Privacy Policy | Women In Mining Ghana

Effective date: 1 January 2025 | Last updated: 13 April 2026

Women In Mining (WIM) Ghana (“we”, “us”, “our”) is a company limited by guarantee registered in Ghana. We are committed to protecting the privacy and personal data of our members, website visitors, event participants, and donors in accordance with Ghana’s Data Protection Act, 2012 (Act 843) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Data Controller

WIM Ghana is the data controller for the personal data processed through this website and our membership systems. For data protection enquiries, contact our Data Protection Officer at privacy@wimghana.org.

2. Information We Collect

We may collect the following categories of personal data:

Identity data: first name, last name, title, job title, organisation, membership ID.
Contact data: email address, phone number, postal address.
Financial data: payment method details processed securely via Paystack (we do not store card numbers).
Technical data: IP address, browser type, device information, and usage data collected through cookies and analytics.
Event data: registration details, attendance records, dietary or accessibility requirements.
Communication data: messages sent through our contact forms, donation enquiries, and email correspondence.

3. How We Collect Your Data

We collect personal data through:

Membership registration and renewal
Event registration and check-in
Donations and merchandise purchases
Contact forms and email correspondence
Cookies and website analytics (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract: to manage your membership, process payments, and deliver services you have signed up for.
Legitimate interest: to send relevant event invitations, newsletters, and organisational updates to members.
Consent: for marketing communications, cookies, and any processing that requires your explicit agreement.
Legal obligation: to comply with Ghanaian law, tax requirements, and regulatory reporting.

5. How We Use Your Information

We use your personal data to:

Manage your membership account and digital membership card
Process payments and issue receipts
Communicate event invitations, newsletters, and organisational updates
Facilitate mentorship, networking, and capacity-building programmes
Analyse website usage to improve our services
Comply with legal and regulatory obligations

We do not sell, rent, or trade your personal data to third parties.

6. Data Sharing

We may share your personal data with trusted third-party service providers who assist us in operating our website and delivering our services, including:

Paystack — payment processing (PCI-DSS compliant)
Resend — transactional email delivery
Cloudinary — image hosting and optimisation
Arkesel — SMS notifications

These providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection laws.

7. International Data Transfers

Some of our service providers operate outside Ghana and the European Economic Area. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or the provider’s participation in recognised data protection frameworks.

8. Data Retention

We retain your personal data for as long as your membership is active and for a period of 3 years after expiry or cancellation for record-keeping and legal compliance. Financial records are retained for 7 years as required by Ghanaian tax law. You may request earlier deletion subject to our legal obligations.

9. Data Security

We implement industry-standard technical and organisational measures to protect your personal data, including:

Encryption in transit (TLS/HTTPS) and at rest
Secure password hashing (bcrypt)
Role-based access controls for administrative systems
Regular security reviews and audit logging
PCI-DSS compliant payment processing via Paystack

10. Your Rights

Under Ghana’s Data Protection Act and, where applicable, the GDPR, you have the following rights:

Access: request a copy of the personal data we hold about you.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
Restriction: request that we limit the processing of your data in certain circumstances.
Data portability: receive your data in a structured, commonly-used format.
Objection: object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@wimghana.org. We will respond within 30 days.

11. Children’s Privacy

Our services are not directed at individuals under the age of 18. Where we collect data from minors through programmes such as the Junior Club, we do so with explicit parental or guardian consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to members via email and posted on this page with an updated effective date.

13. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data Protection Commission of Ghana or, for EU/EEA residents, your local supervisory authority.

14. Contact

For privacy-related enquiries, contact our Data Protection Officer:

Email: privacy@wimghana.org
Postal: WIM Ghana, National Seismological Observatory, Accra, Ghana