Se rendre au contenu

Politique de confidentialité

Dernière mise à jour : 6 janvier 2025

1. INTRODUCTION

1.1 Objet de cette Politique de Confidentialité

Cette Politique de Confidentialité explique comment CONAK Technology ("nous", "notre" ou "nos") collecte, utilise, divulgue, traite et protège les informations personnelles vous concernant lorsque vous visitez notre site web, utilisez nos services ou interagissez autrement avec nous. Nous respectons votre vie privée et nous nous engageons à protéger vos informations personnelles conformément aux lois applicables en matière de protection des données.

Cette Politique de Confidentialité a été conçue pour se conformer à la Loi sur la Protection des Données du Ghana, 2012 (Loi 843), au Règlement Général sur la Protection des Données (RGPD) de l'Union Européenne, à la Loi sur la Protection de la Vie Privée des Consommateurs de Californie (CCPA) telle que modifiée par la Loi sur les Droits à la Vie Privée de Californie (CPRA), et aux autres lois internationales applicables en matière de protection des données.

1.2 Champ d'Application

Cette Politique de Confidentialité s'applique à :

  • Tous les visiteurs de notre site web
  • Les utilisateurs de nos services et applications
  • Les personnes qui communiquent avec nous par divers canaux
  • Les partenaires commerciaux et les clients
  • Les candidats à un emploi

Cette Politique de Confidentialité ne s'applique pas aux sites web, produits ou services de tiers, même s'ils renvoient à nos services. Nous vous encourageons à consulter les politiques de confidentialité de tout service tiers avant de fournir vos informations personnelles.

1.3 Définitions des Termes Clés

Pour plus de clarté et de cohérence, nous utilisons les termes suivants tout au long de cette Politique de Confidentialité :

  • Informations Personnelles/Données Personnelles : Toute information relative à une personne physique identifiée ou identifiable.
  • Personne Concernée : Une personne physique identifiée ou identifiable à laquelle se rapportent les données personnelles.
  • Responsable du Traitement : L'entité qui détermine les finalités et les moyens du traitement des données personnelles (CONAK Technology dans ce contexte).
  • Sous-traitant : Une entité qui traite les données personnelles pour le compte du responsable du traitement.
  • Traitement : Toute opération effectuée sur des données personnelles, y compris la collecte, l'enregistrement, l'organisation, la structuration, la conservation, l'adaptation, l'extraction, la consultation, l'utilisation, la communication, la diffusion ou toute autre forme de mise à disposition.
  • Informations Personnelles Sensibles : Informations personnelles révélant l'origine raciale ou ethnique, les opinions politiques, les convictions religieuses ou philosophiques, l'appartenance syndicale, les données génétiques, les données biométriques, les données de santé, la vie sexuelle ou l'orientation sexuelle, ou certaines informations financières.

1.4 Identité et Coordonnées

Responsable du Traitement/Entreprise:

CONAK Technology Ltd

Cnr Duala and Lagos Avenue, GA-334-5832

East Legon, Accra

Ghana

Coordonnées:

Email: privacy@conaktechnology.com

Téléphone: +233 59 692 1898

Site web: www.conaktechnology.com

1.5 Délégué à la Protection des Données

Nous avons nommé un Délégué à la Protection des Données (DPD) qui est responsable de la supervision des questions relatives à cette Politique de Confidentialité. Si vous avez des questions concernant cette Politique de Confidentialité, y compris toute demande d'exercice de vos droits légaux, veuillez contacter notre DPD en utilisant les coordonnées fournies ci-dessous :

Délégué à la Protection des Données:

Email: dpo@conaktechnology.com

Téléphone : +233 59 692 1898 Ext. 200

 

2. CADRE JURIDIQUE ET CONFORMITÉ

2.1 Loi sur la Protection des Données du Ghana (Loi 843)

En tant qu'entreprise opérant au Ghana, nous nous conformons à la Loi sur la Protection des Données du Ghana, 2012 (Loi 843), qui établit les principes de protection des données et les exigences pour le traitement des données personnelles. Nous sommes enregistrés auprès de la Commission de Protection des Données du Ghana conformément à la loi.

2.2 Règlement Général sur la Protection des Données (RGPD)

Pour les personnes résidant dans l'Espace Économique Européen (EEE), nous nous conformons au RGPD, qui réglemente le traitement des données personnelles des résidents de l'EEE..

