Legal
Privacy Policy
Last updated: 17 July 2026
This page is maintained by VASPA Ghana to explain what personal information we process when you visit vaspaghana.com or use the member platform, why we process it, and the choices you have. It is written to align with the Data Protection Act, 2012 (Act 843).
1. Data we collect
- Account data: name, work email, organisation, role, phone (optional).
- Membership data: tier, status, payment references, invoice details.
- Compliance data you upload into the compliance suite (customer due diligence records, sanctions screening results, STR drafts, Travel Rule messages). This data belongs to your organisation; we process it as your service provider.
- Community activity: messages, reactions, channel membership, moderation reports.
- Technical data: IP address, browser, device, and event logs used for security, abuse prevention, and product analytics.
2. How we use it
- To provide the Service and support you.
- To bill membership fees and issue receipts.
- To send transactional and administrative emails (password resets, invoices, announcements you've opted into).
- To secure the platform, investigate abuse, and comply with legal obligations.
- To improve the Service in aggregate — never by selling personal data.
3. Lawful bases
We rely on the contract with you (to deliver membership), our legitimate interests (to secure and improve the Service), your consent (for optional marketing), and legal obligations (record-keeping, response to lawful requests).
4. Sharing
We share personal data only with vetted processors that help us run the Service:
- Hosting & database: our backend infrastructure provider (data stored in a West Africa region where available).
- Email delivery: our transactional email provider, for account and billing messages.
- Payments: Paystack for card and bank transfer processing.
We do not sell personal data. We disclose data to authorities only when required by law or a valid legal request.
5. Retention
Account and membership records are retained for the life of your membership and up to 6 years after closure to meet accounting and regulatory record-keeping obligations. Community messages are retained until the channel or your account is deleted. You can request earlier deletion where no legal hold applies.
6. Security
Data is encrypted in transit (TLS) and at rest. Access is limited to authorised staff on a need-to-know basis, protected by strong authentication and audit logging. No system is perfectly secure — report suspected incidents to info@vaspaghana.com.
7. Your rights
You may request access, correction, deletion, restriction, or a copy of your personal data, and object to certain processing. Email info@vaspaghana.com and we will respond within 30 days. You may also lodge a complaint with Ghana's Data Protection Commission.
8. Cookies
We use strictly necessary cookies for authentication and session management, and privacy-friendly analytics that do not build cross-site profiles. You can clear cookies via your browser settings.
9. International transfers
Some processors may host or process data outside Ghana. Where that happens, we use providers with recognised safeguards (e.g. standard contractual clauses) to protect your data.
10. Children
The Service is not directed at people under 18 and we do not knowingly collect data from them.
11. Changes
Material changes to this policy will be announced by email and on this page at least 14 days before taking effect.
12. Contact
Data protection questions: info@vaspaghana.com.