Skip to Content

Privacy Policy

Last Updated: January 6, 2025

1. INTRODUCTION

1.1 Purpose of This Privacy Policy

This Privacy Policy explains how CONAK Technology ("we," "us," or "our") collects, uses, discloses, processes, and protects personal information about you when you visit our website, use our services, or otherwise interact with us. We respect your privacy and are committed to protecting your personal information in compliance with applicable data protection laws.

This Privacy Policy has been designed to comply with the Ghana Data Protection Act, 2012 (Act 843), the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable international data protection laws.

1.2 Scope of Application

This Privacy Policy applies to:

  • All visitors to our website
  • Users of our services and applications
  • Individuals who communicate with us through various channels
  • Business partners and clients
  • Job applicants

This Privacy Policy does not apply to third-party websites, products, or services, even if they link to our services. We encourage you to review the privacy policies of any third-party services before providing your personal information.

1.3 Definitions of Key Terms

For clarity and consistency, we use the following terms throughout this Privacy Policy:

  • Personal Information/Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: An identified or identifiable natural person to whom personal data relates.
  • Data Controller: The entity that determines the purposes and means of processing personal data (CONAK Technology in this context).
  • Data Processor: An entity that processes personal data on behalf of the data controller.
  • Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or otherwise making available.
  • Sensitive Personal Information: Personal information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation, or certain financial information.

1.4 Identity and Contact Details

Data Controller/Business:

CONAK Technology Ltd

Cnr Duala and Lagos Avenue, GA-334-5832

East Legon, Accra

Ghana

Contact Information:

Email: privacy@conaktechnology.com

Phone: +233 59 692 1898

Website: www.conaktechnology.com

1.5 Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions regarding this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details provided below:

Data Protection Officer:

Email: dpo@conaktechnology.com

Phone: +233 59 692 1898 Ext. 200

 

2. LEGAL FRAMEWORK AND COMPLIANCE

2.1 Ghana Data Protection Act (Act 843)

As a company operating in Ghana, we comply with the Ghana Data Protection Act, 2012 (Act 843), which establishes the data protection principles and requirements for processing personal data. We are registered with the Ghana Data Protection Commission as required by law.

2.2 General Data Protection Regulation (GDPR)

For individuals in the European Economic Area (EEA), we comply with the GDPR, which regulates the processing of personal data of EEA residents.

2.3 California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

For California residents, we comply with the CCPA as amended by the CPRA, which provides specific rights regarding personal information.

2.4 Other Applicable Laws

We also comply with other applicable international data protection laws and regulations that may apply to our processing of your personal information.

3. PERSONAL INFORMATION WE COLLECT

3.1 Categories of Personal Information

We may collect the following categories of personal information:

  • Identifiers: Name, postal address, email address, phone number, unique personal identifier, online identifier, IP address, account name, or other similar identifiers.
  • Customer Records: Name, address, telephone number, education, employment, employment history, financial information.
  • Commercial Information: Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet Activity: Browsing history, search history, information regarding interactions with our website, application, or advertisement.
  • Geolocation Data: Physical location or movements.
  • Professional Information: Current or past job history or performance evaluations.
  • Inferences: Inferences drawn from any of the information identified above to create a profile about a consumer reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

3.2 Categories of Sensitive Personal Information

We may collect the following categories of sensitive personal information:

  • Account log-in credentials
  • Financial account information
  • Precise geolocation data (with your consent)
  • Contents of communications (such as emails or messages sent through our platforms)

We do not collect sensitive personal information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning a person's sex life or sexual orientation unless required by law or with your explicit consent.

3.3 Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you: When you provide information by filling in forms on our website, creating an account, using our services, communicating with us, or applying for a job.
  • Automated technologies: When you visit our website, we may automatically collect technical data about your equipment, browsing actions, and patterns through cookies, server logs, and other similar technologies.
  • Third parties: We may receive personal information about you from various third parties, such as business partners, service providers, analytics providers, and advertising networks.

