Privacy Policy
1.1 The GRIC website is powered by Impact Investing Ghana on www.gricghana.org.
1.2 This Privacy Policy (hereinafter referred to as the “Policy”) applies to the use of the GRIC website and any interactions which occur on it.
1.3 We, through this Policy, wish to inform you of the scope and purpose for which your personal information is processed in connection with your use of the GRIC website.
1.4 We gather, store and use your personal information only in line with the contents of this Policy and with applicable data protection provisions, such as: –
1.4.1 The UK Data Protection Regulation (GDPR);
1.4.2 The Ghanaian Data Protection Act 843 of 2012 (GDPA).
1.5 We are committed to safeguarding the privacy of your personal information and we take the protection of privacy and personal information very seriously. We treat your personal information as confidential and in accordance with the applicable statutory data protection provisions.
1.6 This Policy wishes to make you aware, and hereby notifies you that we, in terms of this Policy, collect personal information, as per the above GDPA and GDPR laws.
This Policy applies to all data subjects (i.e. persons (whether a natural or juristic person) to whom the personal information relates), and the personal information we process and collect, whether it was provided to us through the use of the GRIC website, or through any other form of communications with us, such as email, or otherwise.
3.1 THE RESPONSIBLE PARTIES/CONTROLLERS ARE: –
3.1.1 The Impact Investing Ghana, incorporated and registered in accordance with the laws of the Republic of Ghana, with its registered office at No. 666/14 Kwei Okyerema street, Dzorwulu – Accra.
3.1.3 Our Information officer is available for questions related to our management of your personal information, or to provide more information on issues relating to the protection of personal information and may be contacted using the details provided below:
• Email Address: info@(at)impactinvestinggh.org
• Street Address: No. 666/14 Kwei Okyerema street, Dzorwulu – Accra
• Telephone Number: +233 (0)24 6214913.
4.1 We collect personal information from people who visit our website. Additional personal information may be collected from you for certain of the services on offer, such as signing up to join the GRIC website or contacting us for any reason. We will provide specific details in relation to these aspects in the corresponding sections of this policy,- which follow below.
4.2 When we request personal information, only the information that is mandatory must be provided. Further information can be provided on a voluntary basis. We will indicate whether it is a required field or optional details.
5.1 Should you wish to sign up as a user on the website, you are able to do so by submitting information on our website at https://gricghana.org/sign-up/.
5.2 When you sign up on GRIC website we require and will collect the following information in order to process your request: –
• The name of the Organisation you work for;
• Your location ;
• Your name and surname;
• Your phone number;
• Your WhatsApp number;
• Your email address;
• Your username; and
• Your password.
5.3 It is mandatory to supply certain information to allow us to respond to process your sign-up request, whereas the supply of additional information is voluntary. Data subjects will recognise the mandatory information which must be supplied by an asterisk “*” which appears in the relevant field.
5.4 Should the mandatory information not be provided we will be unable to process your sign-up request.
5.5 We will process the personal information provided in order to sign you up as a member of the GRIC website based on:
• your consent in accordance with the terms of the above GDPA (1.4.1) and GDPR(1.4.2) laws, which consent may be revoked at any time.
• actions which are necessary to conduct the conclusion of a contract to which the data subject is a party in terms of the above GDPA (1.4.1) and GDPR(1.4.2) laws; and
• our legitimate interest in gaining new users in accordance with the above GDPA (1.4.1) and GDPR(1.4.2) laws.
5.6 You can also voluntarily upload a logo and programme flyer should you wish to do so, which image will be processed by us.
5.7 This information is processed entirely based on your consent, which consent may be revoked at any time.
5.8 When you sign-up we also log your IP address and browser user agent string. This information is processed based on our legitimate interest in the proper functioning of our website and to assist with spam detection in accordance with the above GDPA (1.4.1) and GDPR(1.4.2) laws.
5.9 The personal information we collect during the sign-up process will be used and stored until such time as you delete your account. However, your name, feedback provided to GRIC and your Organisation’s name will still be viewable by organisations with whom you have corresponded for historical purposes.
6.1 We make use of the Google Invisible reCAPTCHA service based on our legitimate interest in the secure operation of our website and the prevention of spam. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereafter referred to as “Google”.
6.2 This service checks various information, in order to establish whether a real human or automated process is using or accessing the website (which is particularly important in the case of online forms).
6.3 This check involves the transmission of the relevant IP address to Google along with any other data potentially required by Google for the Invisible reCAPTCHA service.
6.4 In individual cases, Google will also use image tests to establish whether entries are being made by a real human or automated programs.
