Legal

Privacy Policy

Last updated: January 1, 2025

Identra Technologies Bureau LTD ("ITB", "we", "us", or "our") operates identity, verification, and intelligence infrastructure services (the "Platform").

This Privacy Policy explains how ITB collects, uses, processes, and protects personal data when you access or interact with the Platform, including any public-facing forms, institutional services, or verification workflows.

1. Scope of This Policy

This Privacy Policy applies to:

  • Individuals who submit data through ITB public interfaces
  • Individuals whose data is processed as part of institutional verification workflows
  • Authorised users of the Platform acting on behalf of institutions

The Platform is primarily an institutional system, and personal data may be processed on behalf of approved organisations.

2. Information We Collect

ITB may collect and process the following categories of data:

Personal Data

  • Full name
  • Date of birth
  • National identification numbers
  • Nationality
  • Email address
  • Phone number

Biometric Data

  • Facial images (submitted or captured)
  • Facial recognition templates (embeddings derived from images)

Document Data

  • Identity document images (e.g. national ID, driver's licence)

Vehicle Data

  • Licence plate numbers
  • Vehicle registration details
  • Vehicle identification numbers (VIN)

Usage and Technical Data

  • IP address
  • Device and browser information
  • Access timestamps
  • Platform interaction logs

Operational Data

  • Verification queries
  • Results and confidence scores
  • Audit logs and system activity records

3. How We Use Data

ITB processes personal data for the following purposes:

  • To provide and operate the Platform
  • To perform identity verification and validation
  • To support biometric matching and recognition workflows
  • To deliver vehicle and mobility intelligence services
  • To detect and prevent fraud and misuse
  • To maintain system security, monitoring, and auditability
  • To comply with legal and regulatory obligations
  • To support authorised institutional operations

4. Legal Basis for Processing

ITB processes personal data under the Data Protection Act, 2012 (Act 843) on the following bases:

  • Consent — where individuals voluntarily provide data (e.g. enrollment or public forms)
  • Legitimate interest — for authorised institutional verification, fraud detection, and system integrity
  • Legal obligation — where processing is required by law or regulatory authority
  • Vital interests — where processing is necessary to protect individuals or public safety

5. Biometric Data

Biometric data is treated as sensitive personal data and subject to enhanced safeguards. ITB applies the following principles:

  • Biometric data is collected only with explicit consent or lawful institutional authority
  • Facial recognition outputs are probabilistic and provided as decision-support tools
  • Biometric templates are securely stored and protected using industry-standard encryption
  • Access is restricted to authorised and authenticated personnel
  • Biometric data is not sold or disclosed to third parties without lawful basis

6. Data Sharing and Disclosure

ITB does not sell personal data.

Data may be disclosed:

  • To authorised institutions using the Platform, within their approved access scope
  • To service providers acting on behalf of ITB (e.g. cloud infrastructure providers), under strict confidentiality obligations
  • To regulatory or law enforcement authorities where required by law
  • Where necessary to protect the rights, safety, or integrity of individuals or systems

All third-party access is governed by contractual and security controls.

7. Data Security

ITB implements technical and organisational measures designed to protect personal data, including:

  • Encryption of data in transit (TLS) and at rest (AES-256 or equivalent)
  • Role-based access control and authentication mechanisms
  • Audit logging of system access and activity
  • Secure infrastructure hosted on enterprise-grade cloud platforms
  • Secure handling of credentials through dedicated secret management systems

While ITB applies strong safeguards, no system can guarantee absolute security.

8. Data Retention

ITB retains personal data only for as long as necessary for the purposes for which it was collected, or as required by law or institutional agreements.

Retention practices include:

  • Enrollment data retained for operational and compliance purposes
  • Verification logs retained for audit and security monitoring
  • Biometric data subject to periodic review and deletion where appropriate
  • Data deleted or anonymised when no longer required

9. Your Rights

Under the Data Protection Act, 2012, you have the right to:

  • Request access to your personal data
  • Request correction of inaccurate data
  • Request deletion where there is no lawful basis for continued processing
  • Object to certain forms of processing
  • Withdraw consent where processing is based on consent

Requests can be made via the contact details below. ITB will respond within applicable legal timeframes.

10. International Data Transfers

ITB processes data using secure infrastructure with defined access and residency controls.

Where data is transferred across jurisdictions, ITB ensures that appropriate safeguards and lawful bases are in place in accordance with applicable data protection laws.

11. Changes to This Policy

ITB may update this Privacy Policy from time to time. Updates will be published on this page with a revised effective date.

Users are encouraged to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or your data, please contact:

Data Protection Officer

Identra Technologies Bureau LTD

RC No. CS176530725

Accra, Ghana

identratech.com/contact