OPEN AN ACCOUNT

Brand

Quicklinks

Privacy Policy

DATA PROTECTION & PRIVACY POLICY STATEMENT 

POLICY HISTORY: Vol. 1, Vs. 1 

 

Introduction 

This Data Protection & Privacy Policy aims to provide you with information about how we process your personal information at Bank of Africa Ghana Limited (BOA-GH).

At Bank of Africa, we will only process information where you have given us the information directly as a data controller or by our clients where we are processors in accordance with their instructions and in line with our obligations and your rights under the Ghana Data Protection Act, 2012 (Act 843), the General Data Protection Regulation (GDPR) and other Jurisdictional Data Protection laws that are applicable.

  1. At Bank of Africa Ghana Ltd, we treat your information i.e., your personal data safely, confidentially, and responsibly.
  2. The Bank is registered with the Ghana Data Protection Commission, and our Head Office is situated at 1st Floor Block A & B, Octagon Building, Independence Avenue, Accra, Ghana.
  3. Personal data means data about an individual who can be identified from the data or other information in the possession of, or likely to come into the possession of the Bank.
  4. Personal Data includes but not limited to your name, Date of Birth, Identification Numbers, contact details, physical addresses, Ghana Card/passport Number, Account Numbers and Bank data (transactions, operations on securities, bank transfers, bank statements etc.).
  5. Personal information also refers to the personal data that uniquely identifies a legal entity, such as the trading name of a company combined with the company registration number, Tax Identification Numbers, contact details, and physical addresses etc.

How is your Personal Data Obtained? 

  1. BOA-GH, we collect personal information directly from you when you engage with us through our various channels. Where we collect your personal information indirectly from you, we will inform you in due course when we contact you of where we obtained the information from. The following are the various ways we collect information from you.
    • When you contact us to open an account, apply for a loan or request for any of our digital products.
    • When you contact us to make an inquiry or request information.
    • When you make a complaint and or give us feedback.
    • When you apply for a job with us.
    • And through any other interaction that you have with us.

The Information we Collect from You 

  1. We only collect personal information that is necessary, relevant, and not excessive for the purpose of processing. The type of personal information that we may collect and process about you when you interact with us include the following:
    • Your names
    • Date of Birth
    • Tax Identification Number
    • Telephone number(s)
    • Email address
    • Proof of Address
    • Mother’s maiden name
    • Ghana Card Number & Biometric details etc
  1. We may, in specific circumstances, process other information such as your subscriptions, services used, records of conversations, agreements, and financial details that are required for transactions. You are under no obligation to provide us with your personal information; however, certain basic information may be required for us to be able to provide you with the service or request made by you. Where this is the case, we will advise you at the point of obtaining the information. 

Purpose of Processing 

  1. The purposes for which we process your personal data include one or more of the following purposes:
    • To provide you with information that you have requested or that we think may be relevant to a service or product in which you have expressed an interest.
    • Agree to process financial transactions with you or the company you represent for requesting for any of the Bank’s products and services
    • To fulfil a contract that we have entered into with you or with the entity you represent. In these circumstances, it may be your entity, rather than yourself, that has provided us with your personal data for us to fulfil the contract.
    • To ensure the security safeguard of our websites and underlying business infrastructure.
    • To manage any communication between you and us.

Lawfulness of Processing your Personal Data 

  1. BOA-GH will only process your personal data for the specific purpose that we state at the point of data collection and when the law allows or requires us to do so. We will only collect and process your data for lawful purposes. Most commonly, we will use your personal data in the following circumstances:
    • For us to perform a contract that we are about to enter into or have entered into with you.
    • Where it is necessary for our legitimate interests and if your interests and fundamental human rights do not override those interests.
    • Where we need to comply with a legal or statutory obligation or duty.
    • Where a court of competent jurisdiction orders us to do so
    • Where you give us your express consent and in an unambiguous term.

To avoid any ambiguity, we have defined in more precise details, a description of the ways we may use your personal data and the legal bases we may proceed to do so.

The table below identifies appropriately, what our legitimate interests are:

 

Type of Processing Activity Lawful Basis of Processing
Enquiries, reply to any questions, suggestions, issues, or complaints Legitimate interest
Fulfilment of a contract with third parties and suppliers Performance of a contract
Make available our services and products to customers Legitimate interest
Processing of instructions including account opening, loan, cheque books, and digital channels etc Performance of a contract
Processing transactions (cash, cheques, investments, and transfers) Legitimate interest
For research, surveys, and statistical analysis and to get feedback from customers about our services or products Legitimate interest & consent
Tele Marketing /mailing list /SMSs/email alerts etc Legitimate interest and Consent
Processing of special type of personal data such as data of children, and biometric data of clients (i.e., fingerprints, facial recognition) Consent of data subjects & Legitimate interest
Processing of employee’s employment records, salaries processing, leave, and performance appraisal Performance of contract
Processing of data of prospective employees or job seekers (emails, CV, application letters etc) Legitimate interest
Exchange and processing of regulatory request for information on customers, employees, directors Regulatory & Statutory
Exchange and processing of information with Group Office Legitimate Interest

