Welcome to SikaFlow (the "App"), operated by SikaFlow Global (hereinafter referred to as "we",
"us" or "our"). We attach great importance to the protection of users' personal information and
privacy, and are committed to collecting, using and managing your information in compliance
with applicable laws and regulations of Ghana. This Privacy Policy is formulated to help you
understand how we process your personal information, explaining what information we collect,
how we use and protect such information, as well as your relevant rights. By using the App, you
acknowledge that you have read, understood and agreed to the content of this Policy.
This Privacy Policy applies to all products and services we provide to you. Please read and fully
understand the content of this Policy carefully before use, especially the clauses relating to your
personal information rights. Once you start using our products or services, or continue to use
them after this Policy is updated, you acknowledge that you have read, understood and agreed
to be bound by all contents of this Policy (including subsequent updated versions). If you do not
agree with any content of this Policy, please stop using our products and services immediately.
This Privacy Policy will help you understand the following contents:
1. Our Commitments
2. How We Collect and Use Personal Information
3. How We Entrust, Share, Transfer and Publicly Disclose Your Personal Information
4. Authorization Period for Personal Information Processing
5. How We Store and Protect Personal Information
6. Your Rights
7. How We Process Personal Information of Minors
8. Updates and Notices of This Policy
9. How to Contact Us
1. Our Commitments
We understand the importance of personal information to you and will do our utmost to protect
the security and reliability of your personal information. We are committed to maintaining your
trust and adhering to the following principles to protect your personal information: the principle
of consistency of rights and responsibilities, the principle of clear purpose, the principle of
selective consent, the principle of minimum necessity, the principle of ensuring security, the
principle of subject participation, the principle of openness and transparency, etc. We hope this
Privacy Policy will help you understand our business functions and the corresponding types of
personal information we need to collect, the rules for processing and protecting your personal
information, and the ways for you to independently manage your information.
1.1 We only process your personal information within a necessary and
reasonable scope
We commit to processing your personal information only within a necessary and reasonable
scope. We process your personal information to comply with the laws and regulations of Ghana,
and to provide you with better products and services through our platform.
1.2 We only process your personal information with your knowledge and
consent
We commit to inform you openly and honestly of our name, contact information, what personal
information of yours is processed, as well as its purpose, method and retention period. We will
make every effort to explain in easy-to-understand language. Sensitive personal information
refers to personal information that, once leaked, illegally provided or misused, may endanger
personal and property safety, and easily lead to damage to personal reputation, physical and
mental health or discriminatory treatment. We will comply with applicable laws and regulations
of Ghana, inform you of the necessity of processing sensitive personal information and its
impact on personal rights and interests in a legally compliant manner before processing your
sensitive personal information, and obtain your separate consent.
We respect your choices. We will timely inform you of any changes in the scope, purpose and
method of collecting and processing your personal information.
1.3 We respect your management of personal information
We ensure that the personal information you provide will not be maliciously tampered with,
damaged or lost. We understand and respect your concerns about personal information, and
provide you with channels to exercise the rights of the subject of personal information,
including but not limited to channels for querying, copying, correcting, withdrawing consent
and deleting personal information.
1.4 We will take necessary measures to ensure the security of your
personal information
We commit to adopting corresponding security protection measures to protect the security of
your personal information in accordance with mature industry security standards, including but
not limited to protecting the security of your personal information through hardware, software,
data, personnel, physical environment and infrastructure protection measures that meet the
requirements of applicable laws, regulations and standards. In addition, we will sign
confidentiality agreements or relevant commitments with relevant employees and train
employees on security awareness to urge them to comply with this Policy.
2. How We Collect and Use Personal Information
You agree and authorize us to collect and use the following service-related necessary
information during your registration, login and use of the services we provide, but we will not
collect personal information prohibited by laws and regulations from you, or use your personal
information in violation of laws and regulations or the agreement with you.
