DATA PROTECTION & Privacy notice


This Data Protection & Privacy Notice aims to provide you with information about how we process your personal information at Bank of Africa.

We will only process information where you have given us the information directly as a data controller or by our clients where we are processors in accordance with their instructions and in line with our obligations and your rights under the law Nº 058/2021 OF 13/10/2021 relating to the protection of personal data and privacy and other Jurisdictional Data Protection laws that are applicable.

  1. At Bank of Africa Rwanda (BOA-Rwanda) Limited, we treat your information i.e., your personal data safely, confidentially, and responsibly.
  2. The Bank is registered with the Rwanda Data Protection Office and National Cyber Security Authority, and our Head Office is situated at Head Office: Head Office: KN 2 Nyarugenge – Chic Complex, Kigali, Rwanda
  3. Personal data means data about an individual who can be identified from the data or other information in the possession of, or likely to come into the possession of the Bank.
  4. Personal Data includes but not limited to your name, Date of Birth, Identification Numbers, contact details, physical addresses, National ID Card/passport Number, Account Numbers and Bank data (transactions, operations on securities, bank transfers, bank statements etc.).
  5. Personal information also refers to the personal data that uniquely identifies a legal entity, such as the trading name of a company combined with the company registration number, Tax Identification Numbers, contact details, and physical addresses etc.

How is your personal data obtained?

  1. BOA-Rwanda, we collect personal information directly from you when you engage with us through our various channels. Where we collect your personal information indirectly from you, we will inform you in due course when we contact you of where we obtained the information from. The following are the various ways we collect information from you.
    • When you contact us to open an account, apply for a loan or request for any of our digital products.
    • When you contact us to make an inquiry or request information.
    • When you make a complaint and or give us feedback.
    • When you apply for a job with us.
    • And through any other interaction that you have with us.

The information we collect from you

  1. We only collect personal information that is necessary, relevant, and not excessive for the purpose of processing. The type of personal information that we may collect and process about you when you interact with us include the following:
    • Your names
    • Date of Birth
    • Tax Identification Number
    • Telephone number(s)
    • Email address
    • Proof of Address
    • Mother’s maiden name
    • National ID Card Number & Biometric details etc
  2. We may, in specific circumstances, process other information such as your subscriptions, services used, records of conversations, agreements, and financial details that are required for transactions. You are under no obligation to provide us with your personal information; however, certain basic information may be required for us to be able to provide you with the service or request made by you. Where this is the case, we will advise you at the point of obtaining the information.

Purpose of processing

  1. The purposes for which we process your personal data include one or more of the following purposes:
    • To provide you with information that you have requested or that we think may be relevant to a service or product in which you have expressed an interest.
    • Agree to process financial transactions with you or the company you represent for requesting for any of the Bank’s products and services.
    • To fulfil a contract that we have entered with you or with the entity you represent. In these circumstances, it may be your entity, rather than yourself, that has provided us with your personal data for us to fulfil the contract.
    • To ensure the security safeguard of our websites and underlying business infrastructure.
    • To manage any communication between you and us.

Lawfulness of Processing your Personal Data

  1. BOA-Rwanda will only process your personal data for the specific purpose that we state at the point of data collection and when the law allows or requires us to do so. We will only collect and process your data for lawful purposes. Most commonly, we will use your personal data in the following circumstances:
    • For us to perform a contract that we are about to enter or have entered into with you.
    • Where it is necessary for our legitimate interests and if your interests and fundamental human rights do not override those interests.
    • Where we need to comply with a legal or statutory obligation or duty.
    • Where a court of competent jurisdiction orders us to do so
    • Where you give us your express consent and in an unambiguous term.

To avoid any ambiguity, we have defined in more precise details, a description of the ways we may use your personal data and the legal bases we may proceed to do so.

The table below identifies appropriately, what our legitimate interests are:

Type of processing activity Lawful basis
To contact you, following your inquiry, reply to any questions, suggestions, issues, or complaints you have contacted us about Legitimate interest
Fulfillment of a contract to provide you with an agreed service Performance of a contract
Make available our services and products to you Legitimate interest
Process your orders including account opening, loan, cheque books, and digital channels etc Performance of a contract
For statistical analysis and to get feedback from you about our services or products Legitimate interest
Tele Marketing /mailing list /SMSs/email alerts etc Express Consent


Who/Whom we might share your personal data with

  1. BOA-Rwanda can assure you that, we will not share your personal data with third parties unless any of the following circumstances apply.
    • Where the law or a statutory duty requires us to do so
    • Share with joint controllers such as the Data Protection Office for specific purposes such training and quality assurance.
    • Our staff members or authorize agents who need the information in the course of their roles to administer a contract, a product or service we are providing to you
    • If we need to share personal data to establish, exercise, or defend our legal rights (this includes providing personal data to others to prevent fraud and reduce credit risk); or
    • Share with recipients, including employees, only for the purposes of administering services to you or responding to your request. This will only be shared on a strictly need-to-know basis.
    • We will only share with third parties that we have either contracted to perform services for us and will ensure that we put the necessary security and third-party contracts and agreements in place.

Internet Communications  

  1. In order to maintain the security of our systems, protect our staff, record transactions, and, in certain circumstances, to prevent and detect crime or unauthorized activities, Bank of Africa reserves the right to monitor all internet communications including web and email traffic into and out of its domains.

Security safeguards

  1. At BOA-Rwanda, information security safeguards are of high importance to us, and therefore, we believe we have appropriate technical and organizational security measures and controls in place to protect your information.
    • The Bank has implemented access controls and encryption to our information technology and systems.
    • The Bank has implemented adequate information security management systems and business continuity management systems
    • We do not, however, have any control over what happens between your device and the boundary of our information infrastructure.
    • You should be aware that there are many information security risks that exist and take the appropriate steps to always protect your own information

Your Rights as a Data Subject  

  1. Pursuant to Chapter III, the law Nº 058/2021 OF 13/10/2021 relating to the protection of personal data and privacy provides some basic rights to data subjects and other rights within the scope of the law. These rights are:
    • Right to personal Data
    • Right to object
    • Right to personal data portability
    • Right not to be subject to a decision based on automated data processing Right to freedom from automated decision making
    • Right to restriction of processing of personal data Right to compensation
    • Right to erasure of personal data
    • Right to rectification
    • Right to designate an heir to personal data
    • Right to representation

How to contact Bank of Africa Rwanda on issues of Data Protection & Privacy issues:

  • You may contact us through the following:
  • Call: +250 788 172 600
  • Email: