1. Introduction
ESOG Africa Limited ("we", "our", or "us") takes the protection of your privacy and security of your Personal Data very seriously. This Privacy Policy describes how we process your Personal Data, your rights in relation to the Personal Data we process, and our commitment to process your Personal Data in a fair, lawful, transparent, ethical and secure manner.
This policy applies to all users of our smart vending machines, website visitors, mobile application users, business partners, and anyone who interacts with our services.
2. Who We Are
We are ESOG Africa Limited, a company incorporated under the laws of Ghana, with our registered office at [Company Address], Accra, Ghana.
ESOG Africa operates smart vending machines and provides supply chain solutions across educational institutions and commercial locations in Africa.
3. Important Definitions
- Personal Data:
- Information about an individual who can be identified from that data, or from that data combined with other information.
- Processing:
- Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- Data Subject:
- The individual to whom Personal Data relates.
- Special Personal Data:
- Sensitive information including health data, biometric data, or data revealing racial or ethnic origin.
4. What Personal Data We Collect
We collect Personal Data that is necessary to provide our services effectively. The information we collect includes:
4.1 Account and Contact Information
- Name and contact details (email, phone number, address)
- Institution or company affiliation
- Date of birth and identification numbers (when required)
- Payment and billing information
4.2 Transaction Information
- Purchase history and preferences
- Payment method details
- Transaction amounts and timestamps
- Location of vending machine usage
4.3 Technical Information
- Device information and unique identifiers
- IP addresses and browser information
- Usage patterns and interaction data
- Location data from vending machine interactions
4.4 Educational Information (For Student Programs)
- Student identification numbers
- Academic program details
- Training progress and certifications
- Institution enrollment status
5. How We Collect Personal Data
We collect Personal Data directly from you when you:
- Use our vending machines or mobile applications
- Register for our services or student training programs
- Submit partnership or supplier applications
- Contact us for support or information
- Visit our website or interact with our digital platforms
- Participate in surveys, competitions, or marketing activities
We may also collect information from third parties, including educational institutions, payment processors, and business partners, where we have legal grounds to do so.
6. How We Use Your Personal Data
We process your Personal Data for the following purposes:
6.1 Service Provision
- Operating vending machines and processing transactions
- Managing user accounts and preferences
- Providing customer support and technical assistance
- Delivering educational training programs
6.2 Business Operations
- Inventory management and supply chain optimization
- Performance monitoring and service improvement
- Financial management and billing
- Fraud prevention and security
6.3 Legal and Regulatory
- Compliance with applicable laws and regulations
- Responding to legal requests and court orders
- Protecting our rights and interests
- Meeting reporting and audit requirements
6.4 Marketing and Communication
- Sending service updates and important notices
- Marketing our products and services (with consent)
- Conducting market research and analysis
- Personalizing user experiences
7. Legal Basis for Processing
We process your Personal Data based on the following legal grounds:
- Contract Performance: Processing necessary to fulfill our service agreements
- Legal Obligation: Compliance with applicable laws and regulations
- Legitimate Interests: Business operations, security, and service improvement
- Consent: Where you have explicitly agreed to specific processing activities
- Vital Interests: Protection of life or physical safety
- Public Interest: Educational and social development purposes
8. Data Sharing and Disclosure
We may share your Personal Data with the following parties:
8.1 Service Providers
Third-party vendors who help us deliver our services, including:
- Payment processors and financial institutions
- Cloud hosting and IT service providers
- Maintenance and technical support companies
- Marketing and analytics platforms
8.2 Educational Partners
Schools and universities where our vending machines are located, for program administration and educational purposes.
8.3 Legal Requirements
Government agencies, courts, and law enforcement when required by law or to protect our legal rights.
8.4 Business Transactions
In case of merger, acquisition, or sale of business assets, your data may be transferred to the new entity.
9. International Data Transfers
We may transfer your Personal Data outside Ghana to support our operations. When we do so, we ensure appropriate safeguards are in place, including:
- Adequacy decisions by the Data Protection Commission
- Standard contractual clauses approved by relevant authorities
- Binding corporate rules for intra-group transfers
- Other legally recognized transfer mechanisms
10. Data Retention
We retain your Personal Data only as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.
Typical Retention Periods:
- Transaction Records: 7 years (tax and accounting requirements)
- Student Training Records: 10 years (educational certification purposes)
- Marketing Data: Until consent is withdrawn
- Website Analytics: 2 years
- Support Communications: 3 years
11. Data Security
We implement appropriate technical and organizational measures to protect your Personal Data against:
- Unauthorized access, disclosure, or destruction
- Accidental loss or damage
- Unlawful processing or use
Our security measures include:
- Encryption of data in transit and at rest
- Access controls and user authentication
- Regular security assessments and monitoring
- Staff training on data protection practices
- Incident response and breach notification procedures
12. Your Rights
Under Ghana's Data Protection Act and other applicable laws, you have the following rights:
12.1 Right to Access
Request a copy of the Personal Data we hold about you.
12.2 Right to Rectification
Correct inaccurate or incomplete Personal Data.
12.3 Right to Erasure
Request deletion of your Personal Data under certain circumstances.
12.4 Right to Restrict Processing
Limit how we process your Personal Data in specific situations.
12.5 Right to Object
Object to processing based on legitimate interests or for direct marketing.
12.6 Right to Data Portability
Receive your Personal Data in a structured, machine-readable format.
12.7 Right to Withdraw Consent
Withdraw consent for processing activities that require your consent.
How to Exercise Your Rights:
To exercise any of these rights, please contact us using the details in Section 14 below.
We will respond to your request within 30 days and may request additional information to verify your identity.
13. Cookies and Tracking Technologies
Our website and mobile applications use cookies and similar technologies to:
- Remember your preferences and settings
- Analyze website traffic and user behavior
- Provide personalized content and advertisements
- Ensure website security and functionality
You can control cookie settings through your browser preferences. However, disabling certain cookies may affect website functionality.
For more details, please see our Cookie Policy.
14. Contact Information
Data Protection Officer
Email: privacy@esogafrica.com
Phone: +233 XX XXX XXXX
Address: ESOG Africa Limited
[Company Address]
Accra, Ghana
Ghana Data Protection Commission
Address: East Legon, Pawpaw Street, GPS: GA-414-1469, P.O. Box CT7195, Accra
Email: info@dataprotection.org.gh
Phone: +233 256 301 533
Website: www.dataprotection.org.gh
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make significant changes, we will notify you through our website, email, or other appropriate means. The updated policy will be effective from the date specified in the "Last Updated" section.
This Privacy Policy was last updated on January 1, 2025. If you have any questions about this policy or our data practices, please contact us using the information provided above.