Fidelity Young Entrepreneurs Initiative (FYEI) Privacy Policy
1. Introduction
Fidelity Bank Ghana Limited (“us”, “we”, or “our”) is a registered financial
institution in Ghana that provides banking, credit scoring and lending services to data
subjects, also referred to as the data controller for the information we process
unless otherwise stated.
This privacy policy governs your use of our service, and explains how we collect, process,
safeguard and disclose information about you.
We will only process information where you have given us the information directly as a data
controller or by our partners where we are processors in accordance with their instructions
and in line with our obligations and your rights under The Data Protection Act 2012 (Act
843), The EU General Data Protection Regulation (GDPR) and other Jurisdictional Data
Protection laws that are applicable.
2. The information we collect and when
We only collect personal information that is necessary, relevant, and not excessive for the
purpose of our processing. The type of personal information that we may collect and process
about you when you interact with us includes the following:
- Name
- Email
- Address
- Contact
- Age/DOB
- Business registration documents / Business details
- Business financial information
- Bank account details
- Credit History
- Financial statements (Income statement, Statement of Financial Position and Cashflow
statement)
- National ID cards
We may, in specific circumstances, process other information such as your subscriptions,
services used, records of conversations.
You are under no obligation to provide us with your personal information; however, certain
basic information may be required for us to be able to provide you with the service or
request made by you.
Where this is the case, we will advise you at the point of obtaining the information.
3. How do we obtain your personal data?
We collect personal information directly from you when you complete the application form or
engage with us through various channels. Where we collect your personal information
indirectly from you, we will contact and inform you of where we obtained the information.
The following are the various ways we collect information from you.
- When you complete the FYEI application form
- Through existing data on the Bank’s system
- When you contact us for assistance through our contact center or other channels
4. Purpose of processing
The purposes for which we process your personal data include one or more of the following;
- To enable us provide lending services under the Fidelity Young Entrepreneurs Initiative.
- To fulfill a contract that we have entered into with you or with the entity you
represent. In these
circumstances, it may be your entity, rather than yourself, that has provided us with
your personal
data for us to fulfill the contract.
- To ensure the security safeguard of your data and underlying business infrastructure.
- To manage any communication between you and us.
5. Lawful Basis for Processing
We will only process your personal data for the specific purpose that we state at the point
of collection and when the law allows or requires us to do so. Most commonly, we will use
your personal data in the following circumstances:
- For us to perform a contract that we are about to enter into or have entered into with
you.
- Where it is necessary for our legitimate interests and if your interests and fundamental
rights do
not override those interests.
- Where we need to comply with a legal or statutory obligation.
- Where you give us your consent.
Below is a description of the ways we may use your personal data, and which of the legal
basis we rely on to do so. We have also identified what our legitimate interests are where
appropriate.
Type of processing activity |
Lawful basis |
To enable the Bank, provide lending services under the Fidelity Young
Entrepreneurs Initiative |
Performance of a contract |
To fulfill a contract that we have entered into with you or with the entity
you represent. In these circumstances, it may be your entity, rather than
yourself, that has provided us with your personal data for us to fulfill the
contract. |
Performance of a contract |
To ensure the security safeguard of your data and underlying business
infrastructure. |
Legitimate interest |
To manage any communication between you and us. |
Legitimate interest |
Marketing /mailing list /subscriptions to newsletters |
Consent |
6. Whom we might share your information with
We will not share your information with third parties unless any of the following
circumstances apply.
- Where the law or a statutory duty requires us to do so
- Our internal team members who need the information in the course of their roles to
administer a
contract or service we are providing to you
- If we need to share personal data to establish, exercise, or defend our legal rights
(this includes providing personal data to others to prevent fraud)
- If required to disclose your personal information by law or in response to valid
requests by public authorities (law enforcement agencies, fraud and crime prevention
and detection agencies and certain regulatory bodies).
- Share with recipients, including employees, only for the purposes of administering
services to you or responding to your request. This will only be shared on a
strictly need-to-know basis.
