Consolidated Bank Ghana Limited (CBG) is an Indigenous Ghanaian Universal Bank licensed by Bank of Ghana under the Specialized Deposit – Taking Institutions Act, 2016 (Act 930). CBG, as a data controller, is very passionate about how the Bank processes information of customers /parties that is shared with us.
1.2 How we obtain your personal data
1.2.1 Biometric Information
CBG collects Biometric Information from you when you enroll in our biometric identity program available through certain use of the Bank’s services and automatically as part of our anti-fraud protection, authentication and customer support activities. These identifiers may include facial recognition information, fingerprints, as well as mathematical representations of your biometric identifier, such as the template maintained for comparison. We may use Biometric Information to identify and authenticate you, and for security and similar purposes. We may share Biometric Information with third-party service providers who assist with our information technology, security and fraud programs, our professional advisors, and as required by law or regulation. CBG will not sell your Biometric Information.
When we collect Biometric Information, you will receive a specific notice and consent request at the time of that collection. You are not required to consent to the collection of Biometric Information in order to use our services, although some functionality may not be available if you decline, and you may withdraw your consent at any time.
CBG will retain Biometric Information until the purposes for which it was collected have been satisfied and in line with our Data Retention Procedures.
1.2.2 Information from cookies and other technologies.
CBG and our service providers may use commonly used tools such as cookies, web beacons, pixels, and similar technologies (collectively "cookies") to collect information about you so we can provide the experiences you request, recognize your visit, track your interactions, and improve experience with all customers.
1.3 Basis for Processing Information.
We shall process your information on the following basis:
1.4 Information we share
We may share information with other people for any of the reasons provided above. The category of persons who may be entitled to information includes:
a. Any employee of CBG who need the information in the course of their roles to administer a contract or service we are providing to you
b. Auditors, third party service providers, agents or independent contractor helping CBG to provide you with the needed services
c. A merchant or a member of a card association where the disclosure is in connection with use of a card
d. Any person authorized to operate your account and to act on your behalf in giving instructions
e. Any person to whom disclosure is permitted or required by local or foreign law
f. Any court of competent jurisdiction, tribunal, regulator, enforcement agency, tax authority, or an authority investigating an offence or their agents
g. Any debt collection agency, credit bureau or credit reference agency,
h. Money laundering and Terrorism financing related checks, for fraud prevention and detection
1.5 How long we keep your information
CBG shall keep your information for as long as it is necessary and relevant to the purposes set out in this privacy notice unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we may either delete or anonymize such information, or if this is possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from further processing until deletion.
1.6 Security Safeguards
Our security systems are designed to prevent loss, unauthorized destruction, damage and/or access to your personal information from unauthorized third parties. The Bank will maintain physical, electronic and procedural safeguards that comply with standards to guard your non-public personal information. To ensure that we have the latest security controls and to provide assurance that CBG is compliant as in respect of information security requirements, we have obtained ISO 27001 certification and currently in the process of obtaining PCI DSS certification.
1.7 Rights as a data subject
You are entitled to your rights as enshrined in the Data Protection Act 2012, Act 843. These rights include:
1.8 Notice to Exercise Rights
You can at any time give notice to us to exercise your rights. We will within twenty-one (21) days after receipt of a notice inform you in writing that we have complied or intend to comply with your notice, or the reasons if we cannot comply with the request.
You can exercise your rights of access by contacting the Data Protection Supervisor through Dataprivacy@cbg.com.gh.
Mon - Fri 08:30 - 4:00
Remittance Centers: 08:30AM - 5:00PM
Powered by IDOC Technology