GRUPI PRIVACY NOTICE

GENERAL OVERVIEW OF OUR PRIVACY NOTICE

Your privacy is important to us and we are committed to ensuring the protection of your privacy whenever you interact with us

DATA CONTROLLER

Grupi Insurtech Limited (Grupi) is the data controller for the information we process unless otherwise stated. It shall be referred to as the “Grupi”. For the purpose of this Privacy notice

Our office address; 1st Floor Block 2 - SSNIT AIA Branch Office, New Times Junction, Circle – Kaneshie Road

WHAT PERSONAL INFORMATION DO WE COLLECT?

Please note that we only collect Personal Information which you voluntarily submit to us to enable us adequately serve you. “Personal Information” is any information that personally identifies an individual or from which an individual could be identified. This may include your name, address, email address, telephone number and other information about you that you provide us through the registration process at the Site. We collect, use, store and transfer personal information to manage our relationship with our customers, employees, business partners and other third parties and to serve them better. We process personal information in compliance with the Data Protection Act 2012 (DPA 2012 (Act 843)). We may collect and process personal information through a variety of means, including, through your access to our Services on the mobile application or our website, employment processes, during conversations or correspondence with our representatives and comments on our websites or social media platforms. Also while using our mobile application, the following information may be collected from your device automatically: details of your device, unique device identifiers (IMEI or serial number), information about the SIM card, mobile network, operating system and browser settings. We may also require location information from your device GPS. You will be required to grant consent to enable the mobile application to access your mobile GPS. Turning off your location may render some of our Services unavailable. Furthermore, we may use in-app analytics technologies to help improve and simplify the overall app, design and Services. These tools track aggregated information about installations, in-app usage, performance measures, better reporting on application failures and uninstallations.

HOW DO WE OBTAIN YOUR PERSONAL DATA?

The nature of the data we collect is dependent upon the nature of your interaction with us. Grupi obtains personal information from you when you interact with us through the following channels

  • When your information is provided as part of the registration process with the Grupi App in compliance with the Data Protection Act 2012 (Data Protection Act 2012 (Act 843) ).
  • When you register for or attend an event/conference/training organized or sponsored by Grupi
  • When you make an enquiry or request information from us
  • When you make a complaint and or give feedback
  • When you apply for a job with the Grupi
  • And through any other interaction with us.

PURPOSE OF PROCESSING & LAWFULNESS

We ensure at all times that the personal data we obtain is processed in a lawful and reasonable manner and same is processed without infringing your privacy rights guaranteed under the Act.

We assure you that we shall only process your data if the purpose for processing is necessary, relevant and not excessive. We shall take all the necessary steps to ensure that you are aware of the purpose for which we are processing your personal information. We will only use the information you provide for the purpose for which we obtained collect the information

YOUR CONSENT

We assure you that we shall not process your data without your prior consent unless;

  • Necessary for the purpose of a contract to which you are a party
  • The purpose for which the personal data is processed is authorised or required by law,
  • Or when we have to do so to protect your legitimate interest.
  • Or if to do so is necessary for the performance of a statutory duty;
  • Or if it’s necessary to pursue a legitimate interest

Where we rely on your consent t to process your personal data, you can withdraw your consent at any time. In the event that you withdraw your consent, we may not be able to provide certain services to you. We will however advise you if this is the case at the time you withdraw your consent.

RETENTION (HOW LONG WE KEEP YOUR PERSONAL DATA)

We shall not retain your data for a period longer than is necessary to achieve the purpose for which we process your data and in line with our retention policy. At the end of the retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and the GRUPI’s business planning. Specific details of the retention periods for different aspects of your personal data are available in our retention policy which you can request from us. Where necessary, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in those circumstances, we may use this information indefinitely without further notice to you.

USE AND SHARING PERSONAL DATA

We shall only disclose information you provide to us after we have sought and obtained your consent to disclosure of same or where the initial disclosure was made for the purposes of it being made available to the public under the provisions of Data Protection Act 2012 (Act 843) .

We shall not disclose information you provide us which is not at the time of the disclosure and or has not previously been available to the public from other sources.

We shall not make your information available to a third party unless this is necessary for the purpose for which you provided the information.

We shall not disclose your information to third parties unless we are required to do so under Data Protection Act 2012 (Act 843) or other relevant laws in Ghana or International treaties/agreement or Conventions.

The data we collect depends on the context of your interactions with GRUPI and the choices that you make, including your privacy settings and the purpose of your visit to our site products and features that you use.

We may share your personal data with your consent or to complete a transaction or provide a service for you.

We may also share your data with the GRUPI‘s-controlled affiliates; when required by law or to respond to legal process; to protect lives; and to protect the rights and property.

As indicated above we shall obtain your consent for use of your data at all relevant times.

YOUR RIGHTS

You have rights under the Data Protection Act 2012 (Data Protection Act 2012 (Act 843) and you can exercise any of these rights by serving notice to the GRUPI in writing at any time.

We have taken the time to list some of these rights below

1. The Right to Object to us Processing your Data

You have the right to object to us processing your data in the manner referred to in this policy. W here we are relying on your legitimate interest or that of a third party and there is something about your particular situation which makes you want to object to processing of the information you can do so on the grounds that you feel it impacts on your fundamental rights and freedoms. If you serve us a notice to exercise any of your rights, we will endeavour to respond to the notice within twenty-one (21) days after receipt of a notice. In our response, we will inform you (a) that we have complied or intend to comply with you notice or where we do not intend to comply with your request provide our reasons for our decision. Please note however that there may be instances we will proceed to process the said data irrespective of your objection provided we can demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

2. Request for Access to Data

You can request that we give a description of your data held by us and data about the identity of a third party or a category of a third party who has or has had access to the said data. We shall request for specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. If we need further information before responding to your request, we will contact you to ask you for the further information to speed up our response. We may request you to pay a reasonable fee for us to provide you the information requested; (c) in a reasonable manner and format; and (d) in a form that is generally understandable.

