PRC Group Ltd Ghana is the Data Controller for all personal data collected through the GoldPool platform. PRC Group is registered as a Data Controller under Ghana's Data Protection Act 843 (2012) with the Data Protection Commission.
Identity data: Full legal name, date of birth, Ghana Card number, Ghana Card photograph, biometric liveness data (collected via Smile Identity at KYC verification).
Contact data: Email address, phone number, country of residence, mailing address.
Financial data: Investment amounts, pool participation history, payout account details (mobile money number or bank account details), transaction history.
Usage data: Platform login timestamps, dashboard activity, notification interactions.
AML data: Risk scoring data, sanctions screening results, EDD documentation where required.
We use your data for the following purposes: to verify your identity and process KYC as required by AML Act 1044; to manage your investor account and pool participations; to process your payments and payouts via Flutterwave; to communicate with you about your investments, pool status, and platform updates; to comply with our regulatory obligations to the SEC, GoldBod, and the Financial Intelligence Centre; and to conduct AML monitoring as required by law.
All investor personal data and KYC documents are stored on AWS in the af-south-1 (Cape Town) region — chosen for African data residency compliance with Ghana's Data Protection Act 843. Data is encrypted with AES-256 at rest and TLS 1.3 in transit. We do not store data outside Africa. Access to investor data is restricted to authorised PRC Group personnel on a need-to-know basis.
We do not sell your personal data. We do not share your data with third parties for marketing purposes. We share data with the following parties only as required: Smile Identity (for KYC verification); Flutterwave (for payment processing); AWS (for data hosting); our SEC-licensed custodian bank (for escrow management); and regulators (SEC Ghana, GoldBod, Financial Intelligence Centre, Data Protection Commission) when legally required.
We retain investor KYC data for a minimum of 7 years after the end of the investor relationship, as required by AML Act 1044. Transaction records are retained for 10 years. You may request deletion of non-regulatory data at any time — however, KYC and transaction records must be retained for the statutory minimum period regardless of your request.
Under Ghana's Data Protection Act 843, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of data (subject to regulatory retention requirements); object to processing; and lodge a complaint with the Data Protection Commission of Ghana.
To exercise any of these rights, contact: compliance@prcgroup.com.gh. We will respond within 30 days.
GoldPool uses essential cookies only — for session management and security. We do not use advertising, tracking, or analytics cookies. We do not use third-party marketing trackers. Cookie data is not shared with any third party.
For privacy enquiries: compliance@prcgroup.com.gh. Data Protection Commission of Ghana: dataprotection.gov.gh.
Last updated: June 2026.