SUUDU BAABA FOUNDATION

WEBSITE PRIVACY POLICY

URL: www.suudubaabafoundation.org

Effective Date: August 4, 2025

The Suudu Baaba Foundation (SBF) is committed to protecting the privacy of individuals and their personal data. This Privacy Policy outlines how SBF collects, uses, discloses, and protects information gathered through our website, www.suudubaabafoundation.org, in compliance with the Data Protection Act, 2012 (Act 843), and the Cybersecurity Act, 2020 (Act 1038). 

1. Introduction and Scope

This Privacy Policy applies to all personal data processed by SBF through its website. SBF, a community based non-governmental organisation, acts as a data controller for the purposes of this Policy. We are dedicated to ensuring the sustainable integration of the Fulani Community into the Ghanaian society, and this commitment extends to safeguarding the personal information of our website users.

2. Definitions

1. Authority means the Cyber Security Authority established under Section 2 of the Cybersecurity Act, 2020 (Act 1038).
2. Commission means the Data Protection Commission established under Section 1 of the Data Protection Act, 2012 (Act 843).
3. Computer system means an arrangement of interconnected computers designed to perform one or more specific functions, including information and operational technology systems.
4. Cybersecurity incident means any successful or unsuccessful attempt to gain unauthorized access to, disrupt, or misuse an information system or information stored on it.
5. Data means information processed by automatic means, recorded for such processing, or part of a relevant filing system.
6. Data controller means a person who determines the purposes and manner of processing personal data. In this context, SBF is a data controller.
7. Data processor means any person other than an employee of the data controller who processes data on behalf of the data controller.
8. Data subject means an individual who is the subject of personal data.
9. Personal data means data about an individual who can be identified from the data or other information in the possession of, or likely to come into the possession of, the data controller.
10. Processing means an operation or activity concerning data or personal data, including collection, organization, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, or destruction.
11. Service provider includes a public or private entity providing communication abilities via computer systems, electronic devices, mobile networks, or entities processing/storing computer data on behalf of a communication service or user.

3. Principles of Data Protection

SBF adheres to the following data protection principles as outlined in the Data Protection Act, 2012 (Act 843):

1. Accountability

SBF is responsible for complying with these principles.

2. Lawfulness of processing

Personal data will be processed lawfully and without infringing on the privacy rights of the data subject.

3. Specification of purpose

Data will be collected for specific, explicitly defined, and lawful purposes related to SBF’s functions.

4. Minimality

Only necessary, relevant, and non-excessive personal data will be processed.

5. Compatibility of further processing with purpose of collection

Further processing will be compatible with the original purpose of collection unless specific exemptions apply.

6. Quality of information

Personal data will be complete, accurate, up-to-date, and not misleading.

7. Openness

We are transparent about our data processing practices.

8. Data security safeguards

Appropriate technical and organisational measures will be implemented to prevent loss, damage, or unauthorized access/processing of personal data.

9. Data subject participation

Individuals have rights regarding their personal data.

4. Information We Collect

SBF collects information to effectively manage its mandate and provide relevant services. This may include:

1. Personal Identification Information

Name, email address, phone number, and other contact details when voluntarily provided through forms (e.g., contact us, feedback, service requests).

2. Technical Data

IP addresses, browser type, operating system, and Browse activity (pages visited, time spent) collected automatically through website analytics. This helps us improve website functionality and user experience.

3. Location Data

General geographical location derived from IP addresses, used for statistical analysis and service improvement.

5. How We Collect Information

We collect information through:

1. Direct Interactions

When you fill out forms on our website, send us emails, or otherwise communicate with us directly.

2. Automated Technologies or Interactions

As you navigate our website, we may automatically collect Technical Data using cookies and similar technologies.

3. Third-Party Sources

We may receive information from third parties relevant to our functions (e.g., other government agencies) in compliance with applicable laws.

6. How We Use Your Information

The personal data collected by SBF is used for the following purposes:

1. To provide services

To respond to inquiries, and deliver information related to SBF’s mandate.

2. For internal administration

To manage and improve our website, enhance user experience, and ensure efficient operation of SBF’s functions.

3. For communication

To send updates, newsletters, or other relevant information, only with your consent where required.

4. For legal and regulatory compliance

To comply with our obligations under the Data Protection Act, 2012 (Act 843) , Cybersecurity Act, 2020 (Act 1038), and other applicable laws and regulations. This includes the prevention or detection of crime and the apprehension or prosecution of offenders.

