Privacy Policy

1. Introduction

Mybitstore Technologies Ltd (“Mybitstore”, “we”, “our”, “us”) is committed to protecting the privacy, confidentiality and security of personal data in accordance with the Ghana Data Protection Act, 2012 (Act 843) of Ghana and applicable international best practices, including GDP-aligned
principles.

This Privacy Policy explains how we collect, use, disclose, retain and protect personal data when individuals access or use the Mybitstore platform, mobile applications, websites, services, products, and tools (“Services”).

By accessing or using Mybitstore services, you acknowledge and agree to the terms of this Policy.

2. Key Terms/Definitions

• Personal Data means information that identifies you (example: name, ID documents, contact details).
• Processing refers to any action taken with your information (collecting, storing, using or deleting).
• Data Subject refers to you the individual using Mybitstore.
• Data Controller refers to Mybitstore; the organisation that decides how your data is used.
• Service refers to the website or app
• Account refers to your personal, private profile that lets you access features, save info, and track activity, created with a username/email and password for secure entry.
• Third Parties refers to trusted service providers who assist Mybitstore (example: banks, KYC providers).
• KYC means “Know Your Customer” identity verification required by law.
• AML/CTF means Anti-Money Laundering and Counter-Terrorism Financing regulations.
• Biometric Data refers to facial verification or identity selfie used for secure verification.

3. Scope Of This Policy

This Policy applies to:

• All users who access, browse, or register on the Mybitstore platform
• All customers who use Mybitstore products and services
• All personal data processed by Mybitstore in its role as a Data Controller

This Policy does not apply to employee or internal HR data; such data is governed by a separate employee/HR privacy policy.

4. Data Protection Commission (DPC) Registration

Mybitstore Technologies Ltd is registered with the Data Protection Commission of Ghana as a data controller (Registration ID: O4JzxkRYwE). We will renew our registration as required by and inform the DPC of any changes to our processing activities.

5. Personal Data We Collect

We collect the following categories of personal data:

• Identity Data: full name, date of birth, nationality, identification numbers.
• Contact Data: phone numbers, email addresses.
• KYC and AML Data: biometric data, ID verification details, risk assessments.
• Financial Data: bank account details, mobile money information, cryptocurrency wallet addresses, transaction history.
• Technical Data: IP address, device information, cookies, access logs.
• Usage Data: actions on our platform, preferences, communication history.

6. Legal Basis for Processing

We process personal data based on the following lawful grounds:

• Consent
• Performance of a contract
• Compliance with legal obligations (e.g., AML/KYC requirements)
• Legitimate business interests (fraud prevention, security, system improvement)
• Protection of vital interests (safety emergency and emergency situations)

7. Purpose of Processing

We process personal data for the following purposes:

• Account creation, verification and authentication.
• KYC/AML compliance, fraud prevention and risk assessment.
• Processing and recording transactions.
• Improving, developing and securing our services.
• Customer support and communications.
• Regulatory reporting.
• Marketing (only with consent)

8. Data Sharing and Third-Party Processors

We share personal data only with:

• Licensed KYC/AML services providers.
• Payment partners.
• Cloud hosting and IT security providers.
• Regulatory or law enforcement bodies where required by law.

All third-party processors operate under written Data Processing Agreements (DPAs) containing adequate safeguards, confidentiality obligations and security controls.

9. Data Subject Right

As a user on Mybitstore, you have the right to:

• Be informed about how your data is used
• Access your personal data
• Withdraw consent at any time
• Request correction of inaccurate data
• Object to certain types of processing
• Request deletion of your data (where legally allowed)
• Restrict processing in specific situations
• Not be subject to fully automated decisions without human review

Data rights requests may be sent to dpo@mybitstore.com. We acknowledge data subject requests within five (5) business days and respond within 21 working days, extendable to 40 days where necessary.

10. Data Security Measures

We apply strong technical and organisational measures to secure your personal data, including:

• Data encryption (in transit and at rest)
• Multi-factor authentication (MFA)
• Firewalls and intrusion detection systems
• Role-based access controls
• Regular vulnerability testing and system audits

11. Data Breach Response

In the event of a data breach, we will:

• Activate our incident response plan
• Identify and contain the breach
• Evaluate risks to affected users
• Notify the Data Protection commission and affected individuals without undue delay and, where feasible, within 72 hours.

12. Data Retention Policy

Mybitstore retains personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, including compliance with legal and regulatory obligations, performance of contractual duties, fraud prevention, and the resolution of disputes.

Retention periods include, but are not limited to, the following:

• KYC and identity verification documents: retained for 5-7 years after account closure, in line with AML and regulatory requirements.
• Transaction and financial records: retained for 7 years to meet anti-money laundering and tax compliance obligations.
• System and security logs: retained for 1 year for monitoring, security, and audit purposes.
• Customer support communications: retained for 2 years to ensure service quality and dispute resolution.
• Marketing data: retained until consent is withdrawn or the individual opts out.

Once personal data is no longer required, it is securely deleted, anonymized, or otherwise disposed of in accordance with applicable data protection laws and internal retention procedures.

13. International Data Transfers

If your data is transferred outside Ghana:

• Transfers will comply with the Ghana Data Protection Act (Act 843)
• Appropriate safeguards and security measures will be applied
• You will be informed where legally required

14. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Enable secure access to your account
• Improve platform performance
• Analyze user behavior and traffic

You may disable cookies in your browser, but some features may not function properly.

15. Children’s Policy

Mybitstore services are strictly for persons aged 18 years and above. We do not knowingly collect data from children. Age is verified through KYC processes.

If we discover that we have collected data from a minor, we will delete it immediately unless legally required to retain it.

16. Amendments to This Policy

We may update this Policy from time to time. Updates will be published on our website or communicated to users where necessary.

17. Contact Information

For questions, complaints, or data rights requests:
Email: support@mybitstore.com
Data Protection Officer: dpo@mybitstore.com
Office Address: Lagos Ave, Accra
Phone: +233546923048 / +233249784105