KolectPay Platform
Privacy Policy
This Privacy Policy ("Policy") sets out the basis on which kolectpay ("the Platform," "we," "us," or "our") collects, processes, uses, stores, discloses, and otherwise handles personal data in connection with your use of the Platform. This Policy should be read together with the kolectpay Terms of Service, which are incorporated herein by reference.
By registering an account and using the Platform, you acknowledge that you have read and understood this Policy and consent to the processing of personal data as described herein. If you do not agree with this Policy, you must not access or use the Platform.
kolectpay is committed to processing personal data in compliance with applicable Ghanaian data protection legislation, including the Data Protection Act, 2012 (Act 843), and any regulations or guidelines issued thereunder.
1. DEFINITIONS
For the purposes of this Policy, the following terms shall have the meanings ascribed to them:
- (a) "Customer Data" means personal data relating to the end-customers of a User, including names, telephone numbers, and email addresses, uploaded to the Platform by the User for the purpose of initiating Collections.
- (b) "Data Controller" means the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
- (c) "Data Processor" means a natural or legal person who processes personal data on behalf of the Data Controller.
- (d) "Data Subject" means an identified or identifiable natural person to whom personal data relates.
- (e) "Personal Data" has the meaning ascribed to it under the Data Protection Act, 2012 (Act 843), and includes any information that identifies or is capable of identifying a natural person.
- (f) "Processing" means any operation performed on personal data, whether by automated means or otherwise, including collection, recording, organisation, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
- (g) "User" means any registered business entity or sole trader that holds an account on the Platform and whose personnel access the Platform dashboard.
2. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The Data Controller in respect of the personal data of registered Users and their personnel is:
| Entity | kolectpay (operated by [Registered Legal Entity Name]) |
| Registered Address | [Business Address], Ghana |
| Contact Email | privacy{{ strtolower($platformName) }}.com (or as updated on the Platform) |
| Data Protection Officer | [Name / Department, if designated] |
In respect of Customer Data, the User acts as the Data Controller and kolectpay acts as the Data Processor, processing such data solely on the User's documented instructions.
3. CATEGORIES OF PERSONAL DATA COLLECTED
3.1 We collect and process the following categories of personal data in connection with the operation of the Platform:
Business and Identity Information
- (i) Business name, registration number, industry classification, and registered business address;
- (ii) Government-issued identity documents (including Ghana Card and Voter Identification Card) and business registration certificates submitted for KYC verification; and
- (iii) Email address, telephone number, and physical address of the business owner or authorised representative.
Customer Data (uploaded by Users)
- (i) Names, mobile telephone numbers, and email addresses of the User’s customers, as uploaded to the Platform for the purpose of initiating payment Collections.
Transaction Data
- (i) Records of all payment Collections, including amounts, dates, transaction statuses, and associated references processed through the Platform.
Technical and Usage Data
- (i) IP address, browser type and version, device identifiers, and pages or features accessed within the Platform dashboard.
3.2 We do not knowingly collect sensitive personal data (as defined under Act 843) unless strictly necessary for KYC compliance, in which case such data is handled with additional safeguards as set out in Section 7.
4. PURPOSES AND LEGAL BASES FOR PROCESSING
4.1 We process personal data only where a lawful basis exists. The table below sets out our processing purposes and the corresponding legal bases:
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| KYC verification and account activation | Business Information; Identity Documents | Legal obligation; Performance of contract |
| Processing payment Collections via our secure payment partners | Customer Data; Transaction Data | Performance of contract; Legitimate interests of the User |
| Sending transaction receipts, status alerts, and notifications | Contact Details; Customer Data; Transaction Data | Performance of contract; Legitimate interests |
| Commission calculation and Payout disbursement | Transaction Data; Business Information | Performance of contract |
| Fraud detection, abuse prevention, and platform security | All categories | Legitimate interests; Legal obligation |
| Platform improvement and development of new features | Technical and Usage Data (aggregated or anonymised where possible) | Legitimate interests |
5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
5.1 We do not sell, rent, or trade personal data to any third party for commercial purposes.
5.2 We may disclose personal data to the following categories of third parties, solely to the extent necessary for the purposes set out in this Policy:
- (a) Licensed Payment Gateways — our secure regulated payment processing partners, which facilitate mobile money Collections and Mandate processes on the Platform. These partners process data as independent data controllers in accordance with their own privacy policies and applicable regulatory obligations;
- (b) Credit Reference Bureaus — where the User’s Subscription Plan includes access to credit bureau services, Customer Data may be queried against or reported to licensed credit reference bureaus operating in Ghana, in accordance with the Credit Reporting Act, 2007 (Act 726);
- (c) Regulatory and Law Enforcement Authorities — where we are required to disclose personal data pursuant to applicable Ghanaian law, a valid court order, a lawful request from the Bank of Ghana, the Data Protection Commission, or any other competent regulatory authority; and
- (d) Professional Advisers — including lawyers, auditors, and insurers, subject to binding confidentiality obligations, where necessary for the conduct of our business.
5.3 Where we engage third-party service providers to process personal data on our behalf, we shall ensure that such providers are bound by appropriate contractual obligations, including confidentiality and data security requirements consistent with this Policy and applicable law.
