Effective Date: 2nd January 2023
1. INTRODUCTION
This Privacy Policy explains how we collect, use, disclose and safeguard your data/information when you use GCB Mobile Application. Please read this Privacy Policy carefully.
We are not responsible for any Personal data collected and used by any third-party online/mobile store from which you install the GCB mobile application.
Using the Application means that the User agrees with the terms and conditions of this Policy including conditions for collecting and processing information from the User's device.
IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, YOU MAY ACCESS THE APPLICATION. HOWEVER, YOU SHALL ASSUME SOLE RESPONSIBILITY FOR ANY RISK AND FINANCIAL LOSS WHICH MAY BE OCCASIONED TO YOU AS A RESULT OF ANY FRAUDULENT ACTIVITY ON YOUR ACCOUNT.
2. DEFINTIONS
“Act 843” means the Data Protection Act, 2012
“Affiliate” means any entity or person that directly or indirectly, through one or more intermediaries, controls or is controlled by, or is under common control, with the person specified.
“App” or” Application” means GCB Mobile Application.
“Last updated” means the last date on which this Policy was revised.
“Personal data/information” means any information relating to an identified or identifiable natural person An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, date of birth, phone number, an identification number, IP address, geolocation, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural living person.
“Services” means the services provided by GCB Bank PLC to customers subscribed to the GCB Mobile Application such as bill payments, transaction alerts, account balances, among others.
“Software Development Kit (SDK)” means lines of code. SDK is a downloadable software package that contains the tools required to build a mobile application for iOS and android devices.
“Third Party” is any party other than you, us or our affiliates.
“User/You” means the customer who is subscribed to GCB Mobile App
“We” means GCB Bank PLC
3. COLLECTION OF YOUR DATA
We collect two types of information through the App namely, Personal information and other information.
3.1 Personal Information
We may collect Personal information data that can be used to identify you. The information includes but is not limited to name; date of birth; postal address; email address; mobile number; username; and geolocation data.
- Collecting your Personal information will enable us to offer you a mobile experience that would help you with your financial needs.
- We will not collect or store Personal information that allows you to be personally identified by any third party.
3.1.1 Mode of Collection of Personal Information
- We may collect Personal information when you are:
· banking via the App;
· applying for a new product or account; or
· logging-in to use the App.
- For instance, when undertaking mobile bill payment, we may collect Personal information about your transactions, and how you interact with third parties such as the utility or telecommunication company.
3.2 Other Information
- When you download and use the App, we will track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device identifier.
- The App collects information to detect:
.Malicious apps on end user’s Android device,
.Remote control tools and apps for geolocation substitution;
.Devised that have been recently wiped (one of the end signs of fraud)
.Devises with usage profiles matching the behavior of fraudsters
.Legitimate transition to a new android device (for example, upgrading to a new model) to implement an approach based on adaptive user authentication.
3.2.1 Mobile Device Data
- We may also collect the following device information:
· IP address of the device on which you use the App.
· Unique device identifier;
· Type of application and version you are using;
· Operating system version;
· Location;
· Device model; and
· Manufacturer.
- The above information will help us to provide a mobile experience that matches your device and to calculate usage levels of the App, diagnose server problems, ensure that the App functions properly and otherwise, administer the App.
- In the process of information exchange, the Android SDK collects and transmits data about the user's device, browser, network connection and account within the framework of the user session.
3.2.2 Mobile Device Access
We may request access or permission to certain features from your mobile device, including your mobile device’s storage. If you wish to change our access or permissions, you may do so in your device’s settings.
4. USE OF DATA
Data and data combinations will be used to:
. identify application;
. identify user session;
. identify user's device;
. track events caused by the user's actions in the Application;
. store custom user attributes;
. identify user's sessions in other applications via global identifier;
. check user's actions for signs of fraudulent or automated (bot) activity.
- Data collected by us will be transmitted over a secure data channel in hashed and encrypted form (if encryption parameters are set).
5. PURPOSE OF COLLECTING AND PROCESSING DATA
- We utilize your Personal information in accordance with this Policy and Act 843.
- Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience.
- Hence, we only collect and process data that is necessary for the provision of the Services.
- Specifically, we may use information collected about you via the Application to:
i. create and manage your account.
ii. identify the User and the User's device.
iii. authenticate you on the App so that you can access your account via the App.
iv. process applications and transactions.
v. ensure the safety of using the Application and the Services provided by us.
vi. send notifications, requests and administrative information about the Services and changes to our terms and conditions.
vii. improve the quality of the Application and the Services provided by us.
viii. research and develop new services to be provided by us.
ix. email you regarding your account.
x. increase the efficiency and operation of the Application.
xi. request feedback and contact you about your use of the Application.
xii. resolve disputes and troubleshoot problems.
xiii. comply with a court order or a regulatory requirement.
xiv. generate a personal profile about you to make future visits to the Application more personalized.
xv. monitor and analyze usage and trends to improve your experience with the Application.
xvi. notify you of updates to the Application.
xvii. offer new products, services, mobile applications, and/or recommendations to you.
xviii. process payments and refunds.
xix. respond to product and customer service requests.
xx. achieve audits and debt collection purposes.
xxi. contact you by phone, email, text message or push notifications (if they are enabled) to (i) verify your account (ii) for information and operational purposes such as account management, instructions, alerts, reminders, customer service, system maintenance, among others.
xxii. comply with and enforce any applicable legal obligations with respect to this Privacy Policy.
xxiii. Compliance and protection—
(i)comply with applicable laws, lawful requests and court orders or requests from the law enforcement authority, government authority or regulator;
(ii) protect our, your or others’ rights, privacy, safety or property (including by
initiating and defending legal claims);
(iii) audit our internal processes for compliance with legal and contractual
requirements and internal policies;
(iv) enforce the terms and conditions that govern the Services; and
(v) prevent, identify, investigate and deter fraudulent, harmful, unauthorized,
unethical, or illegal activity (including money laundering, cyberattacks and identity theft) claims and other liabilities.
