Privacy Notice

At Exim Bank (Tanzania) Limited ("the Bank", "we", "us", or "our") we recognize that personal data is a critical and confidential asset entrusted to us. As a regulated banking institution, we are committed to collecting, processing, storing and protecting personal data in a manner that upholds the highest standards of confidentiality, integrity and security in compliance with the Personal Data Protection Act 2022, banking regulations and applicable supervisory directives.

Safeguarding personal data is fundamental to our operations and risk management framework. This Privacy Notice is intended to explain what types of personal data we collect, how we collect and use it, the reasons why we need it, how we protect it, and your rights in relation to your personal data when you engage with the Bank, whether through branch services, digital platforms, products or other interactions.

This Notice applies to customers, prospective customers, employees, contractors, visitors, digital platform users and any other individuals whose personal data the Bank processes in the course of its lawful activities.

We encourage you to read this notice carefully. Understanding how we handle your data helps you make informed decisions about the products and services you choose and ensures you are aware of the protections available under Tanzanian law. (pdpc.go.tz)

"Personal data" refers to any information relating to an identified or identifiable natural person whether collected directly or indirectly, and whether in electronic, physical or other recorded form. The personal data we may collect about you includes, but is not limited to, the following data about an individual:

i. Name, age, gender, marital status and identifying numbers
ii. Physical and email addresses and contact numbers
iii. Online identifiers and your online behavior such as cookies and IP addresses
iv. Correspondences with us including use of products or services, transactions, requests, queries, applications and complaints
v. Education and employment history
vi. Photographs, Images, CCTV and video recordings
vii. Tax identification number
viii. Title deed details
ix. Motor vehicle registration number

We sometimes need to collect sensitive personal data about you, but we will only do this if it's necessary and with your explicit consent or where allowed by law. This sensitive personal data includes, but is not limited to:

i. Biometric data, race or ethnic origin, criminal records, health and medical history, religious or philosophical beliefs, trade union membership or political opinions
ii. Sex life and gender identity data
iii. Data related to children
iv. Marital status and family information
v. Financial information.

We collect personal data through multiple channels, depending on the services you use:

• Directly from you: when you open accounts, apply for products, complete forms or communicate with us.
• Through digital platforms: Our website, mobile banking applications and electronic services.
• From third parties: such as regulators, credit reference bureaus, government agencies, correspondent banks and service providers, where legally permitted.

Your personal data allows us to provide services effectively, comply with regulations, and enhance your banking experience. We use your data for the following purposes:

a. Providing and Managing Banking Services
We need your data to open and manage accounts, process transactions, provide statements, and offer customer support. For instance, if you deposit a cheque through mobile banking, we rely on the personal data associated with your account to process it accurately and securely.

b. Regulatory Compliance
As a regulated financial institution, we are required to comply with Tanzanian laws and regulations. This includes conducting anti-money laundering checks, fraud detection, reporting to regulatory authorities, and maintaining audit records. Processing your personal data is necessary to meet these legal obligations.

c. Risk Management and Security
We use your data to monitor transactions for unusual activity, prevent fraud, secure our systems, and manage operational risks. This helps protect you, the Bank, and the wider financial system.

d. Improving Products and Services
Analyzing customer information enables us to develop new products, improve existing services, personalize offers, and provide insights that help you make informed financial decisions.

e. Legitimate Business Interests
Occasionally, we process data to protect the Bank's and customers' interests, for example, in the enforcement of contractual obligations, debt collection, or resolving disputes.

We ensure that all processing of personal data is lawful under the Personal Data Protection Act, 2022, and we rely on one or more of the following legal grounds:

• Contractual necessity: To fulfill our obligations under agreements with you.
• Legal obligations: To comply with applicable laws and regulations.
• Legitimate interests: For business purposes such as fraud prevention, risk management, or service improvement, balanced against your rights.
• Consent: In specific situations, such as marketing communications or sensitive data processing, we will process your data only with your consent.

Our digital platforms may use cookies and similar technologies to enhance your online experience. Cookies help us remember your preferences, analyze usage patterns, and improve website functionality. They also play an important role in securing your information when using online services. You may choose to disable cookies through your browser settings, but please note that some features of our digital services may not function correctly if cookies are disabled. For more information, please see our Cookie Policy.

We may share personal data in specific circumstances to provide services and comply with law:

• Regulatory and government authorities: We provide information when legally required, such as for tax reporting or anti-money laundering purposes.
• Service providers and partners: Trusted third parties, such as IT providers or payment processors, may access personal data only under strict confidentiality agreements.
• Financial institutions: We may share information for credit reference purposes or where transactions involve multiple banks.

We do not sell your personal data to any unaffiliated third parties.

In some cases, personal data may be transferred outside Tanzania. When this occurs, we implement safeguards to ensure that your information receives protection consistent with Tanzanian data protection law. This may include binding agreements with overseas partners or using approved data transfer mechanisms.

We use a combination of physical, administrative, and technological measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. Access to information is limited to authorized personnel with a legitimate need to know. Our security measures are reviewed and updated regularly to address new risks and maintain the integrity of your data.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Once the retention period expires, data is securely deleted or anonymized in accordance with our internal retention policies.

You have rights under Tanzanian law regarding your personal data:

• Access: Request confirmation of whether we hold your data and obtain a copy.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion or restriction: Request deletion or restriction of processing under certain circumstances.
• Object to processing: Object to processing based on legitimate interests or marketing purposes.
• Withdraw consent: If processing is based on consent, you may withdraw it at any time.

To exercise these rights, please contact our Data Protection Officer. We will respond promptly and in accordance with applicable law.

We do not knowingly collect personal data from children under 18, except where necessary and with parental or guardian consent. This ensures compliance with legal obligations and protects minors' privacy.

We may update this Privacy Notice periodically to reflect changes in law, technology, or business practices. Any updates will be published on our website, and we encourage you to review it regularly.

If you have questions, wish to exercise your data subject rights, or have concerns about your personal data, you may contact:

Data Protection Officer (DPO)
Email: dpo@eximbank.co.tz

You may also lodge complaints with the Personal Data Protection Commission (PDPC) of Tanzania.