Last updated 31st May 2021 – V02 1.
General Overview of Our Privacy Notice
Who we are?
Information Governance Solutions is the data controller for the information we process unless otherwise stated. For this Privacy Notice, Information Governance Solutions shall be referred to as “IGS”.
Information Governance Solutions (GH)
18 Gower Street
Our Office Address is
7 Ajiringanor Road
East Legon GD-209-1982
How do we obtain your personal data?
IGS collects personal information directly from you when you engage with us through various channels. Where we collect your personal information indirectly from you, we will inform you in due course when we contact you of where we obtained the information from. The following are the various ways we collect information from you.
- When you register, book, or attend training
- When you register for or attend an event/conference
- When you contact us to make an inquiry or request information
- When you make a complaint and or give feedback
- When you apply for a job with us
- When you register to be added to our recruitment and membership services
- And through any other interaction that you have with us
The information we collect and when
We only collect personal information that is necessary, relevant, and not excessive for the purpose of processing. The type of personal information that we may collect and process about you when you interact with us includes the following:
- Your name
- Telephone number(s)
- Email address
- Survey/course evaluation and responses
- IP address
We may, in specific circumstances, process other information such as your subscriptions, services used, records of conversations, agreements, and financial details that are required for transactions.
You are under no obligation to provide us with your personal information; however, certain basic information may be required for us to be able to provide you with the service or request made by you. Where this is the case, we will advise you at the point of obtaining the information.
Purpose of processing
The purposes for which we process your personal data include one or more of the following purposes:
- To provide you with information that you have requested or that we think may be relevant to a service or product in which you have exhibited an interest.
- Interact with you to process financial transactions with you or the company you represent for the purchase and commissioning of products and services from us.
- To fulfill a contract that we have entered into with you or with the entity you represent. In these circumstances, it may be your entity, rather than yourself, that has provided us with your personal data for us to fulfill the contract.
- To ensure the security safeguard of our websites and underlying business infrastructure.
- To manage any communication between you and us.
IGS will only process your personal data for the specific purpose that we state at the point of a private data collection and when the law allows or requires us to do so. Most commonly, we will use your personal data in the following circumstances:
- For us to perform a contract that we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests and if your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or statutory obligation.
- Where you give us your consent.
We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|Type of processing activity||Lawful basis|
|To contact you, following your inquiry, reply to any questions, suggestions, issues, or complaints you have contacted us about||Legitimate interest|
|Fulfillment of a contract to provide you with an agreed service||Performance of a contract|
|Make available our services to you||Legitimate interest|
|Process your orders including booking our courses or events||Performance of a contract|
|For statistical analysis and to get feedback from you about our services or training or events.||Legitimate interest|
|Marketing /mailing list /subscriptions to newsletters||Consent|
Whom we might share your information with
We will not share your information with third parties unless any of the following circumstances apply.
- Where the law or a statutory duty requires us to do so
- Share with joint controllers such as the Data Protection Commission for the administering of training.
- Our internal team members who need the information in the course of their roles to administer a contract or service we are providing to you
- If we need to share personal data to establish, exercise, or defend our legal rights (this includes providing personal data to others to prevent fraud and reduce credit risk); or
- Share with recipients, including employees, only for the purposes of administering services to you or responding to your request. This will only be shared on a strictly need-to-know basis. We will only share with third parties that we have either contracted to perform services for us and will ensure that we put the necessary security and third-party contracts and agreements in place.
Security safeguards are of high importance to us, and therefore, we believe we have appropriate technical and organizational security measures and controls in place to protect your information. Some of the steps that IGS has implemented include implementing access controls and encryption to our information technology and systems. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware that there are many information security risks that exist and take the appropriate steps to protect your own information.
Your Rights as a data subject.
The Data Protection Act 843 provides some basic rights to data subjects. These are
- Right to be informed:
- Right of access to personal data
- Right to give and withdraw consent:
- Right to amend (rectification), blocking, erasure, and destruction
- Right to prevent processing:
- Freedom from automated decision making:
- Freedom from processing for direct marketing
- Right to compensation
- Right to complain:
- Other Rights under different jurisdictions Across Africa and beyond
Right to be informed:
You have the right to be informed about the processing of your personal information (personal data) that we do. This privacy notice is a way of ensuring we meet our obligations to enable you to exercise your right to be informed.
Right to Access Your Personal Information
You have the right to access the personal information that we hold about you. This is sometimes termed a ‘Data Subject Access Request’. We will ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information when you make such a request. If you want to exercise this right, please contact us as set out below.
Right to rectification, blocking, erasure, and destruction
Where information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct or update it at any. You also have the right to block us from further processing of your personal data where we do not have any legitimate or legal basis for processing your personal data. In certain circumstances, you may also as us to delete your personal data. The right to erasure or destruction is not absolute and only applies in certain cases. If you would like to exercise this right, please get in touch with us as set out below.
Right to prevent processing:
Under this right, you can give us notice in writing to cease or not or not start processing your personal data for a specific purpose or manner which will cause or is likely to cause any unwarranted damage or distress. You can also prevent us from processing your information for direct marketing purposes.
Right to give and withdraw consent
Where we rely on your consent to process your personal data, you have the right to withdraw it at any time by contacting us or using any details provide in our communication with you.
Right to complain and compensation
As with all the other rights above, you may write to complain if you believe any of your rights have not been met or we fail to meet our obligations as a data controller.
Other Rights under different jurisdictions Across Africa and beyond
IGS will ensure the various rights of data subjects where we operate are respected and take our obligations seriously. Where we process personal data of other jurisdictions, we undertake a privacy assessment to identify any potential risk of noncompliance.
Notice to Exercise Rights
You can at t any time give notice in writing to us to exercise your rights. We will within twenty-one (21) days after receipt of a notice, inform you in writing that we have complied or intend to comply with the notice your notice or the reasons if we cannot comply with the request.
If you would like to exercise this right, please contact us as set out below.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes or if we change our business in a way that affects personal data protection. Any changes we make will be published and indicated by version no.
The Data Protection Commission (DPC) regulates data protection and privacy matters in Ghana. They make much information accessible to consumers on their website, and they ensure that the registered details of all data controllers such as ourselves are available publicly.