Data Protection and Privacy Policy

Effective Date: July 30, 2025

1. Introduction

At XDS Data Ghana ("we", "us", "our"), we are committed to protecting your privacy and ensuring the integrity, confidentiality, and security of your personal data. This Privacy Policy outlines how we collect, use, disclose, retain, and protect your information when you interact with our services, systems, platforms, or personnel—whether online or offline.

2. Scope

This Privacy Policy applies to all individuals whose personal data we collect, including:

  • Customers and prospective customers;
  • Website and mobile application users;
  • Data subjects of credit information provided to us;
  • Suppliers, contractors, and partners;
  • Employees and agents of corporate clients;
  • Any individual who interacts with us or shares personal data with us.

3. Key Definitions

  • Personal Data: Any data that identifies or could identify a natural person, directly or indirectly.
  • Special Personal Data: Includes sensitive categories such as racial or ethnic origin, political opinions, religious beliefs, health data, and criminal records.
  • Processing: Any operation performed on personal data, whether automated or not.
  • Data Subject: The individual to whom the personal data relates.

4. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • Consent provided by the data subject;
  • Contractual necessity to deliver our services;
  • Legal obligation to comply with applicable laws;
  • Legitimate interest pursued by XDS Data Ghana or a third party;
  • Vital interests of the data subject or another person;
  • Public interest or official authority vested in us.

5. Types of Personal Data Collected

Depending on the nature of your relationship with us, we may collect:

  • Identification data (e.g. name, ID number, passport);
  • Contact data (e.g. address, email, phone number);
  • Financial data (e.g. bank details, credit history);
  • Transaction data;
  • Employment and income information;
  • Biometric data (where applicable);
  • Usage data (e.g. from our website or apps);
  • Communications and feedback.

6. Sources of Personal Data

We collect personal data from:

  • You directly;
  • Our corporate clients and data furnishers;
  • Credit providers and financial institutions;
  • Public databases and registers;
  • Social media platforms (as permitted);
  • Third-party service providers;
  • Law enforcement or regulatory authorities (as required).

7. Purposes of Processing

We use your personal data for the following purposes:

  • To verify identity and perform credit assessments;
  • To provide, improve, and personalize our services;
  • For billing, account management, and customer support;
  • To fulfill legal and regulatory obligations;
  • For analytics, risk modeling, and statistical reporting;
  • To detect and prevent fraud or unauthorized access;
  • For direct marketing, subject to your preferences;
  • To onboard and manage suppliers and business partners.

8. Data Sharing and Disclosure

We may share your data with:

  • Credit providers and authorized data recipients;
  • Our affiliates and service providers under contract;
  • Legal and regulatory authorities as required;
  • Auditors, legal advisers, and consultants;
  • Insurers and reinsurers;
  • Prospective buyers in case of mergers or acquisitions;
  • International recipients, subject to lawful safeguards.

All third parties are bound by strict confidentiality and data protection obligations.

9. International Data Transfers

Where personal data is transferred outside Ghana, we ensure:

  • Compliance with the Data Protection Act, 2012 (Act 843);
  • Adequate contractual, technical, and organizational safeguards;
  • That recipient jurisdictions uphold data protection standards equivalent to Ghanaian law.

10. Data Retention

We retain personal data only as long as necessary for:

  • The purposes for which it was collected;
  • Legal and regulatory obligations;
  • Contractual enforcement and dispute resolution;
  • Legitimate business interests;
  • Statistical, historical, or research purposes (with safeguards).

When retention is no longer necessary, we securely delete or anonymize your data.

11. Data Security Measures

We employ robust security measures to protect personal data, including:

  • Encryption and access controls;
  • Secure data storage and backups;
  • Periodic security audits and risk assessments;
  • Staff training on data protection;
  • Incident response plans for data breaches.

12. Your Rights as a Data Subject

You have the following rights under Ghana’s Data Protection Act:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion under lawful grounds.
  • Right to Object: Object to processing based on legitimate interests or for marketing.
  • Right to Restrict Processing: Limit processing under certain conditions.
  • Right to Withdraw Consent: At any time, where processing is based on consent.

To exercise these rights, contact us using the details below.

13. Automated Decision-Making

We do not make decisions based solely on automated processing unless:

  • Required to fulfil a contract;
  • Authorized by law;
  • Based on your explicit consent.

In all cases, we ensure human oversight and transparency.

14. Children’s Privacy

We do not knowingly collect data from individuals under the age of 18 without the consent of a parent or guardian.

15. Policy Updates

This policy may be updated from time to time. The latest version will always be published on our website and significant changes will be communicated appropriately.

16. Contact Information

To raise privacy concern, exercise your rights, or make a complaint:

Data Protection Supervisor (DPS)
XDS Data Ghana
Email: data.privacy.gh@xdsdata.com
Phone: 027 900 989 3
Website: www.xdsdata.com

You may also contact the Ghana Data Protection Commission:

Contact Us