Hala-Gh Logo
Privacy PolicyBMA HALA GH LTD - Privacy Policy
Last updated: 28/11/2025
Hala-GH ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, disclose, and protect your information when you use our services, applications, platforms, and website.
Agreement to Policy
By accessing or using our services, you agree to the terms of this Privacy Policy.
1. Information We CollectWe collect both personal and non-personal information, including but not limited to:
1.1. Identity Information
  • Full legal name (first name, last name, other names)
  • Date of birth
  • Ghana Card number (format: GHA-XXXXXXXXX-X)
  • Digital address (Ghana's digital addressing system)
  • Residential address
1.2. Contact Information
  • Phone number with country code (required)
  • Email address (required)
1.3. Government ID Documentation
  • Front photograph of Ghana Card
  • Back photograph of Ghana Card
  • These images are used for identity verification as required by financial regulations
1.4. Biometric Data
  • Selfie photograph for liveness verification and identity matching
  • Store photographs (for store managers only)
1.5. Financial Information
  • Mobile money account numbers (MTN, Vodafone, AirtelTigo)
  • Transaction history and payment records
  • Installment plan details and payment schedules
  • Agent earnings and commission records
  • Customer payment history and credit information
1.6. Location Data
  • Precise GPS location data for fraud prevention and service delivery
  • Store location mapping for store managers
  • Transaction verification and security
1.7. Device Information
  • IMEI numbers for devices being financed
  • Device model, manufacturer, and operating system version
  • Device identifiers for security and fraud prevention
  • App interaction data and usage patterns
1.8. Guarantor Information
  • Guarantor's full name
  • Guarantor's phone number
  • Relationship to customer (for certain installment plans)
2. Identity Verification (KYC) Data
Important: Government ID Collection
As a financial services provider, we are required by Ghana's Anti-Money Laundering Act, 2020 (Act 1044) and Bank of Ghana regulations to verify your identity.
We Collect:
  • Ghana Card number and photographs (front and back)
  • Selfie for biometric verification and identity matching
  • Minimum age requirement (for customers): 21 years
Data Retention:
  • KYC data is stored securely with encryption and restricted access
  • Retained for a minimum of 5 years after account closure as required by law
  • Cannot be deleted on request during the retention period due to regulatory requirements
Verification Process:
  • Verification is performed through automated systems and manual review
  • You cannot access financial services without completing KYC verification
3. How We Use Your InformationWe use the collected information for the following purposes:
  • To provide and manage our fintech and enterprise services
  • To verify identity and prevent fraud
  • To process payments and manage payment plans
  • To improve user experience and service functionality
  • To communicate updates, promotions, and notifications
  • To comply with legal and regulatory obligations
4. Legal Basis for Processing (Under Ghanaian Law)Under the Data Protection Act, 2012 (Act 843), we process your personal data based on:
  • Your consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate interests pursued by Hala-GH or a third party
5. Sharing and Disclosure of InformationWe do not sell or rent your personal information. However, we may share your data with:
  • Service Providers:We work with trusted third-party service providers who assist us with technical operations, payment processing (including mobile money services), SMS and messaging services, cloud storage, mapping and location services, customer support, and other essential business functions. These providers only have access to the minimum data necessary to perform their specific services and are contractually obligated to protect your information.
  • Regulators and Law Enforcement:We may disclose your information where required by law, court order, or in response to legal processes. This includes sharing data with regulatory authorities such as the Bank of Ghana, the Data Protection Commission, and law enforcement agencies when legally obligated to do so.
  • Affiliates and Business Partners:We may share information with our corporate affiliates and business partners with whom we have contractual safeguards in place. Data is only shared for relevant business purposes and under strict confidentiality agreements.
Data Protection Commitment
All third parties are contractually bound to protect your data and comply with Ghanaian data protection laws.
6. Data Storage and RetentionYour data is stored securely on cloud servers (MinIO) with encryption and restricted access protocols. We retain different types of data for specific periods based on legal requirements and business needs.6.1. Data Retention Periods
Data TypeRetention PeriodDeletable on Request?
