Fairgreen Limited Data Protection and Privacy (DPP) Policy

1. Purpose

This policy outlines Fairgreen Limited’s commitment to safeguarding personal data and protecting the privacy rights of individuals in accordance with the Data Protection Act, 2012 (Act 843) of Ghana and applicable international standards.

2. Scope

This policy applies to:

  • -All employees, contractors, and service providers of Fairgreen Limited
  •  All personal data processed by the company in the course of its operations
  • Data relating to clients, employees, suppliers, partners, and any identifiable individuals

 

3. Key Definitions

  • Personal Data: Any information that can identify an individual directly or indirectly.
  •  Data Subject: The individual to whom the personal data relates.
  •  Data Controller: Fairgreen Limited, responsible for determining the purpose and manner of processing personal data.
  •  Processing: Any operation performed on personal data, including collection, storage, use, and disclosure.

 

4. Principles of Data Protection

Fairgreen Limited shall ensure that all personal data is:

1. Lawfully and fairly processed

2. Obtained for specific and lawful purposes

3. Adequate, relevant, and not excessive

4. Accurate and kept up to date

5. Not retained longer than necessary

6. Processed in accordance with the rights of data subjects

7. Protected against unauthorized access, loss, or destruction 8. Not transferred to countries without adequate data protection

 

5. Legal Basis for Processing

Personal data shall be processed only when:

  • Consent has been obtained from the data subject
  • It is necessary for the performance of a contract
  • It is required by law
  • It protects vital interests
  • It serves Fairgreen’s legitimate interests without infringing on privacy rights

 

 

6. Data Subject Rights

Data subjects have the right to:

  • Access their personal data
  • Request correction or deletion of data
  • Object to or restrict processing
  • Withdraw consent at any time
  • Lodge complaints with the Data

Protection Commission Requests shall be responded to within 21 days, as required by Act 843.

 

7. Data Collection and Use

Fairgreen Limited collects personal data for purposes including:

  • Client onboarding and service delivery
  •  Employment and HR administration
  • Legal and regulatory compliance
  •  Marketing and communication (with consent) Only the minimum data required will be collected and used strictly for the stated purposes.

 

8. Data Security

  • Appropriate technical and organizational measures are implemented to protect personal data, including:
  • Password-protected systems
  • Encrypted communications
  • Access control mechanisms
  • Secure storage and backup
  • Regular audits and risk assessments

 

9. Data Sharing and Transfers

Fairgreen may share data with:

  • Regulatory authorities (e.g., Data Protection Commission, GRA)
  • Third-party service providers (under strict confidentiality)
  • Affiliates and partners (only as necessary)

Cross-border data transfers shall comply with legal requirements and use adequate safeguards.

 

10. Data Retention

Personal data will be retained:

  • Only for as long as necessary for the purpose collected
  • In line with statutory and regulatory obligations
  • According to Fairgreen’s data retention schedule

Upon expiry, data will be securely deleted or anonymized.

 

11. Roles and Responsibilities

  •  Management: Oversight and enforcement of this policy
  • Data Protection Officer (DPO): Ensure compliance, handle complaints, and liaise with the Data Protection Commission
  • Employees: Must follow data handling procedures and report breaches

 

12. Breach Notification

  • In the event of a data breach:
  • The DPO will assess the scope and risk
  • Affected individuals and the Data Protection Commission will be notified within 72 hours if required
  • Remedial action will be taken promptly

 

13. Training and Awareness

  • All staff receive mandatory annual data protection training
  • Specialized training for departments handling sensitive data
  • Regular policy updates and awareness campaigns

 

14. Monitoring and Review

  • This policy shall be reviewed annually or as needed to reflect:
  • Legal and regulatory updates
  • Organizational changes
  • Emerging privacy risks