At Vera Novacolor, we value your trust when sharing your personal data with us and appreciate that you may be concerned about the information provided to us and about how we handle that information which we otherwise collect in the course of our business, including via our website, email communications, digital platforms and application or any other place within any Social Media (altogether referred to as “Website”).
This Policy sets out (in full transparency and in accordance with applicable laws and regulations, especially the Data Protection Act, 2012 (Act 843) (hereinafter referred to as “Act 843”) of Ghana, the basis on which we process your Personal Data (“Personal Data”) when you access our Websites or contact us.
We ask that you read this Policy carefully as it contains important information on who we are, how and why we collect, store, use and share Personal Data, your rights in relation to your Personal Data and on how to contact us and supervisory authorities in the event you have a complaint.
This Policy is divided into the following sections:
- Who we are
- Our Website
- Our collection and use of your Personal Data
- Transfer of your information out of Ghana
- Cookies and similar technologies
- Your rights
- Keeping your Personal Data secure
- How to complain
- Changes to this Policy
- How to contact us
This website is operated by Vera Novacolor Ghana Limited, the authorised distributor of Novacolor paint and decorative finishes in Ghana.
We collect, use and are responsible for certain Personal Data about you. When we do so we are regulated under the Act 843 and we are responsible as ‘data controller’ of that Personal Data for the purposes of the law.
This Policy relates to your use of our Website (novacolorghana.com) only.
Our Website may contain links to other websites. However, once you have used these links to leave our Website, we do not have any control over the other website. Such sites are not governed by this Policy and we are not responsible for the protection and privacy of any information you provide to these other websites when you visit them.
In the event you visit such websites consult their privacy policies as appropriate for privacy information relating to them.
Our collection and use of your Personal Data
We collect Personal Data about you when you contact us or send us feedback via our Website.
We collect this Personal Data from you either directly, such as when you contact us or send us feedback via our Website.
We ensure to use and protect any information you give us by applying the following principles: accountability, lawfulness of processing, specification of purpose, compatibility of further processing with purpose of collection, quality of information, openness, data security safeguards and data subject participation.
The Personal Data we collect about you depends on the particular activities carried out through our Website. This information includes:
- Personal details provided by you – such as your identity, contact information, your full name, date of birth, address, title, other contact details (such as your telephone number and email address), gender, business, personal, biographical and background information about your business, your requests, any complaints you may have and any other data we receive if we communicate with you via email, online or via social media and any other information you provide – for example, when you register with our Website, sign up for our newsletters, participate in our offers and promotions, provide customer feedback, reply to surveys or purchase our products or services;
- Payment information – this includes data to make purchases, such as your payment account details, credit card and debit card numbers, expiration date, shipping and billing address;
- Feedback – details of any feedback you give us by phone, email, post or via social media;
- Our Services – information about the services we provide to you;
- Account login information – this includes any information that is required for you to establish a user account, such as user name, password and security question and answer;
- Technical information – such as the number and frequency of visits you make to our Website, your geographic location, your operating system and browser type and the search terms you use, which we receive by your use via our Website.
We use this Personal Data to:
- create and manage your account with us
- verify your identity
- provide goods and services to you
- customise our Website and its content to your particular preferences
- notify you of any changes to our Website or to our services that may affect you
- improve our services
This Website is not intended for use by children and we do not knowingly collect or use Personal Data relating to children.
Our legal basis for processing your Personal Data
When we use your Personal Data, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what Personal Data we process and why.
The legal bases we may rely on include:
- consent: where you have given us clear consent for us to process your Personal Data for a specific purpose;
- contract: where our use of your Personal Data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
- legal obligation: where our use of your Personal Data is necessary for us to comply with the law (not including contractual obligations);
- vital interests: where our use of your Personal Data is necessary to protect you or someone else’s life;
- public task: where our use of your Personal Data is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
- legitimate interests: where our use of your Personal Data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your Personal Data which overrides our legitimate interests)
Who we share your Personal Data with
Group Subsidiary Companies – your Personal Data could be shared between the Group’s subsidiary companies that may use your Personal Data described in this Policy.
Service Providers and Processors – We may engage third party vendors, agents, service providers, and affiliated entities to provide services on our behalf, such as support for the internal operations of our Website, Mobile Apps, social media services providers, payment processors, brand activation agencies, data analytics providers and third parties we use for postal courier service providers) or for the technical processing (for example, hosting services or data storage) or for customer relationship management services, as well as related offline product or promotional support services and other related services.