3.4 Methods of Collection

We collect personal information through:

  • Our website and online forms
  • Email and other electronic communications
  • Telephone or in-person interactions
  • Cookies and similar tracking technologies
  • Third-party service providers

3.5 Automatic Data Collection Technologies

We use various technologies to automatically collect certain information when you visit our website or use our services, including:

  • Cookies: Small text files placed on your device to collect standard internet log information and visitor behavior information.
  • Web Beacons: Small electronic files that permit us to count users who have visited certain pages or opened an email.
  • Log Files: Track actions occurring on the website and collect data including IP address, browser type, referring/exit pages, and date/time stamps.

3.6 Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us provide you with a good experience when you browse our website and allows us to improve our site.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

For more detailed information about the cookies we use, please see our Cookie Policy [link to Cookie Policy].

4. PURPOSES FOR PROCESSING PERSONAL INFORMATION

4.1 Primary Purposes for Collection and Processing

We collect and process your personal information for the following purposes:

  • To provide and maintain our services
  • To process and complete transactions
  • To manage your account and provide customer support
  • To personalize your experience and deliver content relevant to your interests
  • To improve our website, products, and services
  • To communicate with you about our services, updates, and promotions
  • To protect the security and integrity of our website and business
  • To comply with legal obligations
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets

4.2 Legal Bases for Processing (GDPR specific)

Under the GDPR, we process your personal data based on one or more of the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
  • Vital Interests: Processing is necessary to protect someone's life.
  • Public Task: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

4.3 Legitimate Interests (where applicable)

Where we rely on legitimate interests as a legal basis, we have carefully balanced our interests against your rights and freedoms. Our legitimate interests include:

  • Improving and developing our products and services
  • Protecting our business, systems, and users from fraud and other illegal activities
  • Network and information security
  • Direct marketing of relevant products and services
  • Internal administrative purposes and analytics

4.4 Processing of Children's Personal Information

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

5. DISCLOSURE AND SHARING OF PERSONAL INFORMATION

5.1 Categories of Third-Party Recipients

We may disclose your personal information to the following categories of third parties:

  • Service providers and data processors who perform services on our behalf
  • Business partners and affiliates
  • Professional advisers including lawyers, bankers, auditors, and insurers
  • Regulators, government agencies, and law enforcement
  • Potential buyers or investors in the event of a business transaction

5.2 Service Providers and Data Processors

We may share your personal information with service providers who perform services on our behalf, such as:

  • Cloud hosting providers
  • Payment processors
  • Customer relationship management systems
  • Email service providers
  • Analytics providers
  • Marketing and advertising partners

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

5.3 Business Partners and Affiliates

We may share your personal information with our business partners and affiliates for the purposes described in this Privacy Policy. Our business partners and affiliates are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

5.4 Legal Requirements and Business Transfers

We may disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request
  • To enforce or apply our terms of use and other agreements
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, our customers, or others

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

5.5 Sale or Sharing of Personal Information (CCPA/CPRA specific)

Under the CCPA/CPRA, "sale" and "sharing" of personal information have specific definitions. We do not sell your personal information for monetary consideration. However, we may share certain personal information with third parties in a manner that could be considered a "sale" or "sharing" under the CCPA/CPRA.

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page [link] or contact us using the information provided in Section 13.

6. INTERNATIONAL DATA TRANSFERS

6.1 Cross-Border Transfer Mechanisms

We may transfer your personal information to countries outside your country of residence, including countries that may not provide the same level of data protection as your home country. When we transfer personal information across borders, we take appropriate safeguards to ensure that your personal information receives an adequate level of protection.

6.2 Adequacy Decisions and Appropriate Safeguards

For transfers from the EEA to countries not deemed to provide an adequate level of data protection by the European Commission, we implement one or more of the following safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Approved certification mechanisms
  • Codes of conduct

6.3 Data Transfer Impact Assessments

We conduct data transfer impact assessments when transferring personal data to countries without adequate data protection laws to ensure that appropriate safeguards are in place.