When you use our products/services, we may need to collect and use two types of your personal
information: The first is the information necessary for the basic business functions of our
products/services, which is essential for the normal operation of the products/services, and you
must authorize us to collect and use it. If you refuse, you will not be able to normally use the
basic business functions of our products/services. The second is the information that may be
required for non-basic business functions, and you can choose whether to authorize us to
collect it. If you refuse to provide it, some functions may not be realized or achieve the expected
effect, but it will not affect your normal use of basic business functions. We will only collect and
use the information necessary for the normal operation of a specific business function when you
use it, and we will stop collecting and using your personal information after you stop using that
business function. If it is really necessary to change the purpose and type of information
collection, we will inform you in advance in a reasonable manner (such as in-app pop-up
window) and obtain your consent again.
2.1 Basic Personal Information
To achieve identity verification, account registration, risk assessment and ensure service
security, we will collect your mobile phone number as the unique registration information, and
may collect your name, date of birth, employment status, monthly income and loan history
according to service needs. The above information will be used to verify identity, assess credit
risk, recommend service content, and ensure the legality and security of transactions between
the platform and users.
2.2 Collection and Usage Scenarios of Device Information
2.2.1 Location Information
With your explicit authorization, we may collect your approximate location information derived
from network connections (WiFi/cell towers). This information is used to determine whether you
are within our service coverage area (Ghana) and assist in credit evaluation and risk control, so
as to improve the compliance and accuracy of services. We commit not to use your location
information for purposes unrelated to this service, nor to provide such information to any
unrelated third party without your explicit consent.
2.2.2 Device Information
During your use of the App, to ensure platform security, verify user identity, and conduct risk
control and anti-fraud analysis, we may collect part of your device information, including but
not limited to hardware model, operating system version, SSAID, network status, device
manufacturer and mobile operator name. The above information helps improve the accuracy of
identity recognition and risk assessment. If you choose not to provide relevant information, it
will not affect the use of the basic functions of the App, but may affect the system's judgment of
risks and the accuracy of service recommendations.
2.2.3 Installed Applications List
To improve risk control capabilities, enhance fraud identification, and ensure the security and
compliance of loan services, we may collect the list of applications installed on your device with
your explicit authorization. The collected information includes application name, package
name, installation and update time, version number, whether it is a system application,
application label and installation path. The above information is only used for risk assessment,
all data is encrypted in accordance with the law and securely transmitted and stored, and will
not be used for purposes unrelated to this service, nor provided to any unrelated third party
without authorization.
2.2.4 Contacts Information
We only collect names and phone numbers from the contacts you manually select to designate
as emergency references. This information is only used for identity verification and will not be
used for any other purposes without your explicit consent.
3. How We Entrust, Share, Transfer and Publicly Disclose Your
Personal Information
3.1 Entrusted Processing
In accordance with the Data Protection Act, 2012 (Act 843) and relevant regulations of Ghana,
we may entrust third-party service providers that meet Ghana's legal requirements and have
necessary qualifications (such as cloud computing service providers, data analysis institutions,
risk control partners, etc.) to process your personal information. The entrusted party must
strictly follow the contractual agreement, only use your personal information within the
authorized scope, comply with Ghana's laws on personal data protection, and take
corresponding technical and management measures to ensure information security. We will
evaluate and supervise the qualifications, compliance and security control of the entrusted
party to ensure that your information is effectively protected.
3.2 Sharing
On the premise of respecting your privacy rights and complying with Ghana's laws, we may
share necessary personal information with audited and compliant cooperative institutions
(including licensed financial institutions, credit reference bureaus, payment platforms, etc.)
according to business needs, for legitimate purposes such as credit evaluation, risk control and
transaction processing. All sharing activities shall comply with the relevant provisions of the
Data Protection Act, 2012 (Act 843) and Bank of Ghana regulations to ensure the legality and
security of information sharing and prevent information leakage or abuse.
