Bsystems Limited is a Software and Database Management Company offering cutting-edge IT-based business solutions that meet the present and future needs of businesses within the sub-Saharan marketplace. At Bsystems, we combine worldwide corps of systems and services experts with vastly reliable indigenous systems to deliver value- added products and services to our customers.

As a wholly indigenous Ghanaian company, Bsystems was incorporated under the Companies Code, 1963 (Act 179) as a limited liability company in 1999. Bsystems has made huge investments in software solutions thus becoming one of Ghana’s leading Systems Consulting and Software Development Company. With approximately 40 employees supporting over 45 companies including more than 25 banking and financial institutions that use Bsystems applications and Oracle related products, Bsystems has partnered with industry leaders to provide service solutions unmatched within the Sub-Saharan marketplace.

Data Privacy Policy Statment

Bsystems privacy policy protect ID card bearers sourced from third Party Data controllers for the use of ID verification purposes. The personal information obtained from Third Party Data Controllers includes ID Number, Name of holder, Date of birth, serial number, polling station Number, Age, Gender, Issuing Authority, Identification Card image etc has been made accessible to our clients to verify an individual card holder to avoid fraudulent transaction. Therefore, it is important to protect the information of individuals and must not be disclosed/stored or altered outside the purpose of the agreement. Personal data is not transferred to third-party countries or international organizations by Bsystems and its clients.

Bsystems is committed to comply with the Data Protection Act, 2012 and we undertake to ensure that personal data conforms to the rules of use obligations required by third party data controllers with strict limitation to the purpose of which it is processed in accordance with the rights of the data subject in a way that ensures adequate security safeguards of the personal data.

Security Measures For Data Verification

Bsystems in relation to the use of public personal data through third party controllers, apply the necessary technical and organization measures to ensure their security, protection against accidental or unlawful destruction, alteration, disclosure or unauthorized access. Clients shall not misuse information of card bearers, disclose, amend or alter any information provided by Bsystems in accordance to the agreed purpose. Bsystems employees, clients and service providers are required to respect the confidentiality of information in accordance with law and applicable personal data policy. In the likely event that a personal data breach creates a high risk for the rights and freedom of individual as well as the company, Bsystems shall inform the data subject of the breach takes steps to remedy the situation with reasonable time.

The terms and conditions, Privacy Policy and Protection of personal data may be updated and modified in accordance with applicable legal regulations or policies of the company.

PRIVACY POLICY

This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of https:gvivegh.com.

Data Protection Act, 2012 (Act 843) Section 20 (1) (e) grants us the right to collect your personal data necessary to pursue the legitimate interest of our business dealings with you.

By using https://gvivegh.com, you agree to the use of personal data in accordance with this policy.

While using https://gvivegh.com, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally, identifiable information may include, but is not limited to your name, email address, ("Personal Information”) etc.

Like many site operators, we collect information that your browser sends whenever you visit https://gvivegh.com (“Log Data”).

This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of https://gvivegh.com that you visit, the time and date of your visit, the time spent on those pages and other statistics.

We may use your Personal Information to contact you when necessary.

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.

Like many sites, we may use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of https://gvivegh.com.

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

We shall not share any of your personal details we collect with any third party without your consent unless in situations under Data Protection Act 2012 (Act 843) Sections 20 (e) and 21 (e).

Changes to This Privacy Policy

This Privacy Policy is effective as of October 2019 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on https://gvivegh.com

If you have any questions about this Privacy Policy, please contact us through privacy@gvivegh.com.

GVIVE DATA PROTECTION POLICY

Bsystems does not keep any data and information from the GVIVE platform directly or indirectly, we however monitor the network for the purposes of ensuring security, availability and quality of service and compliance achievements, in line with the SLA covenants signed with our customers and identity data source controller.

For example, it is also necessary to process information on behalf of other service providers for staff recruitment and social and welfare payments for individual related transactions being executed and for legal obligations to report. To comply with the law, information must be validated and reported fairly, safely and not disclosed to any other person unlawfully.

To do this, the GVIVE platform complies with the Data Protection Principles.

In summary these states that personal and individuals’ data shall:

  1. be accessed and processed fairly and lawfully and shall not be processed unless certain conditions are met.
  2. be accessed for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  3. be adequate, relevant and not excessive for those purposes.
  4. be accessed for verification as is and not updated or altered in any way or form.
  5. not be accessed for longer than is necessary for that purpose.
  6. be processed in accordance with the data subject’s rights.
  7. be assessed from a safe environment devoid from unauthorized access, accidental loss or destruction.
  8. not be accessed from outside the host country or pre-approved area or jurisdiction, unless that country has equivalent levels of protection and privacy for personal data.

Bsystems and all staff or others who process or use any personal information must ensure that they also follow these principles at all times. In order to ensure that this happens, Bsystems has developed the Data Protection Policy below for the GVIVE platform:

1) Status of the Policy

This policy does not form part of the formal contract of partnership, but it is a condition of partners that GVIVE platform partners and indirect service providers will abide by the rules and policies made by Bsystems from time to time. Any failures to follow the policy can therefore result in abrogation of partnership or service contract.

Any partner or service provider that considers that the policy has not been followed in respect of individuals’ data or the partner’s data should raise the matter with the Bsystems or the data source controller. If the matter is not resolved it should be raised as an escalation of grievance.