 

 

Who/Whom we might Share Your Personal Data with 

  1. BOA-GH can assure you that, we will not share your personal data with third parties unless any of the following circumstances apply.
    • Where the law or a statutory duty requires us to do so
    • Share with joint controllers such as the Data Protection Commission for specific purposes such training and quality assurance.
    • Our staff members or authorize agents who need the information in the course of their roles to administer a contract, a product or service we are providing to you
    • If we need to share personal data to establish, exercise, or defend our legal rights (this includes providing personal data to others to prevent fraud and reduce credit risk); or
    • Share with recipients, including employees, only for the purposes of administering services to you or responding to your request. This will only be shared on a strictly need-to-know basis.
    • We will only share with third parties that we have either contracted to perform services for us and will ensure that we put the necessary security and third-party contracts and agreements in place.

Internet Communications  

  1. In order to maintain the security of our systems, protect our staff, record transactions, and, in certain circumstances, to prevent and detect crime or unauthorized activities, Bank of Africa reserves the right to monitor all internet communications including web and email traffic into and out of its domains.

Security Safeguards 

  1. At BOA-GH, information security safeguards are of high importance to us, and therefore, we believe we have appropriate technical and organizational security measures and controls in place to protect your information.
    • The Bank has implemented access controls and encryption to our information technology and systems.
    • The Bank is ISO certified and has implemented adequate information security management systems and business continuity management systems
    • We do not, however, have any control over what happens between your device and the boundary of our information infrastructure.
    • You should be aware that there are many information security risks that exist and take the appropriate steps to always protect your own information

 Your Rights as a Data Subject   

  1. Pursuant to Sections 20 to 26 and Section 35, the Data Protection Act, 2012 (Act 843) provides some basic rights to data subjects and other rights within the scope of General Data Protection Rules (GDPR). These rights are:
    • Right to be informed
    • Right of access to personal data
    • Right to give and withdraw consent
    • Right to amend, rectify, block, erasure, objection, and destruction of personal data
    • Right to freedom from automated decision making
    • Right to prevent processing of personal data for direct marketing
    • Right to compensation
    • Right to complain

 

Right to be Informed

 As a data subject, you have the right to be informed about the processing of your personal data. This privacy notice is a way of ensuring we meet our obligations under the Data Protection Act, 2012 (Act 843) to enable you to exercise your right to be informed. 

Right to Access your Personal Information 

  1. You have the right to access the personal information that we hold about you, under a Data Subject Access Request arrangement. We will ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information when you make such a request. 

Right to Amend, Rectify, Block, Erasure, Objection, and Destruction of Personal Data 

  1. Where information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct or update it at any time.
  2. You also have the right to block us or object from further processing of your personal data where we do not have any legitimate or legal basis for processing your personal data.
  3. In certain circumstances, you may also ask us to delete or destroy your personal data. However, the right to erasure or destruction is not absolute and only applies in certain cases. 

Right to Prevent Processing of Personal Data for Direct Marketing 

  1. Under this right, you can give us notice in writing to cease or not start processing your personal data for a specific purpose or manner which will cause or is likely to cause any unwarranted damage or distress.
  2. You can also prevent us from processing your information for direct marketing purposes.

Right to Freedom from Automated Decision Making 

  1. You have the right to object or freedom from automated decision making and processing of your personal data by data controllers.
  2. We shall not process your personal data for automated direct marketing without your express consent unless, it is for our mutual legitimate interest and for the performance of our contractual relationship.

Right to Give and Withdraw Consent 

  1. We shall not process your personal data without your prior consent. Where we rely on your express consent to process your personal data, you have the right to withdraw it at any time by contacting us or using any details provided in our communication with you. 

Right to Complain 

  1. As a data subject, you may write to complain if you believe any of your rights have not been met or we fail to meet our obligations as a data controller.
  2. You also have the right to complain directly to the Executive Director, Data Protection Commission if we breach any of your rights as a data controller.

 Right to Compensation 

  1. You have the right to demand for compensation through civil claims against us or in writing to the Data Protection Commission for determination if any of your rights have been breached. 

Notice to Exercise Rights

  1. You can at any time give notice in writing to us to exercise any of your rights. We will within twenty-one (21) days after receipt of a notice, inform you in writing that we have complied or intend to comply with the notice or the reason (s) if we cannot comply with the request. 

Changes to this Privacy Notice 

  1. As your data controller, we may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes or if we change our business model in a way that affects personal data protection.
  2. The Data Protection Commission (DPC) regulates data protection and privacy matters in Ghana and has the mandate to provide public education, awareness and make information on data controllers generally accessible publicly.

 

How to contact Bank of Africa Ghana on issues of Data Protection & Privacy Issues 

  1. You may contact us through the following:

P.O Box C1541, Cantonments, Accra

0302429333 or 0302249690

[email protected].