Privacy Policy

We care about your privacy

Access Bank PLC is a commercial bank and a Nigerian multinational commercial bank, owned by Access Bank Group and licensed by the Central Bank of Nigeria. This Privacy Policy explains what information we collect, how we collect, share, use, and protect your personal information when you visit or use this site and other services offered by Access Bank Plc.  As our customer or other data subjects, be assured that we will keep protecting your information as we have always done. Our customers and other data subjects have the opportunity to make choices about how their personal information may be shared, and we encourage you to make choices that enable us to provide you with quality products and services that help you meet your financial needs.

What constitutes consent?

You consent to our use of your personal information when you (voluntarily) provide us with them to access any of our products online or in any of our banking outlets. You also consent when you sign forms or documents enabling us to provide certain services to you.

Security of personal information

Safeguarding your personal information is our main concern. We maintain physical, electronic and procedural safeguards that comply with applicable laws to secure your information from unauthorized access and use, accidental or unlawful alteration and destruction; and other unlawful or unauthorized forms of processing.  We engage in the continuous training of our employees in the proper management of personal information. When we use other companies to provide services, we require them to protect the confidentiality of the personal information they receive.

At Access Bank Plc, we take data protection very seriously and we provide our customers with all necessary data security to protect such personal information from unauthorized access. We require any third parties who carry out any work on our behalf to comply with appropriate compliance standards to protect your information. We are pleased to announce that we comply with global best practices and requirements of Nigeria Data Protection Act 2023 and other relevant legislation.

The information we collect

We collect your personal information necessary to open a bank account as mandated by the Central Bank of Nigeria. They include name, address, telephone number, email address, contact address, references, BVN, mother’s maiden name, photographs, means of identity etc. All these require that personal data are collected voluntarily and clearly when you access our products online or offline. When you visit any of our branches or use of automated teller machines, our CCTV and attached cameras also collect your images for security and quality control purposes.

How do we collect information?

We may collect information from a range of sources and it may relate to any of our products or services we currently provide or may have provided in the past.

We collect your personal information when...

• you open an account or perform transactions such as make deposits or withdrawals from your account, payment history and transactions records
• you apply for a loan or use your credit or debit card
• you seek advice about your investments
• you seek information from our customer service provider, information concerning complaints and disputes
• we seek information about your credit history from credit bureaus
• you provide account information such as your personal details e.g. name, gender, date and place of birth;  contact information such as address, email address, and mobile numbers, provide your employment information
• you provide information concerning your identity e.g. photo ID, passport information, National ID card and nationality
• you complete bank verification number procedure e.g finger prints, facial images, other personal information as mandated by law.
• you use your login credentials for online banking and mobile banking apps
• through our ATM machines mounted with cameras to monitor transactions subject to the Central Bank’s regulations.
• we conduct necessary investigations i.e., due diligence checks, and AML/CFT checks and obtain information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious and unusual activities.

Note that we may collect information about your computer (or mobile device), including where available your IP address, operating system, and browser type, for system administration or for our own commercial purposes. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Basis for Processing Information

We shall process your information on the following basis:

• To enter and perform our contractual obligations.
• To comply with our legal obligations
• For the performance of a statutory duty
• For the legitimate interest of Access Bank Plc and our Data Subjects.
• To satisfy a public interest
• Prior consent has been obtained from data subjects for the use and processing of personal data.

How we use your information

• Access Bank will only use your information when you have provided your consent or when the Bank is required by law to do so or when our services (contract) require same.
• We use the information we collect to provide customers with excellent products and services, to manage our business and to offer an enriched and enhanced customer experience.
• We make appropriate use of your data to manage transactions, respond to your requests, and to provide you with more relevant products and services.
• We use your information to deliver our products and services, carry out your instructions, and provide Online Banking, mobile banking and other online products and services.
• We use this information to detect and prevent financial crimes including fraud, financing for terrorism and money laundering, this is to ensure security and business continuity.
• We will use your information to meet our compliance obligations, to comply with laws and regulations and to share it with regulators when absolutely necessary.
• We may also use personal information we have about you such as your email address to deliver advertising to you directly or on our websites, provide updates on special deals and offers that might interest you (unless you tell us otherwise).
• We may send you general announcements or important news about your account, request your feedback and we believe you should be able to select what kinds of information you receive from us via email.
• We may need to record conversations you have with us including phone calls, face-to-face meetings, letters, emails, and any other kinds of communication. These recordings may be used to check your instructions to us and improve our product and service delivery.
• When you visit our branches, we use CCTV cameras for security reasons and record keeping.