6. DISCLOSURE OF YOUR PERSONAL INFORMATION TO THIRD PARTIES
- We shall not disclose your Personal information to any third party without obtaining your prior written consent except disclosure is required for the purpose set out in this Policy or to enforce the terms and conditions of this Policy or is required by law, as provided below:
6.1 Under Compulsion of Law or by Order of Court
- We shall disclose your Personal information:
· upon service on us of a Court Order requesting such disclosure;
· to facilitate the investigation of any suspected fraudulent or illegal activity by the law enforcement authority;
· as otherwise required by law, a law enforcement authority, government authority or regulator;
· to assist to investigate or to remedy a potential breach or a breach of our policies, or to protect the rights, property, and safety of others.
- This includes exchanging information with other entities for fraud protection and credit risk mitigation.
6.2 Third Party Vendors or Service Providers
- By using the Application, you acknowledge and explicitly agree that we may disclose to vendors or service providers who help us provide and improve the Services, only the Personal data they need to know for their specific functions.
- We will not authorize these third-party service providers to use or disclose your Personal information except as required by law, a court of competent jurisdiction or for the purpose contemplated under our Agreements with them.
6.3 Affiliates
- When we share your information with our affiliates, we will require them to comply with this Privacy Policy. Affiliates include any subsidiaries or companies that we exercise control over.
7. CONDITIONS FOR PROCESSING OF PERSONAL DATA/INFORMATION
- We are committed to ensuring compliance with the privacy principles or the eight basic principles stipulated in the Data Protection Act, 2012 (Act 843) for processing your Personal information, best practice and applicable professional rules and regulations, to enhance security of your data.
- The Application does not disclose your identity, when processing your Personal information.
8. TRANSFER OF USER’S DATA TO THIRD PARTY VENDORS OR SERVICE PROVIDERS
- We may transfer your Personal Data to third-party vendors who perform services on our behalf. We will take the appropriate data security safeguards to ensure that such third party vendors process your Personal data in accordance with Act 843, best practices and professional rules and regulations.
9. SECURITY MEASURES
- We are committed to ensuring that your information is secure. We have, therefore, adopted appropriate, reasonable, technical, physical and organizational measures to ensure the security of your Personal data in our possession or control in accordance with Act 843. To prevent unauthorized access or disclosure, we have put in place the necessary measures to ensure that your Personal data is held in the strictest confidence by staff who have authorized access to same. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect and store.
- Notwithstanding the security measures taken by us, we do not guarantee complete security of your Personal information since electronic information is vulnerable to interception and misuse by unauthorized persons. We are therefore not liable for any such unauthorized interception and misuse.
- Notify us immediately you have reason to believe that the security of your account has been compromised.
10. YOUR RIGHTS
You are entitled to exercise any one or more of the following rights:
- The right of access to your Personal Information-You have the right to request access to your Personal information.
- The right to rectification and deletion of your Personal Information-You have the right to request us to correct or delete any inaccuracies in your Personal data, if found to be incomplete, inaccurate or unlawfully processed.
- The right in relation to automated decision-making- You have the right to request us not to be subject to a decision based solely on automated processing, including profiling, which may produce a legal effect on you or significantly affect you.
- The right to restrict processing of Personal Information-You may withdraw at any time, your consent to the processing of your Personal information by notifying us in writing. Upon receipt of this notification, we shall promptly stop any processing of your Personal information and terminate your account.
- The right of complaint to the Data Protection Commission-You may also lodge a complaint with the Data Protection Commission in the event of breach of Act 843 by us.
- The right to seek compensation through the courts in the event of a breach of Act 843 by us.
- To exercise any of your rights under this Policy, please contact us in writing on the address below:
The Head
E-Banking Department
GCB Bank PLC
P. O. Box GP 134
Accra
You are required to add a copy of your identity card or other proof of your identity to your request.
- We will take the necessary action immediately and provide feedback on action taken within fourteen (14) working days.
12. TERM, TERMINATION AND DATA RETENTION
- We will retain your Personal data and information on your usage of the Application, during the course of our business relationship to facilitate the continuous provision of the Services to you.
- We reserve the right under applicable law to retain your Personal data even if you temporarily discontinue the use of the Application.
- Upon receipt of a notice from you to terminate your mobile app account, we will de-activate your mobile app account and information from our mobile app databases.
- However, we reserve the right to retain some Personal data for the statutory period, to prevent fraud, troubleshoot problems, assist with any investigations, enforce this Policy and/or comply with any legal requirement.
13. AMENDMENTS
- We reserve the right to make changes to this Privacy Policy as we deem fit, at any time and for any reason.
- To this extent, we will notify you about any changes to this Policy by updating the “Last updated” date of this Privacy Policy.
- You are required to periodically review this Privacy Policy to keep informed of updates.
- You will be deemed to have been duly notified and to have accepted the changes in any revised Privacy Policy by your continued use of the App after the effective date of such revised Privacy Policy.
- The revised Privacy Policy comes into force once published, unless otherwise provided by the revised Privacy Policy.
14. GOVERNING LAW
- These terms and conditions of this Policy shall be governed and construed in accordance with the laws of the Republic of Ghana.
GCB MOBILE APP PRIVACY POLICY VERSION 1 2023