6.4 Standard Contractual Clauses

Where we use Standard Contractual Clauses for the transfer of personal data, we comply with the requirements set out by the European Commission and relevant data protection authorities.

7. DATA RETENTION AND DELETION

7.1 Retention Periods and Criteria

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider:

  • The amount, nature, and sensitivity of the personal information
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the personal information
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

7.2 Data Minimization Practices

We implement data minimization practices to ensure that we only collect and retain personal information that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

7.3 Secure Deletion Procedures

When personal information is no longer needed, we securely delete or anonymize it. Our deletion procedures are designed to ensure that personal information cannot be reconstructed or read after the deletion process.

7.4 Exceptions to Deletion Requests

In some circumstances, we may be unable to delete your personal information due to legal or operational requirements. In such cases, we will inform you of the reasons why we cannot delete your information and how long we expect to retain it.

8. YOUR RIGHTS AS A DATA SUBJECT/CONSUMER

8.1 Right to Access Personal Information

You have the right to request access to the personal information we hold about you. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

8.2 Right to Correction/Rectification

You have the right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

8.3 Right to Deletion/Erasure

You have the right to request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal information to comply with local law.

Note that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you at the time of your request.

8.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.

8.5 Right to Object to Processing

You have the right to object to processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

8.6 Right to Data Portability (GDPR specific)

You have the right to request the transfer of your personal information to another party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.

8.7 Right to Opt-Out of Sale/Sharing (CCPA/CPRA specific)

California residents have the right to opt out of the sale or sharing of their personal information. To exercise this right, please visit our "Do Not Sell or Share My Personal Information" page [link] or contact us using the information provided in Section 13.

8.8 Right to Limit Use of Sensitive Personal Information (CCPA/CPRA specific)

California residents have the right to limit the use and disclosure of their sensitive personal information to that which is necessary to perform the services or provide the goods reasonably expected by an average consumer.

8.9 Right to Non-Discrimination

You have the right not to be discriminated against for exercising any of your rights under applicable data protection laws. We will not:

  • Deny you goods or services
  • Charge you different prices or rates for goods or services
  • Provide you with a different level or quality of goods or services
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

8.10 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

8.11 How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable request to us by:

8.12 Verification Process

To protect your privacy and security, we may need to verify your identity before processing your request. The verification process may differ depending on the nature of the request and the sensitivity of the information involved.

8.13 Response Timelines

We will respond to all legitimate requests within the timeframes required by applicable law:

  • Under the GDPR, we will respond within one month (which may be extended by up to two additional months in certain circumstances)
  • Under the CCPA/CPRA, we will respond within 45 days (which may be extended by up to an additional 45 days in certain circumstances)
  • Under the Ghana Data Protection Act, we will respond within [timeframe]

8.14 Authorized Agents

You may authorize an agent to make a request on your behalf. If you use an authorized agent, we may require:

  • Proof of your written permission authorizing the agent to make the request
  • Verification of your identity directly with us
  • Proof of the agent's registration with the appropriate state authority (where applicable)

9. DATA SECURITY MEASURES

9.1 Technical and Organizational Safeguards

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal information
  • Ability to ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal information in a timely manner in the event of a physical or technical incident
  • Regular testing, assessing, and evaluating of the effectiveness of technical and organizational measures

9.2 Employee Training and Awareness

We conduct regular training for our employees on data protection and information security. Access to personal information is restricted to employees, contractors, and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations.

9.3 Data Breach Response Procedures

We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

9.4 Notification Requirements

In the event of a data breach that poses a risk to your rights and freedoms, we will notify:

  • The relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach (under GDPR)
  • The Ghana Data Protection Commission as required by the Ghana Data Protection Act
  • Affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms

10. AUTOMATED DECISION-MAKING AND PROFILING

10.1 Logic Involved in Automated Processing

We may use automated decision-making in certain circumstances, such as when performing anti-fraud screening or determining eligibility for specific services. The logic involved in such processing is based on pre-defined criteria and algorithms designed to assess relevant factors.