3. Right to Request a Restriction on Processing of your Data

You have the right to ask us to restrict or suspend the processing of your personal data if:

  • You want us to establish the data’s accuracy; or
  • Where our use of the data is unlawful, but you do not want us to erase it; or
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • You have objected to our use of your data, but we need to verify whether we have overriding and legitimate grounds to continue using it.

4. Right to Rectification, Deletion and Destruction

It is important that the personal data we hold about you is accurate and current so please keep us informed if your personal data changes during your relationship with us. You have the right to request that we correct your data because it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully or that it is incompatible with the legitimate purposes for which the GRUPI obtained the said data. Further to the above, you can request that we destroy or delete a record of personal data about you that we no longer have your consent to retain. To exercise any of these rights, you must serve us with a notice in which you must state the reasons why you believe that the data we hold is inaccurate or incomplete or is being held in a manner which is incompatible with the legitimate purposes pursued by us. On receipt of the request, we shall comply with the request or provide you with credible evidence in support of the data. Where we are unable to reach an agreement, we shall attach to the record an indication that a request for the data has been made but has not been complied with. Where we comply with the request, we shall inform each person to whom the data has been disclosed of the correction made. We shall notify you of the action taken as a result of the request.

OUR RESPONSIBILITIES

We have a responsibility to protect your privacy and any personal data we obtain from you through your interaction with us. Before processing any data, we will ensure that the data we obtain from you is complete, accurate, up to date and is not misleading having regard to the purpose for which we collect or processing the said data. At all relevant times we shall notify you of the purpose for which the GRUPI requires your data. We shall also indicate which data you have a discretionary to provide and or which data we think you have to provide because it’s mandatory to do so. We shall notify you of the consequences if you fail to provide the said data.

SECURITY MEASURES

Grupi shall take the necessary steps to secure the integrity of your data in our possession or control by adopting of appropriate, reasonable, technical and organisational measures to prevent (a) loss of, damage to, or unauthorised destruction; and (b) unlawful access to or unauthorised processing of your data. We shall take reasonable measures to (a) identify reasonably foreseeable internal and external risks to your data in our person’s possession or control; We shall establish and maintain appropriate safeguards against the identified risks and regularly verify that the safeguards are effectively implemented; and continually updated in response to new risks or deficiencies. We shall observe generally accepted information security practices and procedures in line with the Data Protection Act 2012 (Act 843).

WHAT WILL WE DO IN THE EVENT OF A SECURITY COMPROMISE?

Where we have reasonable grounds to believe that your data has been accessed or acquired by an unauthorised person, We shall take steps immediately to ensure the restoration of the integrity of the information system .We shall notify you (via registered mail to your last known residential or postal address) of the unauthorised access or acquisition as soon as reasonably practicable after the discovery of the unauthorised access or acquisition of the data. We shall provide you with sufficient information to ensure that you can take protective measures against the consequences of the unauthorised access or acquisition of your data, this shall include the identity of the unauthorised person who may have accessed or acquired your data.

COOKIES

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie.

We sometimes use “cookies”. “Cookies” are programs that we transfer to your computer’s hard drive. They enable us to improve interactivity with the website.

The purpose of “cookies” is to enhance your future visits to our website.

You can set your browser to notify you if “cookies” are to be transferred or to reject “cookies” but this may prevent your use of some of our web pages.

Cookies only store information from your browser, they cannot access data on your hard drive. Cookies are text files that cannot transfer viruses to your computer or mobile device.

You have a variety of tools to control the data collected by cookies, web beacons and similar technologies. For example, you can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.

OTHER LINKS / SITES

Our mobile application or website may contain links to other third-party websites that we do not control or maintain. We are not responsible for the privacy practices employed by those third-party. We will notify you once you are leaving our website to enable you to decide whether to proceed or not. We advise you to read the privacy statements of all third-party websites before submitting any personal information.

Grupi is committed to managing & safeguarding your personal information.

Grupi is guided not only by Data Protection Act 2012 (Act 843), we also adhere to the General Principles of Data Protection and general International best practices in relation to Data Protection.

Our aim at all relevant times is to be responsible and ensure the integrity of your data.

We assure you that whenever you provide personal information, we will treat that information in accordance with this Privacy Policy and shall endeavour at all times to keep your data accurate and secure.

“Data subject” means an individual who is the subject of personal data

“Foreign data subject” means data subject information regulated by laws of a foreign jurisdiction sent into Ghana from a foreign jurisdiction wholly for processing purposes;

“Personal data” means data about an individual who can be identified, (a) from the data, or (b) from the data or other information in the possession of, or likely to come into the possession of the data controller;

“processing” means an operation or activity or set of operations by automatic or other means that concerns data or personal data and the (a) collection, organization, adaptation or alteration of the information or data, (b) retrieval, consultation or use of the information or data, (c) disclosure of the information or data by transmission, dissemination or other means available, or (d) alignment, combination, blocking, erasure or destruction of the information or data;

“foreign data” means data subject information regulated by laws of a foreign jurisdiction sent into Ghana from a foreign jurisdiction wholly for processing purposes.

CONTACT AND OFFICE DETAILS

If you have any queries, do not hesitate to contact us.

Email: info@Grupi.co