Privacy Policy – CISS GH Corporation

Effective Date: July 1st, 2025

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information when you interact with our websites, services, platforms, or communications.

This policy is aligned with global data protection standards, including:

• General Data Protection Regulation (GDPR) – European Union & United Kingdom
• California Consumer Privacy Act (CCPA) & CPRA – United States
• Nigeria Data Protection Regulation (NDPR)
• Data Protection Act 2012 – Ghana

Personal Data We Collect

We collect several different types of information for various purposes to improve our services to you. These are:

• Personal Information. We may collect personal information that can be used to identify you directly or indirectly. This may include your contact information like your name, email address, postal address, and phone number.

• Usage Data. We may collect and use your IP address for security and location purposes. Other usage data may include pages visited, cookies, and browser type.

• Financial data. billing info, payment details (via third-party processors)

• Business data: company name, job title, services requested

How We Use / Handle Your Data

We use your data for legitimate business purposes including:

• Providing and maintaining our services
• Creating and managing accounts or contracts
• Processing invoices and payments
• Communication - sending updates, notifications, or support messages
• Improving our platforms, content, and user experience
• Conducting investigation during security issues
• Ensuring legal compliance and protecting our rights

We do not sell your personal data. CISS only process your data when we have a legal basis to do so. You have the right to withdraw your consent at any time.

International Data Transfers: Because we operate globally, your data may be transferred and processed in countries outside your own. Wherever data crosses borders, we ensure adequate safeguards based on various jurisdictions.

Third-Party Access & Data Processors

We work with trusted third-party providers for services such as hosting, email delivery, analytics, and payments. We never sell or rent personal data. Any data shared with processors is limited to the minimum necessary and subject to contractual protection.

Data Security

We apply strong technical and organizational measures to safeguard your data. Please read our "Data Protection and Privacy" document for more information.

Children’s Data

CISS services are not designed for individuals under the age of 16. We do not knowingly collect or store data from minors without verifiable parental or guardian consent in compliance with applicable child protection laws.

Inactive User Policy

This policy is specifically for CISS community Portal. If there is no user login activity for about 3-12 months, we consider the account as inactive. We may send an email notification to the inactive user's registered email address, informing them about their inactive status and the potential deletion of their account.

We will provide a grace period of 1 month for the user to reactivate their account by logging in or performing any action on the services. After the grace period, we may delete the inactive user's account and associated data. However, we may anonymize certain non-personal data for analytical purposes.

Updates to This Privacy Policy

CISS reserves the right to modify this privacy policy document as necessary, with prior notice to active clients. We may update this document at any time and notify you when this happens.

• Your continued use of our services following the posting of our revised document means that you accept and agree to the changes

• You are responsible for checking document periodically after updates and notification.