Okomfo Anokye Rural Bank PLC, Postal Office Box 13, Wiamoase Ashanti, Kumasi
(+233) 0203301150
info@okomfoanokyeruralbank.com
This document is prepared in accordance with the provisions of the Ghana Data Protection Act, 2012 (Act 843) and furthered, the European Union General Data Protection Regulation (GDPR). It outlines how Okomfo Anokye Community Bank PLC applies and complies with the data privacy principles in processing the personal data of its customers, staff, vendors, visitors, and third parties who interact with the bank.
The personal data of Individuals, this document also highlights their rights and covers the data subject(s) whose personal data is collected and processed, in compliance with the Data Protection Act.
This privacy policy outlines why and how we collect and use personal information about our customers, vendors, and visitors (collectively referred to as data subjects). It also throws more light on whom we might share personal information and how long we keep it. It demonstrates to data subjects to be aware of their rights under the Data Protection Act (DPA).
Okomfo Anokye Community Bank PLC is the data controller, and its executive management is ultimately responsible for implementation.
Okomfo Anokye Community Bank PLC's Data Protection Supervisor (DPS) is responsible for ensuring the accuracy of this document and that it is up to date. The DPS also ensures that data subjects are duly notified before the collection and processing of their personal data by the bank, including data collected via Okomfo Anokye Community Bank PLC website. All employees of the bank who interact with personal data must also follow the provisions in this policy document.
Okomfo Anokye Community Bank PLC is committed to protecting the privacy and security of personal data. We are responsible for determining how we hold and use personal information about our data subjects (Customers, Vendors etc). According to the Ghana Data Protection Act (GDPA), Okomfo Anokye Community Bank PLC must notify data subjects of the information contained in this document.
Okomfo Anokye Community Bank PLC was incorporated in 18th January, 1983 under the Companies Code, 1963 (Act 179) as a private limited liability company as (Amendment) Act, 2007 (Act 738) to provide financial services under a Universal Banking Licence.
Since its inception, the Okomfo Anokye Community Bank PLC brand has been synonymous with a cutting-edge ICT platform, first class banking products and services that meet customers’ financial needs, innovative staff, and a commitment to exceptional customer service delivery.
The Bank’s service delivery channels include nine (9) business locations (branches). Due to the nature of the Bank’s business and its provision of financial services across the region, the Bank is required to collect and process personal data of Ghanaian individuals, as well as residents and citizens of other countries across the world.
The personal data we would collect and process, depending on the particular processing requirement, falls under the following categories:
| Data Type | Description of Data |
|---|---|
| Identity Data | Full Name, maiden name, marital status, title, date of birth, gender, address, employment history and citizenship. |
| Contact Data |
Address, Email Address and Telephone Numbers. Information received during contact through face-to-face meetings, phone calls, emails, letters, and SMS. |
| Financial Data | Bank account information and bank statements, income and expenditure, financial position, status, and credit history and account number. |
| Transaction Data |
Information regarding the products and services a data subject may have benefited from by using Okomfo Anokye Community Bank PLC, transactional information in respect of products purchased. Location data of transactions where a data subject may have used their USSD. |
| Technical Data | Internet protocol (IP) address, login data, details of browser and operating system, time zone setting and location, browser plug-in types and versions, platforms, and other technology such as device ID, geolocation, IP, model, and user agent on the devices used to access the Bank’s website. |
| Profile Data | Includes username and password. |
| Job Application Data | Data submitted throughout the recruitment process e.g. name, email address. Any personal information you provide to Okomfo Anokye Community Bank PLC as part of the recruitment process. |
| Usage Data | Includes information about how data subject uses our website, products, and services. |
| Marketing and Communications Data |
Information about data subject communications with the Bank. Preferences in receiving marketing e-mails and consents given by data subject to the Bank. |
Where the personal data we need to collect falls under a special category of sensitive personal data, the bank’s lawful basis of processing will be the explicit consent of the individual, or where applicable, compliance with a legal obligation, or for legal proceedings and advice.
Okomfo Anokye Community Bank PLC ensures that the personal data collected and processed is necessary for collection and shall not collect or process more data than is reasonably required for a particular processing activity.
Okomfo Anokye Community Bank PLC identifies, establishes, defines, and documents the specific purpose of processing and the legal basis for processing personal data (including any special categories of personal data processed) before any processing operation takes place under:
In addition, every processing purpose has at least one lawful basis for processing to safeguard the rights of the data subjects, as listed below:
| Purpose of Processing | Lawful Basis of Processing |
|---|---|
| Account creation, identity verification and maintenance of records | Contract |
| Vendor validation/information processing | Contract |
| Employment | Contract |
Where applicable, Okomfo Anokye Community Bank PLC will require the explicit consent of customers, visitors, and other relevant stakeholders to process collected personal data. Visitors to the Bank’s website are expected to read and understand the website privacy notice and then agree to the website’s terms of use. By consenting to the privacy policy, data subjects are permitting Okomfo Anokye Community Bank PLC to use or process their personal data specifically for the purpose identified before collection.
On this ground, if any data subject (customer, client, visitor, vendor, staff, or third party) does not agree to Okomfo Anokye Community Bank PLC collecting and processing their personal data, such individual is not allowed to enjoy the bank’s service(s) where applicable.
