Skip to main content

Privacy Policy

Effective Date: July 1, 2025

The Ministry of Lands and Natural Resources (MLNR) is committed to protecting the privacy of individuals and their personal data. This Privacy Policy outlines how MLNR collects, uses, discloses, and protects information gathered through our website, in compliance with the Data Protection Act, 2012 (Act 843), the Cybersecurity Act, 2020 (Act 1038) of Ghana, and the Data Dissemination Policy of the Ministry.

1. Introduction and Scope

This Privacy Policy applies to all personal data processed by MLNR through its website. MLNR acts as a data controller for this Policy and is committed to the sustainable management and utilization of Ghana’s lands, forests, wildlife, and mineral resources, while safeguarding user information.

2. Definitions

  • Authority: Cyber Security Authority (Cybersecurity Act, 2020 – Act 1038)

  • Commission: Data Protection Commission (Data Protection Act, 2012 – Act 843)

  • Computer system: Interconnected computers designed for specific functions.

  • Cybersecurity incident: Unauthorized attempts to access or disrupt systems.

  • Data: Information processed automatically or stored.

  • Data controller: Entity determining how personal data is processed (MLNR).

  • Data processor: A non-employee processing data for the controller.

  • Data subject: An individual whose data is collected.

  • Personal data: Identifiable data about an individual.

  • Processing: Any operation related to personal data.

  • Service provider: Public or private entities offering communication/data services.

3. Principles of Data Protection

MLNR adheres to the following data protection principles as outlined in the Data Protection Act, 2012 (Act 843):

  • Accountability MLNR is responsible for complying with these principles.
  • Lawfulness of processing Personal data will be processed lawfully and without infringing on the privacy rights of the data subject.
  • Specification of purpose Data will be collected for specific, explicitly defined, and lawful purposes related to MLNR’s functions.
  • Minimality Only necessary, relevant, and non-excessive personal data will be processed.
  • Compatibility of further processing with purpose of collection Further processing will be compatible with the original purpose of collection unless specific exemptions apply.
  • Quality of information Personal data will be complete, accurate, up-to-date, and not misleading.
  • Openness We are transparent about our data processing practices.
  • Data security safeguards Appropriate technical and organizational measures will be implemented to prevent loss, damage, or unauthorized access/processing of personal data.
  • Data subject participation Individuals have rights regarding their personal data.

4. Information We Collect

MLNR collects information to effectively manage its mandate and provide relevant services. This may include:

  • Personal Identification Information: Name, email address, phone number, and other contact details when voluntarily provided through forms (e.g., contact us, feedback, service requests).
  • Technical Data: IP addresses, browser type, operating system, and Browse activity (pages visited, time spent) collected automatically through website analytics. This helps us improve website functionality and user experience.
  • Location Data: General geographical location derived from IP addresses, used for statistical analysis and service improvement.
  • Land Administration and Mining Activites: Data submitted by users related to land administration, forestry, wildlife, or mining activities, which may include spatial data, property details, and other relevant information necessary for processing applications or inquiries.

5. How We Collect Information

We collect information through:

  • Direct Interactions: When you fill out forms on our website, send us emails, or otherwise communicate with us directly.
  • Automated Technologies or Interactions: As you navigate our website, we may automatically collect Technical Data using cookies and similar technologies.
  • Third-Party Sources: We may receive information from third parties relevant to our functions (e.g., other government agencies) in compliance with applicable laws.

6. How We Use Your Information

The personal data collected by MLNR is used for the following purposes:

  • To provide services: To respond to inquiries, process applications (e.g., land permits, mining licenses), and deliver information related to MLNR’s mandate.
  • For internal administration: To manage and improve our website, enhance user experience, and ensure efficient operation of MLNR’s functions.
  • For communication: To send updates, newsletters, or other relevant information, only with your consent where required.
  • Land Permits
  • For legal and regulatory compliance: To comply with our obligations under the Data Protection Act, 2012 (Act 843) , Cybersecurity Act, 2020 (Act 1038), and other applicable laws and regulations. This includes the prevention or detection of crime and the apprehension or prosecution of offenders.
  • For security purposes: To prevent, manage, and respond to cybersecurity threats and incidents. This includes monitoring cybersecurity threats within and outside the country.
  • For research and development: To support technological advances and research in cybersecurity and MLNR’s core functions.
  • For public awareness and education: To educate the public on matters related to cybercrime and cybersecurity, and MLNR’s mandate.

