PRIVACY POLICY | UPDATED: JANURARY 14, 2026.
Sterling Bank values and respects the privacy of the people we deal with. Sterling Bank is committed to protecting your privacy and complying with the Nigeria Data Protection Act (2023) and other applicable data privacy laws and regulations.
This Privacy Policy (“Policy”) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information. Throughout this document, “Sterling”, “Bank”, “we”, “us”, “our” and/or “ours” refer to Sterling Bank Limited incorporated under the laws of the Federal Republic of Nigeria with its registered office at 20 Marina, Lagos. The reference to ‘you’ or ‘your’, means you, any authorized person on your account, anyone who conducts your banking services for you or other related people (including authorised signatories, partners or any authorised third party).
We collect several different types of information for various purposes to provide and improve our services to you. We may also collect your information at events hosted or organized by or for the bank, regardless of whether such an event is a physical or virtual one. The Personal Data we collect, fall into various categories, such as:
While using our services, providing services or seeking employment with the Bank, we may ask you to provide us with certain personal data that can be used to contact or identify you (“Personal Data”). Personal data may include, but is not limited to:
We collect information that can uniquely identify you or verify your identity. This includes, but is not limited to: your first, middle, and last name; date of birth; gender; nationality; biometric identifiers (where applicable); government-issued identification numbers such as National Identification Number (NIN), Bank Verification Number (BVN), international passport number, driver’s licence number, and other similar identifiers; as well as identification documents or photographs used for verification or authentication purposes.
We collect information that enables us to contact you or communicate with you regarding our services. This includes your residential or mailing address, email address, phone numbers, and any other similar contact information you provide during account creation, onboarding, service usage, or customer support interactions.
We collect information relating to your professional background, role, and suitability where required for recruitment process, service provision, due diligence, vendor management, or regulatory compliance. This includes your job title or position, employer details, work history, professional qualifications, certifications, references, and other employment-related information relevant to our business relationship or engagement processes.
We collect and process financial data necessary to provide our services, meet regulatory requirements, and facilitate transactions. This includes your bank account details, transaction history, card information (such as card number, expiry date, and security codes), tax-related information, credit or loan information, and any other financial details you provide during onboarding, service usage, or account maintenance.
Where card-related information is processed, all payment data is handled in accordance with applicable security standards, including the Payment Card Industry Data Security Standard (PCI DSS). You are responsible for maintaining the confidentiality of your card and authentication credentials (such as PINs or access codes) and ensuring they are not shared with unauthorized persons.
We may process certain categories of sensitive personal data about you where necessary and permitted by applicable law. This may include, without limitation, health information, biometric data used for unique identification (such as fingerprints, facial recognition data, or voice recordings), criminal conviction information, as well as data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, or sexual orientation.
We only collect or use sensitive personal data when it is essential for delivering our products or services to you, when required for reasons of substantial public interest, to comply with a legal obligation, or where we have obtained your explicit consent.
When you subscribe to any of our products, particularly our e-channel products (Online/Mobile Banking, Instant Banking), you may be required to provide a User ID, a password, details from a token response device, password hints, and similar security information used for authentication and account access. You may also be required to use biometric identification to access your account and authenticate transactions. While this information is required to ensure that you carry out transactions securely, appropriate security measures have been implemented to protect this data, including encryption and storage in a secured environment if required.
We may also collect information that your browser sends whenever you access our online services or when you access the services by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access services on or through a mobile device, this Usage Data may include the following:
2.1.5.1 Geo-Location information: We may request access to or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
2.1.6 Mobile Device Access: We may request access or permission to certain features on your mobile device, including your mobile device’s camera, calendar, Bluetooth, contacts, storage, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
2.1.7 Mobile Device Data: We may automatically collect device information (such as your mobile device ID, model, and Manufacturer), operating system, version information, IP address, and diagnostic data.
2.1.8 Use of Analytics to Collect, Monitor, and Analyse Data: We may use third-party Service Providers to monitor and analyse the use of our Service. We may also collect information about your marketing preferences to provide you with information about relevant services, products, and offers that we think may be of interest to you.
Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website and mobile app traffics and events, currently as a platform inside the Google Marketing Platform brand. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads on its own advertising network. For more information on the privacy policies of Google, please visit the Google Privacy and Terms web page located at https://policies.google.com/privacy?hl=en.
2.1.9 Tracking and Cookies Data: We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyse our Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You can also refuse permissions to read your phone data by the mobile application. However, if you do not accept cookies on your browser or allow permissions on your mobile device, our online service experience to you may be degraded and you may not be able to use some portions of our Service. We may also collect information about your internet browser settings and Internet Protocol (IP) address and other relevant information to help us identify your geographic location when providing you with our services.
