Contact Us
Contact Us
LibertéPay LibertéPay

Version: 1.1

Effective Date: 14th April, 2025

Privacy and Personal Data Protection Policy

1. Purpose

This Privacy and Personal Data Protection Policy outlines how LibertePay (“LibertePay”, “we”, “our”, or “us”) collects, processes, stores, transfers, and protects personal data in compliance with the Data Protection Act, 2012 (Act 843) of Ghana.

2. Scope

This policy applies to all internal and external stakeholders who process personal data on behalf of LibertePay. It covers data collected from internal and external stakeholders, as well as any other data subjects.

3. Glossary

  • Personal Data: Information about an individual from which that person can be identified.
  • Sensitive Personal Data: Data relating to health, race, ethnicity, religion, or other specified categories.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • Data Subject: The individual whose personal data is being processed.
  • Data Protection Officer (DPO): The designated person responsible for ensuring compliance with this policy and the Data Protection Act.

4. Data Processing Principles

In accordance with Section 17 of the Data Protection Act, LibertePay commits to:

  • Lawfulness, fairness, and transparency: Process data lawfully, fairly, and transparently.
  • Purpose limitation: Collect data for specified, legitimate purposes.
  • Data minimization: Collect only necessary data.
  • Accuracy: Ensure data is correct and up-to-date.
  • Storage limitation: Retain data only as long as necessary.
  • Integrity and confidentiality: Protect data against unauthorized access.
  • Accountability: Demonstrate compliance with the Data Protection Act.

5. Data Subject Rights

LibertePay ensures data subjects can exercise their rights under Sections 32-36 of the Data Protection Act, including:

  • Right to be informed
  • Right to access their data
  • Right to rectify inaccuracies
  • Right to delete data
  • Right to object to processing
  • Right to lodge complaints with the Data Protection Commission

Procedures for exercising these rights are outlined in the Contact Information section.

6. Consent Management

LibertePay shall:

  • Obtain explicit, informed, and freely given consent before processing personal data, except where lawful bases apply.
  • Record and manage all consents obtained.
  • Allow data subjects to withdraw consent at any time.

7. Processing of Sensitive Personal Data

Sensitive personal data shall be processed only:

  • With explicit consent of the data subject.
  • When required by law.
  • When necessary for legal claims.

Additional safeguards, such as encryption and role-based access controls, will protect sensitive data.

8. Data Breach Notification

LibertePay shall:

  • Notify the Data Protection Commission within 72 hours of discovering a breach.
  • Notify affected individuals if there is a high risk to their rights.
  • Document breaches and mitigation steps.

9. Appointment of Data Protection Officer

LibertePay has appointed a qualified Data Protection Officer (DPO) in compliance with Section 58 of the Data Protection Act. The DPO is responsible for:

  • Monitoring compliance
  • Advising on data protection obligations
  • Serving as a point of contact with the Data Protection Commission

10. Cross-Border Data Transfers

LibertePay will not transfer personal data outside Ghana unless:

  • The destination country ensures adequate protection.
  • Appropriate safeguards (e.g., binding corporate rules) are in place.
  • Data subject consent is obtained, or lawful exemptions apply.

11. Data Retention and Disposal

Personal data shall be retained only as long as necessary. Retention periods are a minimum of five years. Data will be securely deleted or anonymized after expiration.

12. Accountability and Enforcement

LibertePay shall:

  • Conduct regular audits and assessments.
  • Maintain documentation of data processing activities.
  • Train staff on data protection responsibilities.
  • Enforce disciplinary measures for policy violations.

13. Review and Update

This policy will be reviewed annually or following significant regulatory or operational changes. Updates will be communicated to all stakeholders.

14. Contact Information

For questions, concerns, or to exercise data rights, contact:

Data Protection Officer
LibertePay
No. 3 Dodi Link, Airport Residential Area, Accra
Email: info@libertepay.com or report@libertepay.com
Phone: +233 303 980 855

Create your account