Gonana ~ Built for farmers by Experts

Data Protection Policy

1. Purpose

This Data Protection Policy outlines Gonana's commitment to safeguarding personal and business data collected, stored, and processed in the course of its operations. The policy ensures compliance with applicable data protection laws and promotes trust among stakeholders, including farmers, buyers, partners, and employees.

2. Scope

This policy applies to all employees, contractors, and third-party service providers working with Gonana. It governs all personal data processed, whether electronic, paper-based, or other formats, related to customers, employees, and partners.

3. Key Principles

Gonana is committed to the following principles:

  • Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
  • Purpose Limitation: Data will only be collected for specific, explicit, and legitimate purposes.
  • Data Minimization: Only the data necessary for the specified purpose will be collected and processed.
  • Accuracy: Gonana will take reasonable steps to ensure data accuracy and rectify inaccuracies promptly.
  • Storage Limitation: Personal data will not be kept for longer than necessary for its intended purpose.
  • Integrity and Confidentiality: Data will be processed securely to protect against unauthorized access, alteration, or destruction.

4. Data Collection and Processing

Gonana collects personal data to facilitate its marketplace services, including:

  • Names, contact information, and payment details of users.
  • Agricultural product details and transaction histories.
  • Usage data for service improvement.

Data processing activities include user registration, transaction facilitation, communication, and marketing (with user consent).

5. Data Security

Gonana employs technical and organizational measures to safeguard personal data, including:

  • Encryption of sensitive information.
  • Secure storage systems with restricted access.
  • Regular security audits and vulnerability assessments.

6. Data Subject Rights

Individuals have the following rights regarding their personal data:

  • Right to Access: Request access to personal data held by Gonana.
  • Right to Rectification: Correct inaccuracies in their data.
  • Right to Erasure: Request deletion of their data under certain conditions.
  • Right to Restriction: Limit the processing of their data in specific circumstances.
  • Right to Data Portability: Receive their data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.

Requests related to these rights should be directed to Dusu Thomas Shut (call: +2348060691007, email: dusushut@gmail.com).

7. Third-Party Sharing

Gonana may share personal data with trusted third-party service providers for:

  • Payment processing.
  • Platform analytics.
  • Marketing and communication.

All third parties are bound by data protection agreements to ensure compliance with this policy and relevant laws.

8. Data Breach Management

In the event of a data breach:

  • Affected individuals will be notified promptly if the breach poses a high risk to their rights.
  • Gonana will investigate and implement corrective actions to prevent future breaches.
  • Relevant authorities will be informed in compliance with legal requirements.

9. Training and Awareness

Gonana provides regular data protection training to employees and contractors to ensure compliance and promote awareness of data privacy responsibilities.

10. Policy Updates

This policy will be reviewed annually or when necessary to reflect changes in operations, legal requirements, or industry standards. Updates will be communicated to all stakeholders.

11. Contact Information

For questions or concerns regarding this policy, contact Gonana’s Data Protection Officer:

Dusu Thomas Shut (call: +2348060691007, email: dusushut@gmail.com).

12. Compliance and Accountability

Gonana’s leadership team is committed to enforcing this policy and ensuring compliance with data protection laws, including GDPR (if applicable) and other local regulations.