2.3 Loi sur la Protection de la Vie Privée des Consommateurs de Californie (CCPA) et Loi sur les Droits à la Vie Privée de Californie (CPRA)

Pour les résidents de Californie, nous nous conformons à la CCPA telle que modifiée par la CPRA, qui prévoit des droits spécifiques concernant les informations personnelles.

2.4 Autres Lois Applicables

Nous nous conformons également aux autres lois et réglementations internationales applicables en matière de protection des données qui peuvent s'appliquer à notre traitement de vos informations personnelles..

3. INFORMATIONS PERSONNELLES QUE NOUS COLLECTONS

3.1 Catégories d'Informations Personnelles

Nous pouvons collecter les catégories suivantes d'informations personnelles:

  • Identifiants : Nom, adresse postale, adresse e-mail, numéro de téléphone, identifiant personnel unique, identifiant en ligne, adresse IP, nom de compte ou autres identifiants similaires.
  • Dossiers Clients : Nom, adresse, numéro de téléphone, éducation, emploi, historique d'emploi, informations financières.
  • Informations Commerciales : Enregistrements des produits ou services achetés, obtenus ou envisagés, ou autres historiques ou tendances d'achat ou de consommation.
  • IActivité Internet : Historique de navigation, historique de recherche, informations concernant les interactions avec notre site web, application ou publicité.
  • Données de Géolocalisation : Emplacement physique ou mouvements.
  • Informations Professionnelles : Historique professionnel actuel ou passé ou évaluations de performance.
  • Inférences : Inférences tirées de l'une des informations identifiées ci-dessus pour créer un profil sur un consommateur reflétant ses préférences, caractéristiques, tendances psychologiques, prédispositions, comportement, attitudes, intelligence, capacités et aptitudes.

3.2 Categories of Sensitive Personal Information

We may collect the following categories of sensitive personal information:

  • Account log-in credentials
  • Financial account information
  • Precise geolocation data (with your consent)
  • Contents of communications (such as emails or messages sent through our platforms)

We do not collect sensitive personal information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation unless required by law or with your explicit consent.

3.3 Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you: When you provide information by filling in forms on our website, creating an account, using our services, communicating with us, or applying for a job.
  • Automated technologies: When you visit our website, we may automatically collect technical data about your equipment, browsing actions, and patterns through cookies, server logs, and other similar technologies.
  • Third parties: We may receive personal information about you from various third parties, such as business partners, service providers, analytics providers, and advertising networks.

3.4 Methods of Collection

We collect personal information through:

  • Our website and online forms
  • Email and other electronic communications
  • Telephone or in-person interactions
  • Cookies and similar tracking technologies
  • Third-party service providers

3.5 Automatic Data Collection Technologies

We use various technologies to automatically collect certain information when you visit our website or use our services, including:

  • Cookies: Small text files placed on your device to collect standard internet log information and visitor behavior information.
  • Web Beacons: Small electronic files that permit us to count users who have visited certain pages or opened an email.
  • Log Files: Track actions occurring on the website and collect data including IP address, browser type, referring/exit pages, and date/time stamps.

3.6 Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us provide you with a good experience when you browse our website and allows us to improve our site.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

For more detailed information about the cookies we use, please see our Cookie Policy [link to Cookie Policy].

4. PURPOSES FOR PROCESSING PERSONAL INFORMATION

4.1 Primary Purposes for Collection and Processing

We collect and process your personal information for the following purposes:

  • To provide and maintain our services
  • To process and complete transactions
  • To manage your account and provide customer support
  • To personalize your experience and deliver content relevant to your interests
  • To improve our website, products, and services
  • To communicate with you about our services, updates, and promotions
  • To protect the security and integrity of our website and business
  • To comply with legal obligations
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets

4.2 Legal Bases for Processing (GDPR specific)

Under the GDPR, we process your personal data based on one or more of the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
  • Vital Interests: Processing is necessary to protect someone's life.
  • Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

4.3 Legitimate Interests (where applicable)

Where we rely on legitimate interests as a legal basis, we have carefully balanced our interests against your rights and freedoms. Our legitimate interests include:

  • Improving and developing our products and services
  • Protecting our business, systems, and users from fraud and other illegal activities
  • Network and information security
  • Direct marketing of relevant products and services
  • Internal administrative purposes and analytics

4.4 Processing of Children's Personal Information

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

5. DISCLOSURE AND SHARING OF PERSONAL INFORMATION

5.1 Categories of Third-Party Recipients

We may disclose your personal information to the following categories of third parties:

