Privacy Policy

At Heritage Bank Plc. we are dedicated to protecting your privacy and providing you with the highest level of security at any point of interaction with us, use of our website and any other Heritage Bank service point.  This Privacy Policy describes what personal information we collect, how we collect, what we do with it and how we protect it.

We respect individuals’ right to privacy and protection of personal information. Personal Information means information about a living individual, who can be identified solely with that information or when combined with information from other sources.

There may be periodic updates to our Privacy Policy from time to time in line with legal, regulatory or business operating environment. The most current version will be hoisted on the Bank’s Website.

1. Information We Collect / Process

We collect and process various categories of personal information at the start of, and for the duration of your relationship with us. We will limit the collection and processing of information to information necessary to achieve legal, regulatory and legitimate business purposes.

Personal information may include:

  1. Basic personal information, including name and address, date of birth and contact details; Financial information, including account and transactional information and history;
  2. Information about your family, lifestyle, and social circumstances (such as dependents, marital status, next of kin, and contact details);
  3. Information about your financial circumstances, including source of fund/Income, assets and liabilities, proof of income and expenditure, credit and borrowing history
  4. Education and employment information;
  5. Goods and services provided;
  6. Visual images and personal appearance (such as copies of passports, ATM footage, CCTV images); and Online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example, your banking profile and login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns
  7. We may also use the information received from third parties such as family, solicitors, friends or employers, website/ social media pages made public by you, government agencies, regulators, supervisory or credit agencies.

2. Lawful Basis for Data Processing

We process your Personal Data based on one or more of the following lawful basis.

  • Contract: Your data is necessary to fulfill our contractual obligations with you (e.g., opening an account, and processing transactions).
  • Consent: You have explicitly consented to the processing of your data for a specific purpose (e.g., marketing).
  • Legal Obligation: We are required by law to process your data (e.g., AML/CFT checks).
  • Legitimate Interests: We process your data for our legitimate interests, provided your rights and freedoms are not overridden (e.g., fraud prevention, improving our services). As well as where it is necessary for the performance of a task or function carried out in the interest of the public.

3. Principles of Data Processing

We are guided by the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency: We only process your information lawfully, fairly, and transparently
  • Purpose Limitation: We collect and process your information only for specific, and legitimate purposes outlined in this Notice.
  • Data Minimization: We collect and process only the minimum amount of personal data necessary for the stated purposes.
  • Data Retention: We retain your information only for as long as necessary for the stated purposes, law, or regulation.
  • Accuracy: We strive to maintain the accuracy and completeness of your Personal Data.
  • Security: We have implemented appropriate technical and organizational measures to protect your information from unauthorized and unlawful access, disclosure, alteration, or destruction.
  • Accountability: We remain accountable for Information collected and controlled by us.

4. How We Collect Information

We may collect information from a range of sources and it may relate to any of our products or services we currently provide, or may have provided in the past or would provide in near future.

We collect your voluntarily given personal information when:

  1. you open an account or perform transactions such as make deposits or withdrawals from your account, payment history and transactions records
  2. you apply for a loan or use your credit or debit card
  3. you seek advice about your investments
  4. you seek information from our customer service provider, information concerning complaints and disputes
  5. we seek information about your credit history from credit bureaus
  6. you provide account information such as your personal details e.g. name, gender, date and place of birth; contact information such as address, email address, and mobile numbers, provide your employment information
  7. you provide information concerning your identity e.g. photo ID, passport information, National ID card and nationality
  8. you use your login credentials for online banking and mobile banking apps
  9. we conduct necessary due diligence for Anti-money laundry / Counter Financing of terrorism (AML/CFT) and financial crime checks; and obtain information that we need to support our legal, regulatory, contractual or business obligations, e.g. information about transaction details, detection of any suspicious and unusual activities.
  10. Advertising or targeting cookies or similar technologies may be used to track your responses to adverts and message forms, which help us to ensure we present you with the most relevant content and services. (Cookies are small text files used to memorize and tailor your preferences so as to improve your experience on our site or to help us analyze our website traffic)

5. How We Protect Your Information

We have taken necessary measures to protect against loss, unauthorized modification, access, and misuse of information under our control.

Your personal information provided to us remains secure because:

  • We have put in place strict measures and technologies to prevent fraud and intrusion;
  • Our employees are trained in necessary Information Security Standards to respect and preserve confidentiality, integrity, and availability of information held by us

6. Your Rights/Responsibility

  1. Right of Information – in emphasizing the need for transparency over the use of personal information, we will ensure your right to be informed upon request of the use of same.
  2. Rights to Access – Individuals have the right to access their personal information retained by the Bank and obtain information on the processing of same.
  3. Right to Restrict Processing – You have the right to block or withdraw your consent on the use of your personal information as previously described. Where processing is restricted however, the Bank is bound by applicable laws to store personal information.
  4. Right to Rectification – You have the right to rectification of inaccurate personal information and to update incomplete personal information
  5. Right to Erasure – You have the right to request that we delete your personal information. Our compliance to this request is however subject to the law and regulations by which the Bank is bound.
  6. Right to Portability – you have the right to data portability
  7. Right to Objection – you have a right to object to the processing and use of your personal information the extent allowed by the applicable laws and regulations.
  8. Marketing – You have a right to object to direct marketing
  9. Your responsibility is to ensure the information provided to the Bank is accurate and inform the Bank on any changes to enable us update your information with us and continue to serve you better.
  10. You are responsible for keeping any User ID, Passwords, PINs, token issued to you for access to specific products and services, confidential.
  11. You have a right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) in the case of a breach of your right to privacy.

7. Contact Us

For enquiries, comments, and questions, reach us through the Data Protection Officer on, the contact details on our website or at our Corporate Head Office, on 143 Ahmadu Bello Way, Victoria Island Lagos, Nigeria.