HOMEABOUTSERVICESFAQPORTFOLIOPLANT SHOPCONTACT
Book a Walkthrough
Legal

Privacy Policy

Last updated: December 8, 2024

Introduction

Hyssop & Cedar ("we," "our," or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy complies with the Ghana Data Protection Act, 2012 (Act 843) and the European Union General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

1.1 Personal Information

When you use our services or contact us, we may collect:

  • Name and contact details (email, phone number, address)
  • Company name and business information
  • Project details and service preferences
  • Communication history and correspondence
  • Payment and billing information

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and device information
  • Browser type and operating system
  • Pages visited and time spent on our site
  • Referring website addresses

2. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide landscaping and horticultural services
  • Communication: To respond to inquiries and provide customer support
  • Project Management: To plan, execute, and maintain your landscape projects
  • Billing: To process payments and manage invoicing
  • Marketing: To send you information about our services (with your consent)
  • Legal Compliance: To comply with legal obligations and regulatory requirements
  • Website Improvement: To analyze usage and improve our digital services

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract Performance: Processing necessary for service delivery
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate Interests: For business operations and service improvement
  • Legal Obligation: To comply with Ghana and international laws

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service Providers: Plant suppliers, contractors, and maintenance teams
  • Payment Processors: For secure transaction processing
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In case of merger, acquisition, or asset sale

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Secure server infrastructure with encryption
  • Access controls and authentication requirements
  • Regular security audits and updates
  • Staff training on data protection practices
  • Secure backup and recovery procedures

6. Your Rights

Under Ghana's Data Protection Act and GDPR, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of data processing
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time
  • Lodge a Complaint: File a complaint with the Data Protection Commission (Ghana)

To exercise any of these rights, please contact us at privacy@hyssopandcedar.africa

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Generally:

  • Customer data: Duration of business relationship plus 7 years for legal/tax purposes
  • Marketing data: Until consent is withdrawn or 2 years of inactivity
  • Website analytics: 14 months
  • Communication records: 3 years

8. International Data Transfers

Your data is primarily stored and processed in Ghana. If we transfer data outside Ghana or the European Economic Area, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Explicit consent for specific transfers where required

9. Cookies and Tracking

Our website uses cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Help us understand how visitors use our site
  • Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the new policy on our website with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your data protection rights, contact us:

Data Protection Officer: Hyssop & Cedar

Email: privacy@hyssopandcedar.africa

Address: Accra, Ghana

Data Protection Commission (Ghana):
If you are not satisfied with our response, you may lodge a complaint with the Data Protection Commission of Ghana at www.dataprotection.org.gh

Compliance: This Privacy Policy complies with the Ghana Data Protection Act, 2012 (Act 843), the Data Protection Commission (Ghana) regulations, and the European Union General Data Protection Regulation (GDPR) for data subjects in the EU/EEA.