Legal
Data Protection
Compliance with the Ghana Data Protection Act 2012 (Act 843)
Our Commitment
Sankorra processes personal data in accordance with the Ghana Data Protection Act 2012 (Act 843) and the directives of the Ghana Data Protection Commission (DPC). We respect the privacy of every individual whose information passes through our platform — whether they are funeral home staff, family members of the deceased, or members of the public interacting with our services.
Our registration as a data controller with the Ghana Data Protection Commission is currently in progress. This page will be updated with our DPC registration number once issued.
Data Controller and Data Processor
Under Act 843, Sankorra acts in two capacities:
- Data Controller — for personal data we collect directly from you (account registration, billing, support requests, and website visitors).
- Data Processor — for personal data that our customers (funeral homes, mortuaries, and regulators) enter into the platform about cases, families, and staff. The customer is the controller of that data; Sankorra processes it strictly on their instructions.
Data Protection Principles
We process personal data in line with the eight principles set out in section 17 of the Act:
- Accountability
- Lawfulness of processing
- Specification of purpose
- Compatibility of further processing with the purpose of collection
- Quality of information
- Openness
- Data security safeguards
- Data subject participation
Lawful Bases for Processing
We rely on the following lawful bases under section 20 of the Act:
Contract
Processing necessary to deliver the services you have signed up for, including authentication, billing, and customer support.
Legal Obligation
Processing required by Ghanaian law — for example, retention of financial records, regulatory reporting to relevant authorities, or response to lawful requests.
Legitimate Interest
Processing for operating, securing, and improving the platform, balanced against the rights and freedoms of data subjects.
Consent
Where you have given specific, informed consent — for example, marketing communications or optional analytics.
Your Rights as a Data Subject
The Act gives every data subject the following rights, which we honour for any individual whose data we hold:
Right to Access
Request confirmation of whether we hold data about you and a copy of that data.
Right to Correction
Request correction of personal data that is inaccurate, misleading, or out of date.
Right to Erasure
Request destruction or deletion of personal data we are no longer authorised to retain.
Right to Object
Object to processing that is likely to cause unwarranted damage or distress, including direct marketing.
Right to Withdraw Consent
Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Right Regarding Automated Decisions
Not be subject to a decision that significantly affects you based solely on automated processing.
Right to Lodge a Complaint
Submit a complaint to the Ghana Data Protection Commission if you believe your rights have been infringed.
Cross-Border Transfers
Our infrastructure providers operate from data centres outside Ghana. Where personal data is transferred outside Ghana, we rely on providers that maintain a level of data protection at least equivalent to that required by Act 843, supported by contractual data-processing terms and recognised security certifications such as SOC 2 Type II.
Breach Notification
In the event of a personal-data breach, we will notify the Ghana Data Protection Commission and any affected individuals as soon as practicable after confirming the incident, in line with our obligations under the Act. Notifications include the nature of the breach, the data and individuals impacted, the steps we have taken to contain it, and the actions we recommend.
Data Protection Contact
For privacy questions, requests to exercise your rights, or to report a concern, contact us at:
We aim to respond to verified data-subject requests within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Ghana Data Protection Commission.
For Our Customers (Facilities)
If you are a Sankorra customer processing personal data through our platform, we provide:
- A Data Processing Agreement (DPA) for your records
- Tools to help you respond to data-subject requests within your facility's data
- Documentation of the technical and organisational measures we apply on your behalf
Email compliance@sankorra.com to request these documents.