Privacy Policy

This Privacy Policy explains how GSG Brands (“we”, “us”, “our”) collects, uses, shares, and protects personal information (“information”) about visitors, customers, vendors, riders, affiliates, and other people who interact with our Services.

It applies to gsgbrands.com.gh, the related GSG service domains, and every customer-facing channel we operate (WhatsApp, Telegram, email, phone, in-person, and partner channels).

We are committed to compliance with the Data Protection Act, 2012 (Act 843) of the Republic of Ghana, and other applicable Ghanaian and international data-protection laws.

GSG Brands acts as the data controller for the information described in this policy.

• Data protection contact — privacy@gsgbrands.com.gh
• Customer Experience (general) — info@gsgbrands.com.gh
• Postal address — GSG Brands, Accra, Ghana
• Phone — +233 (0) 246 033 792 / +233 (0) 579 033 792

You may also contact our Data Protection Officer via the privacy email above.

We collect information you provide directly, information generated as you use the Services, and limited information from carefully selected third parties.

Identity & contact information

Name, photo or avatar, gender (where you provide it), date of birth (where required), phone number, email address, delivery address, billing address, and alternative contacts.

Account & verification information

Username, password (stored as a salted hash), verification documents where required by law (for example, for higher-value escrow transactions or affiliate payouts), and tax identification numbers where applicable.

Transaction information

Items ordered, sourcing requests, courier waybills, escrow contracts, fees paid, mobile-money references, card BIN data (we do not store full card numbers — these are tokenised by our payment partners), refunds, and chargeback records.

Communications information

Messages you send us via WhatsApp, Telegram, email, phone, and in-app forms, plus call recordings where lawful and disclosed at the start of the call.

Device, log & usage information

IP address, device type, operating system, browser type, language, referring URLs, pages visited, click paths, error logs, and approximate location based on IP. See our Cookie Policy for cookie-specific information.

Location information

Where you provide it (for example, an address you ask us to deliver to, or a live pin shared during a courier handover).

Sensitive information

We do not seek to collect sensitive personal information (such as health, religion, political views, or ethnic origin). Where context requires it (for example, dietary needs for StreetCuisine or a community-support enrolment for GSG-AID), we collect only what is necessary and with your explicit consent.

We use information to:

• create and operate your account;
• process orders, sourcing requests, courier deliveries, and escrow transactions;
• communicate confirmations, dispatch updates, reminders, and customer-support responses;
• run the Affiliates programme and pay affiliate earnings;
• detect, investigate, and prevent fraud, abuse, and security incidents;
• meet legal, tax, and regulatory obligations;
• improve and personalise the Services based on usage patterns;
• contact you with operational service messages and, where you have agreed, with marketing;
• run analytics and produce de-identified statistics.

Under the Data Protection Act, 2012 we rely on the following grounds:

• Performance of a contract — to deliver the Service you have ordered or signed up for.
• Consent — where you have explicitly opted in, for example to marketing communications or precise-location features.
• Legal obligation — to comply with tax, regulatory, and law-enforcement obligations.
• Legitimate interests — to operate, secure, and improve our Services in a way that takes your rights and expectations into account.
• Vital interests / public interest — in rare safety emergencies.

We share information only as necessary and only with parties who are bound to keep it confidential:

• Service providers and processors — for payment, hosting, mapping, SMS, email, analytics, and support tooling, under contracts that require confidentiality and limited use.
• Courier partners and riders — for delivery, pickup, and field support.
• Vendors and shoppers — where required to fulfil your order (for example, sharing your delivery address with the assigned shopper).
• Escrow counterparties — limited identity and order detail necessary to operate Sell-Safe Buy-Safe.
• Group companies — affiliates within the GSG Brands ecosystem, under this same Privacy Policy.
• Regulators, law-enforcement, courts, and other authorities — where compelled by law, or to protect rights, life, or property.
• Successors — in connection with a merger, acquisition, financing, or reorganisation, with appropriate safeguards.

We do not sell your personal information.

Some of our service providers are based outside Ghana. Where information is transferred internationally, we only use providers that adopt appropriate technical and organisational safeguards, and we contractually require ongoing compliance with Ghanaian data-protection standards.

We use cookies and similar technologies (such as pixels and local storage). For details on what we use, why, and how to manage them, please see our Cookie Policy.

We keep information only as long as necessary for the purposes described above, or as required by tax, accounting, or other regulatory law. As a general guide:

• transaction records — up to 6 years to meet legal and accounting obligations;
• support correspondence — up to 24 months after the matter is closed;
• marketing preferences — until you withdraw consent;
• inactive accounts — anonymised or deleted after 24 months of inactivity, on request or by routine review.

We use a combination of administrative, technical, and physical controls to protect information — including encrypted transport (HTTPS), restricted internal access, salted-and-hashed passwords, payment tokenisation, and audit logging. No system is perfectly secure, so we encourage you to use a strong, unique password and to alert us at privacy@gsgbrands.com.gh if you suspect unauthorised access.

Subject to the Data Protection Act, 2012 you have the right to:

• access the information we hold about you;
• request correction of inaccurate or outdated information;
• request deletion where the information is no longer needed and we do not have a compelling legal basis to retain it;
• restrict or object to processing in certain circumstances;
• withdraw consent for processing based on consent — without affecting earlier lawful processing;
• lodge a complaint with Ghana's Data Protection Commission (dataprotection.org.gh) if you believe your rights have been infringed.

To exercise these rights, contact privacy@gsgbrands.com.gh. We may need to verify your identity before acting on a request and will respond within a reasonable period, typically within 30 days.

Our Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact privacy@gsgbrands.com.gh so we can delete it.

We will only send marketing communications where you have agreed to receive them (or where applicable Ghanaian law otherwise allows it). Every marketing message will include a clear way to opt out, such as an unsubscribe link or a “STOP” keyword.

Our platforms may link to third-party sites or services. Their privacy practices are their own; please review their policies before sharing information with them.

We may update this Privacy Policy from time to time. Where the changes are material, we will notify you (for example, by email, banner, or in-app notice) before they take effect.

• General privacy questions — privacy@gsgbrands.com.gh
• General customer support — info@gsgbrands.com.gh
• Phone — +233 (0) 246 033 792 / +233 (0) 579 033 792
• Regulator — Data Protection Commission, Ghana