Privacy Policy

Effective Date: 22 August, 2022

Last Updated: 23 October, 2025

Company: 3M Novelty Limited

Website: https://palegoldenrod-bear-405374.hostingersite.com

In Short

We collect limited personal information to operate OneCedi®, provide support, process subscriptions, and improve our platform.

If you use OneCedi® as a business, you control the data you enter into the system. We process that data only to provide the Service and maintain system security.

We do not sell personal data.

We implement reasonable technical safeguards to protect information and align our practices with the Ghana Data Protection Act, 2012 (Act 843) and internationally recognized data protection principles, including those reflected in the GDPR.

You may request access, correction, or deletion of your personal data by contacting us at
legal@palegoldenrod-bear-405374.hostingersite.com.

1. Introduction

This Privacy Policy explains how 3M Novelty Limited (“OneCedi®,” “Company,” “we,” “us,” or “our”) collects, uses, stores, protects, and discloses personal information when you access or use the OneCedi® platform, including our web application, desktop interfaces, mobile applications, integrations, and related services (collectively, the “Service”).

We are committed to protecting your privacy and handling your data transparently and responsibly. By accessing or using OneCedi®, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with this Policy, you must not use the Service.

2. Scope of This Policy

This Privacy Policy applies to:

Business owners and administrators who create accounts
Employees and staff users added to accounts
Customers whose data is processed through the platform
Website visitors
Prospective customers
Individuals interacting with our support, marketing, or communications

This Policy governs personal data processed by OneCedi® in its capacity as:

Data Controller (for account, billing, and website information)
Data Processor (for business data entered by customers into the platform)

It does not apply to third-party services or websites that integrate with OneCedi® but operate under their own privacy policies.

3. Definitions

For the purposes of this Privacy Policy:

Personal Data means any information that identifies or can identify an individual.
Business Data means operational or transactional information entered into the system by customers.
Processing means collecting, storing, using, modifying, transmitting, or deleting data.
Data Controller means the entity that determines the purpose and means of processing personal data.
Data Processor means the entity that processes data on behalf of a controller.

4. Information We Collect

We collect different categories of information depending on how you interact with the Service.

4.1 Account and Registration Information

When you create an account, we may collect:

Full name
Business name
Email address
Phone number
Physical business address
Industry type
Tax identification number (if provided)
Password (encrypted and securely stored)
Role designation (Owner, Administrator, Staff)

4.2 Billing and Payment Information

When subscribing to paid plans or purchasing SMS credits, we may collect:

Billing name
Billing address
Transaction history
Subscription details
Invoice records
Payment method details (processed via third-party providers such as Paystack)

Important: OneCedi® does not store full credit card details. Payments are processed securely through certified third-party payment providers.

4.3 Business and Operational Data (Customer Data)

As part of using the Service, customers may input:

Customer names
Customer phone numbers
Customer email addresses
Transaction records
Invoices
Inventory records
Supplier information
Employee data
Financial records
SMS recipient lists
Uploaded documents

This data belongs to the customer. OneCedi® processes this information solely to provide the Service.

4.4 Website and Usage Data

When you visit our website or use the platform, we may automatically collect:

IP address
Device type
Operating system
Browser type
Referring URL
Time zone
Access timestamps
Pages viewed
Click activity
Session duration

This information helps us improve performance, security, and user experience.

4.5 Communications Data

If you contact us via:

Email
WhatsApp
Phone
Website forms
Live chat (if available)

We may retain:

Communication records
Support tickets
Feedback
Attachments you send

4.6 SMS Program Data

If you use transactional SMS features, we may collect:

Recipient phone numbers
Message content
Delivery status reports
Opt-in and opt-out records
Timestamp logs

SMS data is processed through third-party providers and subject to their infrastructure and limitations.

5. How We Collect Information

We collect data through:

Direct user input (registration forms, profile setup, subscription)
Customer data uploads and imports
Automated technologies (cookies, analytics tools, server logs)
Third-party integrations (WooCommerce, Paystack, SMS providers)
Support communications
System monitoring tools for security and performance

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Authenticate users
Maintain sessions
Improve performance
Analyze usage trends
Enhance security
Deliver relevant communications

You may disable cookies in your browser settings, but doing so may affect platform functionality.