Who we share your information with

Towards enhancing our service delivery, we may share data with our technical support and other service providers, partners, associates, and subsidiaries in the group. However, where applicable, we execute compliant data-sharing agreements or data-processing agreements to provide an extra layer of protection for personal information shared in the process.

Individual rights

• The right to be informed
  

  To emphasize the need for transparency over the usage of personal data, we ensure fair processing and adequate provision of information typically through this privacy policy.

• The right of access
  

  Individuals have the right to access information the Bank holds, access their personal data and other supplementary information and obtain information about how we process it.

• The right to restrict processing
  

  Individuals have a right to ‘block’ or withdraw their consent to our processing of your information, which you can do at any time. When processing is restricted, we are permitted to store personal data, but not further process it.

• The right to rectification
  

  Individuals are entitled to have personal data rectified if it is inaccurate, outdated, or incomplete. If this personal data in question has been disclosed to third parties, they must be informed of the rectification where possible. The Bank must also inform the individuals about the third parties to whom the data has been disclosed where appropriate.

• The right to erasure/deletion
  

  Individuals have the right to request the deletion or removal of personal data where there is no compelling legal or regulatory requirement for its continued processing. The Bank will make sure that this right is protected.

• The right to data portability
  

  Where practicable, we will ensure that personal data is moved, copied or transferred easily from one IT environment to another in a safe and secure way, without hindrance to usability.

• The right to object
  

  Individuals have the right to object to our processing of their information in some circumstances.

Available remedies

In the event of an infringement of data protection rights, we will ensure any damage is remedied within the shortest possible time. However, you are at liberty to report to the Nigeria Data Protection Commission (the NDPC) or seek other legal remedies.

Time Frame for Remedy

At Access Bank Plc, we are committed to promptly addressing any violations of data subjects' rights. Upon receiving a complaint or becoming aware of a breach, we will acknowledge the issue within 72 hours. We aim to fully resolve all issues within one (1) month. In cases where more time is required due to complexity, we will inform the data subject of the extension and the reasons for it within the initial one-month period.

Cookies Policy

A cookie is a small file that is placed on your computer’s hard drive. Its functions include storing your login and session statuses, recording your user preferences, and analyzing web traffic.

Cookies enable websites and applications to store your user preferences in order to enhance your overall website experience by better understanding your preferences, likes and dislikes. They also allow websites to identify when users are logged on their site and when they return to their site, test new content and analyse web traffic with data analytics. Apart from the data that you elect to disclose and share with us, we cannot access your computer or any other information about you with cookies.

Although most browsers automatically accept cookies, you can amend your browser settings to disable cookies. This may however prevent you from fully experiencing the website as it was intended.

How long we keep your information

Access Bank Plc shall keep your information for as long as it is necessary and relevant to the purposes set out in this Privacy Policy unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we may either delete or anonymize such information, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from further processing.

Children

Access Bank Plc understands and acknowledges the importance of safeguarding children’s privacy, hence, our sites are not intentionally designed for or directed at children under the age of 18 It is our policy never to knowingly collect or maintain information about anyone under the age of 18, except as part of an engagement to provide child-categorized account opening services which requires parental guardianship.

Data security and integrity

We have implemented reasonable and effective security policies and procedures to protect your personal information from unauthorized access, data loss and misuse, alteration, or destruction. To the best of our ability, access to your personal information is limited to those who have a need to know and are required to always maintain the confidentiality of such information. Despite our best efforts and intentions, we acknowledge that security cannot be absolutely guaranteed against all threat actors. Hence, we also make reasonable efforts to retain personal information only for so long;

• as the data subject asks that the information be deleted
• as necessary to comply with legal, regulatory, internal business or policy requirements, or
• the information is necessary to comply with an individual’s request.

Principles of data protection

The Nigeria Data Protection Regulation 2019 mandates us to provide a highlight of the principles of data processing which our Bank fulfills as follows:

• We ensure our processing of personal data is lawful, fair, and transparent.
• We only collect the required and relevant personal data for our services and activities.
• We retain personal data for only as long as necessary or permitted by law.
• We ensure the personal data kept are updated and accurate. 
• For as long as practicable, we enable the transfer of data from our Bank to other entities when requested.
• We only use the data collected for the purpose disclosed or contemplated.
• We remain accountable for the personal data controlled by us.

Automated decision making

Except as otherwise declared by the NDPC, we do not engage in automated decision-making as all our processes have human intervention.