5. For security purposes

To prevent, manage, and respond to cybersecurity threats and incidents. This includes monitoring cybersecurity threats within and outside the country.

6. For research and development

To support technological advances and research in cybersecurity and SBF’s core functions.

7. For public awareness and education

To educate the public on matters related to cybercrime and cybersecurity, and SBF’s mandate.

7. Disclosure of Your Information

SBF may disclose your personal data in the following circumstances:

1. To Government Institutions

In compliance with legal requirements or for the purposes of cooperation with government agencies.

2. To Law Enforcement and Security Agencies

Where required by law or for purposes of national security, prevention or detection of crime, and prosecution of offenders. The Cybersecurity Act, 2020, allows for the application for production orders for subscriber information and interception warrants for traffic and content data for criminal investigations.

3. To Service Providers

To third-party service providers who assist us in operating our website or conducting our business, provided they comply with appropriate data protection and confidentiality obligations.

4. For Legal Proceedings

Where disclosure is required by an enactment, rule of law, or court order.

5. Public Interest

Where disclosure is necessary in the public interest, having regard to the rights, freedoms, or legitimate interests of a person.

6. With Consent

With your explicit consent. We will not sell or offer to sell personal data of another person.

8. Data Retention

SBF will retain personal data for a period no longer than necessary to achieve the purpose for which it was collected and processed, unless retention is required or authorised by law, reasonably necessary for a lawful purpose, or consented to by the data subject. Records may be retained for historical, statistical, or research purposes, provided they are adequately protected against unauthorised access or use.

The Cybersecurity Act, 2020 (Act 1038) also specifies data retention periods for service providers: subscriber information for at least six years, and traffic and relevant content data for twelve months, with possible extensions by court order.

9. Data Security

SBF is committed to ensuring the integrity and confidentiality of your personal data. We implement appropriate, reasonable, technical, and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unauthorised processing of personal data. These measures include:

1. Identifying foreseeable internal and external risks.
2. Establishing and maintaining appropriate safeguards.
3. Regularly verifying the effectiveness of safeguards.
4. Continually updating safeguards in response to new risks.
5. Observing generally accepted information security practices and industry-specific rules.

In the event of a security compromise where personal data has been accessed or acquired by an unauthorized person, SBF will notify the Data Protection Commission and the affected data subject as soon as practicable, unless instructed to delay notification by security agencies for criminal investigation purposes.

10. Your Rights as a Data Subject

Under the Data Protection Act, 2012 (Act 843), you have the following rights:

1. Right to be informed

To be aware of the purpose for which your data is collected.

2. Right of access

To confirm whether SBF holds personal data about you, receive a description of that data, and information about its source and recipients.

3. Right to rectification, blocking, erasure, or destruction

To request correction, deletion, or destruction of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal data.

4. Right to object

To object to the processing of your personal data unless the processing is necessary for a contract, authorised by law, or to protect a legitimate interest.

5. Right to prevent processing for direct marketing

To require SBF not to process your personal data for direct marketing purposes without your prior written consent.

6. Right in relation to automated decision-taking

To ensure that decisions significantly affecting you are not based solely on automated processing of your personal data.

7. Right to complain

To submit a complaint to the Data Protection Commission if you believe your rights have been violated.

To exercise any of these rights, please contact the SBF Data Protection Supervisor (details below). We may require proof of identity to process your request.

11. Third-Party Websites

Our website may contain links to other websites. This Privacy Policy does not apply to those third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

12. Changes to this Privacy Policy

SBF reserves the right to update this Privacy Policy at any time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the updated policy on our website with a revised effective date.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us via:

The Executive Director
 Suudu Baaba Foundation
 Suudubaabafoundation@gmail.com

Data Protection Commission, Ghana For further information or to lodge a complaint, you may contact the Data Protection Commission: Refer to the Data Protection Act, 2012 (Act 843) for official contact details of the Commission.

14. Compliance with Laws

This Privacy Policy is developed and implemented in accordance with:

1. The Constitution of the Republic of Ghana, 1992 (specifically Article 18 (2) related to privacy).
2. The Data Protection Act, 2012 (Act 843).
3. The Cybersecurity Act, 2020 (Act 1038).
4. Other relevant enactments as listed in Section 1(2) of the Cybersecurity Act, 2020 (Act 1038).