6. CUSTOMER DATA: CONTROLLER AND PROCESSOR RESPONSIBILITIES
6.1 In respect of Customer Data uploaded to the Platform by a User:
- (a) the User is the Data Controller and bears sole responsibility for the lawfulness of the collection and upload of such data, including ensuring that all necessary consents, authorisations, or other valid legal bases have been obtained from each Customer prior to uploading their data to the Platform; and
- (b) kolectpay acts exclusively as the Data Processor and processes Customer Data only on the documented instructions of the User, solely for the purpose of executing payment Collections.
6.2 Users shall ensure that their Customers are provided with adequate notice, in a transparent manner, of the purposes for which their personal data will be processed, including its disclosure to the Platform for Collection purposes.
6.3 In the event of a conflict between the instructions of a User and the requirements of applicable data protection law, the Platform shall comply with the requirements of law and shall notify the User accordingly.
7. DATA SECURITY
7.1 We implement and maintain appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, alteration, or disclosure. These measures include, without limitation:
- (a) Transport Layer Security (TLS) encryption for all personal data transmitted between the User’s device and the Platform;
- (b) encrypted storage for sensitive identity documents and KYC materials;
- (c) role-based access controls restricting internal access to personal data on a strict need-to-know basis; and
- (d) regular security assessments and monitoring of our systems and infrastructure.
7.2 Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. While we take reasonable steps to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to the rights and freedoms of Data Subjects, we shall notify the relevant authorities and affected parties in accordance with our obligations under applicable law.
7.3 Further details regarding our security practices are available at: https://kolectpay.com/security
8. DATA RETENTION
8.1 We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law or regulation.
8.2 Account and transaction data shall be retained for a minimum period of seven (7) years following the date of the relevant transaction, in accordance with Ghanaian financial services regulatory requirements.
8.3 Upon closure of a User’s account, personal data shall be retained for the duration of the mandatory retention period and thereafter securely anonymised or permanently deleted, unless a longer retention period is required by law or is necessary for the establishment, exercise, or defence of legal claims.
9. RIGHTS OF DATA SUBJECTS
9.1 Subject to the limitations and conditions set out in the Data Protection Act, 2012 (Act 843), Data Subjects have the following rights in respect of their personal data held by us:
- (a) Right of Access — the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data together with information about how it is processed;
- (b) Right to Rectification — the right to request correction of any inaccurate or incomplete personal data we hold about you;
- (c) Right to Erasure — the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to any overriding legal obligation to retain such data;
- (d) Right to Restriction — the right to request that we restrict the processing of your personal data in certain circumstances, including where you contest the accuracy of the data or object to its processing; and
- (e) Right to Object — the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis for processing.
9.2 To exercise any of the above rights, please submit a written request to our support team via: https://kolectpay.com/contact. We shall respond to all requests within twenty-one (21) calendar days of receipt, or such shorter period as may be required by applicable law.
9.3 If you are dissatisfied with our response or believe that we are processing your personal data unlawfully, you have the right to lodge a complaint with the Data Protection Commission of Ghana.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 The Platform uses essential session cookies solely for the purpose of authenticating Users and maintaining secure login sessions. These cookies are strictly necessary for the operation of the Platform and do not track Users across third-party websites.
10.2 We do not use third-party advertising cookies, behavioural tracking cookies, or any cookies for the purpose of displaying targeted advertising.
10.3 Users may configure their browser settings to refuse or delete cookies; however, doing so may impair the functionality of the Platform dashboard, including the ability to log in and access Platform features.
11. INTERNATIONAL TRANSFERS OF PERSONAL DATA
11.1 The Platform is operated and data is processed primarily within the Republic of Ghana. Where it becomes necessary to transfer personal data to recipients located outside Ghana, we shall ensure that such transfers are carried out only in accordance with the requirements of the Data Protection Act, 2012 (Act 843) and any applicable guidelines issued by the Data Protection Commission, including by implementing appropriate safeguards such as standard contractual clauses or equivalent mechanisms.
12. AMENDMENTS TO THIS POLICY
12.1 We reserve the right to amend this Policy at any time to reflect changes in our data processing practices, applicable law, or the features of the Platform.
12.2 Notice of any material amendment to this Policy shall be provided to Users via email to their registered email address or by a prominent notification on the Platform dashboard, no less than fourteen (14) calendar days prior to the effective date of the amendment, unless a shorter period is required by law.
12.3 Continued use of the Platform following the effective date of any amended Policy shall constitute the User’s acceptance of the revised terms. If a User does not accept the amended Policy, they must cease using the Platform and contact us to close their account.
13. CONTACT AND COMPLAINTS
13.1 For any questions, concerns, or requests relating to this Policy or the processing of your personal data, please contact us at:
| privacy{{ strtolower($platformName) }}.com | |
| Contact Form | https://kolectpay.com/contact |
| Response Time | Within five (5) business days of receipt |
13.2 If your concern relates to Customer Data for which a User is the Data Controller, we may refer your request to the relevant User in the first instance.
13.3 You have the right at any time to lodge a complaint with the Data Protection Commission of Ghana if you consider that the processing of your personal data infringes applicable data protection legislation.
This Privacy Policy was last reviewed and approved in May 2026.