This Privacy Notice (the “Notice”) governs how I&M Bank (Uganda) Limited (hereafter, the Bank”), collects, uses, and discloses personal data from and about consumers of the Bank services, website and web applications that link to this Notice (collectively referred to as, the “Services”). Personal data in this context means information relating to an identified or identifiable natural person. We advise you to read the Notice in its entirety, I&M Bank Uganda limited treats the personal information collected through the services as private and confidential.
Personal data collected through the servicesThe Bank collects and uses certain personal information in order to operate and provide you with access to the Services. This includes information directly collected from you, information that we collect automatically when you visit or interact with the Services and where lawful and reasonable, we collect information from third parties and publicly available information sources such as credit reporting and government agencies
Information that you provide to usWe collect personal data that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; biographical information; audio and visual data, social media information; submissions to our customer service; feedback on our website, web or mobile app; online preferences, such as alerts; and business information, such as your company name and industry.
Information that we collect about your use of the servicesWe collect information about your use of the Services and about the device you use to access the Services, including the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device. We (and our data processors) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.
How personal data is usedWe use the personal data we collect to provide, maintain, and improve the Services. We also use it to:
- Send you technical notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
- Receive and respond to your submissions on the Services such as submissions on the Bank website, web applications and mobile applications, social media and submissions to Customer Service Contacts;
- Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfill the incentive offer);
- Communicate with you about products, services, and events offered by the Bank and others, and provide news and information we think will be of interest to you.
- Monitor and analyze trends, usage, and activities in connection with our Services;
- Develop new products and services and enhance current products and services;
- Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of the Bank and others; and
- Carry out any other purpose described to you at the time of collecting information.
How personal data is sharedWe may share your personal data as follows or as otherwise described in this Notice:
- With our data processors that host, maintain, manage, or provide other services to us in relation to the Services;
- To co-operate with public and government authorities and law enforcement, to respond to a request, or to provide information in accordance with existing laws;
- For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against criminal activities, and for risk management purposes; and
- In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
ChildrenAll our Services provided to children align with the data protection requirements for Minors. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us and we will endeavour to delete that information from our databases.
Links to other websitesThe Services may contain links to other websites. Please note that the Bank is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal data collected by the Services.
SecurityWe seek to use appropriate technical and organizational measures to safeguard personal data within our organization against loss, theft, breach, and unauthorized use, disclosure, or modification. Please refer to the content below to note your obligations in controlling your privacy and data.
Control Your Privacy & DataMarketing emails and alerts If you no longer want to receive marketing-related emails and alerts from I&M Bank Uganda Limited, you may opt-out/ unsubscribe by following the instructions contained within each such email or through the Bank Customer Contact Centre. We will endeavour to comply with your request as soon as is reasonably practicable. Please note that if you opt-out of receiving marketing-related emails and alerts, we may still send you administrative messages, from which you cannot opt-out or unsubscribe. Cookies Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services Changes to this notice From time to time, we may revise this Notice. Changes may be made for any number of reasons, including reflecting industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services. Contact us If you have any other questions concerning this Notice, please contact us
AppendixProvisions regarding the Data Protection and Privacy Act and General Data Protection Regulations (GDPR) applies to European Union (EU) residents.
Legal basis for processingWhen we process your personal information, we will only do so in the following situations:
- When we need to use your personal information to perform our responsibilities under our terms and conditions (e.g., to facilitate your participation in voluntary polls and surveys);
- When we have a legitimate interest in processing your personal information. For example, we may process your personal information to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services;
- When we find such processing is necessary to comply with our legal obligations; and
- When we have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time, in accordance with applicable laws and regulations.
Data subject requestsIn your use of the Services, the Bank aims to give you more control of your personal data. We conform to the data protection principles that provide you with the following rights:
- Right to access – you can ask us whether we are processing your personal data, including where and for what purpose. You can also access an electronic copy of your personal data.
- Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.
- Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
- Right to erasure (Right to be forgotten) – under certain circumstances, you can ask us to erase your personal data.
- Right to data portability – at a cost, you can ask us to provide you with a copy of your personal data in a commonly used electronic format, so that you can transfer it to other businesses.
- Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data, which produce significant legal effects.