- With third parties that we have either contracted to perform services for us and
will ensure that we put the necessary security and third-party contracts and
agreements in place.
- If we or our subsidiaries are involved in a merger, acquisition or asset sale, your
Personal Data may be transferred.
If you require details of the third parties your data has been shared with and how this
information is used please contact us at sustainablefinance@myfidelitybank.net
or Toll free: 0800 00 3355.
7. Security safeguards
Security safeguards are of high importance to us, and therefore, we believe we have
appropriate technical and organizational security measures and controls in place to
protect your information. Some of the steps that we have implemented include
implementing access controls and encryption to our information technology and systems.
We do not, however, have any control over what happens between your device and the
boundary of our information infrastructure. You should be aware that there are many
information security risks that exist and take the appropriate steps to protect your own
information.
8. Personal information retention
We will retain your personal information only for as long as is necessary for the
purposes set out in this Privacy Policy. We will retain and use your personal
information to the extent necessary to comply with our legal obligations (for example,
if we are required to retain your data to comply with applicable laws), resolve
disputes, and enforce our legal agreements and policies.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally
retained for a shorter period, except when this data is used to strengthen the security
or to improve the functionality of our Service, or we are legally obligated to retain
this data for longer time periods.
9. Personal information transfer
Your personal information, may be transferred to, and maintained on computers located
outside of your country or other governmental jurisdiction where the data protection
laws may differ from those of your jurisdiction.
Your consent to this Privacy Policy followed by your submission of such information
represents your agreement to that transfer.
We will take all the steps reasonably necessary to ensure that your information is
treated securely and in accordance with this Privacy Policy and no transfer of your
personal information will take place to an organization or a country unless there are
adequate controls in place including the security of your data and other personal
information.
10. Your Rights as a data subject.
The Data Protection Act 843 provides some basic rights to data subjects. These are
10.1 Right to be informed:
You have the right to be informed about the processing of your personal
information (personal data) that we do. This privacy notice is a way of ensuring we meet
our obligations to enable you to exercise your right to be informed.
10.2 Right to Access Your Personal Information
You have the right to access the personal information that we hold about
you. This is sometimes termed a
‘Data Subject Access Request’. We will ask for proof of identity and sufficient
information about your interactions with us so that we can locate your personal
information when you make such a request. If you want to exercise this right, please
contact us as set out below.
10.3 Right to rectification, blocking, erasure, and destruction
Where information we hold about you is inaccurate, incomplete, or out of
date, you may ask us to correct or update it at any. You also have the right to block us
from further processing of your personal data where we do not have any legitimate or
legal basis for processing your personal data. In certain circumstances, you may also as
us to delete your personal data. The right to erasure or destruction is not absolute and
only applies in certain cases. If you would like to exercise this right, please get in
touch with us as set out below.
10.4 Right to prevent processing:
Under this right, you can give us notice in writing to cease or not or not
start processing your personal data for a specific purpose or manner which will cause or
is likely to cause any unwarranted damage or distress. You can also prevent us from
processing your information for direct marketing purposes.
10.5 Right to give and withdraw consent
Where we rely on your consent to process your personal data, you have the
right to withdraw it at any time by contacting us or using any details provide in our
communication with you.
10.6 Right to complain and compensation
As with all the other rights above, you may write to complain if you
believe any of your rights have not been met or we fail to meet our obligations as a
data controller.
10.7 Other Rights under different jurisdictions Across Africa and
beyond
We will ensure the various rights of data subjects where we operate are
respected and take our obligations seriously. Where we process personal data of other
jurisdictions, we undertake a privacy assessment to identify any potential risk of
noncompliance.
11. Notice to Exercise Rights
You can at any time give notice in writing to us to exercise your rights. We will within
twenty-one
(21) days after receipt of a notice, inform you in writing that we have complied
or intend to comply with the notice your notice or the reasons if we cannot comply with
the request. If you would like to exercise this right, please contact us as set out
below.
12. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example,
if the law changes or if we change our business in a way that affects personal data
protection. Any changes we make will be published and indicated by version number.