1. Introduction
Vootely ("Vootely", "we", "us", "our") operates the Vootely Paid-Competition Platform, a digital voting and competition management system accessible at our website. We are committed to protecting the personal data of every individual who interacts with our platform, whether as an event organizer, a voter, a nominee, or a visitor to our website.
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how we protect it, and what rights you have over your data. It applies to all users of the Vootely platform and website.
By registering for or using our platform (including purchasing votes), you acknowledge that you have read and understood this Privacy Policy. If you do not agree with how we handle your personal data, please do not use the platform.
This Privacy Policy complies with the Data Protection Act 2012 (Act 843) of Ghana.
2. Who We Are — Contact Details
Vootely Digital Platforms is the data controller responsible for your personal data.
3. What Personal Data We Collect
3.1 Data collected from Organizers
When an organizer registers an account on the Vootely platform, we collect:
- Full name of the account owner.
- Email address and phone number.
- Organizer type (Student, Company/Organization, Individual).
- Referral source.
- Account credentials (passwords are stored in encrypted form and never readable by Vootely staff).
- Avatar image and custom branding assets if uploaded by the organizer.
- Financial/Billing information (such as bank name, account number, and account holder name) solely to process ledger-backed revenue withdrawals.
3.2 Data collected from Voters (Guest Checkout)
Vootely operates a guest-first voting flow where voters do not need to create accounts. When a voter purchases votes for a nominee, we collect:
- Voter's full name.
- Voter's email address.
- Voter's phone number (used for Paystack checkout and Hubtel-backed payment/vote confirmations).
- Vote details (event name, chosen nominee, purchase quantity, amount paid).
- Payment details (handled securely by our licensed payment partner, Paystack — we do not store credit card numbers or Mobile Money PINs on our servers).
3.3 Data collected from Nominees
Organizers upload details of nominees for their competitions. This data includes:
- Nominee's name and bio.
- Nominee's photo.
- Nominee's assigned vote code and 4-digit USSD shortcode.
3.4 Technical and usage data
When you visit the Vootely website, we automatically collect IP addresses, device types, browser types, page interaction logs, and error diagnostics for platform security and performance audit tracks.
4. Why We Collect Your Data — Legal Basis
We collect and process personal data only for specific, legitimate purposes in accordance with the Data Protection Act 2012 (Act 843).
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing voting services | Organizer details, voter purchases, nominee profiles | Contract performance |
| Processing payment checkouts | Voter name, email, phone number, GHS amount | Contract performance |
| Sending transaction confirmations | Phone number, email | Contract performance / Consent |
| Organizer payout withdrawals | Organizer bank name, account number, wallet ledgers | Contract performance |
| Anti-fraud & Platform audits | IP logs, transaction activity ledgers | Legitimate interest / Legal duty |
5. How We Share Your Data
Vootely does not sell, rent, or trade your personal data to any third party for commercial purposes. We share personal data only in the following limited circumstances:
- With Organizers: Organizers can view reports on their active competitions. This includes lists of successful vote purchases (voter name, email, phone number, votes purchased, and transaction timestamps) to ensure auditing transparency.
- With SMS Service Providers: We share voter and organizer phone numbers with our licensed SMS delivery provider (Hubtel) solely to send transactional confirmations, vote receipts, and withdrawal updates.
- With Payment Processors: Payment details are shared securely with Paystack for the sole purpose of executing the checkout process. Vootely never stores or has access to full card details or Mobile Money PINs.
- With Regulators & Law Enforcement: We disclose personal data where required by Ghanaian law, a valid court order, or regulatory commissions.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described in this policy or as required by Ghanaian law:
- Organizer Account Profile: Retained for the duration of the organizer's active profile plus 2 years after account closure.
- Voter Transaction Records: Retained for 7 years for legal, tax, and regulatory compliance (e.g. under the Revenue Administration Act 2016).
- SMS Delivery Logs: 5 years for telecom regulatory compliance audits.
- Technical Audit Logs: 12 months, then permanently deleted.
7. How We Protect Your Data
Vootely implements strict technical and organizational security measures to protect personal data against unauthorized access, accidental loss, destruction, or disclosure, in accordance with the Cybersecurity Act 2020 (Act 1038) and the Data Protection Act 2012 (Act 843):
- Encryption of all data in transit using HTTPS/TLS protocols.
- Encryption of sensitive database records at rest.
- Secure password hashing using PBKDF2 with a SHA256 signature.
- Role-based access controls for internal administration.
- Full audit logging of all wallet transactions and payout requests.
8. Your Rights Under Ghana's Data Protection Act 2012 (Act 843)
You have the following rights in relation to your personal data held by Vootely:
- Right of access: Request a copy of the personal data we hold about you.
- Right to correction: Request that inaccurate, incomplete, or outdated data be updated.
- Right to erasure: Request deletion of personal data we are not legally obligated to retain.
- Right to lodge a complaint: If you are dissatisfied with how we handle your data, you may lodge a complaint with the Data Protection Commission of Ghana at dataprotection.org.gh.
To exercise these rights, contact us at lovesdesigns1@gmail.com. We will respond to all verified requests within 21 days.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, Vootely will notify the Data Protection Commission within 72 hours, inform affected individuals without undue delay where there is high risk, and maintain detailed logs for regulatory audits.
10. Governing Law
This Privacy Policy is governed by the laws of the Republic of Ghana, including the Data Protection Act 2012 (Act 843), the Electronic Transactions Act 2008 (Act 772), and the Cybersecurity Act 2020 (Act 1038).