Session Cookies: We use Session Cookies to operate our Service. Session cookies will expire at the end of your browser session and allow us to link your actions during that browser session.
Preference Cookies: We use Preference Cookies to remember your preferences and actions, across multiple sites.
Security Cookies: We use Security Cookies for security purposes.
Third-party cookies: These cookies are placed by third-party websites that we use for website functionality and analytics. We have no control over these cookies.
You can learn more about how we use cookies in our Cookie Policy (https://sterling.ng/cookie-policy/)
2.1.10 Information from social networks or online accounts: This includes Information from any social media profiles or any accounts that you share with us.
2.1.11 Information which you have consented to us using and other personal information: Other personal data which we collect includes image recordings this could include CCTV images of you at our bank branches, offices and ATMs but only for surveillance, monitoring and auditing purposes, to help forestall crime.
We collect and process your personal data through secure systems for the following lawful and legitimate purposes:
We process personal data based on one or more of the following lawful bases as provided under the Nigeria Data Protection Act (NDPA) 2023:
Where required by law, we obtain your consent before processing your personal data. This applies to situations such as certain marketing communications, optional service features, and specific uses of sensitive personal data where explicit consent is required. You may withdraw your consent at any time, subject to legal or contractual restrictions.
We process personal data where it is necessary to enter into or perform a contract, or to take steps at your request before entering into one. This includes processing required to:
As a regulated financial institution, we process personal data to comply with obligations under applicable laws, regulations, and supervisory requirements. These include KYC, AML/CFT requirements, tax obligations, regulatory reporting, identity verification mandates, and obligations from the CBN or other competent authorities.
We may process personal data where necessary to protect your vital interests or those of another individual—for example, in emergency situations, fraud prevention scenarios, or matters involving personal or public safety.
We process personal data where it is necessary for the Bank’s legitimate business interests and where such interests do not override your rights and freedoms. These include:
In certain circumstances, we process personal data in the public interest or in the exercise of official authority, particularly where required for regulatory oversight, financial system stability, anti-fraud initiatives, or national security-related obligations placed on financial institutions.
To the extent permissible under applicable law, we may use your information for the following legitimate actions:
We may share or disclose your personal data only as permitted by law, for legitimate business purposes, or where necessary to provide our services. All third parties we share data with are required to comply with appropriate confidentiality, data protection, and security obligations.
We may share your data within the Bank, including its branches and subsidiaries, to enable service delivery, compliance activities, risk management, and operational support.
We may disclose your personal data to government authorities, supervisory bodies, and regulators where required for:
We share data with carefully selected third parties who process information on our behalf. These include:
These parties are strictly required to protect your data in line with contractual and legal requirements.
We may disclose data to external auditors, legal advisers, tax consultants, and other professionals who assist us in meeting legal, regulatory, and governance obligations.
Where necessary for financial transactions or credit-related activities, your data may be shared with:
We may share personal data with approved partners who provide contractual, statutory, or employment-related services such as insurance providers, benefits administrators, or due-diligence partners. We do not share data with third parties for their own marketing purposes.
We may disclose your information to law enforcement agencies, courts, or public authorities where required by law or where such disclosure is necessary to protect rights, prevent fraud, or investigate wrongdoing.
Data may be shared with emergency services or relevant authorities when necessary to protect your life, safety, or the vital interests of others.
If the Bank undergoes a merger, acquisition, reorganisation, or asset transfer, your personal data may be shared with relevant parties, provided appropriate safeguards are in place.
For joint accounts, information may be shared among account holders. We may rely on the authority of one joint holder as consent on behalf of the other(s), including for third-party payment services.
Where data must be transferred outside Nigeria—for example, for cloud hosting, payment processing, or technology support—we ensure that such transfers comply with NDPC requirements, including:
We take all steps reasonably necessary to ensure your data remains secure and protected.
Where required by law, or where no other lawful basis applies, we will seek your consent before sharing your personal data. You may withdraw your consent at any time, subject to contractual or legal limitations.
We have implemented appropriate organisational and technical measures to keep your Personal Information/Data confidential and secure. This includes the use of encryption, access controls and other forms of security to ensure that your data is protected. We require all parties including our staff and third-parties processing data on our behalf to comply with relevant policies and guidelines. Where you have a password which grants you access to specific areas on our site or to any of our services, you are responsible for keeping this password confidential. We request that you do not share your password or other authentication details (e.g., token generated codes) with anyone.
