It is the responsibility of the Data Protection Officer to ensure that this notice is made available to data subjects prior to the collection and processing of personal data by Ecobank Nigeria.

All Employees/Staff who interact with personal data must seek the consent of data subject(s) for the secure processing of their personal data as well as ensure that this notice is brought to the attention of the data subject(s).

3.1 Who We Are

Ecobank Nigeria is a full-service bank in Nigeria, and an arm of Ecobank Group; the leading pan African bank with operations in 35 countries across the continent. Ecobank Nigeria focuses on providing wholesale, retail, investment, and transactional banking services to governments, financial institutions, multinationals, local companies, small and medium-sized enterprises (SMEs) and individuals.

Just like the parent company, Ecobank Nigeria delivers its services through three customer focused business divisions: Consumer Banking, Commercial Banking and Corporate and Investment Banking.

In addition to offering relevant financial solutions to corporates, public corporates, financial institutions and international organizations, the bank also focuses on Personal Banking and Microfinance, providing convenient, accessible, and reliable financial products and services to individual customers, leveraging an extensive branch and Automated Teller Machine (ATM) network and Points of Sale (POS), diaspora services as well as mobile, internet and remittances banking platforms.

Ecobank Nigeria operates a sustainability framework, which reflects the bank’s commitment to drive economic transformation in Nigeria, and Africa as a whole, while protecting the environment and being a socially responsible financial institution with a world-class professional perspective.

 

3.2 Lawful Bases of Processing

At Ecobank Nigeria, we are committed to ensuring in how we collect, use and safeguard personal data in line with applicable data protection laws.

Ecobank Nigeria rely on the following lawful bases for processing the personal data we collect:

• Legal/regulatory obligation
• Consent from the data subject
• Performance of contract obligations
• Any legitimate interests pursued by us or authorized third parties.
• Vital interest
• Public interest

We ensure that every purpose for which we process your personal data is supported by at least one of these lawful bases. Where required, especially when handling sensitive data or optional services, we will seek your explicit consent before processing.

 

3.3 Purpose of Processing Personal Data

As a financial institution, we are committed to protecting your privacy and ensuring the security of your personal data. The information we collect from you is processed for the following purposes: 

• Account Management: To open, maintain, and manage your accounts, including processing transactions and providing account statements.
• Customer Service: To respond to your inquiries, provide support, and enhance your overall banking experience.
• Compliance with Legal Obligations: To comply with applicable laws and regulations, including anti-money laundering (AML) and know your customer (KYC) requirements.
• Risk Management: To assess and manage risks associated with lending and other financial services, including credit assessments and fraud prevention.
• To fulfill contractual obligations with customers such as Advance Payment Guarantee (APG), Investment (Treasury bills, Bonds, Euro bonds) Import and Export Transactions.
• Marketing and Communication: To inform you about our products, services, promotions, and updates that may be of interest to you, subject to your consent.

We ensure that your personal data is processed in accordance with applicable data protection laws and is kept secure.

 

3.4 Scope of Data Processing

We process your personal data to deliver essential banking services and manage our relationship with you effectively, fulfill contractual obligations and carry out marketing activities where necessary. The table below outlines the major types of personal data we collect, the purpose for processing, and the lawful bases for processing.

