Privacy Notice

Privacy Notice

This privacy notice was last updated on 29th December 2022.

This Privacy Notice (the “Notice”) governs how I&M Bank (Uganda) Limited (hereafter, the Bank”), collects, uses, and discloses personal data from and about consumers of the Bank services, website and web applications that link to this Notice (collectively referred to as, the “Services”). Personal data in this context means information relating to an identified or identifiable natural person.We advise you to read the Notice in its entirety, I&M Bank Uganda limited treats the personal information collected through the services as private and confidential.

Personal data collected through the services

The Bank collects and uses certain personal information in order to operate and provide you with access to the Services. This includes information directly collected from you, information that we collect automatically when you visit or interact with the Services and where lawful and reasonable, we collect information from third parties and publicly available information sources such as credit reporting and government agencies.

Information that you provide to us

We collect personal data that you voluntarily provide to us when you use the Services. This information includes, without limitation: your email addresses, telephone numbers, and other contact details; biographical information; audio and visual data, social media information; submissions to our customer service; feedback on our website, web or mobile app; online preferences, such as alerts; and business information, such as your company name and industry.

Information that we collect about your use of the services

We collect information about your use of the Services and about the device you use to access the Services, including the pages you request and visit; the posts you submit; information on your interaction with other users; information obtained in the course of maintaining or supporting the Services; information about your internet use, such as your IP address, the URLs of sites from which you arrive or leave the Services, your type of browser, your operating system, your internet service provider; and, if you access the Services via your mobile device, we may also collect information about your mobile provider, IMSI, IMEI and type of mobile device.

We (and our data processors) use different technologies to collect this information, including cookies and web beacons. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. Web beacons are electronic images that may be used in our Services or emails and help deliver cookies, count visits, and understand usage and campaign effectiveness.

Advertising and analytics services provided by others

We may allow others to provide analytics services and serve advertisements on our behalf across the web and in mobile applications, to enhance our Services. These entities may use cookies, web beacons, device identifiers and other technologies to collect information about your use of the Services and other websites and applications, including your IP address, web browser, mobile network information, pages viewed, time spent on pages or in apps, links clicked, and conversion information. This information may be used by us and our data processors to, among other things, analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests on our Services and other websites, and better understand your online activity.

How personal data is used

We use the personal data we collect to provide, maintain, and improve the Services. We also use it to:
  • Send you technical notices, general updates, goodwill messages, security alerts, and support and administrative messages (such as changes to our terms, conditions, and policies) and to respond to your comments, questions, and customer service requests;
  • Receive and respond to your submissions on the Services such as submissions on the Bank website, web applications and mobile applications, social media and submissions to Customer Service Contacts;
  • Permit you to participate in voluntary polls and surveys (we may use third parties to deliver incentives to you to participate in such polls and surveys, and you may be required to provide your contact details to the third party in order to fulfill the incentive offer);
  • Communicate with you about products, services, and events offered by the Bank and others, and provide news and information we think will be of interest to you.
  • Monitor and analyze trends, usage, and activities in connection with our Services;
  • Develop new products and services and enhance current products and services;
  • Detect, investigate, and prevent fraudulent transactions and other illegal activities, and protect the rights and property of the Bank and others; and
  • Carry out any other purpose described to you at the time of collecting information.

How personal data is shared

We may share your personal data as follows or as otherwise described in this Notice:
  • With our data processors that host, maintain, manage, or provide other services to us in relation to the Services;
  • To co-operate with public and government authorities and law enforcement, to respond to a request, or to provide information in accordance with existing laws;
  • For other legal reasons, such as to monitor compliance with and enforce our terms and conditions, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, to protect against criminal activities, and for risk management purposes; and
  • In connection with a sale or business transaction, such as to an acquiring entity or its advisors in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We may also share aggregated pseudonymised or anonymized information that cannot reasonably be used to identify you.


All our Services provided to children align with the data protection requirements for Minors. These include consent provided by the child’s parent/guardian and age verification. If you have reason to believe that a child has provided personal data to us, please contact us and we will endeavour to delete that information from our databases.

