1. Introduction
PenTrust is a corporate pension trustee regulated by the National Pensions Regulatory Authority (NPRA). Our services include the running, administration, marketing and management of all types of pension schemes. We also offer retirement education and pension advisory services to individuals, corporate institutions and other organisations.
PenTrust Ltd ("we," "our," or "us") is committed to protecting the privacy of our clients and stakeholders. This Privacy Policy outlines how we collect, use, store, and protect personal data in compliance with the Data Protection Act, 2012 (Act 843) and the guidelines of the National Pensions Regulatory Authority (NPRA).
2. Scope
This Privacy Policy applies to all individuals whose personal data we collect. Also by simply using our website, we may collect personal data relating to clients, former, current and prospective employees, pension scheme members/contributors, beneficiaries, collaborators, service providers, agents, suppliers, and other persons dealing with PenTrust.
3. What is Personal Data?
“Personal data” means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.
4. Collection of Personal Data
We collect personal data for the purposes of administering pension funds, managing client accounts, fulfilling regulatory requirements and any other purposes that may become necessary. The type of personal data we collect may include but not limited to:
- Full name
- Contact details (address, phone number, email)
- Date of birth
- Residential and postal addresses, including GPS addresses
- National identification information (Ghana Card, passport, voter ID, driver’s license, SSNIT number)
- Employment and financial information
- Marital Status
- Religion
- Nationality
- Pension contribution and beneficiary details
5. How do We collect Personal Data?
We collect your personal data directly from you when you:
a) interact with us over the phone;
b) interact with us in person;
c) interact with us online;
d) participate in surveys or questionnaires;
e) attend a PenTrust event;
f) subscribe to our mailing list; and
g) apply for a position with us as an employee, contractor or volunteer/intern.
We may also collect your personal data from our member institutions, for example from our regulators, associations which we form part of or through publicly available sources. We collect your personal data from these third parties for the purposes of marketing our schemes and educating you on pensions.
6. Basis for Processing your Personal Data
We process personal data based on one or more of the following grounds including but not limited to:
- Becoming a contributor to any of our schemes
- Consent: When consent is given either impliedly or expressly for us to process your data.
- Contractual Obligation: When processing your personal data is necessary for the performance of a contract.
- Legal Obligation: When processing your personal data is required to comply with regulatory or legal obligations.
- Legitimate Interest: When processing your personal data is necessary for the legitimate interests of Pentrust Ltd or third parties, provided that such interests do not override data subject rights.
7. Use of Personal Data
We use personal data for the following purposes:
- Pension fund administration
- Benefits processing
- Compliance with NPRA regulations and reporting obligations
- Fraud prevention and security measures
- To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as mobile applications, push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for implementation.
- Improving our services
- To provide you with news, special offers and general information about our products, services and events unless you have opted not to receive such information.
8. Data Sharing and Disclosure
We may share your personal data with third parties in the following circumstances:
- Regulatory Authorities: When required by law or NPRA regulations.
- Service Providers and Other Stakeholders: With third-party vendors who provide IT, payment processing, or administrative support services.
- Legal Obligations: When required to comply with legal processes or law enforcement requests.
- Our marketing providers.
- Our professional services advisors.
- Consent-Based Sharing: When you authorize us to share your personal data.
9. Transfer of Personal Data Overseas
Some of the third-party service providers we disclose personal data to may be based in or have servers located outside of Ghana. Where we disclose your personal data to third parties overseas, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained. We will only disclose to overseas third parties if:
a) you have given us your consent in writing to disclose personal data to that third party; or
b) we reasonably believe that:
c) the disclosure is required or authorised by the orders of a Ghanaian court or under Ghanaian laws.
10. Data Protection and Security
We implement strict security measures to safeguard personal data, including:
- Encryption of sensitive data
- Restricted access controls
- Secure storage facilities.
- Regular security audits and compliance reviews
11. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or in compliance with applicable laws, for example record-keeping obligations. Once data is no longer needed, it is securely deleted.
12. Links to third party sites
PenTrust’s website may contain links operated by third parties. If you access such a link through our website, personal data may be collected by that third party. We make no representations or warranties in relation to the privacy practices of any third-party provider and we are not responsible for the privacy policies or the content of any third party provider. Third party providers are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.
13. Data Subject Rights
Under the Data Protection Act, 2012 (Act 843), individuals have the right to:
- Access: Request a copy of their personal data.
- Corrections: Request corrections to inaccurate or incomplete data.
- Erasure: Request deletion of data, subject to legal and regulatory limitations.
- Objection: Object to the processing of data for specific purposes.
- Withdraw Consent: Withdraw consent where processing is based on consent.
13.1 Requests related to data rights can be made by contacting us at the details provided below:
PenTrust Ltd
No.5 Mozambique Link
North Ridge, Accra
Phone: +233 30 290 1500, +233 30 290 0989
Email: info@pentrustgh.com
13.2 Note that we may require proof of your identity and full details of your request before we can process your request.
14. Contact Information
If you have any questions or concerns about this Privacy Policy or your personal data, please contact us:
PenTrust Ltd
No.5 Mozambique Link
North Ridge, Accra
Phone: +233 30 290 1500, +233 30 290 0989
Email: info@pentrustgh.com
15. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in the legal requirements or business practices. Updates will be posted on our website, and significant changes will be communicated directly to relevant individuals where necessary. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on our website.
By using our services and being a participating employer and/or employee in any of our schemes, you acknowledge that you have read and understood this Privacy Policy and agree to the terms outlined herein.