S/N	Type of Personal Data	Purpose of Processing	Source	Lawful Basis
1	Customer Name (such as full name) Mothers Maiden Name, Bank Verification Number(BVN),Date of Birth, Place of birth, State of Origin, Local Government Area, Marital Status, Means of Identification(NIN/Driver’s License/International Passport/Voter's card Number) ,Nationality (Non-Nigerian) & Resident Permit Number, Residential Address, Phone number, Email Address, Next of Kin Details(Name, Date of Birth, Address, Email, Phone Number), Additional Details(Spouse name , DOB),Employment Details(Employers Address and Name),Religion(Optional),Debit/credit card number, Tax Identification Number	Account Creation , Identity verification, KYC/AML compliance ,Digital Onboarding	Account Opening Form	Contract performance Other lawful basis are Legal obligation, data subject consent
2	Financial Data (e.g., account numbers, transaction history, credit information)	Transaction processing, creditworthiness assessment, fraud detection and providing banking services	Core banking systems, credit bureaus	Contract performance Other lawful basis are Legal Obligation, Legitimate interest
3	Name (such as full name),Date of Birth, Place/Country of birth, State of Origin, Marital Status ,Nationality, Residential Address, Phone number, Email Address, Dependent Details(Name), Next of Kin (Name, Address, Email, Phone Number), Previous Employment Details(Employers Address and Name),Tax Identification Number ,Pension ID,NHF Number , Referee Details(Name, Address, Email, Phone Number),Academic Qualifications, Medical Information (health history for successful candidate),Applicant Curriculum vitae	Employment Purpose, Background Check, Interview	Employment forms, CV	Contractual Obligation Other lawful basis are consent and legitimate interest
4	Personal characteristics such as Biometric Records (e.g., fingerprints, facial recognition, face/selfie data),Handwriting, Photographic image, etc.	Secure access, identity verification, fraud prevention	BVN registration, mobile app login, CCTV coverage, passport photographs, Phone cameras etc.	Consent Other lawful basis is Legal obligation
5	CCTV/Surveillance Data (e.g., in-branch video recordings)	Security monitoring, fraud/crime prevention	CCTV systems	Legitimate interest Other lawful basis is Legal obligation
6	Communication Records (e.g., emails, call recordings)	Quality assurance, dispute resolution, compliance	Contact centers, CRM systems	Legitimate interest Other lawful basis is Legal obligation
7	Customers Email Address and Phone Number	Marketing Preferences (e.g., opt-in/opt-out status),Customer input	Digital Channels, Account Opening Forms	Consent Other lawful basis is Legitimate interest
8	Vendor Name, Email address, Contact person phone number, business address	Vendor Onboarding, Vendor Validation/Information Processing	Proposal, SLA	Contractual Obligation
9	Digital Asset Data (e.g., IP address, MAC address)	Cybersecurity, fraud detection, system optimization	IT systems, online banking platforms	Legitimate interest

 

3.5 Consent

Ecobank requires your explicit consent to process collected personal data. By consenting to this privacy policy, you are giving us the permission to use/process your personal data specifically for the purpose identified before collection.

If, for any reason, Ecobank is requesting sensitive personal data from you, you will be rightly notified why and how the information will be used. You may withdraw consent at any time by requesting for Withdrawal of Consent form, following the Ecobank’s Withdrawal of Consent Procedure.

3.6 Disclosure

1. Data Sharing Within the Ecobank Group

Ecobank Nigeria is a subsidiary of Ecobank Transnational Incorporated (ETI), and as part of the Ecobank Group, we may share certain personal data with other group entities where necessary to support our operations.

In particular, we may share relevant personal data with EPI Nigeria, another ETI subsidiary, which provides us with technology infrastructure and management support. This data sharing is conducted strictly in line with applicable data protection laws and is limited to what is necessary to fulfill specific operational or contractual obligations.

2. Data Sharing with third parties

Ecobank will not share your personal data with third parties without your prior consent, except where such disclosure is required by law(legally binding request) or necessary for the performance of our contractual obligations to you.

We ensure that any such data transfers are governed by appropriate safeguards, including data processing agreements and confidentiality obligations, to protect your personal information and uphold your rights.

Any disclosure of your personal data to third parties for purposes that are not legally binding will not be carried out without your prior consent.

