FirstRand Cookie Notice
1. Overview of the Firstrand group
FirstRand Limited and its subsidiary companies (FirstRand or the group) is a portfolio of integrated financial services businesses operating in South Africa, certain markets in sub-Saharan Africa and in the UK. FirstRand executes its strategy through a portfolio of leading financial services businesses comprising FNB, RMB, WesBank, Ashburton Investments and Aldermore and provides a universal set of transactional, lending, investment and insurance products and services.
A simplified group structure can be found on FirstRand’s website and provides an overview of the various businesses/entities that form part of the FirstRand group: https://www.firstrand.co.za/the-group/ownership-and-legal-structure/
Privacy is important to the group. This cookie notice applies to all websites that belong to the group which are applicable to South Africa (websites), e.g. www.fnb.co.za, www.rmb.co.za and www.wesbank.co.za.
Please refer to the FirstRand group customer privacy notice for details of the entities that form part of the group, and the way the group uses personal information. The FirstRand group privacy notice is available at https://www.firstrand.co.za/investors/governance-and-compliance/.
3. What is a cookie?
A cookie is a small piece of data that is sent (usually in the form of a text file) from a website to the user’s device, such as a computer, smartphone or tablet. The purpose of a cookie is to provide a reliable mechanism to “remember” user behaviour (keeping track of previous actions), e.g. remembering the contents of an online shopping cart, and actions the user performed whilst browsing when not signed up or logged into their online account.
The group does not necessarily know the identity of the user of the device but does see the behaviour recorded on the device. Multiple users of the same device would not necessarily be distinguishable from one another. Cookies could, however, be used to identify the device and, if the device is linked to a specific user, the user would also be identifiable. For example, a device registered to an app (FNB, WesBank, RMB, etc.).
4. Which cookies can be found on Firstrand group websites?
First- and third-party cookies refer to the website or domain using the cookie. Cookies are set by the website that the user is visiting.
First-party cookies are directly stored by the website (or domain) visited by a user. These cookies allow website owners to collect analytics, data, remember language settings or perform other useful functions that provide a good user experience.
Third-party cookies are created by domains separate/different from the website (or domain) that the user is visiting. These cookies are usually used for online advertising, cross-site tracking; and are accessible on any website that loads the third party’s server code, e.g. when a user visits a site and clicks a “like” button, this could be stored in a cookie and, upon visiting the third-party site, the cookie will be used to action the request.
For example, a user browses online for a specific product, finds an advert of interest, clicks the advert and thereafter closes their browser. Several hours later, the user notices advertising of the same product that they were browsing for earlier.
When a user visits a group website, the group may include any of the cookies listed in the table below. The table explains what the cookies are used for and the time period for which the cookie could remain valid. Where cookies are only valid for a single session, the cookie will be erased when the user closes their browser. Where cookies persist, the cookie will be stored by the user’s browser until deleted by the user.
|First-party cookies||Browser/device identification||Enable the group to identify the device/browser.||Persist beyond a single session.|
|Authentication||Upon logging into a web server, a cookie will be returned that identifies the user has been successfully logged in.||Only valid for the single session.|
|First- and third-party cookies||Analytics||To collect information about how visitors, use group websites. This can provide the group with insight on website performance and metrics.||Persist beyond a single session.|
|Third-party cookies||Marketing and other||Used for tracking and online advertising purposes.||Persist beyond a single session.|
|HTTPS||Makes a cookie secure by ensuring it is only sent over HTTPS protocol. This prevents attackers from secretly extracting it.|
|Same-site cookie||Makes the cookie secure by limiting the sites to which the cookie is allowed to be sent.|
|Expiry||Sets the duration a cookie will last for before it expires.|
|Secure||Makes a cookie secure by ensuring it is only sent over a securely encrypted channel.|
|Path||Helps to protect a cookie by restricting the location where it is allowed to be sent.|
The group will only process cookies which identify users for lawful purposes:
- if a user has consented thereto;
- if a user has consented thereto;
- if a person legally authorised by the user, the law or a court, has consented thereto on the user’s behalf;
- if it is necessary to conclude or perform under a contract that the group has with the user;
- if the law requires or permits it;
- if it is required to protect or pursue the user’s, the group’s or a third party’s legitimate interest (e.g. for fraud prevention); or
- if the user is a child and a competent person (like a parent) has consented thereto on the child’s behalf.
- fraud, financial crime and other crime prevention, detection or reporting;
- managing and improving security for the group and users (for example to prevent fraudulent use of login details);
- various analytical reasons, e.g. how group websites are used so that improvements can be made;
- marketing and advertising, for example to decide which solutions (goods, products, services or rewards) users may be interested in and to customise marketing on various applications and websites; and/or
- recognition of users of group websites, or devices which return to group websites.
6. What happens if a user does not want cookies?
All browsers allow users to refuse to accept cookies and to remove current cookies. The methods for doing so vary between different browsers and versions. Users can block cookies on group websites, if desired. Blocking certain cookies may have a negative impact upon the usability of group websites. For example, the group requires cookies to allow users to log in. By removing first-party cookies, a user’s banking experience may be affected.
7 Further information about cookies
- Users’ browsers store cookies and group websites cannot access any data on a user’s device.
- As cookies are stored in text files, they cannot be used to distribute viruses to a device.
- On a single device with multiple users; the experience of group websites would be customised based on the behaviour of all users using the device and not just an individual user.
- If users disable cookies, previous cookies collected will not be deleted, however, this will prevent the creation of new cookies. Expired cookies will be removed automatically.