Data Protection Policy
Last updated: March 2026
1. Data Controller
Benmort Limited, operating as Benmort Connect, is the data controller responsible for the processing of personal data collected through the Platform. Our registered address is in Accra, Ghana. For all data protection inquiries, you may contact our Data Protection Officer at privacy@benmort.net. We are committed to compliance with Ghana's Data Protection Act 2012 (Act 843), the General Data Protection Regulation (GDPR) where applicable, and other relevant data protection laws in jurisdictions where we operate.
2. Legal Basis for Processing
We process personal data based on the following legal grounds: contractual necessity (to provide Platform services you have requested), legitimate interests (to improve our services, prevent fraud, and ensure platform security), legal obligations (to comply with regulatory requirements, particularly for regulated service categories), and consent (for marketing communications and optional data processing activities). For regulated service categories including financial management, legal, and healthcare, additional data processing may be required to meet sector-specific compliance obligations.
3. Data Retention
Personal data is retained for the duration of your active account and for a reasonable period thereafter as required by applicable law. Client engagement records are retained for seven years to comply with financial and legal record-keeping requirements. Professional verification and credential records are retained for the duration of the professional's active status plus five years. Payment and transaction records are retained for seven years in accordance with financial regulations. You may request deletion of your account and associated data at any time, subject to our legal retention obligations.
4. Data Subject Rights
Under applicable data protection legislation, you have the right to: request access to the personal data we hold about you, rectify inaccurate or incomplete data, request erasure of your data (subject to legal retention requirements), restrict processing of your data in certain circumstances, data portability to receive your data in a structured and machine-readable format, object to processing based on legitimate interests, and withdraw consent where processing is based on consent. We will respond to all data subject requests within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Data Protection Commission of Ghana or the relevant supervisory authority in your jurisdiction.