Ecobank may share your personal data with trusted third parties who are essential for delivering our banking services to you, including service providers, payment processors, and personalization companies for card production, as outlined in the table below:

Third Party	Purpose of Processing
Personalization Company SecureID, E-pay Plus, Berkly	Card Production
Nigerian Interbank Settlement System NIBBS, NAPS	Online real-time transaction routing and settlement
Unified Payment, Interswitch	Settlement, reconciliation, interbank payment
CBN licensed POS terminal service providers and ITEX	Provide POS configuration and merchant support
Remitta	Transaction processing for banks customer

We ensure that all third parties we engage with to provide banking services maintain the highest standards of service and compliance. This includes ensuring that they are compliant with the Payment Card Industry Data Security Standard (PCI DSS) and the Nigeria Data Protection Act 2023 (NDPA), thereby safeguarding your personal information and enhancing the security of our services.

3. Transfer to Countries

Ecobank will not transfer your personal data outside Nigeria unless such transfer is conducted securely and in full compliance with applicable data protection laws.

Personal data is only transferred to countries or entities with adequate data protection measures approved by the Nigeria Data Protection Commission. Where adequacy is not established, transfers occur only with your explicit consent or under specific lawful bases such as contract performance, vital interests, public interest, or legal claims. We implement robust safeguards, regularly review protections, and maintain full transparency to uphold your privacy rights and ensure you retain control over your personal information.

 

3.7 Data Subject Rights

At any point while Ecobank is in possession of or processing your personal data, you, the data subject, have the right to:

• Request a copy of the information that we hold about you.
• Correct the data that we hold about you that is inaccurate or incomplete.
• Ask for the data we hold about you to be erased from our systems/record.
• Restrict processing of your personal data where certain conditions apply.
• Have the data we hold about you transferred to another organization.
• Object to certain types of processing like direct marketing.
• Object to automated processing like profiling, as well as the right to be subject to the legal effects of automated processing or profiling.
• Judicial review, if Ecobank refuses your request under rights of access, we will provide you with a reason as to why. And you have the right to complain as outlined in clause 3.8 below

All the above requests will be forwarded, should there be a third party involved in the processing of your personal data.

3.8 Complaints

If for any reason you wish to make a complaint about how Ecobank (or any of our third parties described in 3.6 above) processes your personal data, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and the Data Protection Officer of Ecobank Nigeria.

Below are the details for each of these contacts:

Supervisory Authority	Ecobank Nigeria
Contact Name: National Data Protection Commission	ENG Data Protection Officer
Address: No 12 Clement Isong Street, Asokoro, Abuja, Nigeria	270 B1 Ozumba Mbadiwe Avenue, Victoria Island Lagos
Email: info@ndpc.gov.ng	privacymanager_eng@ecobank.com
Telephone: +234 (0) 916 061 5551	8720008, 8720058, 2348023389860

How We Use Your Information

This privacy notice tells you how we, Ecobank Nigeria, will collect and use your personal data for relationship management, profiling, business analytics/development, communication, registration, subscription, cookies, and all-round efficient service delivery.

Information We Collect

We may collect some personal information from you directly. We may collect information from you when you register on our various platforms which includes Internet banking portal, Mobile App, Rapid Transfer, Personal banking channels, WhatsApp/Facebook.

• We may collect information from you when you register on our Internet Banking portal.

  We may collect, amongst others, your name, e‐mail address, phone number, date of birth, nationality, gender, residential address, identity (ID) number, copy of your ID and a photograph, biometric data, device ID, device location, and details of your Debit/Credit/Prepaid Card. We collect information about you based on your use of our products, services, or service channels (like our websites, applications, ATMs).

  In addition to creating an Internet Banking Profile, we collect and process your Debit/Credit/Prepaid Card information such as the Card PAN, Expiry Date, Card Currency, Name on Card, and Card Billing Address.

  In certain circumstances, we collect information about you whereas you do not have a direct relationship with us, for example if you are a beneficiary of transfer of funds made by our customer.




• We may collect information from you when you register on our mobile app.

  We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location when onboarding on our Xpress Account service.

  We may collect your name, e-mail address, phone number, date of birth, gender, residential address, ID number, Face/Selfie Data, device ID, and device location when onboarding on our MySME App

  Our identity verification Third Party SDK Provider collects your personal data via our Mobile App (MySME) through the use of Apple's Inc. 's (“Apple”) TrueDepth Application Programming Interface (“TrueDepth API”).

