← Back to Home

Cross-border Data Transfer Statement

Last updated: March 1, 2026

1. Overview

Lights of Africa ("the Platform") operates across multiple African countries. This statement explains how we handle the transfer of personal data across national borders in compliance with applicable data protection laws, including the Ghana Data Protection Act, 2012 (Act 843) and other relevant regional frameworks.

2. Data Collection Locations

Personal data may be collected from users located in Ghana and other African countries where the Platform is accessible. Data is collected through:

  • User registration and account creation.
  • Contestant registration and competition participation.
  • Voting activities and live stream interactions.
  • Payment and ticketing transactions.
  • General browsing and Platform usage analytics.

3. Data Processing and Storage

Your personal data may be processed and stored in the following locations:

  • Primary servers: Cloud infrastructure hosted by reputable providers with data centers that may be located outside Ghana.
  • Backup systems: Encrypted backups stored in geographically distributed locations for disaster recovery.
  • Third-party services: Payment processors, email services, and analytics providers that may process data in their respective jurisdictions.

4. Legal Basis for Cross-border Transfers

We transfer data across borders based on the following legal grounds:

  • User consent: By registering on the Platform, you consent to the transfer of your data as described in this statement and our Privacy Policy.
  • Contractual necessity: Transfers necessary to fulfill our service agreement with you (e.g., processing votes, delivering competition results).
  • Legitimate interest: Transfers required for Platform security, fraud prevention, and service improvement.
  • Legal compliance: Transfers required to comply with legal obligations in applicable jurisdictions.

5. Safeguards for International Transfers

We implement the following safeguards when transferring data internationally:

  • Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
  • Access controls: Strict role-based access ensures only authorized personnel can access personal data.
  • Contractual protections: We require all third-party processors to enter into data processing agreements that include adequate data protection obligations.
  • Security audits: Regular security assessments of our infrastructure and third-party providers.
  • Data minimization: We only transfer the minimum amount of data necessary for the intended purpose.

6. Third-party Data Processors

The following categories of third-party processors may receive your data:

  • Cloud hosting providers: For server infrastructure and data storage.
  • Payment processors: For handling financial transactions securely.
  • Communication services: For sending emails, notifications, and SMS.
  • Analytics providers: For understanding Platform usage and improving our services.
  • Content delivery networks: For delivering media content efficiently across regions.

All third-party processors are vetted for compliance with applicable data protection standards.

7. Your Rights Regarding Cross-border Transfers

You have the right to:

  • Request information about where your data is stored and processed.
  • Request a copy of the safeguards in place for international transfers.
  • Object to specific cross-border transfers where legally permitted.
  • Request deletion of your data from all processing locations.
  • Lodge a complaint with the Ghana Data Protection Commission or relevant authority in your jurisdiction.

8. Data Retention and Deletion

Data transferred across borders is subject to the same retention policies as locally stored data. When data is deleted, it is removed from all processing and storage locations, including backups, within a reasonable timeframe (typically within 30 days of the deletion request).

9. Updates to This Statement

We may update this statement to reflect changes in our data processing practices or applicable laws. Material changes will be communicated through the Platform and, where required, with your renewed consent.

10. Contact

For questions about cross-border data transfers: xdfz@equatorlightmedia.com