  • Service providers and data processors who perform services on our behalf
  • Business partners and affiliates
  • Professional advisers including lawyers, bankers, auditors, and insurers
  • Regulators, government agencies, and law enforcement
  • Potential buyers or investors in the event of a business transaction

5.2 Service Providers and Data Processors

We may share your personal information with service providers who perform services on our behalf, such as:

  • Cloud hosting providers
  • Payment processors
  • Customer relationship management systems
  • Email service providers
  • Analytics providers
  • Marketing and advertising partners

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

5.3 Business Partners and Affiliates

We may share your personal information with our business partners and affiliates for the purposes described in this Privacy Policy. Our business partners and affiliates are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

5.4 Legal Requirements and Business Transfers

We may disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request
  • To enforce or apply our terms of use and other agreements
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, our customers, or others

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

5.5 Sale or Sharing of Personal Information (CCPA/CPRA specific)

Under the CCPA/CPRA, "sale" and "sharing" of personal information have specific definitions. We do not sell your personal information for monetary consideration. However, we may share certain personal information with third parties in a manner that could be considered a "sale" or "sharing" under the CCPA/CPRA.

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page [link] or contact us using the information provided in Section 13.

6. INTERNATIONAL DATA TRANSFERS

6.1 Cross-Border Transfer Mechanisms

We may transfer your personal information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country. When we transfer personal information across borders, we take appropriate safeguards to ensure that your personal information receives an adequate level of protection.

6.2 Adequacy Decisions and Appropriate Safeguards

For transfers from the EEA to countries not deemed to provide an adequate level of data protection by the European Commission, we implement one or more of the following safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Approved certification mechanisms
  • Codes of conduct

6.3 Data Transfer Impact Assessments

We conduct data transfer impact assessments when transferring personal data to countries without adequate data protection laws to ensure that appropriate safeguards are in place.

6.4 Standard Contractual Clauses

Where we use Standard Contractual Clauses for the transfer of personal data, we comply with the requirements set out by the European Commission and relevant data protection authorities.

7. DATA RETENTION AND DELETION

7.1 Retention Periods and Criteria

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider:

  • The amount, nature, and sensitivity of the personal information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the personal information
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

7.2 Data Minimization Practices

We implement data minimization practices to ensure that we only collect and retain personal information that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

7.3 Secure Deletion Procedures

When personal information is no longer needed, we securely delete or anonymize it. Our deletion procedures are designed to ensure that personal information cannot be reconstructed or read after the deletion process.

7.4 Exceptions to Deletion Requests

In some circumstances, we may be unable to delete your personal information due to legal or operational requirements. In such cases, we will inform you of the reasons why we cannot delete your information and how long we expect to retain it.

8. YOUR RIGHTS AS A DATA SUBJECT/CONSUMER

8.1 Right to Access Personal Information

You have the right to request access to the personal information we hold about you. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

8.2 Right to Correction/Rectification

You have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

8.3 Right to Deletion/Erasure

You have the right to request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal information to comply with local law.

Note that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you at the time of your request.

8.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.

8.5 Right to Object to Processing

You have the right to object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

8.6 Right to Data Portability (GDPR specific)

You have the right to request the transfer of your personal information to another party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.

8.7 Right to Opt-Out of Sale/Sharing (CCPA/CPRA specific)

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page [link] or contact us using the information provided in Section 13.

8.8 Right to Limit Use of Sensitive Personal Information (CCPA/CPRA specific)

California residents have the right to limit the use and disclosure of their sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer.

8.9 Right to Non-Discrimination

You have the right not to be discriminated against for exercising any of your rights under applicable data protection laws. We will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services
  • Provide you with a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

8.10 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

8.11 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us by:

8.12 Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. The verification process may differ depending on the nature of the request and the sensitivity of the information involved.

8.13 Response Timelines

We will respond to all legitimate requests within the timeframes required by applicable law:

  • Under the GDPR, we will respond within one month (which may be extended by up to two additional months in certain circumstances)
  • Under the CCPA/CPRA, we will respond within 45 days (which may be extended by up to an additional 45 days in certain circumstances)
  • Under the Ghana Data Protection Act, we will respond within [timeframe]

8.14 Authorized Agents

You may authorize an agent to make a request on your behalf. If you use an authorized agent, we may require:

  • Proof of your written permission authorizing the agent to make the request
  • Verification of your identity directly with us
  • Proof of the agent's registration with the appropriate state authority (where applicable)

9. DATA SECURITY MEASURES

9.1 Technical and Organizational Safeguards

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal information
  • Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal information in a timely manner in the event of a physical or technical incident
  • Regular testing, assessing, and evaluating of the effectiveness of technical and organizational measures

9.2 Employee Training and Awareness

We conduct regular training for our employees on data protection and information security. Access to personal information is restricted to employees, contractors, and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations.