3.3 Transfer
In the event of company merger, acquisition, asset restructuring, etc., your personal information
may be transferred as part of business assets. We will ensure that the information recipient
commits to complying with the relevant data protection laws and regulations of Ghana,
continue to fulfill the protection obligations, and only use the information for legitimate and
clear purposes. If the transfer involves material changes to your rights and interests, we will
timely notify you in an appropriate manner and seek your consent to the extent required by law.
3.4 Public Disclosure
We may publicly disclose your personal information in accordance with the laws and regulations
of Ghana and compliance requirements under the following circumstances:
• In response to the legitimate requirements of Ghana's judicial organs, regulatory authorities
and the Bank of Ghana, and cooperate with investigations and reviews in accordance with
the law;
• To prevent illegal and criminal acts, safeguard national security, public safety and social
public interests;
• To protect the legitimate rights and interests of you, other users or the public.
We will strictly comply with the Data Protection Act, 2012 (Act 843) and other relevant laws
and regulations of Ghana to ensure that information disclosure is legal and compliant, and take
necessary security measures to prevent information leakage or abuse.
4. Authorization Period for Personal Information Processing
The authorization under this Policy shall take effect from the date you confirm the content of
this Policy and remain valid until you voluntarily withdraw the authorization or cancel your
account (whichever occurs first). If you do not withdraw the authorization and your account is
still valid, we have the right to process your personal information within the scope specified in
this Policy. When the authorization period for personal information processing expires, we will
stop processing your personal information and no longer use it for other purposes, unless
otherwise required by laws and regulations or this Policy explicitly allows continued storage and
security protection measures.
5. How We Store and Protect Personal Information
To ensure the security of your personal information, we strictly comply with the Data Protection
Act, 2012 (Act 843) , Cybersecurity Act, 2020 (Act 1038), and Bank of Ghana regulations, and
implement multi-layered technical and administrative measures to protect your data:
• We apply industry-standard data encryption technologies to secure personal information
during transmission and storage, in line with the data security requirements under the Data
Protection Act, 2012 (Act 843) ;
• We store personal information on secure servers that meet Ghanaian legal requirements and
conduct regular security testing and risk assessments, in compliance with the Cybersecurity
Act, 2020 (Act 1038);
• We restrict access rights and only authorize personnel in essential roles to access data within
their lawful duties, and require them to sign confidentiality agreements as required by the
Data Protection Act, 2012 (Act 843) ;
• We maintain a comprehensive information security management system and provide regular
data protection training to staff to enhance security awareness;
• We deploy multiple security safeguards including firewalls, anti-virus systems and intrusion
detection systems to prevent unauthorized access, disclosure or alteration of data,
consistent with requirements under the Cybersecurity Act, 2020 (Act 1038);
• We have established an emergency response plan for data security incidents. In the event of
data leakage, tampering or similar incidents, we will promptly activate the emergency
procedure and notify users and competent authorities in accordance with the Data
Protection Act, 2012 (Act 843) and Cybersecurity Act, 2020 (Act 1038).
We are committed to continuously improving our data security system to ensure your personal
information is effectively protected and your legitimate rights and interests are upheld.
6. Your Rights
In accordance with the Data Protection Act, 2012 (Act 843) and relevant regulations of Ghana,
you, as the subject of personal information, have the following rights:
• Right of Access: You have the right to inquire and obtain the personal information we hold
about you at any time, including the category, source, processing purpose, processing
method, storage period and sharing status of the information we collect. You have the right
to understand how we collect, use, store and protect your personal information, and may
request us to provide a copy of your personal information. We commit to processing and
responding to your access request within a reasonable period to ensure that you fully and
timely grasp your personal data.
• Right of Correction: If you find that the personal information we hold is incorrect,
incomplete or has changed, you have the right to request us to correct or supplement the
relevant information in a timely manner. We will verify your correction request and complete
the correction within a reasonable period to ensure that your personal information is
accurate and complete, and avoid adverse effects caused by incorrect information.
