:
A copy of the relevant safeguards can be obtained on request.
8. Your PDPA Rights & How to Exercise Them
Right | What it means | Standard response time |
Access | Obtain a copy of your personal information | 30 days |
Rectification | Correct incomplete or inaccurate details | 30 days |
Erasure | Ask us to delete information no longer required (only if permitted by the law) | 30 days |
Restriction | Pause processing while a dispute is resolved | 30 days |
Objection | Object to processing based on direct marketing | Immediately |
Withdraw Consent | Stop optional uses (e.g., GPS, marketing, etc) | Immediately |
Complaint | Complain to the Personal Data Protection Commissioner (PDPC) if unsatisfied | Immediately |
Contact for rights requests:
Email: DataProtectionTanzania@accessbankplc.co.tz
Toll-Free: 0800 714 141
9. Cookies & Similar Technologies
We use:
You will see a cookie banner when you first visit. You can change or withdraw consent anytime via “Cookie Settings” at the page footer or in your browser.
10. Security Measures
We have implemented reasonable and effective security policies and procedures to protect your personal information from unauthorised access, data loss, misuse, alteration, or destruction. To the best of our ability, access to your personal information is limited to those who have a need to know and are required to maintain its confidentiality at all times. Despite our best efforts and intentions, we acknowledge that security cannot be guaranteed against all threat actors. Hence, we also make reasonable efforts to retain personal information only for as long as necessary.
11. Automated Decision-Making
We do not take decisions that produce legal or similarly significant effects solely by automated means without human review.
12. Children
Our digital services are not directed to persons under 18. Where child-categorised accounts are offered, we collect and process personal information only with the verified consent of a parent or legal guardian.
13. Changes to this Notice
We may update this Privacy Notice periodically. Any material changes will be highlighted in-app and on our website. The date at the top shows when it was last revised.
14. Contact Us
Toll-Free: 0800 714 141 | E. il: DataProtectionTanzania@accessbankplc.co.tz
Access Bank Tanzania PLC
5th & 6th Floor, Uhuru Heights Building
Bibi Titi Road, Upanga, Dar es Salaam, Tanzania
Toll-Free: 0800 714 141 | Email: DataProtectionTanzania@accessbankplc.co.tz
If you are dissatisfied with our response, you may contact:
Personal Data Protection Commission (PDPC), Government City, Mtumba, Dodoma.
Latest News