Although we have taken measures to secure and keep your information confidential, because the security of your data is important to us, please be aware that no method of transmission over the Internet, or method of electronic storage can guarantee 100% security at all times. While we strive to use reasonable means to protect your Personal Data, we cannot guarantee its absolute security, you are responsible for securing and maintaining the privacy of your password and Account/profile registration information and verifying that the Personal Data we maintain about you is valid, accurate and up to date. If we receive instructions using your account login information, we will consider that you have authorised the instructions and process your instruction accordingly and without incurring any liability for doing so.
We retain your Information for as long as the purpose for which the information was collected continues. The information is then securely destroyed unless its retention is required to satisfy legal, regulatory, internal compliance or accounting requirements or to protect the Bank’s interest.
Please note that regulations may require Sterling Bank to retain your personal data for a period longer than specified even after the end of your banking relationship with us.
If you are located outside Nigeria and choose to provide information to us, please note that the data, including Personal Data, will be processed in Nigeria. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
You are responsible for making sure the information provided to the Bank is accurate and should inform the Bank on any changes as it occurs, this will enable us to update your information with us.
Any changes will affect only future uses of your Personal Information. Subject to applicable law, which might, from time to time, oblige us to store your Personal Information for a certain period of time, we will respect your wishes to correct inaccurate information. Otherwise, we will hold your Personal Information for as long as we believe it will help us achieve our objectives as detailed in this Privacy Policy.
You have certain rights in relation to the personal data we collect as provided by the enacted Nigeria Data Protection Act (NDPA 2023) of Nigeria, these rights include:
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of the processing before its withdrawal.
These rights are however subject certain limitations as provided under the Nigeria Data Protection Act 2023.
We do not knowingly collect names, email addresses, or any other personally identifiable information from children through the internet or any other touch points. We do not allow children under the age of 18 to open accounts nor provide online banking services for children less than 18 years of age without the consent of a guardian. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without verification of parental consent, please promptly contact us.
We operate and communicate through our designated pages and accounts on some social media platforms to communicate and engage with our customers. We monitor and record comments and posts made about us on these channels so that we can improve our Services. The general public can access and read any information posted on these sites. Please note that any content you post to such social media platforms is subject to the applicable social media platform’s terms of use and privacy policies. We recommend that you review the information carefully in order to better understand your rights and obligations regarding such content.
Our Services may allow you to connect and share your actions, comments, content, and information publicly or with friends. We are not responsible for maintaining the confidentiality of any information you share publicly or with friends.
Our Services may also allow you to connect with us on, share on, and use third-party websites, applications, and services. Please be mindful of your personal privacy needs and the privacy needs of others, as you choose whom to connect with and what to share and make public. We cannot control the privacy or security of information you choose to make public or share with others. We also do not control the privacy practices of third parties. Please contact those sites and services directly if you want to learn about their privacy practices.
As part of our recruitment process and as an applicant, you explicitly consent to the collection, use, transfer, and storage or in any other form of your personal data contained in application forms/letters, curriculum vitae (CV)/resumes obtained from your identity document(s) or collected through interviews/other forms assessment by the Bank or its affiliates. This information is for the exclusive purpose of assessing and evaluating applicants’ suitability for employment in any current or prospective position within our organisation, verifying applicants’ identity and the accuracy of your details provided to us or for other related purposes. We shall, in line with our internal policies, controls and relevant Data Protection Regulations ensure that this data is not disclosed or assessed by unauthorised persons. By providing any information on the Bank’s career page, you confirm that you have read the terms and privacy statement and accept it. As an applicant, you consent to the Bank using the data provided in accordance with terms described above.
Our website, related websites and mobile applications may have links to or from other websites that are not operated by us. We have no control over and assume no responsibility for the security, privacy practices or content of third-party websites or services. We recommend that you always read the privacy and security statements on these websites.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform specific Service-related roles or to assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose outside of the service-specific need for which the data is required.
This Privacy Policy is effective as of the date stated above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on our website.
Based on the changing nature of privacy laws, user needs and our business, we may modify this Privacy Policy from time to time. Any change to our privacy policy will be communicated on our website, via email or by placing a notice on our Platform and this will be effective as soon as published. Accordingly, we encourage periodic reviews of this Privacy Policy for awareness of any changes that may have occurred. Your continued use of the Services after we post any modifications to the Privacy Policy on our website will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.
If you have any questions, comments or requests in relation to this Privacy Policy or objections, complaints or requirements in relation to the use of your personal data, please contact us by sending an email to [email protected] or 08027170203 or write a letter addressed as follows:
The Data Protection Officer
Sterling Bank Limited
20 Marina, Lagos.