PRIVACY STATEMENT

 

1.1 Background

Consolidated Bank Ghana Limited (CBG) is an Indigenous Ghanaian Universal Bank licensed by Bank of Ghana under the Specialized Deposit – Taking Institutions Act, 2016 (Act 930). CBG, as a data controller, is very passionate about how the Bank processes information of customers /parties that is shared with us.

This privacy policy aims to provide you with information about how CBG processes your personal information (i.e.- for example, collection, use and disclosure of personal data, including special or sensitive personal data). CBG will only process information where the Bank has received the information directly from you as a data controller or by our clients where we are processors in accordance with their instructions and in line with the Bank’s obligations and your rights under The Data Protection Act 2012 - (Act 843), The EU General Data Protection Regulation (GDPR) and other Jurisdictional Data Protection laws that are applicable.

1.2   How we obtain your personal data

To enable CBG fulfil the contract between the Bank and customers for the products or services you have requested, we may need to process your personal data for the purposes including the following:

• Establishment, continuation and management of banking relationships and accounts
• Processing applications for products and services, effecting payments, transactions and completing instructions or requests providing products and services (Assessing appropriateness for products and services
• Credit valuation, including conducting credit checks
• Operational purposes
• Statistical purposes
• Surveillance of premises and ATMs
• To ensure the security of our websites and underlying business infrastructure.
• To manage any communication between you and us

We also have some legal and regulatory obligations in respect of the purposes for which we shall process personal data. This includes:

• The prevention, detection, and investigation of crime
• Due diligence checks and sanctions screening

1.2.1 Biometric Information

CBG collects Biometric Information from you when you enroll in our biometric identity program available through certain use of the Bank’s services and automatically as part of our anti-fraud protection, authentication and customer support activities. These identifiers may include facial recognition information, fingerprints, as well as mathematical representations of your biometric identifier, such as the template maintained for comparison. We may use Biometric Information to identify and authenticate you, and for security and similar purposes. We may share Biometric Information with third-party service providers who assist with our information technology, security and fraud programs, our professional advisors, and as required by law or regulation. CBG will not sell your Biometric Information.

When we collect Biometric Information, you will receive a specific notice and consent request at the time of that collection. You are not required to consent to the collection of Biometric Information in order to use our services, although some functionality may not be available if you decline, and you may withdraw your consent at any time.

CBG will retain Biometric Information until the purposes for which it was collected have been satisfied and in line with our Data Retention Procedures.

 

1.2.2 Information from cookies and other technologies.

CBG and our service providers may use commonly used tools such as cookies, web beacons, pixels, and similar technologies (collectively "cookies") to collect information about you so we can provide the experiences you request, recognize your visit, track your interactions, and improve experience with all customers.

You have control over some of the information we collect from Cookies and how we use it. For full details on how we use cookies and similar technologies please see our CBG Cookies Policy.

 

1.3 Basis for Processing Information.

We shall process your information on the following basis:

• Lawful basis
• Legitimate interest
• Performance of a contract
• Prior consent
• Statutory duty
• Public Interest

 

1.4 Information we share

We may share information with other people for any of the reasons provided above. The category of persons who may be entitled to information includes:

a. Any employee of CBG who need the information in the course of their roles to administer a contract or service we are providing to you

b. Auditors, third party service providers, agents or independent contractor helping CBG to provide you with the needed services

c. A merchant or a member of a card association where the disclosure is in connection with use of a card

d. Any person authorized to operate your account and to act on your behalf in giving instructions

e. Any person to whom disclosure is permitted or required by local or foreign law

f. Any court of competent jurisdiction, tribunal, regulator, enforcement agency, tax authority, or an authority investigating an offence or their agents

g. Any debt collection agency, credit bureau or credit reference agency,

h. Money laundering and Terrorism financing related checks, for fraud prevention and detection

1.5 How long we keep your information

 

CBG shall keep your information for as long as it is necessary and relevant to the purposes set out in this privacy notice unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your personal information, we may either delete or anonymize such information, or if this is possible (for example, because your personal information has been stored in backup archives), then we will securely store your information and isolate it from further processing until deletion.

1.6 Security Safeguards

Our security systems are designed to prevent loss, unauthorized destruction, damage and/or access to your personal information from unauthorized third parties. The Bank will maintain physical, electronic and procedural safeguards that comply with standards to guard your non-public personal information. To ensure that we have the latest security controls and to provide assurance that CBG is compliant as in respect of information security requirements, we have obtained ISO 27001 certification and currently in the process of obtaining PCI DSS certification.

1.7 Rights as a data subject

You are entitled to your rights as enshrined in the Data Protection Act 2012, Act 843. These rights include:

• Right to be informed

• Right of access to personal data

• Right to give and withdraw consent

• Right to amend (rectification)

• Right to blocking, erasure and destruction

• Right to erasure and destruction

• Right to destruction

• Right to prevent processing

• Freedom from automated decision making

• Freedom from processing for direct marketing

• Right to complain

 

1.8 Notice to Exercise Rights

You can at any time give notice to us to exercise your rights.  We will within twenty-one (21) days after receipt of a notice inform you in writing that we have complied or intend to comply with your notice, or the reasons if we cannot comply with the request.

You can exercise your rights of access by contacting the Data Protection Supervisor through  Dataprivacy@cbg.com.gh.

1.9 Changes to this Privacy Policy

We may update the privacy policy from time to time. The updated version will be indicated by “Revised” and date.  The updated version will be effective as soon as it is accessible. We encourage you to review this privacy notice frequently to be informed of how the Bank is protecting your information