Privacy Policy

1. Who we are and data controller

This Privacy Policy describes how Adisa HR ("we", "us") collects, uses, and protects your personal data when you use our website and the HR & Employee Portal. We are the data controller for the personal data processed through the Portal. Our processing is carried out in accordance with applicable data protection law, including the Data Protection Act, 2012 (Act 843) of Ghana where applicable.

This policy applies to use of our website and to job applications. If you are an employee, a separate Employee Privacy Notice applies to data we process about you in the employment context; you can find it in the Employee Portal after you log in.

2. Data we collect

Applicants. When you apply for a position, we collect information you provide, such as name, email, phone, address, CV, cover letter, employment history, qualifications, and any other information you submit with your application.

Employees. When you are employed, we collect and maintain data needed for the employment relationship, including: identification and contact details; emergency contacts; employment and role information; documents (e.g. ID, qualifications); and where required by law or policy, Ghana-specific compliance data such as SSNIT number, TIN, and Ghana Card number. We also collect payroll data including bank account details, salary, deductions, and tax information, as required to process your remuneration and meet statutory obligations.

Portal usage. We collect technical and usage data (e.g. IP address, browser, login activity, session data) where necessary for security, support, and improving the Portal. We use session cookies and authentication tokens to keep you signed in; these are essential for the Portal to function and are not used for advertising.

3. Purposes and legal basis

We process your data for: recruitment and hiring; managing the employment relationship; payroll, tax, and social security (e.g. SSNIT) compliance; benefits and HR administration; leave and absence management; legal and regulatory compliance; security and audit; and operating and improving the Portal. Our legal basis is typically contract (employment), legal obligation (tax, labour, social security laws), or your consent where we ask for it. Where we rely on legitimate interests (e.g. fraud prevention, system security), we ensure those interests are balanced with your rights.

4. Retention

We retain your data only as long as necessary for the purposes above or as required by law. Unsuccessful application data may be retained for a defined period (e.g. 24 months for future vacancies or legal defence) and then anonymised. Employee data is retained for the duration of employment and for the periods required by law (e.g. tax and employment records). Payroll and banking records are retained for as long as required by Ghanaian tax and employment law. Sensitive compliance data (e.g. SSNIT, TIN, Ghana Card) is kept only as long as needed for employment and legal compliance and is stored securely.

5. Sharing and sub-processors

We do not sell your data. We may share it with: HR and management; payroll and benefits providers; IT and hosting service providers (who process data on our behalf under appropriate data processing agreements); and regulators or authorities when required by law (e.g. Ghana Revenue Authority, SSNIT). We use technical and organisational measures (including encryption where appropriate) to protect your data against unauthorised access, loss, or misuse. Access to sensitive data is restricted to those who need it for their role.

6. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Hiring and HR decisions are made by people, not by automated systems.

7. Your rights

Under the Data Protection Act, 2012 (Act 843) of Ghana, you have the right to: access a copy of the personal data we hold about you; correct inaccurate or incomplete data; request deletion or restriction of processing in certain circumstances; object to certain processing; and, where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit a written request to your HR representative or to our data protection contact (see section 10). We will respond within a reasonable time and in any event within 21 days. We may ask you to verify your identity before processing your request. You also have the right to lodge a complaint with the Data Protection Commission of Ghana.

8. International transfers

Your data is processed primarily within Ghana. If we transfer data outside Ghana (e.g. to cloud hosting providers), we will ensure appropriate safeguards are in place as required by applicable law, such as contractual protections or adequacy decisions.

9. Changes

We may update this Privacy Policy from time to time. We will indicate the last updated date above. Material changes may be communicated via the Portal or by email. Continued use of the Portal after changes constitutes acceptance of the updated policy.

10. Contact

For questions about this Privacy Policy, to exercise your data protection rights, or to raise a concern about how your data is handled, contact your HR representative or the data controller for Adisa HR. Your HR representative can also provide you with the contact details for our data protection contact where applicable.