2) Notification of Data Accessed and Processed

All Bsystems staff, including direct and indirect partner users are entitled to;

  1. know what information GVIVE platform have access to and processes about them and why.
  2. know how to gain access to it.
  3. know how to keep it as is without possibility of modification and updating.
  4. know what Bsystems is doing with the GVIVE platform at any time to ensure compliance with its obligations

Bsystems therefore provides all staff and interested individuals and other relevant users with a standard form of notification and verification. This will state all the types of data GVIVE can access and process concerning them, and the reasons for which it is processed. GVIVE will ensure this is done on demand.

3) Responsibilities of Individuals

All individuals are responsible for:

  1. checking that any information that they provide to the data source controller in connection with their verification through GVIVE is accurate and up to date.
  2. informing the data controller directly of any changes to information, which they have provided i.e. changes of address, name etc.
  3. checking the information, the controller provides for verification through GVIVE from time to time, giving details of information kept and processed about the individual.
  4. informing the data controller of any errors or changes. GVIVE cannot be held responsible for any errors. This must only be taken up directly with the controller.

If and when, as part of their responsibilities, individuals verify information about other people, (i.e. about individual’s address or vital personal records, references to specific courses, or partners’ records or details), they must comply with the guidelines for individuals, which are stated above.

All individuals accessing their information directly are required to indicate that they have read and agree with the GVIVE Data Protection and Privacy Policy as component of their access to GVIVE platform through all available channels.

4) Data Security

  1. All individuals are responsible for ensuring that: Any personal data which they hold is kept securely. Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorized third party.
  2. Individuals and partners are aware that unauthorized disclosure and/or failure to adhere to the requirements set out in “C to G” inclusive below will usually be a dispute matter, and may be considered and abuse of privacy in some scenarios.
  3. Access to partners and individuals’ information should be; encrypted and if accessed through a digital channel, must be password protected; or when verified by third parties through a computer system must be password protected at multiple access levels.
  4. Partners and individuals’ data will NEVER be stored by GVIVE platform in any way whether in manual or electronic form, on laptop computers or other personal portable devices or at other remote sites,
  5. Ordinarily, partners and individuals’ data will NOT be processed at unsecure environment whether in manual or electronic form, on laptop computers or other personal portable devices or at other remote sites. In cases where such off-site processing is felt to be necessary or appropriate, the agreement of the relevant Data Controller MUST be obtained, and all the security guidelines given in this document must still be followed.
  6. Data accessed on portable electronic devices or digital media is the responsibility of the partner or individual who operates the equipment. It is the responsibility of this individual to ensure that:
    1. Suitable event and activity logs are backed-up and easily retrieved upon request
    2. Sensitive data is appropriately encrypted
    3. Sensitive data cannot be copied onto portable storage devices in line with SLA with the Data Controller, in regards to appropriate encryption and protection measures.
    4. Electronic devices such as laptops, mobile devices and computer media (USB devices, CD’s etc.) that contain sensitive data are not left unattended by partners and third party providers.
  7. For some information the risks of failure to provide adequate security may be so high that it should NEVER be taken for granted. Exceptions to this may only be with the explicit approval of the Data Controller.

5) Customer Obligations

Individuals must ensure that all personal data provided to the Data Controller is accurate and up to date. They must ensure that changes of address, etc. are notified to their office.

6) Rights to access Information

  1. Individuals, partners and other users of GVIVE services have the right to access any personal data that is being kept about them either through their devices or in certain files.
  2. In order to gain access, an individual may wish to receive notification of the information currently being held. This request should be made in writing, in the first instance to the Data Controller or through electronic means upon accepting the service conditions to be provided.
  3. GVIVE platform could possibly charge a fee on each occasion that access is requested, although the Data Controller has the discretion to waive this for specific scenarios especially related to request by an appropriate court of law.
  4. GVIVE aims to comply with requests for access to individuals’ information as quickly as possible, but will ensure that it is provided within the internal policy in place and signed SLA with the Data Controller.

Subject Consent

  1. In many cases, GVIVE can only process personal data with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained from the Data Controller authorizing GVIVE to process some specified classes of personal data is a condition of acceptance of an individual.
  2. GVIVE will only use the information in the protection of the health and safety of the individual being verified but will need consent from the Data Controller to process in the event of a medical emergency or police investigation after obtaining required “warrant of inquiry” from an appropriate court of law.
  3. All prospective individuals and partners will be asked to sign a consent form to process data, regarding particular types of information being accessed from all available channels. A refusal to sign or accept the conditions for access/verification can result in the offer being denied.

7) Processing Sensitive Information

  1. Depending of the data controller source, sometimes it may be necessary to process information about a person’s health, criminal convictions, race and gender and family details.
  2. This may be to ensure GVIVE platform is a safe place for everyone, or to operate other policies of the data controller as the need may arise in future.
  3. Because this information is considered sensitive, and it is recognized that the processing of it may cause particular concern or distress to individuals as such individuals and partners will be asked to give express consent for GVIVE to do this.
  4. During the enrollment process, access may be denied if an individual or partner refuses to consent to this, without good reason.

8) The Data Controller

  1. The source Data Controller is the ultimate custodian of all identity data being accessed for verification by GVIVE and is therefore ultimately responsible for ensuring that GVIVE meets the required data protection and privacy covenants. However, there are also designated data controllers in Bsystems to manage the relationship and day to day activities.
  2. Bsystems has designated one data controller, who is the primary point of authorization for receipt and supply of data requests with individuals and other stakeholders.