Data Exchange Policy
1. Purpose
All personal data shared shall be used solely for the design, production, and delivery of ID cards. The data shall not be reused, sold, or applied to any other purpose beyond the agreed service.
2. Scope of Data
Only the minimum required information shall be collected, which may include:
- Full Name
- ID / Staff / Membership Number
- Role, Department, Class, or Designation
- Photograph
- Organization Name, Logo, and Card Validity Period (if applicable)
No unnecessary or sensitive personal data shall be requested unless explicitly required and approved by the client.
3. Data Transfer
Data shall be exchanged through secure channels such as password-protected files, secure cloud storage links with restricted access, or encrypted storage devices where necessary.
4. Data Access & Confidentiality
Access to personal data shall be limited to authorized personnel only. All staff involved are required to maintain strict confidentiality. Data shall not be shared with third parties without written approval from the client.
5. Data Storage & Retention
All data shall be stored securely and retained only for the duration necessary to complete the ID card printing project. Data shall be permanently deleted after successful delivery or within an agreed retention period.
6. Legal Compliance
All data processing activities shall comply with the Ghana Data Protection Act, 2012 (Act 843) and applicable data protection principles.
7. Responsibility & Consent
The client confirms that all required consent has been obtained from data subjects. The printing company acts strictly as a data processor, while the client remains responsible for data accuracy and legitimacy.
8. Data Breach
In the event of a data breach, the client shall be notified promptly, and appropriate corrective measures shall be taken immediately.
9. Confirmation
Upon request, written confirmation of data deletion may be provided after project completion.