  The use of your personal data collected as a result of this is to ensure liveness and confirm that the user is a real person. This data is used exclusively for real-time analysis during the verification process and is not stored. We use ARKit to capture your face 3D spatial orientation and facial expressions. Once liveness is verified, we proceed to capture your facial image.

  Importantly, TrueDepth data is never persistently stored on the user's device nor transmitted outside the device. Its usage is strictly limited to ensuring that the captured selfie image is of a live user.

  For debit card onboarding, we may collect debit card number and PIN from you and collect other personal information from our core banking system as part of your profile creation in the mobile app. For internet banking onboarding, we collect username and password from you and collect other personal information from our core banking system as part of the profile creation.




• We may collect information from you when you register on our channels.

  We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location (when onboarding on our Xpress Account service).




• We may collect information from you when you register on our Rapid transfer App.

  We may collect, amongst others, your name, e‐mail address, phone number, date of birth, nationality, gender, residential address, identity (ID) number, copy of your ID and a photograph, biometric data, device ID, device location, and details of your Debit/Credit/Prepaid Card. We collect information about you based on your use of our products, services, or service channels (like our websites, applications, ATMs).

  To create a Rapid transfer Profile, we collect and process your Debit/Credit/Prepaid Card information such as the Card PAN, Expiry Date, Card Currency, Name on Card and Card Billing Address.




• We may collect information from you when you register on our chatbot.

  We may collect your name, e‐mail address, phone number, date of birth, gender, residential address, ID number, device ID, and device location. When onboarding on our Xpress Account service, we may also collect information about you from your profile on Facebook.

  We may collect information identifiers and information such as IP address, browser version, operating system, and software data. When we collect information about you from your profile on Facebook, the privacy notice between you and Facebook shall apply.




• We may collect and combine information when you register on our mobile banking services

  including information you provide to us, device IDs, cookies, and other signals, including information obtained from third parties, to associate accounts and/or devices with you. We collect information about you when we receive it from third parties and affiliates. We may collect information about you based on how you engage or interact with us on social media, emails, telephone calls and surveys.

We collect information from devices such as mobile phones and tablets about how you interact with our services and those of our third-party partners and information that allows us to recognize and associate your activity across devices and services. This information includes device specific identifiers and information such as IP address, cookie information, mobile device and advertising identifiers, browser version, operating system type and version, mobile network information, device settings, and software data.

In certain circumstances, we collect information about you whereas you do not have a direct relationship with us, for example if you are a beneficiary of transfer of funds made by our customer.

 

Why Does Ecobank Need to Collect and Store Personal Data?

We need to collect your personal data in order for us to provide you with our services as mentioned in clause 3.1 above. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose(s) only and will in no way invade your privacy. If there is a need to use your personal data for marketing purpose, Ecobank will ensure to seek additional consent from you.

Will Ecobank Share My Personal Data with Anyone Else?

Ecobank only shares personal information with other companies or individuals in the following limited circumstances:

We have your consent. We require consent for the sharing of any sensitive personal information.

Ecobank may pass your personal data to third-party service providers contracted by us. Any third party that we may share your personal data with is under an obligation to secure your details and use them only to fulfill the service for which they were contracted. When they no longer need your details to fulfill this service, the data will be disposed in line with the Ecobank’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are required to do otherwise, legally.

We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Ecobank, its users or the public as required or permitted by law.

If Ecobank becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

How Will Ecobank Use the Personal Data It Collects About Me?

We will process (collect, use, and store) the information you provide in a manner that complies with the EU’s General Data Protection Regulation (GDPR) and the Nigeria Data Protection Regulation (NDPR/A). We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. Ecobank is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. The retention period for certain kinds of personal data may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.

Information collected will be used for:

• Services

  We use your data we have collected to authenticate you and authorize access to our services on the channels. These services include, amongst others, money transfer services, KYC validation, and exchange rates conversion.




