1. Policy

It is a legal requirement for Elidel Prestige to comply with the Ghana Data Protection Act, 2012 (Act 843). It is also our policy to ensure that Elidel Prestige and every employee with access to personal information (“personal data”) maintains the confidentiality of any personal information held by Elidel Prestige in whatever form.

Even though this policy did not initially form part of your contract of employment, it is a condition of employment that employees shall abide by the rules and policies made by Elidel Prestige from time to time. This policy is therefore binding on all our employees by virtue of the requirements of the Data Protection Laws of Ghana.

2. Principles

Elidel Prestige is required to keep and process certain personal data about its employees, consultants, temporary workers, suppliers, prospective and placed candidates for permanent and contract roles.  in the normal and proper conduct of its business to enable it to operate in Ghana, to maintain its administrative systems and payroll, to offer recruitment and job placement, to offer immigration support, to monitor performance, to ensure compliance with all its legal obligations, and for health and safety purposes. This data may be held in electronic and/or paper formats. To comply with the law, any information collected must be used fairly, stored safely and not disclosed to any other person unlawfully. This means that Elidel Prestige must comply with the Data Protection Principles set out in the Data Protection Act, 2012 (Act 843)

These principles require that we process personal data considering:

• Accountability
• Lawfulness of processing
• Specification of purpose
• Compatibility of further processing with purpose of collection
• Quality of information
• Openness
• Data security safeguards and
• Data subject participation

In processing or using any personal information you must ensure that you follow these principles at all times.

3. Ghana Data Protection Act, 2012

The Ghana Data Protection Act, 2012 (also known as Act 843) came into force in accordance with section 99, Act 843 on 16^th October 2012. An Act to establish a Data Protection Commission, to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters.

4. Lawful basis for Holding Data

Elidel Prestige is legally allowed to store and process personal data providing it has been collected for at least one of the following reasons

• Collected for specified, explicit and legitimate purpose
• Processed fairly and lawfully
• Adequate, relevant and limited to what is necessary
• Accurate and, where necessary, kept up to date
• Kept for no longer that is necessary
• Processed in a manner that ensures appropriate security
• Taking into consideration the rights of the data subject

Elidel Prestige has analysed the types of personal data that are stored and has confirmed that there is a lawful basis for storing all personal data.

5.    Data Collection and Consent

We collect personal data from individuals in a fair and lawful manner, ensuring that proper consent is obtained where required. The types of personal data we may collect include but are not limited to:

• Contact information (name, address, phone number, email address)
• Resume/CV, employment history, and qualifications
• Immigration-related information (where applicable)
• Training and development preferences and records
• National Insurance, bank account and credit card information
• Time sheets expenses claims, and wages records
• Salary reviews and benefits
• Next of Kin details
• Employment reports or assessments including performance reviews
• Health and pension records
• Birth Certificate details/copies
• Disciplinary and grievance details
• Business-related information (where applicable)

We collect personal data directly or indirectly from individuals through various means, such as application forms, interviews, correspondence, referrals, and our website.

6. Data Processing and Use

We process personal data for the following purposes:

• Providing and managing HR consultancy services requested by our clients
• Facilitating recruitment processes and assessing candidate suitability
• To maintain payroll and other administrative systems
• Assisting with immigration-related processes and documentation
• Delivering training and development programs and tracking participant progress
• Providing business advisory services and insights

We ensure that personal data is processed lawfully, transparently, and for legitimate purposes. We only use personal data to the extent necessary for our operations and the provision of our services and as permitted by the DPA 2012.

7. Data Disclosure and Sharing

We may disclose personal data to third parties in the following circumstances:

• With the consent of the individual
• To trusted service providers and partners who assist us in delivering our services (e.g., immigration authorities, training providers)
• To comply with legal obligations or respond to lawful requests
• In connection with business transactions (e.g., merger, acquisition, sale)

We take reasonable steps to ensure that any third parties who receive personal data from us handle it in accordance with applicable privacy and data protection laws and maintain appropriate security measures.

8. Data Security and Protection

We implement reasonable technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. We maintain appropriate safeguards to ensure the confidentiality, integrity, and availability of personal data.

9. Data Retention and Disposal

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal and regulatory requirements. We will delete candidate personal data from our systems if we have not had any meaningful contact with you for Seven (7) years (or for such longer period as we believe, in good faith, that the law or relevant regulators require us to preserve your data). After this period, it is likely your data will no longer be relevant for the purposes for which it was collected. When personal data is no longer required, we securely dispose of or anonymize it in a manner consistent with the DPA 2012

10. Data Subject Rights

We respect the rights of data subjects and provide appropriate mechanisms to exercise those rights. Individuals have the right to:

• Be informed
• Give and withdraw consent
• Access to personal information
• Amend (rectification)
• Object
• Prevent processing
• Freedom from automated decision making
• Prevent processing of personal data for direct marketing
• Compensation
• Complain and
• Erasure

To exercise these rights or for any inquiries regarding personal data, individuals can contact us using the details provided below.

11. Access to Personal Files

All Data Subjects have the right to request access to personal data directly relating to them, which is held by Elidel Prestige. Elidel Prestige will endeavour to provide such requested data within twenty one (21) days of a valid request. Elidel Prestige will provide the person making the request with the following information:

whether the Company holds any personal data, and if it does:

• descriptions of that data
• what it is used for
• the type of third-party organisations it is passed to (where applicable)
• where reasonably possible, the data held in hard-copy (where held in a structured file) or permanent electronic form

There are some exemptions that allow the Company to withhold information. These exemptions can apply in areas such as criminal investigations, management planning, promotion or transfer plans and negotiations with the individual. You should also note that the Company may not be able to release information relating to “third parties”, i.e. people other than you.

Requests to view data should be emailed to enquiries@elidelprestige.com

12. Individual Responsibility

As an individual, you are responsible for:

• checking that any information that you provide in connection with your employment is accurate and up to date
• notifying Elidel Prestige of any errors in data held, or changes to the information you have provided, for example changes of address
• ensuring that you are familiar with and follow the Data Protection Policy

Any breach of the Data Protection Policy, either deliberate or through negligence, may lead to disciplinary action being taken.

When, as part of your duties, you hold or process personal data, you are responsible for ensuring that:

• any personal data that you hold, whether in electronic or paper format, is kept secure
• personal information is not disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party
• items that are marked “personal” or “private and confidential”, or which appear to be of a personal nature, are opened by the addressee only
• your work address is not routinely used for matters that are not work related.

13. Data Transfer and Cross-Border Processing

We may transfer personal data to countries outside the jurisdiction where the data was originally collected. If personal data is shared with third-party service providers (such as background check providers or recruitment platforms), we shall ensure that they also adhere to appropriate data protection standards and have appropriate data processing agreements in place. In such cases, we ensure that appropriate safeguards are in place to protect the personal data in accordance with the DPA, 2012.

14. Data breach policy

A data breach may occur when persons other than authorized users have access or potential access to personal data.

Actual or potential breaches should be reported immediately to the Data Protection Supervisor. Relevant managers and the Data Protection Supervisor will assess the severity of the breach. All incidents will be reported to the Information Commissioners Offices unless the loss affects fewer than 100 subjects and the loss involves non-sensitive, non-financial data.

15. Updates to this Data Protection Policy

We may update this Data Protection Policy from time to time to reflect changes in our data processing practices or legal obligations. The updated policy will be posted on our employee portals and the revised effective date will be indicated.