1. Introduction
Gibson Mayo Financial Services (“GMFS”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information when you visit gibsonmayofinancials.com or use our services.
This policy is published in compliance with:
- Ghana’s Data Protection Act, 2012 (Act 843)
- Nigeria’s Data Protection Act, 2023 (NDPA)
2. Who we are (Data Controller)
Gibson Mayo Financial Services
Gibson Mayo Financial Services
Accra, Ghana
Email: info@gibsonmayofinancials.com
Data Controller contact: Mbamti Gibson Mayo, Founder
3. What information we collect
We collect personal information that you voluntarily provide when:
- Filling in our contact form: name, email address, subject, message
- Registering for events or webinars: name, email, location, your responses to event-specific questions
- Subscribing to our newsletter: name, email
- Booking a consultation via Calendly: name, email, scheduling preferences (collected by Calendly under their own privacy policy)
- Engaging our paid services: business information, financial records, transaction data, only as required to deliver the service
We also collect limited automatic information when you visit our site: approximate location (country / city level only), device type, browser type, referring page, pages visited, and time on page. We use Plausible Analytics for this. It does not use cookies and does not track you across other sites.
4. What we do not collect
GMFS does not:
- Use tracking cookies or advertising cookies
- Build behavioural profiles of visitors
- Sell your data to third parties
- Use your data to train AI models
- Share your data with advertisers
5. How we use your information
- Respond to your enquiry or message
- Deliver the service you’ve engaged us to provide
- Send the newsletter or event communications you’ve subscribed to
- Issue invoices and process payments
- Comply with our tax, accounting, and legal obligations
- Improve the website and services we offer
6. Lawful basis for processing
Under Ghana’s Data Protection Act and Nigeria’s NDPA, we rely on the following lawful bases:
- Consent — when you fill in a form or subscribe
- Contract — when you engage our services
- Legal obligation — when we must keep records for tax or audit purposes
- Legitimate interest — for site analytics and improving our services
7. Sharing your data
We share personal information only with:
- Service providers we use to operate our business: Brevo (email and CRM), Calendly (consultation booking), Vercel (website hosting), Plausible (analytics)
- Legal authorities — if required by Ghanaian or Nigerian law
- Professional advisors — accountants, lawyers, and auditors as needed
We do not sell, rent, or trade your personal information.
8. Data retention
- Contact form submissions: 24 months from last contact
- Newsletter subscribers: until you unsubscribe
- Event registrations: 24 months after the event
- Client business records: 6 years from end of engagement (tax law requirement)
- Marketing analytics: Plausible aggregates data, no individual records retained
9. Your rights
Under Ghana’s DPA and Nigeria’s NDPA, you have the right to:
- Access the personal information we hold about you
- Rectify inaccurate information
- Erase your personal information (subject to legal retention requirements)
- Restrict how we process your information
- Object to processing in certain circumstances
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, email info@gibsonmayofinancials.com with the subject line “Data Request”. We respond within 30 days.
10. International transfers
Some of our service providers (e.g. Brevo, Vercel) are based outside Ghana and Nigeria. When we transfer your data internationally, we ensure appropriate safeguards are in place, typically through the provider’s adherence to standard contractual clauses or equivalent regulatory frameworks.
11. Security
- HTTPS encryption on all site traffic
- Secure password practices and two-factor authentication on all admin accounts
- Limited access to personal information (only staff who need it for their role)
- Regular software updates and security patches
- No storage of payment card information (handled by external payment processors)
We cannot guarantee absolute security online, but we take reasonable steps to protect what you share with us.
12. Children’s privacy
Our services are not directed to children under 18. We do not knowingly collect personal information from anyone under 18.
13. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent version. Material changes will be communicated via email to active clients and newsletter subscribers.
14. Complaints
If you believe we’ve handled your personal information improperly, please contact us first at info@gibsonmayofinancials.com so we can resolve the issue. If you remain unsatisfied, you can lodge a complaint with:
- Ghana: Data Protection Commission of Ghana, dataprotection.org.gh
- Nigeria: Nigeria Data Protection Commission, ndpc.gov.ng