KYC Data (Ghana Card, Selfie)Minimum 5 years after account closureNo (regulatory requirement)
Financial Transaction Records5 years from transaction dateNo (regulatory requirement)
Guarantor InformationDuration of installment plan + 5 yearsNo (regulatory requirement)
Location Data2 years or until account deletionYes
Device InformationFinancing period + 1 yearYes
Marketing PreferencesUntil consent withdrawnYes
Important Note on Data Deletion
Some data types cannot be deleted upon request due to regulatory requirements under Ghana's Anti-Money Laundering Act and financial services regulations. This ensures compliance with law enforcement and regulatory oversight requirements.
7. Security of Your InformationWe use appropriate technical and organizational measures to safeguard your personal data, including:
  • Encryption for data in transit and at rest
  • OTP (One-Time Password) authentication for customer logins
  • Access control policies and role-based permissions
  • Regular system audits and penetration testing
Security Notice
Despite these measures, no system is 100% secure, and we cannot guarantee absolute security of your data.
8. Your Rights (Under Ghana's Data Protection Act)As a data subject, you have the right to:
  • Request access to your personal data
  • Correct or update inaccurate or incomplete data
  • Object to the processing of your data for marketing purposes
  • Withdraw consent at any time
  • Request deletion of your data (subject to legal limits)
  • Lodge a complaint with the Data Protection Commission of Ghana
How to Exercise Your Rights
Requests can be submitted via email: contact@halagh.com
8.1. Account Deletion for Agents
Right to Delete Account
Agents have the right to permanently delete their Hala-GH account and associated data, subject to regulatory requirements and the conditions outlined below.
Prerequisites for Account Deletion:Before an agent account can be deleted, the following conditions must be met:
  • All pending onboardings must be completed: Any customer onboarding processes that are in progress must be finalized or cancelled before account deletion can proceed.
  • All commissions must be withdrawn: Agents must withdraw all available commission balances from their account. Any unwithdrawn commissions at the time of deletion may be forfeited.
Account Deletion Process:
  1. Agent initiates account deletion through the agent app
  2. System verifies that all prerequisites are met
  3. Agent is presented with a cautionary message explaining the permanence of deletion
  4. Agent must enter their password to confirm the deletion request
  5. Upon confirmation, the account and eligible data are permanently deleted
Important Notice - Permanent Action
Account deletion is irreversible. Once your account is deleted, you will not be able to recover your account, historical data, or any unwithdrawn commissions.
Data Deletion and Retention:When you delete your agent account:
Data That Will Be Permanently Deleted:
  • Active account credentials and login access
  • Marketing preferences and communication settings
  • Non-regulated operational data
  • App interaction data and usage patterns
Data That Will Be Retained (Regulatory Requirements):
  • KYC data (Ghana Card, selfie): Retained for minimum 5 years after account closure as required by Ghana's Anti-Money Laundering Act, 2020 (Act 1044)
  • Financial transaction records: Retained for 5 years from transaction date as required by financial services regulations
  • Commission payment history: Retained for 5 years for tax and audit compliance
  • Customer onboarding records: Retained per regulatory requirements for oversight and dispute resolution
Legal Basis for Data Retention
Certain data cannot be deleted upon request due to legal obligations under:
  • Ghana's Anti-Money Laundering Act, 2020 (Act 1044)
  • Bank of Ghana regulations
  • Data Protection Act, 2012 (Act 843)
  • Tax and financial audit requirements
How to Request Account Deletion
Account deletion can be initiated through the agent app. For assistance or questions, contact: contact@halagh.com
9. Age Restriction
Important: Minimum Age Requirement
Our services are not intended for customers under the age of 21. We do not knowingly collect data from customers under 21 years of age.
This age restriction is enforced during the KYC (Know Your Customer) verification process. If you believe that a customer under 21 years of age has provided their data to us, please contact us immediately at contact@halagh.com for prompt action.
10. Changes to This PolicyWe may update this Privacy Policy periodically. You will be notified of significant changes via our website or registered email. Continued use of our services after such updates constitutes your consent to the revised policy.
11. Contact UsIf you have any questions or concerns regarding this Privacy Policy or how we process your data, please contact us:
BMA HALA GH LTD
Email: contact@halagh.comPhone: +233 55 345 0569Website: www.halagh.com