9.3 Data Breach Response Procedures

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9.4 Notification Requirements

In the event of a data breach that poses a risk to your rights and freedoms, we will notify:

  • The relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach (under GDPR)
  • The Ghana Data Protection Commission as required by the Ghana Data Protection Act
  • Affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms

10. AUTOMATED DECISION-MAKING AND PROFILING

10.1 Logic Involved in Automated Processing

We may use automated decision-making in certain circumstances, such as when performing anti-fraud screening or determining eligibility for specific services. The logic involved in such processing is based on pre-defined criteria and algorithms designed to assess relevant factors.

10.2 Significance and Consequences

Automated decision-making may have significant effects, such as approval or denial of services, customized pricing, or personalized content recommendations.

10.3 Right to Human Intervention

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can request human intervention, express your point of view, and contest the decision by contacting us using the details provided in Section 13.

11. THIRD-PARTY LINKS AND SERVICES

11.1 Third-Party Websites and Applications

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

11.2 Social Media Features

Our website may include social media features, such as the Facebook Like button or Twitter sharing widgets. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing them.

11.3 Disclaimer of Responsibility

We encourage you to review the privacy policy of every website you visit or third-party service you use when you leave our website. We cannot be responsible for the privacy policies and practices of other websites or services, even if you access them using links from our website.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Update Procedures

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy.

12.2 Notification of Material Changes

If we make material changes to this Privacy Policy, we will notify you by email or by means of a notice on our website prior to the changes becoming effective.

12.3 Effective Dates

Changes to this Privacy Policy are effective when they are posted on this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. CONTACT INFORMATION

13.1 Data Controller/Business Contact Details

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

CONAK Technology Ltd

Cnr Duala and Lagos Avenue, GA-334-5832

East Legon, Accra

Ghana

Coordonnées:

Email: privacy@conaktechnology.com

Téléphone: +233 59 692 1898

Site web: www.conaktechnology.com

13.2 Data Protection Officer

Our Data Protection Officer can be contacted at:

Email: dpo@conaktechnology.com

Phone: +233 59 692 1898 Ext. 200

13.3 Supervisory Authority Contact Information

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues:

Ghana:

Data Protection Commission

East Legon, Paw Paw Street

00233 Accra, Ghana

Phone: +233 256 301 533

Email: info@dataprotection.org.gh / support@dataprotection.org.gh

Site web: https://dataprotection.org.gh

European Union:

European Data Protection Supervisor

Postal address: Rue Wiertz 60, B-1047 Brussels, Belgium

Office address: Rue Montoyer 30, B-1000 Brussels, Belgium

Phone: +32 2 283 19 00

Email: edps@edps.europa.eu

Site web: https://edps.europa.eu

California:

California Privacy Protection Agency

400 R Street, Suite 330

Sacramento, CA 95811, USA

Phone: 916-572-2900

Email: info@cppa.ca.gov

Site web: https://cppa.ca.gov

13.4 Complaint Procedures

We would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance using the details provided above.

14. JURISDICTION-SPECIFIC PROVISIONS

14.1 Ghana-Specific Provisions

In accordance with the Ghana Data Protection Act, 2012 (Act 843 ):

  • We have implemented appropriate security measures to protect your personal information
  • We will notify the Data Protection Commission and affected individuals in the event of a data breach as required by law

14.2 EU-Specific Provisions

For individuals in the European Economic Area (EEA):

  • We conduct Data Protection Impact Assessments for high-risk processing activities
  • We maintain records of processing activities as required by Article 30 of the GDPR

14.3 California-Specific Provisions

For California residents:

  • We have implemented a "Do Not Sell or Share My Personal Information" mechanism
  • We provide a "Limit the Use of My Sensitive Personal Information" option
  • We honor Global Privacy Control (GPC) signals as valid opt-out requests
  • We provide a detailed notice at collection as required by the CCPA/CPRA

14.4 Other Jurisdictional Requirements

We comply with other applicable data protection laws and regulations that may apply to our processing of your personal information. If you are located in a jurisdiction with specific data protection requirements not explicitly addressed in this Privacy Policy, please contact us for more information about how we comply with those requirements.