6.5 Further information on Invisible reCAPTCHA and Google’s data protection provisions can be found here:
• https://policies.google.com/privacy
• https://www.google.com/recaptcha/about/
• https://developers.google.com/recaptcha
• https://www.google.com/recaptcha/intro/invisible.html
If you upload images onto the GRIC website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the application can download and extract any location data from images on the website/app.
8.1 Should you send us an inquiry using the contact form on the GRIC website, we will collect the following personal information from you: –
• Name and surname;
• Email address;
• The subject of your message; and
• The content of your message.
8.2 The contact information you provide therein, will be processed by us for the purpose of responding to your inquiry and any follow-up questions which you may have.
8.3 It is mandatory to supply certain information to allow us to respond to your request, whereas the supply of additional information is voluntary. Data subjects will recognise the mandatory information which must be supplied by an asterisk “*” which appears in the relevant field.
8.4 The information contained in the contact form is processed based on: –
8.5 Your consent in terms of the above GDPA (1.4.1) and GDPR(1.4.2) laws, which consent may be revoked at any time.
8.6 Our legitimate interest in responding to your inquiry in accordance with the above GDPA (1.4.1) and GDPR(1.4.2) laws.
8.7 We will not share the information provided by you with any third parties.
8.8 We will process the information you provided on the contact form until such time as you request its deletion, revoke your consent, or where it may be inferred from the circumstances that the request has been rGRIClved, whereafter the personal information will be deleted.
9.1 Content on the GRIC website may include embedded content (e.g. videos, images, content, etc.). Embedded content from other websites/apps behaves in the exact same way as if the visitor has visited the other website/app.
9.2 These websites/apps may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website/app.
10.1 We use Google Analytics primarily to pursue our legitimate interest in the statistical analysis of our website and online activities as well as to support the needs-based design and ongoing optimisation of our web presence.
10.2 This is a web analysis service provided by Google LLC (formerly Google Inc.), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible service provider for the European Union is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – hereafter referred to as “Google”.
10.3 Where you have consented to the “statistics” category via our cookie banner or cookie consent tool, we will collect your personal information through the use of this cookie. This information includes the following:
• Browser type/version;
• Language settings;
• Operating system used;
• Number of logins;
• Time of login;
• Number of members;
• Number of messages sent;
• Host name of the accessing computer (IP address);
• Referrer URL (the page previously visited);
• Time of the server request;
• Loaded pages (URLs and page titles); and
• Usage behaviour such as session length, scroll depth, drop-offs.
10.4 The collection of this information takes place exclusively based on your consent in accordance with your consent in terms of Article 6(1)(a) of the GDPR, section 11(1)(a) of POPI, and section 20(1) of the GDPA, which consent may be revoked at any time.
10.5 In general, users can prevent the saving of cookies or running of scripts such as Google Analytics by configuring the settings in their browser software or by using appropriate plug-ins. In this case, however, users may no longer be able to use all features and functions of this website in full.
10.6 If you want to prevent Google Analytics from running, you can do so at any time and with future effect by one of the following methods:
10.7 You can revoke your previously granted consent to data collection at any time and with future effect by rejecting the use of cookies and scripts for statistical purposes in our cookie consent manager.
10.8 You can download and install Google’s official opt-out browser plug-in via the following link in order to deactivate Google Analytics on all websites in your current browser: https://tools.google.com/dlpage/gaoptout
10.9 You can use this link to set an opt-out cookie that prevents any future data collection by Google Analytics on this website with your current browser. Note that if you delete all cookies in your browser, you will have to set this opt-out cookie again.
10. Additional information as well as Google data protection provisions and settings can be found here:
• https://policies.google.com/privacy
• https://policies.google.com/terms
• https://policies.google.com/terms/information-requests
• https://marketingplatform.google.com/about/analytics/terms/de/
11.1 Where you contact us for any reason, we may collect the following information: –
• Name and surname;
• Organisation;
• Email address; and/or
• Telephone number.
11.2 The contact information you provide, will be processed by us for the purpose of responding to your inquiry and any follow-up questions which you may have after we respond.
11.3 It is mandatory to supply the information which is necessary to allow us to respond to your request, whereas the supply of additional information is voluntary. A failure to provide the mandatory information means that we are unable to respond to your request.
11.4 The information we collect during a telephone call or upon receipt of an email is processed based on: –
11.5 Your consent in terms of the above GDPA (1.4.1) and GDPR(1.4.2) laws, which consent may be revoked at any time.
11.6 Our legitimate interest in responding to your inquiry in accordance with the above GDPA (1.4.1) and GDPR(1.4.2) laws
11.7 We will not share the information you provide to us with any third parties unless we require a third-party service provider to assist us in responding to your request.