We may use:

Essential cookies
Performance cookies
Analytics cookies
Security monitoring tools

Third-party analytics providers may collect usage data in accordance with their own policies.

7. Legal Basis for Processing

We process personal data in accordance with:

Ghana Data Protection Act, 2012 (Act 843)
International best practices, including principles reflected in the EU General Data Protection Regulation (GDPR)

Our lawful bases for processing include:

Performance of a contract
Compliance with legal obligations
Legitimate business interests
User consent where required
Protection of vital interests

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

8. How We Use Personal Data

We use personal data to:

Provide, operate, and maintain the Service
Authenticate and manage user accounts
Process subscriptions and payments
Send invoices, transactional messages, and system notifications
Provide customer support
Improve functionality and user experience
Monitor performance, detect fraud, and ensure system integrity
Comply with legal and regulatory obligations

We do not sell personal data to third parties.

9. Data Sharing and Disclosure

We may share personal data only where necessary and under appropriate safeguards with:

Payment processors (e.g., Paystack)
SMS and messaging service providers
Cloud hosting and infrastructure providers
Analytics and monitoring services
Professional advisers (legal, accounting, compliance)
Regulatory authorities where required by law

All service providers are required to implement appropriate technical and organizational security measures.

10. International Data Transfers

Personal data may be processed outside Ghana where our infrastructure or service providers operate.

Where cross-border transfers occur, we ensure:

Transfers are permitted under Act 843
Appropriate safeguards are implemented
Contractual protections are in place where necessary

11. Data Retention

We retain personal data only for as long as necessary to:

Provide the Service
Comply with legal obligations
Resolve disputes
Enforce agreements

Upon account termination:

Data may be retained for up to 90 days for administrative and recovery purposes
After this period, data may be permanently deleted or anonymized

Customers are responsible for exporting their data before termination.

12. Security Measures

We implement reasonable technical and organizational safeguards, including:

SSL encryption
Secure server infrastructure
Role-based access controls
Password encryption
System logging and monitoring

While we take appropriate measures, no method of transmission or storage is completely secure.

13. Data Subject Rights

Under the Ghana Data Protection Act and aligned GDPR principles, individuals may have the right to:

Request access to personal data
Request correction of inaccurate data
Request deletion (where legally permissible)
Restrict processing
Object to processing
Request data portability
Withdraw consent

Requests may be submitted to: legal@palegoldenrod-bear-405374.hostingersite.com

We may require identity verification before fulfilling such requests.

14. Children’s Privacy

OneCedi® is not intended for individuals under the age of 18.

We do not knowingly collect personal data from minors. If we become aware of such data, we will take appropriate steps to delete it.

15. Data Breach Notification

In the event of a data breach that poses a risk to individual rights, we will:

Investigate promptly
Mitigate potential harm
Notify affected users where required
Report to relevant authorities where legally mandated

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our practices.

The “Last Updated” date at the top of this page will indicate the latest revision. Continued use of the Service after updates constitutes acceptance of the revised policy.

17. Data Protection Contact

For questions regarding this Privacy Policy or data protection matters, you may contact:

3M Novelty Limited
Email: legal@palegoldenrod-bear-405374.hostingersite.com

We comply with the Ghana Data Protection Act, 2012 (Act 843) and align our practices with internationally recognized data protection standards, including key principles reflected in the EU General Data Protection Regulation (GDPR).

18. Automated Decision-Making

OneCedi® does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Where automated system processes are used (such as fraud detection or transaction validation), such processes are designed to protect system integrity and are subject to appropriate oversight.

19. Complaints and Regulatory Authority

If you believe your data protection rights have been violated, please contact us first so we can address your concerns promptly.

You may also lodge a complaint with:

Ghana Data Protection Commission
https://www.dataprotection.org.gh

If you are located in the European Union, you may also lodge a complaint with your local supervisory authority.