10.2 Significance and Consequences

Automated decision-making may have significant effects, such as approval or denial of services, customized pricing, or personalized content recommendations.

10.3 Right to Human Intervention

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. You can request human intervention, express your point of view, and contest the decision by contacting us using the details provided in Section 13.

11. THIRD-PARTY LINKS AND SERVICES

11.1 Third-Party Websites and Applications

Our website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

11.2 Social Media Features

Our website may include social media features, such as the Facebook Like button or Twitter sharing widgets. These features may collect your IP address, which page you are visiting on our website, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing them.

11.3 Disclaimer of Responsibility

We encourage you to review the privacy policy of every website you visit or third-party service you use when you leave our website. We cannot be responsible for the privacy policies and practices of other websites or services, even if you access them using links from our website.

12. CHANGES TO THIS PRIVACY POLICY

12.1 Update Procedures

We may update this Privacy Policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy.

12.2 Notification of Material Changes

If we make material changes to this Privacy Policy, we will notify you by email or by means of a notice on our website prior to the changes becoming effective.

12.3 Effective Dates

Changes to this Privacy Policy are effective when they are posted on this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

13. CONTACT INFORMATION

13.1 Data Controller/Business Contact Details

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

CONAK Technology Ltd

Cnr Duala and Lagos Avenue, GA-334-5832

East Legon, Accra

Ghana

Contact Information:

Email: privacy@conaktechnology.com

Phone: +233 59 692 1898

Website: www.conaktechnology.com

13.2 Data Protection Officer

Our Data Protection Officer can be contacted at:

Email: dpo@conaktechnology.com

Phone: +233 59 692 1898 Ext. 200

13.3 Supervisory Authority Contact Information

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues:

Ghana:

Data Protection Commission

East Legon, Paw Paw Street

00233 Accra, Ghana

Phone: +233 256 301 533

Email: info@dataprotection.org.gh / support@dataprotection.org.gh

Website: https://dataprotection.org.gh

European Union:

European Data Protection Supervisor

Postal address: Rue Wiertz 60, B-1047 Brussels, Belgium

Office address: Rue Montoyer 30, B-1000 Brussels, Belgium

Phone: +32 2 283 19 00

Email: edps@edps.europa.eu

Website: https://edps.europa.eu

California:

California Privacy Protection Agency

400 R Street, Suite 330

Sacramento, CA 95811, USA

Phone: 916-572-2900

Email: info@cppa.ca.gov

Website: https://cppa.ca.gov

13.4 Complaint Procedures

We would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance using the details provided above.

14. JURISDICTION-SPECIFIC PROVISIONS

14.1 Ghana-Specific Provisions

In accordance with the Ghana Data Protection Act, 2012 (Act 843 ):

  • We have implemented appropriate security measures to protect your personal information
  • We will notify the Data Protection Commission and affected individuals in the event of a data breach as required by law

14.2 EU-Specific Provisions

For individuals in the European Economic Area (EEA):

  • We conduct Data Protection Impact Assessments for high-risk processing activities
  • We maintain records of processing activities as required by Article 30 of the GDPR

14.3 California-Specific Provisions

For California residents:

  • We have implemented a "Do Not Sell or Share My Personal Information" mechanism
  • We provide a "Limit the Use of My Sensitive Personal Information" option
  • We honor Global Privacy Control (GPC) signals as valid opt-out requests
  • We provide a detailed notice at collection as required by the CCPA/CPRA

14.4 Other Jurisdictional Requirements

We comply with other applicable data protection laws and regulations that may apply to our processing of your personal information. If you are located in a jurisdiction with specific data protection requirements not explicitly addressed in this Privacy Policy, please contact us for more information about how we comply with those requirements.