11.8 We will process the information provided by you during the telephone call or in the email until such time as you request its deletion, revokes your consent or where it may be inferred from the circumstances that your request has been rGRIClved, whereafter the personal information will be deleted.
12.1 The GRIC website’s website uses Secure Socket Layer (SSL) encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries data subject’s send to us as the GRIC website operator, or the information which is provided uploaded onto the Platform.
12.2 You will notice the encrypted connection in your browser’s address bar when it changes from “http://” to “https://” and the system-specific lock icon is displayed.
12.3 If SSL encryption is activated, the data you transmit to us on the GRIC website cannot be read by third parties, with the exception of other members on the Platform, who will be able to see and use the information you have provided.
13.1 IF you leave content, the contents and their metadata are retained indefinitely until you delete them.
13.2 You can see, edit, or delete your personal information at any time (except you cannot change your username).
14.1 If you request a password reset, your IP address will be included in the reset email.
14.2 Your contact details are only visible to members of your organisation. Your name and the name of the organisation and programme is displayed in search results when user searches for organisations and programmess.
Visitor comments may be checked through an automated spam detection service.
In certain cases, we make use of third-party service providers to assist us in performing our functions and duties. When we transfer personal information to our third-party service providers in order for them to process such information on our behalf, we commit them to safeguard the security of the personal information which is provided to them in terms of written contracts, which oblige them to treat such information as confidential and not disclose it, to implement appropriate technical and organisational measures to ensure that processing complies with legal requirements and to adopt appropriate security measures to protect the relevant personal information from unauthorised access.
You acknowledge that by signing up to the GRIC website, the personal information you provide to us will be made available to other GRIC Ghana users. As such, by signing up to the GRIC website you explicitly consent to the transfer of your personal information outside of your home country.
18.1 We ensure the confidentiality, integrity, and availability of the personal information we process by placing same onto secured servers, which are only accessible: –
• from password-protected computers;
• by designated members of staff with specific access permissions.
18.2 The storage thereof is a technical and organizational measure employed by us to protect against the loss, destruction, access, alteration, or dissemination of your data by unauthorized persons.
18.3 We have a dedicated hardware firewall, to protect the corporate network from external attacks. Up-to-date Anti-virus software is installed on all machines and regular patches and updates of software are performed to keep systems compliant.
18.4 Only authorized persons are able to access your personal information. These individuals are responsible for the technical, commercial, and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible we in no way guarantee complete protection in this regard.
18.5 Our security measures are continuously enhanced in line with technological advancement.
18.6 We will delete or restrict the processing of your personal information when the purpose for the storage thereof is fulfilled. However, storage may continue after the purpose is fulfilled where such storage is required in order to comply with statutory legal provisions to which we are subject, for example in terms of statutory retention periods and documentation obligations. In a case such as this, we will delete or restrict your personal information following the expiry of the relevant retention period.
19.1 We place a strong emphasis on explaining the processing of your personal information as transparently as possible and informing you of your rights.
19.2 As well as your right to revoke any consent you have given to us, you may have the following additional rights where the relevant statutory requirements are met either in terms of the GDPR, POPI and/or the GDPA:
• Right to inquire whether we hold any of your personal information and to request access to your personal information;
• Right to correct or delete any personal information we hold, provided that no legal or contractual retention periods must be observed and/or no other legal obligations or rights exist with regard to continued storage;
• Right to restriction of processing of personal information;
• The right to object to the processing of your personal information, either for the purposes of direct marketing or for other processing activities, where statutory provisions permit such objection;
• Right to data portability;
• Right to lodge a complaint with a supervisory authority; as a rule, you may contact the supervisory authority of your usual place of residence or workplace or our Organisation headquarters.
≈≈19.3 In the event that you would like more detailed information or wish to exercise your rights, you can contact us at any time so that we can take care of your concerns.
20.1 We implement the best security available to prevent breaches. Should we have reason to believe that your personal information has been accessed or acquired by any unauthorised person, we will notify you and the relevant data protection authority in your home country as soon as possible after the discovery of the unauthorised access or acquisition. In such cases, we will also ensure that the integrity of our system is restored as quickly as possible thereafter.
20.2 The basis for processing a data subject’s information in such cases is to comply with obligations imposed by law, in terms of the above GDPA (1.4.1) and GDPR(1.4.2) laws.
Should you feel as though we have used your personal information contrary to the GDPR, or the GDPA, please send us an email in order for us to attempt to address any of your concerns. If we are unable to resolve the issue to your satisfaction, you have the right to lodge a complaint with the data protection authority in your own country.
We reserve our right to amend this Policy from time to time and will do so without notice to you. The latest version of this Policy will be indicated by the date information (below). The current version of this Policy can always be accessed directly via the GRIC website’s website.
Last Updated: 28 October 2023