Links to other websites

The Services may contain links to other websites. Please note that the Bank is not responsible for the privacy or information security practices of other websites. You should carefully review the applicable privacy and information security policies and notices for any other websites you click through to via the Services. This Notice applies solely to your personal data collected by the Services.


We seek to use appropriate technical and organizational measures to safeguard personal data within our organization against loss, theft, breach, and unauthorized use, disclosure, or modification.

Please refer to the content below to note your obligations in controlling your privacy and data.

Control Your Privacy & Data

Marketing emails and alerts: If you no longer want to receive marketing-related emails and alerts from I&M Bank Uganda Limited, you may opt-out/ unsubscribe by following the instructions contained within each such email or through the Bank Customer Contact Centre. We will endeavour to comply with your request as soon as is reasonably practicable. Please note that if you opt-out of receiving marketing-related emails and alerts, we may still send you administrative messages, from which you cannot opt-out or unsubscribe

Cookies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Services.

Changes to this notice: From time to time, we may revise this Notice. Changes may be made for any number of reasons, including reflecting industry initiatives, changes in the law, and changes to the scope of the Services, among other reasons. You can tell when we last updated the Notice by checking the date at the beginning of the Notice. Any changes will become effective when we post the revised Notice on the Services.

Contact us: If you have any other questions concerning this Notice, please contact us


Provisions regarding the Data Protection and Privacy Act and General Data Protection Regulations (GDPR) applies to European Union (EU) residents.

Legal basis for processing

When we process your personal information, we will only do so in the following situations:
  • When we need to use your personal information to perform our responsibilities under our terms and conditions (e.g., to facilitate your participation in voluntary polls and surveys);
  • When we have a legitimate interest in processing your personal information. For example, we may process your personal information to send you marketing communications, to communicate with you about changes to the Services, and to provide, secure, and improve our Services;
  • When we find such processing is necessary to comply with our legal obligations; and
  • When we have your consent to do so. When consent is the legal basis for our processing, you may withdraw such consent at any time, in accordance with applicable laws and regulations.

Data subject requests

In your use of the Services, the Bank aims to give you more control of your personal data. We conform to the data protection principles that provide you with the following rights:
  • Right to access – you can ask us whether we are processing your personal data, including where and for what purpose. You can also access an electronic copy of your personal data.
  • Right to restrict processing – in certain circumstances, you can ask us to restrict our use of your personal data.
  • Right to rectification – you can ask us to correct inaccurate personal data we hold about you.
  • Right to erasure (Right to be forgotten) – under certain circumstances, you can ask us to erase your personal data.
  • Right to data portability – at a cost, you can ask us to provide you with a copy of your personal data in a commonly used electronic format, so that you can transfer it to other businesses.
  • Right to object to automated decision-making – in certain circumstances, you can ask us not to make automated decisions about you based on your personal data, which produce significant legal effects.
It is important to note that the above rights are subject to applicable laws and regulations.

Data retention

We retain personal data for as long as required by applicable laws and regulations.

Data controller 

Except as otherwise specified on any subsections within sites or apps that comprise the Services, your personal data will be controlled by the Bank.

Data transfer

Your personal data may be stored and processed in any country where we have facilities or in which we engage data processors in accordance with the applicable data protection laws and regulations.


Your use of the Services signifies that you agree to waive your material privacy rights. You also agree not to hold the Bank liable for use of your personal data from the Services as envisaged herein.

Your use of the Services signifies your consent to allow the Bank to disclose personal data as envisaged herein. You agree not to hold the Bank liable for any disclosure of such information.

Queries and Complaints

If you have a complaint in relation to your personal data, you may visit the nearest branch and submit your complaint or contact the Data Protection Officer using;

DPO Contact Details

Manager Compliance
I&M Bank (Uganda) Limited
Head Office, Plot 6/6A, Kampala Road
P.O. Box 3072, Kampala, Uganda
Dir: +256 (417) 719 625 | +256 (417) 719 103
Email: [email protected]

You have the right to log a complaint with the Personal Data Protection Office - NITA-U.

Back to Information Security