Data Protection & Privacy Notice

Privacy Notice

In this Privacy Notice, ‘we’, ‘us’, ‘our’, ‘ourselves’ and ‘the Bank’ mean Cooperative Bank Tanzania Limited, a licensed commercial bank incorporated in the United Republic of Tanzania and regulated by the Bank of Tanzania. The Bank is committed to protecting your privacy and ensuring the confidentiality, integrity and security of your personal data. This Privacy Notice explains the types of personal information we collect, how we use it, who we share it with, how we protect it, and your rights under the Personal Data Protection Act 2022.

Who We Are

Cooperative Bank of Tanzania Limited ("the Bank") is a licensed commercial bank incorporated in the United Republic of Tanzania and regulated by the Bank of Tanzania. The Bank provides banking and financial services to individuals, businesses, cooperatives and institutions while ensuring that personal data is processed lawfully, fairly and transparently.

Scope of this Privacy Notice

This Privacy Notice applies to any individual located within or outside the United Republic of Tanzania who enquires about, applies for, purchases or uses the products and services provided by the Bank.

Ways We Obtain Personal Information

We may collect information about you from the following sources:

Information we receive from you

We obtain personal information about you through your interactions with us generally, including by telephone calls (which may be recorded, and you will be made aware of the recording before it happens), by email, via our websites, via application (CoopPesa), internet banking, ATMs, social media platforms, or other forms, or face to face (e.g. in meetings). We collect personal information — such as your name, contact details, financial details, employment and education details, nationality, date and place of birth, marital status, biometric information (where applicable), passport or other identification details and details of visits to our premises — that you provide to us when you:

  • Enquire about our products and services;
  • Submit applications to open an account; and
  • Subsequently correspond with us.

Information we collect about you

We collect information about you by monitoring your access to our premises (e.g. CCTV). We also collect information about how you interact with our website, including IP addresses or other device information.

Information we receive from third parties

We receive information about you from third parties (e.g. credit reference agencies).

How We Use Personal Information

We process your personal information for the purposes set out in this notice. Different legal grounds apply depending on what category of personal information we process. Standard personal information is normally processed by us on the basis that it is necessary for the performance of a contract, our or a third party's legitimate interests, or law. Further information about this and special-category processing grounds is set out below.

We process the following informationFor the following purpose(s)Based on the following justification
Name, ID Number, Nationality, Passport Information, Tax Details, Date of Birth, Place of Birth, Residential Address, Business Address, Occupation, Signature, Employment History, Education Background, Financial Details, Criminal RecordsTo facilitate our account opening process, our customer due diligence process and our vendor due diligence process, as well as to prevent fraud and abuse of our services.Necessary to perform our contract, to comply with our regulatory requirements, and more generally in order to pursue our legitimate interest of managing our administrative and business operations and complying with internal policies and procedures.
Financial and Transactional (e.g. details about your accounts with us and payments to and from your accounts with us)To enable us to process your transactions. To fulfil our Regulatory Reporting processes and facilitate fraud case handling and reporting (where required).Necessary to perform our contract, to comply with our regulatory requirements, and more generally in order to pursue our legitimate interests.
Telephone CallsMonitoring of regulated activities, training and development.To comply with our regulatory requirements and to pursue our legitimate interest to enhance the quality of our service.
Particulars of any complaintsTo facilitate complaints handling and reporting.To comply with our regulatory requirements.

Managing Minors' Information

We recognise the importance of safeguarding personal data related to minors. If we collect information about individuals under the age of 18, we do so only with the consent of a parent or guardian. We encourage parents and guardians to be actively involved in their children's online activities.

When collecting images of minors:

  • Explicit consent from a parent or guardian is sought before capturing or using photographs or videos of minors.
  • Any images collected are stored securely and used solely for the purposes outlined in this Privacy Notice.

Legitimate Interests

Legitimate interest is one of the legal reasons why we may process your personal information. We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims.

Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

  • To manage our relationship with you, our business and third parties who provide products or services for us;
  • To make sure that complaints or queries are handled efficiently and to enhance our products and services;
  • To keep our records up to date and to provide you with marketing as allowed by law;
  • To develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences;
  • To monitor how well we are meeting our performance expectations in the delivery of our services (e.g. call recording);
  • To pursue our legitimate interest in managing the safety and security of our premises and services for the prevention, detection and prosecution of crime, and security, health and safety (e.g. CCTV video images);
  • To enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers' or other people's) rights, property or safety;
  • To exercise our rights, to defend ourselves from claims, and to keep to laws and regulations that apply to us and the third parties we work with; and
  • To take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of our business.

Information Sharing

We share your information for the purposes set out in this Privacy Notice, with the following categories of recipients:

Our service providers

We use other companies, agents or contractors to perform services on our behalf, including:

  • Marketing, advertising and communications agencies;
  • Credit reference agencies;
  • External auditors and consultants.

In the course of providing such services, these service providers may have access to your personal information. However, we will only provide our service providers with personal information which is necessary for them to perform their services, and we require them not to use your information for any other purpose. We will use our best efforts to ensure that all our service providers keep your personal information secure.

Third parties permitted by law

In certain circumstances, we may be required to disclose or share your personal information in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal information to the police, regulators, government agencies, courts or any administrative authorities empowered by law to seek that information — e.g. BOT, FIU, TRA, PDPC).

Banking and payment partners

Other financial institutions, card schemes (Visa, Mastercard) and the National Payment Switch.

We may also disclose your personal information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our contracts, or to protect your rights or those of the public.

Your Rights

The personal data protection law in the United Republic of Tanzania provides individuals with the following rights:

  • Right to be informed whether your personal data is being processed by or on behalf of the data controller;
  • Right to be given by the data controller a description of the personal data of which you are the data subject, the purposes for which it is being processed, and the recipients or classes of recipients to whom it is or may be disclosed;
  • Right to rectification: the right to have inaccurate information about you rectified;
  • Right to erasure: the right to have certain personal information about you erased;
  • Right to restriction of processing: the right to request that your personal information is only used for restricted purposes;
  • Right to object: the right to object to the use of personal information (including the right to object to marketing);
  • Right to data portability: the right to ask for personal information you have made available to us to be transferred to you or a third party;
  • Right to withdraw consent: you have the right to withdraw any consent you have given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of use of your personal information prior to the withdrawal of your consent.

These rights may not apply in all cases. If we are not able to comply with your request, we will explain why. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better.

You also have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) if you believe that we have not complied with applicable data protection laws.

How Do We Protect Your Personal Information?

We have implemented technical and organisational controls to safeguard the personal information in our custody and control. Such measures include, for example:

  • Limiting access to personal information only to employees and authorised service providers who need to know such information for the purposes described in this Privacy Notice;
  • Adopting strong security protocols on networks and systems;
  • Using email security settings when sending and/or receiving confidential emails;
  • Applying physical access controls, such as marking confidential documents clearly and prominently, and restricting access to confidential documents on a need-to-know basis;
  • Using privacy filters;
  • Disposing of confidential documents that are no longer needed, through shredding or similar means;
  • Using a mode of delivery or transmission of personal data that affords the appropriate level of security, confirming the intended recipient of personal data, as well as other administrative, technical and physical safeguards.

While we endeavour to protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others, such as hackers.

How Long Do We Keep Your Personal Information?

We will only retain your personal data for as long as necessary for the purpose for which that data was collected and to the extent permitted by applicable laws.

How to Contact Us

If there are any questions or concerns regarding this Privacy Notice, or if you would like to exercise any of your rights, please contact our Data Protection Officer:

Data Protection OfficerDataProtectionOfficer@cbtbank.co.tz

Changes to this Privacy Notice

The Bank may amend this Privacy Notice from time to time to reflect changes in legal, regulatory or operational requirements. The latest version will always be available on our website.

Mshirika

Karibu, tukue pamoja!