When you sign up for Asoriba online, as part of signup process, payment and member data collection process, we collect the personal information you give us such as your name, address, phone number, bank account and email address. This allows us to provide a better user experience.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us, protect your account from unauthorised IP’s, learn about your browser and operating system to provide better experience.

Email marketing (if applicable): With your permission, we may send you (the creator of the account on Asoriba and not your members) emails about our new features and other updates.

SECTION 3 – CONSENT – Your Church Member’s Data

WE DO NOT OWN YOUR CHURCH DATA. WE DO NOT SEND MESSAGES DIRECTLY TO YOUR MEMBERS WITHOUT YOU OR THEIR EXPLICIT REQUEST AND ACKNOWLEDGEMENT.

When you capture data of your members into Asoriba, such data as with personal information to complete a transaction, verify your credit card, make a donation, arrange for a delivery or return a donation, we imply that you consent to our storing it and protecting it on your behalf.

When an app user joins or follows a church on the mobile app, specific user data which includes phone number, email, first name, last name , profile picture and gender is shared with the church that has been joined. This enables the church to serve the user with information and updates.
When an app user decides to unfollow a church on the mobile app, their data is removed from the church.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection of you or your church members information, at anytime, please contact us at nana@asoriba.com, asoribagh@gmail.com or mailing us at: Gh-Asoriba LTD No. 24 Nii Bu Cresent, Haatso, Ghana Accra Greater Accra Ghana Postal Address: PMB CT 13, Accra Metropolitan, Ghana. Or delete your account instantly from the system.

Deletion of your account will be considered as a withdrawal of your consent.

SECTION 4 – DISCLOSURE

Since we do not own you data, we cannot disclose your church data information if we are required by law. You will bear responsibility of disclosing your church data if it is requested by law.

However, we will disclose your (the creator of the Asoriba account) identity if we are requested by law to do so.

SECTION 4 – Asoriba Hosting

Our software is hosted on Amazon Web Services. They provide us with the online infrastructure platform that allows us to store and give you access to your data in real time over the internet.

Your data is stored through Asoriba’s data storage, databases and the general Asoriba application. We store your data on a secure server behind a firewall.

Payment:

If you choose a direct payment gateway to complete your donation, then Asoriba will not store your credit card data. It will be encrypted through the platform that may apply in your location. Your donation amount and date of payment is stored against your membership data. This is done for any member stored in your church database.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

SECTION 5 – THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave Asoriba’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 6 – SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with member data, the information is encrypted using secure socket layer technology (SSL) and stored with a connection that uses T.L.S 1.2. and the connection is encrypted and authenticated using AED_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

SECTION 7 – COOKIES

Asoriba currently does not use cookies.

SECTION 8 – AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, you are setting up the account for a church or a ministry in the christian body or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

SECTION 9 – DEFINITION OF CHRISTIAN BODY

The church or a ministry in the christian body is a gathering that believe and upholds the entirety of the bible without adulterating or changing parts of it. Asoriba reserves the right not to offer an organization that claims to be a church or ministry in the body of christ, if it does not see it as such.

SECTION 10 – CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our company is acquired or merged with another company, your data may be managed by the new owners in accordance to the privacy policy stated in this document.

SECTION 11 – GDPR

Effective May 25, 2018, the General Data Protection Regulation (GDPR) expands European Union (EU) residents’ (Data Subjects) rights concerning their personal data. ASORIBA stands ready to assist our customers to become or remain compliant with GDPR after this crucial transition. As part of complying with GDPR requirements, we’ve also updated our Privacy Policy effective and fulfilled all GDPR as listed below as of May 26, 2018.

1. 1. Lawful, fair and transparent processing
      Asoriba is to process the personal data in a lawful, fair and transparent manner.Lawful means all processing should be based on a legitimate purpose.
      Fair means companies take responsibility and do not process data for any purpose other than the legitimate purposes.
      Transparent means that companies must inform data subjects about the processing activities on their personal data.
   2. Limitation of purpose, data and storage
      Asoriba is expected to limit the processing, collect only that data which is necessary, and not keep personal data once the processing purpose is completed. This would effectively bring the following requirements:-forbid processing of personal data outside the legitimate purpose for which the personal data was collected
      -mandate that no personal data, other than what is necessary, be requested
      -ask that personal data should be deleted once the legitimate purpose for which it was collected is fulfilled
   3. Data subject rights
      The data subjects have been assigned the right to ask the company what information it has about them, and what the company does with this information. In addition, a data subject has the right to ask for correction, object to processing, lodge a complaint, or even ask for the deletion or transfer of his or her personal data.
   4. Consent
      As and when the company has the intent to process personal data beyond the legitimate purpose for which that data was collected, a clear and explicit consent must be asked from the data subject. Once collected, this consent must be documented, and the data subject is allowed to withdraw his consent at any moment.Also, for the processing of children’s data, GDPR requires explicit consent of the parents (or guardian) if the child’s age is under 16.
   5. Personal data breaches
      Asoriba must maintain a Personal Data Breach Register and, based on severity, the regulator and data subject should be informed within 72 hours of identifying the breach.
      Steps to properly handle a breach according to the GDPR.
   6. Privacy by Design
      Asoriba should incorporate organisational and technical mechanisms to protect personal data in the design of new systems and processes; that is, privacy and protection aspects should be ensured by default.
   7. Data Protection Impact Assessment
      To estimate the impact of changes or new actions, a Data Protection Impact Assessment should be conducted when initiating a new project, change, or product. The Data Protection Impact Assessment is a procedure that needs to be carried out when a significant change is introduced in the processing of personal data. This change could be a new process, or a change to an existing process that alters the way personal data is being processed.
   8. Data transfers
      The controller of personal data has the accountability to ensure that personal data is protected and GDPR requirements respected, even if processing is being done by a third party. This means controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company, to a third party and / or other entity within the same company.
   9. Data Protection Officer
      When there is significant processing of personal data in an organisation, (like what happens in Asoriba,) the organisation should assign a Data Protection Officer. When assigned, the Data Protection Officer would have the responsibility of advising the company about compliance with EU GDPR requirements.
      The role of a Data Protection Officer in light of GDPR.
   10. Awareness and training
       We must create awareness among employees about key GDPR requirements, and conduct regular training to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact your accounts manager at saviour@asoriba.com, asoribagh@gmail.com or by mail at Gh-Asoriba LTD

[Re: Account Manager]
[No. 24 Nii Bu Cresent, Haatso, Ghana Accra Greater Accra Ghana Postal Address: PMB CT 13, Accra Metropolitan, Ghana]

Or call +233249176736