We Value Your Privacy
Guaranty Trust Bank (Ghana) Limited (herein after called “GTBank”) holds and processes information about customers, employees, and other data subjects for administrative and commercial purposes. When handling such information, GTBank, and all its staff or associates who process or use any personal information, comply with the Data Protection Principles namely accountability, lawfulness of processing, specification of purpose, compatibility of further processing with purpose of collection, quality of information, openness, data security safeguards, and data subject participation. GTBank places great importance on security of personal data of all data subjects and has implemented technical and organizational security measures to guarantee the security of personal data collected. Information is stored on secure networks and access is restricted to staff and partners who are entitled to access of the data
As a financial institution, GTBank complies with the Data Protection Legislation and Guidelines in Ghana. GTBank also complies with General Data Protection Regulation (EU GDPR) when collecting and processing personal information of EU citizens.
GTBank is permitted to process personal data only with the consent of the data subject unless the purpose for which the personal data is processed is necessary for the purpose of a contract to which the data subject is a party or authorised or required by law, to protect a legitimate interest of data subject, necessary for the proper performance of a statutory duty; or necessary to pursue the legitimate interest of the GTBank or a third party to whom the data is supplied. A data subject may object to the processing of personal data and in such a case, the Bank shall stop the processing of the personal data which implies the Bank may not be in the position to offer any related service to the data subject.
How We Collect and Use Your Personal Data
GTBank Ghana applies the principle of minimality in the collection of Personal data which may only be processed if the purpose for which it is to be processed, is necessary, relevant and not excessive. GTBank collects personal data for a specific purpose in accordance to the needs of the data subject, requirements of regulators and in relation to the functions or activity of the person directly from the data subject. However, data may be collected indirectly where:
(a) the data is contained in a public record
(b) the data subject has deliberately made the data public
(c) the data subject has consented to the collection of the information from another source
(d) the collection of the data from another source is not likely to prejudice a legitimate interest of the data subject
(e) the collection of the data from another source is necessary for the prevention, detection, investigation, prosecution or punishment of an offence or breach of law.
As a regulated financial institution, GTBank collects personal information in the form of the following through forms filled by customers, interviews, emails and other medium:
· First and last name
· Job title
· Work email address
· Phone number
· Area of interest (e.g. sustainability, climate etc.)
All personal data collected will only be used to process customer’s account, transaction request, send occasional information and announcements. GTBank does not sell personal data to anyone and will not share it with third parties without customers’ consent or under law. During account opening GTBank will process personal data from customers in accordance with applicable personal data regulations (Ghana Data Protection Act, 2012, GDPR and Bank of Ghana ). This implies that;
· Personal data will be treated confidentially
· Personal data will be used for account opening purposes
· Non-disclosure of personal data, except for the data processors used in onboarding procedures.
Ensure that all personal information provided to GTBank in connection with onboarding are accurate and up-to-date;
· Inform GTBank of any changes to information, for example, change of address etc;
· Check the information which GTBank shall make available from time to time, in written or automated form, and inform GTBank of any errors or, where appropriate, follow procedures for up-dating entries on computer forms.
GTBank shall not be held responsible for errors of which it has not been informed.
Events and Conference Data
GTBank may occasionally organise corporate and social events or conferences, where individuals provide their information to register for an event. During Conference and event registration, where information is voluntarily provided during signup, we collect the following information:
· First and last name
· Job title
· Work e-mail address
· Phone number
· Area of interest (e.g. sustainability, climate etc.)
GTBank events may be photographed and/or video/audio recorded for the purpose of reflecting the events in GTBank’s publications and on the GTBank’s website. We focus our efforts solely on the key note speakers and other voluntary participants from the audience, as well as the audience as a whole.
Website Visitors’ Data
In general, website visitors do not need to provide personalized information to GTBank. GTBank collects "aggregate data," that is, group data with no personal identifiers. GTBank uses this aggregate data to help understand how the site is being used and to improve its usability. GTBank also uses it to enhance the quality and availability of products and services it offers. Also, with explicit permission, the Bank will use aggregate data from online surveys chosen by visitor for research and publication purposes.
If personal data is provided, and retained, it is only name, business contact email, and business contact phone number, which allow GTBank to contact the visitor at his or her organization. GTBank solely holds the information and engages in no contact-sharing program with other organizations.
Many websites create Cookies (small text files) when a user visits a website, and these Cookies are used to analyze aggregate user behavior on a website. In compliance with the EU ePrivacy Directive, GTBank’s website asks permission of the visitor prior to setting Cookies. Should the visitor agree, GTbank’s server will only collect the following information:
The visitor’s IP address (including the domain name associated with the IP address, i.e. using reverse look-up).
· The date and time of the visit to the website.
· The pages visited on the website.
· The browser being used
In addition, where this is available, GTBank will also collect:
· The country from which the visitor is accessing the website (only the ending is saved, e.g., de, since this indicates the relevant country).
· The language of the browser being used.
· The website from which the visitor is accessing the Bank’s website.
· The search word used (if the site is accessed via a search engine).
· The type of connection and operating system.
With regards to Cookies, we rely on consent given as the lawful basis under GDPR Article 6(1)(a) and Section 40 of the Data Protection Act, 2012.
When enquiries are made to GTBank through the Bank’s contact form, the Bank uses the personal data that is stated in the contact form to respond. Any personal data received will not be used for any other purpose without prior consent and knowledge of the customer and will not be disclosed.
Any personal data received through stakeholder interview will not be used for any other purpose without prior consent of the stakeholder.
GTBank’s use of ecommerce is limited to registration for a limited number of customers each year. Customers provide their personal information to register for services provided by the Bank. We use the data collected in order to process transaction and billing for products/services provided on our ecommerce channels.
Transfer / Sharing of Personal Data
GTBank shall not rent or sell personally identifiable information with other individuals or organizations.
However, GTBank may transfer personal data to third parties when it is necessary in order to provide customers with service. Third parties shall mean:
· Telecom Companies
· Other GTBank Subsidiaries
· Security-cleared data processors/subcontractors, who are assisting GTBank with IT or other services
In case of a personal data transfer to business partners, customers should be aware that they might have stored personal data concerning them collected by other means such as the bank’s website, through their transactions means and accessing the Bank’s electronic platforms for business transactions.
The Bank may also transfer personal data to the above or other third parties if obliged to do so according to legislation or in order to protect national security or in legal disputes.
File Storage and Security
GTBank has a security-cleared data processor to store files and data on secure servers. The Bank has undergone PCI DSS and ISO 27001 certification programs and thereby guarantees an appropriate standard of data protection and operates to an appropriate standard of data security and all data is accessed via secure connections in Ghana.
In spite of the Bank’s efforts to establish a secure environment for the website, customers should be aware that no information is completely secure on the internet. Therefore, should always take the necessary safeguards on their own equipment.
Customers have the right of access to the personal data submitted to the Bank, as well as to have their personal data updated, rectified, or erased, or to obtain a copy of their personal data. All requests shall be made in writing to the Bank or email:
email@example.com, firstname.lastname@example.org in addition to a proof of identity.
On receipt to presentation of the request, the Bank shall comply with the request or provide the data subject with credible evidence in support of the data as well as inform any ‘person” to whom the personal data has been disclosed of the corrections made.
Where customers want to lodge a complaint over the Bank’s processing of their personal data, they may contact the Bank directly through email, call center or in branch in line with the Bank’s Consumer Recourse Mechanism.
Retention of Data
GTBank will keep different types of information for differing lengths of time, depending on legal, regulatory and operational requirements.