In providing their services, they may access, receive, maintain or otherwise process Personal Data on our behalf. Our contracts with these service providers do not permit use of your information for their own purposes, including their marketing purposes. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions.
Partners – We may sometimes offer you a service or application in co-operation with partners (such as Joint Venture partners). We may therefore need to disclose your Personal Data to those partners. Consistent with applicable legal requirements, we take commercially reasonable steps to require third parties to adequately safeguard your Personal Data and only process it in accordance with our instructions or as co-controllers. In those cases in which the disclosure of your Personal Data with third partners takes place based on your consent or your request to do so, where relevant, we will clearly notify you of the sharing, and you will have the choice not to participate or to otherwise object to such sharing.
Third parties in case of legal requirement – We may also disclose your Personal Data if we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when necessary or appropriate to disclose Personal Data to law enforcement authorities, such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy; to respond to any claims against us; and, to protect the rights, property, or personal safety of the Group, our clients, customers, or the public.
Third Parties in case of a corporate transaction – In addition, information about our clients, customers, including Personal Data, may be disclosed as part of any merger, sale, reorganization, transfer of the Group’s assets or businesses, acquisition, or similar event.
Law Enforcement or other Authorities – We will share Personal Data with law enforcement or other authorities if required by applicable law.
No Other Third Party – We will not share your Personal Data with any other third party.
Whether information has to be provided by you, and if so why
We require you to provide Personal Data such as your (full name, address, telephone number or email address etc)] to enable us to assist you effectively in the use of our Website for the provision of any service required from us. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
The impact of our use of your Personal Data
We are committed to ensuring that the integrity of your information is secure through the adoption of appropriate reasonable technical and organizational measures to prevent loss of damage to, or unauthorized destruction and unlawful access to unauthorized processing of the information provided. In order to give effect to the aforementioned, we shall take reasonable measures to:
i. identify reasonably foreseeable internal and external risks to the information provided under our possession or control;
ii. establish and maintain appropriate safeguards against identified risks;
iii. regularly verify that the safeguards are effectively implemented;
iv. ensure that the safeguards are continually updated in response to new risks or deficiencies;
We shall observe generally accepted information security practices and procedure, and specific industry or professional rules and regulations
Transfer of your information out of Ghana
We will normally process your Personal Data within Ghana. Notwithstanding this, the nature of our business may involve that your Personal Data may occasionally be disclosed to non- Ghanaian entities by means of a data transfer agreement between us and these entities.
We may also use some third-party suppliers to help us provide our business services to our clients/customers. These third parties may have access to or merely host your Personal Data, but will always do so under our instructions and subject to a contractual relationship.
Cookies and other tracking technologies
In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Where there are reasonable grounds to believe that your data has been accessed or acquired by an unauthorized person, we shall notify you of the unauthorized access or acquisition.
We would like to send you information about products and services and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, telephone, text message (SMS) or automated call.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when you complete our online form for the first time.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
- contacting us at firstname.lastname@example.org
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
- updating your marketing preferences through the option advised in the message.
- It may take up to 30 days for this to take place.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
Act 843 spells out your rights for the use of your Personal Data by us. In summary, these include rights to:
- be informed of the processing of your Personal Data by us or another person acting on our behalf;
- be informed about the purpose for which the Personal Data is being requested to be processed by us;
- be informed of the recipient or class of recipients to whom the data may be disclosed;
- fair processing of information and transparency over how we use your use Personal Data;
- access to your Personal Data and to certain other supplementary information that this Policy is already designed to address;
- require us to correct any mistakes in your information which we hold;
- require the erasure of Personal Data concerning you in certain situations;
- receive the Personal Data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object at any time to processing of Personal Data concerning you for direct marketing;
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- object in certain other situations to our continued processing of your Personal Data;
- otherwise restrict our processing of your Personal Data in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply, see Act 843.
If you would like to exercise any of those rights, please:
- email email@example.com;
- let us have enough information to identify you e.g. your account number, user name and other registration details;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and;
- let us know the information to which your request relates, including any account or reference numbers, if you have them.
Keeping your Personal Data secure
We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that we can resolve any query or concern you raise about our use of your information.
Act 843 also gives you the right to lodge a complaint with the Data Protection Commission of any alleged infringements.
This Policy was last updated on 18th June 2023.
We may change this Policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.