logo

Privacy Policy

Introduction & Scope

This Privacy Policy complies with the Nigeria Data Protection Act (NDPA) and the EU General Data Protection Regulation (GDPR), where applicable. It outlines how Summit Bank Ltd (“Summit Bank”) collects, processes, protects, and manages personal data from customers, employees, vendors, visitors, and third parties. We regularly review this policy to ensure it reflects best practices and transparency.

This document details the types of personal data we collect, why we collect it, how we process it, who we may share it with, and the rights of data subjects under relevant data protection laws.

Roles & Responsibilities

The Data Protection Officer (DPO) at Summit Bank oversees policy implementation and ensures compliance with data protection laws. The DPO is responsible for:

  • Ensuring the correctness and currency of this document.
  • Managing and reporting data breaches.
  • Conducting periodic training for employees handling personal data.
  • Monitoring and enforcing compliance with NDPA and GDPR provisions.
  • Coordinating data protection impact assessments (DPIAs).

Employees handling personal data must follow this policy and ensure compliance with data protection guidelines.

Policy Statement

Summit Bank aims to maintain the confidentiality, integrity, and security of personal data. The bank ensures transparency in the collection, use, and storage of data while informing data subjects of their rights and choices under the NDPA.

About Summit Bank PLC

Summit Bank PLC is a licensed commercial financial institution regulated by the Central Bank of Nigeria (CBN), operating within Nigeria. Renowned for its innovation and commitment to excellence, the Bank employs advanced technology in its banking services while adhering to both national and international data protection standards.

Types of Personal Data We Collect

Summit Bank collects various categories of personal data, depending on the processing requirement, as detailed below:

Data TypeDescription
Identity DataFull name, marital status, biometric data, National Identification Number NIN, passport details, date of birth, gender, employment history, citezenship.
Contact DataHome and business addresses, email addresses, phone numbers, and communication records.
Financial DataBank account details, Bank Verification Number (BVN), income, financial status, credit history, debit/credit card details.
Transaction DataRecords of transactions, including payment history and geolocation data related to banking activities.
Technical DataIP addresses, device details, login credentials, browser types, geolocation data, and user agent information.
Profile DataOnline banking usernames, passwords, security questions, and preference settings.
Job Application DataResumes, contact details, and other relevant recruitment information.
Usage DataInformation on customer interactions with our website, mobile applications, and services.
Marketing DataPreferences related to marketing and consent provided for promotional activities.
Other DataCCTV footage, recorded customer service calls, and digital interactions with bank representatives.

For biometric and facial recognition data:

  • Collection: Gathered via secure channels (e.g., ATMs, banking apps) with user consent.
  • Usage: Strictly for identity verification, fraud prevention, and service personalization.
  • Disclosure: Shared only with regulatory bodies and trusted service providers under strict confidentiality agreements.
  • Retention: Stored securely and retained only for as long as necessary to meet operational or legal requirements.

Purpose of Data Collection

Summit Bank collects and processes Personal data for:

  • Account registration and identity verification.
  • Compliance with legal and regulatory obligations.
  • Risk management, fraud prevention, and security monitoring.
  • Customer service enhancement and personalized banking experiences.
  • Marketing, communications, and service improvements.

Legal Basis for Processing

Summit Bank processes personal data based on:

  • Consent from the data subject.
  • Contractual necessity where processing is required for account management.
  • Legal obligations under financial regulatory laws.
  • Vital interests where data processing protects users From security risks.
  • Legitimate interests in fraud prevention, service improvement, and operational security.

Consent & Withdrawal

Where required, Summit Bank seeks explicit consent before processing personal data. Data subjects can withdraw their consent at any time by submitting a written request.

If personal data belongs to minors, parental consent and verification are mandatory before collection.

Use of Cookies

Summit Bank’s website uses cookies for:

  • Improving user experience and website functionality.
  • Providing personalized services.
  • Analyzing site performance and security.

Users may disable cookies via their browser settings; however, doing so may impact certain website features.

Disclosure to Third Parties

Personal data may be disclosed to:

  • Regulatory authorities to comply with financial and data protection laws.
  • Third-party service providers are bound by strict confidentiality agreements..
  • International partners, ensuring compliance with data protection standards..

Cross-Border Data Transfers

Where personal data is transferred outside Nigeria:

  • The receiving country must have adequate data protection laws.
  • Data transfers must occur under legally binding agreements.
  • Standard contractual clauses or binding corporate rules must be in place.

Data Retention & Deletion

Summit Bank retains personal data based on:

  • A minimum of 10 years post-account closure per regulatory requirements.
  • A minimum of 5 years for transaction records per CBN guidelines.
  • As long as necessary for operational and legal needs. Upon expiration, personal data is securely deleted or anonymized.

Data Subject Rights

Data subjects have the right to:

  • Access and obtain copies of their personal data.
  • Request corrections to inaccurate data.
  • Request data deletion when no longer necessary.
  • Restrict processing under certain conditions.
  • Transfer their data to another service provider.
  • Object to certain processing activities, including marketing.

Contact Us

For data privacy-related concerns,
Supervisory Authorithy (NDPC): dpo@ndpc.gov.ng
Summit Bank Data Protection Officer: dataprotectionoffice@summitbankng.com

This Privacy Policy is reviewed periodically to reflect regulatory and operational changes.

Banking Made Easy, Anytime, Anywhere

Discover the convenience of banking from the palm of your hand and experience secure banking on the go.

Personal
Savings Accounts (Qard)
Current Account (Qard)
Savings Account (Mudarabah)
Summit MTD (Mudarabah)
Domiciliary Accounts
SME
Corporate Current Account (Qard)
Summit Cost-Plus - SCP (Murabaha)
Summit Lease to Own Finance - SLOF (Ijara)
Customized Investment Plan – CIP
Domiciliary Accounts
Summit Sukuk Investments - SSI
Corporate
Corporate Current Account (Qard)
Summit Cost-Plus - SCP (Murabaha)
Summit Lease to Own Finance - SLOF (Ijara)
Summit Sukuk Investments - SSI
Domiciliary Accounts
Finance
Summit Cost-Plus - SCP (Murabaha)
Summit Lease to Own Finance - SLOF (Ijara)
Home and other asset acquisition financing
Investment finance
Investment
Summit MTD (Mudarabah)
Summit Sukuk Investments - SSI
Customized Investment Plan – CIP
© 2025 Summit Bank LimitedCBN LogoLicensed by the Central Bank of Nigeria

ndic

Insured

Privacy Policy| All Rights Reserved.