7. Disclosure of Your Information

MLNR may disclose your personal data in the following circumstances:

  • To other Government Institutions: In compliance with legal requirements or for the purposes of inter-agency cooperation as stipulated in our mandate and relevant laws (e.g., sharing data with the Lands Commission, Forestry Commission, or Minerals Commission for coordinated resource management).
  • To Law Enforcement and Security Agencies: Where required by law or for purposes of national security, prevention or detection of crime, and prosecution of offenders. The Cybersecurity Act, 2020, allows for the application for production orders for subscriber information and interception warrants for traffic and content data for criminal investigations.
  • To Service Providers: To third-party service providers who assist us in operating our website or conducting our business, provided they comply with appropriate data protection and confidentiality obligations.
  • For Legal Proceedings: Where disclosure is required by an enactment, rule of law, or court order.
  • Public Interest: Where disclosure is necessary in the public interest, having regard to the rights, freedoms, or legitimate interests of a person.
  • With Consent: With your explicit consent. We will not sell or offer to sell personal data of another person.

8. Data Retention

MLNR will retain personal data for a period no longer than necessary to achieve the purpose for which it was collected and processed, unless retention is required or authorised by law, reasonably necessary for a lawful purpose, or consented to by the data subject. Records may be retained for historical, statistical, or research purposes, provided they are adequately protected against unauthorised access or use.

The Cybersecurity Act, 2020 (Act 1038) also specifies data retention periods for service providers: subscriber information for at least six years, and traffic and relevant content data for twelve months, with possible extensions by court order.

9. Data Security

MLNR is committed to ensuring the integrity and confidentiality of your personal data. We implement appropriate, reasonable, technical, and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unauthorised processing of personal data. These measures include:

  • Identifying foreseeable internal and external risks.
  • Establishing and maintaining appropriate safeguards.
  • Regularly verifying the effectiveness of safeguards.
  • Continually updating safeguards in response to new risks.
  • Observing generally accepted information security practices and industry-specific rules.

In the event of a security compromise where personal data has been accessed or acquired by an unauthorized person, MLNR will notify the Data Protection Commission and the affected data subject as soon as practicable, unless

10. Your Rights as a Data Subject

Under the Data Protection Act, 2012 (Act 843), you have the following rights:

  • Right to be informed: To be aware of the purpose for which your data is collected.
  • Right of access: To confirm whether MLNR holds personal data about you, receive a description of that data, and information about its source and recipients.
  • Right to rectification, blocking, erasure, or destruction: To request correction, deletion, or destruction of inaccurate, irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal data.
  • Right to object: To object to the processing of your personal data unless the processing is necessary for a contract, authorized by law, or to protect a legitimate interest.
  • Right to prevent processing for direct marketing: To require MLNR not to process your personal data for direct marketing purposes without your prior written consent.
  • Right in relation to automated decision-taking: To ensure that decisions significantly affecting you are not based solely on automated processing of your personal data.
  • Right to complain: To submit a complaint to the Data Protection Commission if you believe your rights have been violated.

To exercise any of these rights, please contact the MLNR Data Protection Supervisor (details below). We may require proof of identity to process your request.

11. Third-Party Websites

Our website may contain links to other websites. This Privacy Policy does not apply to those third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

12. Changes to this Policy

MLNR reserves the right to update this Privacy Policy at any time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the updated policy on our website with a revised effective date.

13. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us +233 302 666 049.

Data Protection Commission, Ghana For further information or to lodge a complaint, you may contact the Data Protection Commission: Refer to the Data Protection Act, 2012 (Act 843) for official contact details of the Commission.

14. Compliance with Laws

This Privacy Policy is developed and implemented in accordance with:

  • The Constitution of the Republic of Ghana, 1992 (specifically Article 18 (2) related to privacy).
  • The Data Protection Act, 2012 (Act 843).
  • The Cybersecurity Act, 2020 (Act 1038).
  • Other relevant enactments as listed in Section 1(2) of the Cybersecurity Act, 2020 (Act 1038).
  • Data Dissemination Policy of the Ministry of Lands and Natural Resources.