Principles on Personal Data and Privacy Protection
Overview
Net Concepts Ltd. (“Net Concepts”) is committed to processing personal data in an accountable, and non-discriminatory manner.
Net Concepts defines ‘personal data’ as data about individual who can be identified from the data, or from the data or other information in the possession of Net Concepts, or likely to come into the possession of Net Concepts.
Net Concepts uses the term ‘data processing’ to describe any operation or activity or set of operations by automatic or other means that concerns data or personal data and the collection, organisation, adaptation or alteration of the information or data, retrieval, consultation or use of the information or data, disclosure of the information or data by transmission, dissemination or other means available, or alignment, combination, blocking, erasure or destruction of the information or data;
The Principles on Personal Data Protection and Privacy (hereafter, the Principles) are based on the Data Protection ACT, 2012 (ACT 843) of Ghana Gazette on 18th May, 2012.
Principles
Lawful and Legitimate Processing
Net Concepts should process personal data in a fair manner, in accordance with its mandate and governing instruments and based on any of the following:
- the consent of the data subject;
- the best interests of the data subject, consistent with the mandate of Net Concepts;
- the authorization or required by law.
Purpose Specification and Compatibility
Personal data should be processed for specified purposes, which are consistent with the mandate of Net Concepts and take into account the balancing of relevant rights, freedoms and interests of data subject. Personal data should not be processed in ways that are incompatible with such purposes.
Personal data should be further processed in connection and in relation with the purpose for which the data was collected.
The processing of personal data should be relevant, limited and adequate to what is necessary in relation to the specified purposes of personal data processing.
Quality of Information and Retention
Personal data should be complete, accurate and, up-to-date to fulfill purpose of collection, having regards to the specified purposes for the collection or processing of the data.
Personal data should only be retained for the time that is necessary to achieve the purpose for which the data was collected and for the processing unless required or authorized by law.
Security Safeguard
Appropriate organizational, administrative, physical and technical safeguards and procedures should be implemented to protect the confidentiality, security of personal data, and privacy including against or from unauthorized or accidental access, damage, loss or other risks presented by data processing.
Transparency and Openness
Processing of personal data should be carried out with transparency to the data subjects, as appropriate and whenever possible. This should include, for example, provision of information about the processing of their personal data as well as information on how to request access, verification, rectification, and/or deletion of that personal data, insofar as the specified purpose for which personal data is processed is not frustrated.
Collection and Transfers
Net Concepts will:
- Collect and use the information you provide to process your request. Your information will not be used for any other purpose than that for which it was collected or not compatible with the purpose it was collected for;
- Make the information you provide available only to employees or agents or processor who require it in order to process and respond to your request in line with Net Concepts’ mandate;
- Retain your information on its servers for the time required to process your request;
- Maintain a summary of each request for statistical analysis.
In carrying out its mandated activities, Net Concepts may transfer personal data to a third party, provided that, under the circumstances, the third party will provide appropriate protection for the personal data.
Accountability
Net Concepts shall have adequate guidelines and mechanisms in place to adhere to these Principles.
There is a designated Data Protection and Privacy Officer who provides advice to ensure that personal data is processed in accordance with these Principles.
Should you have any questions or concerns about the protection or processing of your personal data by Net Concepts, please contact dpo@netconceptsgh.com.