Privacy Policy

1.    General Overview of Our Privacy Notice


Information Governance Solutions (IGS) is a registered company in Ghana and are very passionate and care about how we process your personal information that is shared with us in the course of our business and providing services to our clients.  This privacy policy aims to provide you with information about how we process your personal information. We will only process information where you have given us the information directly as a data controller data or by our clients where we are processors in accordance with their instructions and in line with our obligations and your rights under The Data Protection 2012 (Act 843), The EU General Data Protection Regulation (GDPR) and other Jurisdictional Data Protection laws that are applicable.

2.    Who we are?

Information Governance Solutions is the data controller for the information we process unless otherwise stated. For the purpose of this Privacy Notice, Information Governance Solutions shall be referred to as “IGS”.

Registered Address  

Office Address 

Information Governance Solutions (GH)

18 Gower Street


Accra, Ghana

Tel:  0509366953


Our Office Address is

7 Ajiringanor Road

East Legon GD-209-1982

Tel: 0509605030:

3.    How do we obtain your personal data?

IGS collects personal information directly from you when you engage with us through various channels. Where we collect your personal information indirectly from you, we will inform you in due course when we contact you of where we obtained the information from. The following are the various ways we collect information from you.

  • When you register, book or attend training
  • When you register for or attend an event/conference.
  • When you contact us to make an enquiry or request for information.
  • When you make a complaint and or give feedback.
  • When you apply for a job with us.
  • When you register to be added to our recruitment and membership services
  • And through any other interaction that you have with us.

4.    The information we collect and when

We only collect personal information that is necessary, relevant and not excessive for the purpose which is processing.  The type of personal information that we may collect and process about you when you interact with us include the following:

  • Your name
  • Telephone number(s)
  • Email address
  • Address
  • Survey/course evaluation and responses
  • Cookies
  • IP address

We may in certain circumstances process other information such as your, subscriptions, services used, records of conversations and agreements and financial details that are required for transactions.

You are under no obligation to provide us with your personal information; however, certain basic information may be required for us to be able to provide you with the service or request made by you. Where this is the case we will advise yours at the point of obtaining the information.

5.    Purpose of processing

The purposes for which we process your personal data  include  one or more of the following purposes:

  1. To provide you with information that you have requested or that we think may be relevant to a service or product in which you have exhibited an interest.
  2. Interact with you to process financial transactions with you, or the company you represent, for the purchase and commissioning of products and/or services from us.
  • To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your personal data for us to fulfil the contract
  1. To ensure the security safeguard of our websites and underlying business infrastructure.
  2. To manage any communication between you and us



IGS will only process your personal data for the specific purpose that we state at the point of a personal data collection and when the law allows or requires us to do to. Most commonly, we will use your personal data in the following circumstances:

  • For us to perform a contract that we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests and if your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or statutory obligation.
  • Where you give us your consent.

We have set out below, in a table format, a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.


Type of Processing activity

Lawful basis

To contact you, following your enquiry, reply to any questions, suggestions, issues or complaints you have contacted us about

Legitimate interest

Fulfillment of a contract to provide you with an agreed service

Performance of a contract

Make available our services to you

Legitimate interest

Process your orders including booking our courses or events

Performance of a contract

For statistical analysis and to get feedback from you about our services or training or events.

Legitimate interest

Marketing /mailing list /subscriptions to newsletters



7.    Who we might share your information with

We will not share your information with third parties unless any of the following circumstances applies.

Where the law or a statutory duty requires us to do so

Share with joint controllers such as the Data Protection Commission for the administering of Training

Our internal team members who need the information un the course of their roles to administer a contract or service we are providing to you

If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or

Share with recipients including employees only for the purposes of administering services to you or respond to your request.  This will only be shared on a strictly need to know basis. We will only share with third parties that we have either contracted to perform services for us and will ensure that we put in the necessary security and third-party contracts and agreements in place.

8.    Security safeguards

Security safeguards are of high importance to us and therefore we believe we have appropriate technical and organizational security measures and controls in place to protect your information.   Some of the measures that IGS has put in place include implementing access controls and encryption to our information technology and systems. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure.  You should be aware that there are many information security risks that exist and take the appropriate steps to protect your own information.

9.    Your Rights as a data subject.  

The Data Protection Act 843 provides some basic rights to data subjects.  These are

  • Right to be informed:
  • Right of access to personal data
  • Right to give and withdraw consent:
  • Right to amend (rectification), blocking, erasure and destruction
  • Right to prevent processing:
  • Freedom from automated decision making:
  • Freedom from processing for direct marketing
  • Right to compensation
  • Right to complain:
  • Other Rights under different jurisdictions Across Africa and beyond

Right to be informed:

You have the right to be informed about the processing of your personal information (personal data) that we do.  This privacy notice is a way of ensuring we meet our obligations to enable you to exercise your right to be informed.

Right to Access Your Personal Information

You have the right to access the personal information that we hold about you. This is sometimes termed a ‘Data Subject Access Request’. We will ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information when you make such a request. If you would like to exercise this right, please contact us as set out below.

Right to rectification, blocking, erasure and destruction

Where information we hold about you is inaccurate, incomplete or out of date, you may ask us to correct or update it at any.  You also have the right to block us from further processing of your personal data where we do not have any legitimate or legal basis to process your personal data. In certain circumstances, you may also as us to delete your personal data.   The right to erasure or destruction is not absolute and only applies in certain circumstances. If you would like to exercise this right, please contact us as set out below.

Right to prevent processing: 

Under this right, you can give us notice in writing to cease or not or not start processing your personal data for a specific purpose or manner which will cause or likely to cause any unwarranted damage or distress.  You can also prevent us from processing your information for direct marketing purposes. 

Right to give and withdraw consent

Where we rely on your consent to process your personal data, you have the right to withdraw it at any time by contacting us or using any details provide in our communication with you. 

Right to complain and compensation

As with all the other rights above you may write to complain if you believe any of your rights have not been met or we fail to meet our obligations as a data controller.

Other Rights under different jurisdictions Across Africa and beyond

IGS will ensure the various rights of data subjects where we operate are respected and take our obligations seriously. Where we process personal data of other jurisdictions, we undertake a privacy assessment to identify any potential risk of noncompliance. 

Notice to Exercise Rights

You can at t any time give notice in writing to us to exercise your rights.  We will within twenty-one (21) days after receipt of a notice inform you writing that we have complied or intend to comply with the notice your notice, or the reasons if we cannot comply with the request.

If you would like to exercise this right, please contact us as set out below.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes we make will be published and indicated by a version no.

The  Data Protection Commission (DPC) regulates data protection and privacy matters in Ghana. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly.


Information Governance Solutions supports organisations to meet jurisdictional legal obligations and international standards with strategic and policy solutions including staff training and awareness.