• Right of Deletion: You have the right to request us to delete your personal information
within the scope permitted by law, especially when the personal information is no longer
necessary for the purpose of collection or processing, or the processing of personal
information violates laws and regulations. Upon receiving your deletion request, we will
evaluate it in accordance with the law and take corresponding measures within a reasonable
period to ensure that your information is securely deleted or anonymized, unless continued
storage is required by law.
• Right to Restrict Processing: You have the right to request us to restrict the processing of
your personal information under specific circumstances. For example, when you dispute the
accuracy of personal information, or when you object to our processing of personal
information and waiting for verification, you may request to suspend the relevant processing
activities. We will evaluate your request within a reasonable period and restrict processing
during verification or in accordance with the law to protect your rights and interests and
ensure that your information is not improperly used.
• Right to Data Portability: You have the right to request us to provide a structured, universal
and machine-readable copy of your personal information to facilitate your transfer of data to
other service providers. We will process your request within a reasonable period to ensure
that you can obtain and transfer your personal data conveniently and securely, supporting
your information autonomy and choice.
• Right to Withdraw Consent: If you have previously provided personal information based on
consent, you have the right to withdraw such consent at any time. After withdrawal of
consent, we will stop processing personal information based on such consent, but the
withdrawal will not affect the legality of processing activities carried out before the
withdrawal. In addition, withdrawal of consent may affect your use of some service
functions, and we will timely inform you of the relevant impacts and respect your choices.
• Right to Complaint: If you believe that our processing of personal information infringes your
legitimate rights and interests, you have the right to file a complaint with us at any time. We
commit to earnestly accepting and timely investigating and handling your complaint. In
addition, you also have the right to report to the relevant regulatory authorities of Ghana to
seek legal protection and remedies. We encourage you to protect your rights through formal
channels, and we will fully cooperate with the investigation of relevant departments.
• Right to Account Cancellation: You have the right to apply for cancellation of your account
at any time. After account cancellation, we will delete or anonymize your personal
information within the scope permitted by law, unless continued storage is required by law.
You may submit a cancellation request through the contact information provided at the end
of this Privacy Policy, and we will complete the relevant processing within a reasonable
period and timely notify you of the cancellation result. Please understand that account
cancellation may result in your inability to continue to use part or all of our services.
We will do our best to assist you in exercising the above rights to ensure that your personal
information is respected and protected. If you need to exercise relevant rights, please contact us
through the contact information provided at the end of this Policy.
7. How We Process Personal Information of Minors
Our service does not address anyone under the age of 18. We do not knowingly collect
personally identifiable information from anyone under the age of 18. If you are a parent or
guardian and you are aware that your child has provided us with personal data, please contact
us. If we become aware that we have collected personal data from anyone under the age of 18
without verification of parental consent, we take steps to remove that information from our
servers. If you believe we may have information from or about anyone under the age of 18,
please contact us using the information provided in the 'Contact Us' section below.
8. Updates and Notices of This Policy
We may revise this Privacy Policy from time to time according to changes in laws and
regulations, business needs or security requirements. After each revision, we will timely notify
you through in-app announcements, SMS, email or other appropriate methods.
Please check the latest version of the Privacy Policy in time after receiving the update notice. If
you continue to use our products or services, you will be deemed to have agreed to and
accepted the content of the updated Policy.
If you do not agree with the updated content, you have the right to stop using relevant services
and exercise your rights in personal information processing in accordance with the relevant
clauses of this Policy.
We recommend that you regularly pay attention to the updates of this Policy to fully understand
our personal information protection measures and service terms.
9. How to Contact Us
If you have any questions, comments about this Privacy Policy or want to exercise your rights
related to personal information, please contact us through the following ways:
• Email: support@sika-services.com
• Support Office: Suite 204, The Gallery, Lagos Avenue, East Legon, Accra, Ghana
We will reply to your inquiry as soon as possible and assist you in solving relevant problems to
protect your personal information security and rights.