• Communication

  We will contact you through email, short message services (SMS), phone call, and other ways through our services, including text messages and push notifications. We will send you messages about the availability of our services, security, or other service-related issues. We also send messages about how to use the services and network updates.




• Advertising and Marketing

  We serve you tailored advertisements through our apps, other channels, and media of our services. We target advertisements in our Apps and through other channels and media to customers of our services through a variety of ad networks and exchanges, using data from advertising technologies and information from advertising partners, publishers, and data aggregators.

  We use data and content about our customers for invitations, promotions, and communications solely for promoting our services.

  We will only send you marketing communications, including advertisements and promotional emails, if you have provided your consent. You may choose to opt out  by unsubscribing at any time using the link provided in our emails or by contacting us directly.




• Customer Support

  We use the data needed to investigate, respond to, and resolve complaints and service issues.




• Security, Fraud, and Investigations

  We use your data for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy and/or attempts to harm our customers and/or visitors.

How do we secure your information?

Ensuring the security of our systems and safeguarding our users' information is of utmost importance to Ecobank. It is fundamental to upholding the integrity of our brand and providing our customers with a secure and trustworthy experience across all our platforms, including our websites, apps, advertising services, products, and technologies. Our commitment to protecting user data is integral to maintaining the trust our customers place in us:

• Ecobank has technical, administrative, and physical safeguards in place to help protect against unauthorized access, use or disclosure of customer information we collect or store.
• We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information.
• We offer the use of a secure transmission, processing and storage services using standardized security safeguards.
• All supplied sensitive/credit information are encrypted via transaction layer security (TLS) technology during transmission to avoid misuse of your data. Card Number (PAN), CVV and expiry date of any debit, credit and prepaid cards attached to our apps are tokenized and stored on our backend systems at our data processor.
• Your personal information may be accessible by those authorized with special access rights to such systems and are required to keep the information confidential. Information such as PINs and passwords are not accessible to our authorized personnel.

 

Under what circumstances will the Ecobank Contact Me?

We do not intend to be intrusive, and we will not ask irrelevant or unnecessary questions. Moreover, we will subject the information you provide to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure.

Can I Find Out the Personal Data That Ecobank Holds About Me

Ecobank, at your request, can confirm what information we hold about you and how it is processed. If we do hold your personal data, you have the right to request the following information:

• Contact details of the data protection officer, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• Information about interests, if the processing is based on the legitimate interests of Ecobank or a third party.
• The categories of personal data collected, stored, and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• Information about how we intend to securely transfer the personal data to a third party or international organization. The Attorney General of the Federation will approve sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing.
• Information about your right to withdraw consent at any time.
• How to lodge a complaint with the supervisory authority (NDPC).
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if you didn’t provide it directly.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

 

How long will Ecobank Store My Personal Data?

We keep most of your personal data for as long as your account is active. We retain the personal data you provide while your account is in existence or as needed to provide you with our services.

What Forms of ID Will I Need to Provide in Order to Access This

Ecobank accepts the following (but not limited to) forms of ID when information on your personal data is requested: International Passport, Driving License, National Identity Card, and Permanent Voter’s Card.

We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, and prevent fraud.

Our services are for a general audience. We do not knowingly collect, use, or share information that could reasonably be used to identify children without prior parental consent consistent with applicable law.

We may update this Privacy Notice to reflect changes to our information practices, if we make any material changes, we will notify you by an email (sent to the email address specified in your account) or by means of a notice on this website or via a link from your mobile application prior to the change becoming effective. We encourage you to periodically review this page for updates on our privacy practices.

If you have any questions or suggestions regarding our privacy policy, please contact our Data Protection Officer.

Contact details of the	Data Protection Officer:
Contact Name:	ENG Data Protection Officer
Address:	270 B1 Ozumba Mbadiwe Avenue, Victoria Island Lagos
Email:	privacymanager_eng@ecobank.com
Telephone:	8720008, 8720058, 2348023389860