Privacy Policy

GIRSAL provides numerous services to both internal (staff and recruits) and external stakeholders within and outside Ghana. The performance of these services may involve collecting and processing of personal data. GIRSAL is aware of the importance of safeguarding personal data which it collects in the course of executing its functions or when Stakeholders visit its website or uses its services.

When you employ GIRSAL’s Services, you are entrusting us with your personal information. We understand this is a big responsibility and we work hard to make sure we keep your personal information safe. This Privacy Policy is meant to help you understand the personal information we collect, how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This notice describes:

  • Who we are
  • What is considered ‘personal information'”
  • What Personal Data we collect.
  • How We Process Your Personal Information
  • What constitutes consent?
  • Whom we might share your information with
  • Information we share
  • How We Protect Your Information
  • How Long We Retain Your Information
  • Know Your Rights
  • Updating Our Privacy Policy
  • How to contact us

Who We Are

In this Notice, “us” or “we” refers to GIRSAL.

What is considered 'personal information”

Personal data is any information that can be used “directly or indirectly” to describe or identify a person or an individual.  It is defined as “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.”

This information about a person includes, but is not limited to:

  • Race
  • Gender
  • Sex
  • Pregnancy
  • Marital status
  • National / ethnic / social origin
  • Colour
  • Sexual orientation
  • Age
  • Physical or mental health
  • Disability
  • Religion / beliefs / culture
  • Language
  • Educational / medical / financial / criminal or employment history
  • ID number
  • Email address
  • Physical address
  • Telephone number
  • Location
  • Biometric information
  • Personal opinions, views or preferences

What Personal Data we collect.

We currently collect and process personal information directly from you or from third parties we engage in our normal course of business. This includes the following:

  • Personal details such as name, date of birth, family details, gender, ID details, Tax Identification Number (TIN), contact information, online identifiers, and any other similar information.
  • Biometric information comprising of your fingerprints and facial recognition.
  • Location and contact data such as postal address, residential address, digital address, email address and telephone numbers.
  • Transaction data such as details about payments to and from you and other details of products and services you have acquired from us.
  • Information for regulatory compliance and monitoring purposes such as nationality, country of residence, source of funds, details of the origin of your wealth and other documents required for anti-money laundering, combatting the financing of terrorism, and the proliferation of weapons for mass destruction related checks which may be necessary to enable us to establish and meet applicable regulatory reporting requirements.
  • Voice and Video recordings including CCTV footage.
  • We may also obtain your personal data from third parties depending on the services we provide to you. This will include partner Financial Institutions, transaction counterparts, public registers, financial crime screening databases, fraud prevention agencies, and persons or entities instructed by you to provide us with your personal data.
  • Online identifiers such as internet protocol (IP) address, your login identity data, browser type and version, and information about how you use our website and services.
  • When you choose to apply to a job, we will ask you for some personal data about you such as your name, address, country of residence, resume, diplomas, certificates and e-mail address

How We Process Your Personal Information

Any of the information we collect from you will be used only for the purposes for which it was collected, these may be one of the following ways;

  • To provide our services to you, to carry out the transaction you requested
  • For underwriting purposes;
  • To assess and process claims;
  • To conduct credit reference searches or verification from partner financial counterparts;
  • To confirm and verify your identity or to verify that you are an authorised user for security purposes;
  • For credit management purposes, including credit scoring and assessment
  • For the detection and prevention of fraud, crime, money laundering or other malpractice;
  • For debt tracing or debt recovery;
  • To conduct market or customer satisfaction research or for statistical analysis;
  • For audit and record keeping purposes;
  • In connection with legal proceedings.
  • We will also use your personal information in respect of our customers to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us.

What constitutes consent?

You consent to our use of your personal information when you (voluntarily) provide us with them to access any of our services, such as loan assessments and guarantees. You also consent when you sign forms or documents enabling us to provide certain services to you. By providing your data, you agree to its collection, processing, and sharing in accordance with this Privacy Policy.

Whom we might share your information with

We will not share your information with third parties unless any of the following circumstances apply.:

  • Where the law or a statutory duty requires us to do so
  • Where we need to share personal data to establish, exercise, or defend our legal rights (this includes providing personal data to others to prevent fraud)
  • Where we are required to disclose your personal information by law or in response to valid requests by public authorities (law enforcement agencies, fraud and crime prevention and detection agencies and certain regulatory bodies).
  • Require services from contracted third parties ensuring we put in place the necessary security and third-party contracts and agreements
  • Where Prior consent has been obtained from data subjects for the use and processing of personal data.
  • Share with recipients, including employees, only for the purposes of administering services to you or responding to your request. This will only be shared on a strictly need-to-know basis.

Information we share

We may share information with other people for any of the reasons provided above. The category of persons who may be entitled to this information may include:

  • Employees of GIRSAL who may require access to the information as part of their duties in administering or managing contracts or services provided to you.
  • Auditors, third-party service providers (both local and foreign), agents, or independent contractors assisting GIRSAL in delivering products or services.
  • Third parties with legal obligations, such as trustees, executors, guarantors, individuals holding a power of attorney on your behalf, or joint account holders.
  • Partner Financial Institutions, Counterparties or Collaborators involved in processing transactions or services.
  • Any person or entity authorized or obligated by local or foreign laws to receive such disclosures.
  • Money laundering and Terrorism financing related checks, for fraud prevention and detection.

How We Protect Your Information

We prioritize the security of your Personal Data and have implemented comprehensive technical, organizational, and physical measures to safeguard it against unauthorized access, loss, alteration, or misuse. These measures include the use of encryption, access controls, and secure systems to maintain the confidentiality and integrity of our information infrastructure.

Access to your Personal Data is strictly restricted to authorized employees, agents, contractors, and third parties who require it for legitimate business purposes only. They are required to follow our instructions and adhere to strict confidentiality obligations when handling your data.

GIRSAL Ltd is compliant with and certified by the by the Data Protection Commission of Ghana and adheres to required Data protection and information security standards. However, we cannot control the security of data for your device outside the boundary of our information infrastructure. It is important to recognize that various information security risks exist, and we encourage you to take necessary precautions to safeguard your personal information.

How Long We Retain Your Information

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including meeting legal, regulatory, and operational requirements. The specific retention period depends on the type of data and the applicable legal and business obligations.

Know Your Rights

We would like to make you fully aware of all your information protection rights. Unless the law provides otherwise, you have:

the right of access – you have the right to request from us copies of any personal information that we hold on you. We may charge a fee for this service.

the right to rectification – you have the right to request that we correct any of your personal information you believe is inaccurate. You also have the right to request us to complete any of your personal information you believe is incomplete.

the right to erasure – you have the right to request that we delete your personal information.

the right to object – you have the right to object to our processing of your personal information.

If you would like to exercise any of these rights, please contact us at dataprotection@girsal.com

Updating Our Privacy Policy

GIRSAL reserves the right to update, amend or replace this Privacy Policy in whole or in any part as needed. Any revised version of the Policy will be published on our official website at www.girsal.com and will take effect from the date it is posted.

We encourage you to review it periodically to stay informed about how we handle your personal information and any changes to this Policy.

How to contact us

If you have any questions regarding this Privacy Policy, the personal information we hold about you, or wish to exercise your data protection rights, please feel free to reach out to us.

You can contact us via:

  • Email: dataprotection@girsal.com
  • Phone: (+233) 055 0000 331