Privacy Policy for Stallion Trust & Administration Company Limited

Last updated: August 20, 2025

This Privacy Policy describes our policies and procedures on the collection, use, and disclosure of your information when you use our services, including our website, pension administration portal, and related offerings. It informs you about your privacy rights and how the law protects you, in compliance with the Data Protection Act 2012 (Act 843) of Ghana and other applicable regulations, such as the National Pensions Act 2008 (Act 766).

We use your personal data to provide and improve our pension trusteeship and administration services. By using our services, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

Words with initial capital letters have meanings defined under the following conditions. These definitions apply regardless of singular or plural form.

Definitions

For the purposes of this Privacy Policy:

– Account means a unique account created for you to access our services, such as the Stallion Pension Portal for members or employers.

– Affiliate means an entity that controls, is controlled by, or is under common control with us, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.

– Company (referred to as “the Company”, “We”, “Us”, or “Our”) refers to Stallion Trust & Administration Company Limited, 3rd Floor, Gulf House, Tetteh Quarshie Interchange, Accra, Ghana.

– Cookies are small files placed on your computer, mobile device, or other device by a website, containing details of your browsing history on that website among other uses.

– Country refers to: Ghana.

– Device means any device that can access our services, such as a computer, cellphone, or digital tablet.

– Personal Data is any information that relates to an identified or identifiable individual, including sensitive personal data as defined under the Data Protection Act 2012.

– Service refers to our website, pension administration portal, and related pension trusteeship, administration, and consultancy services.

– Service Provider means any natural or legal person who processes data on our behalf, such as custodians, investment managers, auditors, or IT providers.

– Usage Data refers to data collected automatically, either generated by the use of our services or from the service infrastructure (e.g., duration of a page visit).

– Website refers to Stallion Trust & Administration, accessible from https://new.stalliontrust.com.gh/.

– You means the individual accessing or using our services, or the company, employer, or other legal entity on behalf of which such individual is accessing or using the services.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using our services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you, or to administer your pension scheme. This may include, but is not limited to:

– Identity Data: First name, last name, national ID number, passport number, date of birth, gender, marital status, and beneficiary details.

– Contact Data: Email address, phone number, postal address.

– Employment and Financial Data: Employer details, employment history, salary information, contribution records, bank account details, tax information, and other financial statements.

– Sensitive Data: In limited cases, health-related information (e.g., for disability benefits) or biometric data for verification, processed only with your explicit consent or as required by law.

– Other Data: Any additional information you provide in relation to pension schemes, such as preferences for investment options or retirement planning details.

We collect this data through direct interactions (e.g., when you sign up for a pension scheme, register an account, submit forms, or communicate with us), from your employer (for occupational schemes), automated technologies, or third parties (e.g., National Pensions Regulatory Authority (NPRA), credit reference bureaus, or government registries like the National Identification Authority).

Usage Data

Usage Data is collected automatically when using our services.

This may include your Device’s IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, unique device identifiers, and other diagnostic data.

When accessing via a mobile device, we may collect device type, unique ID, IP address, operating system, browser type, and other diagnostic data.

We may also collect information your browser sends when visiting our website or accessing services via mobile.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track activity and store information. Technologies include beacons, tags, and scripts to collect and track data for improving and analyzing our services.

– Cookies or Browser Cookies: Small files on your Device. You can refuse Cookies via browser settings, but this may limit service functionality.

– Web Beacons: Electronic files in services or emails to count visits, track email opens, and gather statistics.

We use Session Cookies (deleted on browser close) and Persistent Cookies (remain until deleted).

Cookies we use:

– Necessary/Essential Cookies: Administered by us; essential for service provision, authentication, and fraud prevention.

– Functionality Cookies: Administered by us; remember preferences like login details for a personalized experience.

For more on cookies, see our Cookies Policy section below.

Use of Your Personal Data

We may use Personal Data for:

– Providing and Maintaining Services: Administering pension schemes, processing contributions, managing investments, and providing actuarial and consultancy services under the National Pensions Act 2008.

– Managing Your Account: Handling registration and access to functionalities like the pension portal.

– Performance of Contracts: Fulfilling obligations in pension arrangements, including stand-alone or multi-trust schemes.

– Contacting You: Via email, phone, SMS, or other means for updates on your scheme, regulatory changes, or service-related communications.

– Compliance and Reporting: Meeting legal obligations under the Data Protection Act 2012, National Pensions Act 2008, and NPRA requirements, including reporting and audits.

– Providing Information: News, updates on pension solutions, or similar services you’ve enquired about, unless you opt out.

– Managing Requests: Attending to your inquiries or complaints.

– Business Transfers: Evaluating mergers, sales, or transfers where Personal Data is an asset.

– Other Purposes: Data analysis for trends, improving services, risk management, and ensuring efficient administration with our low administrator-to-member ratio.

We process Personal Data based on:

– Your consent (where required).

– Necessity for contract performance.

– Legal obligations (e.g., NPRA compliance).

– Legitimate interests (e.g., service improvement, fraud prevention).

We may share your Personal Data:

– With Service Providers: For administration, custody, investment, or analysis.

– With Affiliates: Including parent or related companies, requiring them to honor this policy.

– With Regulators: Such as NPRA, tax authorities, or auditors.

– With Employers: For occupational schemes, sharing necessary scheme details.

– With Business Partners: For joint services, with your consent.

– In Public Areas: If you interact publicly (e.g., forums, if applicable), information may be viewed by others.

– With Your Consent: For any other purpose.

– For Legal Reasons: To comply with laws, protect rights, prevent wrongdoing, or ensure safety.

Retention of Your Personal Data

We retain Personal Data as long as necessary for the purposes outlined, including compliance with legal obligations (e.g., minimum 7 years post-relationship under financial regulations). Usage Data is retained shorter for analysis, unless needed for security or legal reasons.

Transfer of Your Personal Data

Your data is processed in Ghana. If transferred outside (rarely), we ensure adequate protections under the Data Protection Act 2012, such as contractual safeguards.

Your Rights Regarding Personal Data

Under the Data Protection Act 2012, you have rights to:

– Access, correct, or update your data.

– Object to processing or request restriction.

– Request deletion (subject to legal retention requirements).

– Data portability.

– Withdraw consent (where applicable).

Disclosure of Your Personal Data

– Business Transactions: Data may transfer in mergers/acquisitions, with notice.

– Law Enforcement: Disclosure if required by law or authorities.

– Other Requirements: To comply with obligations, protect rights, prevent wrongdoing, or ensure safety.

Security of Your Personal Data

We use commercially acceptable measures, including our state-of-the-art pension administration system, to protect data. However, no method is 100% secure. We limit access to authorized personnel and comply with best practices.

Children’s Privacy

Our services are not for those under 18 (pension schemes typically involve adults). We do not knowingly collect data from minors without parental consent. If aware, we remove such data.

Links to Other Websites

Our services may link to third-party sites. We advise reviewing their policies; we have no control over them.

Changes to this Privacy Policy

We may update this policy, notifying via email, website notice, or portal. Changes effective when posted; review periodically.

Cookies Policy

We use cookies for essential functions, functionality, and analysis. Manage preferences via browser settings. No third-party advertising cookies are used.

Contact Us

For questions or to exercise rights:

– Email: enquiries@stalliontrust.net

– Website: https://new.stalliontrust.com.gh/contact-us/

– Phone: +233 (0) 30 250 7000 | Mobile No.: +233 (0) 50 684 3190

– Data Protection Contact: Write to our Data Protection Officer at the above address.

We are registered with the Data Protection Commission as required.