If, for any reason, the bank is requesting sensitive personal data from its stakeholders (external and internal), the individuals will be rightly notified of why and how the information will be used.
To ensure the confidentiality and security of personal information, Okomfo Anokye Community Bank PLC has implemented industry-standard encryption protocols during the transmission, processing, and storage of such data. This includes both at-rest and in-transit encryption methods to safeguard against unauthorized access or disclosure.
Where processing relates to a child under 18 years old, as in the case of Data Protection Act, or 16 years old in the case of GDPR, Okomfo Anokye Community Bank PLC shall demonstrate that consent has been provided by the person who holds parental responsibility over the child. Okomfo Anokye Community Bank PLC shall demonstrate that reasonable efforts have been made to verify the age of the child and establish the authenticity of the parental responsibility, taking into consideration available technology.
You can find more information about how we process personal information by referring to the supplementary privacy notices for particular services.
Irrespective of the initial consent given, an individual can withdraw their consent at any time by making a withdrawal of consent request.
Okomfo Anokye Community Bank PLC demonstrates the data subject (customer, client, visitor, vendor, staff, or third-party) has withdrawn consent to the processing of his or her personal data with written instruction from the data subject.
For child consent, Okomfo Anokye Community Bank PLC shall demonstrate that the holder of parental responsibility over the specified child has withdrawn consent via written instruction from the parent. The bank will also demonstrate that reasonable efforts have been made to establish authenticity of the parental responsibility when withdrawing consent for the specified child, considering available technology.
Where applicable, the Data Protection Supervisor (DPS) will inform the relevant process owner of this change, and the processing activities that relied upon the consent will be stopped immediately, in accordance with the relevant process.
Aside from situations where the bank may be required to disclose the personal data of individuals in accordance with a legal obligation in response to requests by government authorities or law courts on matters involving national security or law enforcement requirements, Okomfo Anokye Community Bank PLC will not pass on its data subjects’ personal data to third parties without first obtaining consent. In situations where the processing of personal data will involve an investigation of potential violations of the bank’s terms of service, fraud prevention and mitigation, security issue management, and the preservation of the rights and freedoms of staff, customers, and clients, the bank shall establish an appropriate legal ground for such data transfers.
Okomfo Anokye Community Bank PLC has put in place, to the best of its ability and in line with standard global practices, physical, technical, and organizational measures (including secure encryption and anonymization) to ensure the optimum protection of personal data, which also extends to data transferred or shared with third parties
Okomfo Anokye Community Bank PLC may also engage third parties abroad (such as other Banks, contractors, government-authorized agencies, etc.) that will receive personal data for a certain purpose(s) as part of the bank’s processing activities and process it on the bank’s behalf. Where this is the case, the bank will enter into a data processing agreement with the third party, ask for consent if the purpose of processing was not initially stated at the inception, and be satisfied that the third party has adequate measures in place to protect the data against accidental or unauthorized access, use, disclosure, loss, or destruction.
These transfers may occur in the following situations:
These transfers are necessary for us to perform our contract with you and to comply with our legal obligations.
In a case where the disclosure is to third parties outside the jurisdiction of the DPA, Okomfo Anokye Community Bank PLC will ensure that the third party meets the core global regulatory standards before the transfer. The Bank will satisfy itself that:
Okomfo Anokye Community Bank PLC stores a broad spectrum of personal information. All information Okomfo Anokye Community Bank PLC holds is stored and retained or stored and destroyed in compliance with DPA’s guidelines on the retention of records and personal data.
Okomfo Anokye Community Bank PLC will retain your personal data as long as the information is active on the bank’s systems and necessary for the bank’s service delivery purposes. This retention period is verified and established with special consideration to the following areas:
As a regulated financial services institution, the bank will retain your personal data for ten (10) years after the exit of the relationship by the data subject, or as may be required by regulation. When the personal data is no longer needed or beyond the stipulated retention period, Okomfo Anokye Community Bank PLC will delete or destroy it from its systems and records or take steps to securely archive it while protecting your identity and privacy rights.
At any point while Okomfo Anokye Community Bank PLC is in possession of or processing personal data, the data subject has the right to:
All the above requests will be forwarded should there be a third party involved in the processing of your personal data.
If for any reason a vendor or contractor, customer, or staff member wishes to make a complaint about how Okomfo Anokye Community Bank PLC (or any of the Bank’s third parties) handles or has handled their personal data, or how their complaint has been handled, they have the right to complain directly to;
| NAME |
Okomfo Anokye Community Bank PLC Data Protection Supervisor |
| ADDRESS |
Okomfo Anokye Community Bank PLC Post Office Box 13, Wiamoase Kumasi |
| TELEPHONE | +233203301179 |
| info@okomfoanokyeruralbank.com |
| NAME |
Data Protection Commission |
| ADDRESS |
East Legon, Pawpaw Street, (GA-414-1469), Accra P.O. Box CT 7195, Accra |
| TELEPHONE | +233256301533 |
| info@dataprotection.org.gh |
We are constantly trying to improve our website and services, so we may need to change this privacy notice from time to time as well. We will alert you to material changes by, for example, placing a notice on our websites and/or by sending you an email (if you have registered your e-mail details with us) when we are required to do so by applicable law.