20. Third-Party Services and Integrations

OneCedi® may integrate with or connect to third-party services (for example payment processors, SMS providers, and e-commerce platforms).
Where you enable an integration, data may be shared with that provider to perform the requested service.

Third-party services operate under their own policies and terms. We encourage you to review their privacy policies before enabling integrations.

21. Subprocessors

To deliver the Service, we may use third-party vendors (“subprocessors”) for functions such as hosting, payment processing, messaging, analytics, and customer support.

We require subprocessors to implement appropriate safeguards and to process data only for authorized purposes.

22. Cookies and Similar Technologies

We use cookies and similar technologies to help the Service function, improve performance, and enhance security.

Types of cookies we may use include:

Essential cookies (required for login, sessions, and core functionality)
Performance cookies (to understand how users interact with the Service)
Security cookies (to protect accounts, detect abuse, and maintain platform integrity)

You can control cookies through your browser settings. Disabling certain cookies may affect functionality.

23. Marketing Communications

We may send product updates, service announcements, and marketing communications where permitted by law.

You can opt out of marketing emails at any time by using the unsubscribe link included in our messages or by contacting us.

Service and security notifications (such as login alerts, billing notices, and system messages) are not marketing and may still be sent when necessary.

24. Account Administrators and Staff Access

Business accounts may allow administrators to add staff users and manage permissions. Administrators may have access to business data and account settings, including user access controls.

If you are a staff user, your access and visibility within the account are determined by the account administrator.

25. Your Responsibilities

You are responsible for maintaining the confidentiality of your login credentials and for using the Service in a secure manner.

We recommend:

Using strong, unique passwords
Keeping devices and browsers updated
Restricting access to authorized staff only
Reviewing user permissions regularly

26. “Do Not Track” Signals

Some browsers offer a “Do Not Track” feature. Because there is no uniform standard for interpreting these signals, we do not respond to them in a consistent way across all environments.

27. Links to Other Websites

Our website or Service may include links to third-party websites. We are not responsible for the privacy practices of those websites.

We encourage you to review the privacy policies of any third-party sites you visit.

28. How to Contact Us

If you have questions, requests, or concerns about this Privacy Policy, you can contact us at:

3M Novelty Limited
Email: legal@palegoldenrod-bear-405374.hostingersite.com

29. Controller vs. Processor

Depending on the context, OneCedi® may act as either a Data Controller or a Data Processor.

Controller: When we determine how and why personal data is processed (for example, account registration, billing, marketing preferences, and website analytics).
Processor: When we process business and customer data on behalf of our customers, based on their instructions (for example, sales records, customer contact details, invoices, inventory, and reports entered into the platform).

If you are an end-customer of a business using OneCedi®, please contact that business directly for requests about how they use your information.

30. Business Customer Responsibilities

If you are a business using OneCedi®, you are responsible for ensuring that any personal data you collect and input into the Service is handled lawfully, including providing notices to your customers and obtaining any required consents.

You are also responsible for managing user permissions within your account and ensuring that staff access is limited to authorized personnel.

31. Data Export and Portability

Business customers may request export of their business data, subject to account permissions and technical limitations.

Where applicable, we will provide data in a commonly used format to support portability.

32. Support, Diagnostics, and Access to Data

To provide support and troubleshoot issues, we may access limited account information and technical logs.

Where support requires access to business data, we will limit access to what is necessary and only for the purpose of resolving the issue, subject to appropriate safeguards.

33. Public Content and Testimonials

If you provide a testimonial, review, or public comment about OneCedi®, we may use it on our website or marketing materials with your permission.

You may request removal by contacting us at legal@palegoldenrod-bear-405374.hostingersite.com.

34. Law Enforcement and Legal Requests

We may disclose information if required to do so by law, court order, or legal process, or if we believe disclosure is necessary to:

Comply with legal obligations
Protect the security or integrity of the Service
Prevent fraud, abuse, or unlawful activity
Protect our rights, users, or the public

35. Interpretation

If any part of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions will remain in effect.