The University of Ghana (“UG” or “the University”) collects, uses, and shares personal information in support of academic, research, and clinical purposes and to ensure the safety of the UG community. In UG’s management of personal information, efforts are made to minimise the information collected, limit access to that information, apply appropriate security measures to protect against loss, improper modification or disclosure, and respect the unique privacy needs of an academic environment.

This Privacy Notice applies to activities conducted by UG and provides an overview of university privacy practices, including how users’ personal information may be collected, retained, processed, shared, and transferred. 

Some individual UG websites may have privacy notices that supplement this privacy notice.

By using these websites or submitting information to UG, the user consents to the collection and use of information per UG policies for UG’s legitimate business purposes or as needed to provide services the user requests from UG.

1. Collection and use of information
“Personal information,” or personally identifiable information, is any information related to an identifiable person. Personal information includes but is not limited to name, mailing address, phone number, email address, date of birth, University ID Number, employment records, student records, and health records that include identifying information. Information that does not identify 
a person and cannot reasonably be used to identify a person is not classified as personal information.

Personal information that has been received by the university may be used only for legitimate University purposes as authorised by the appropriate data steward, as defined in the UG Data Governance Framework Policy. 

UG obtains personal information in three ways:
• Information a user provides directly to the university, such as through an application for admission or employment or through registration as a patient.
• Information gathered from other sources, such as transcripts provided by other institutions or reference letters from former employers.
• Information is automatically collected when interacting with the university website or mobile application.

a. Information users provide to the University and information collected from third parties
The personal information users provide to the University and which the University collects from third parties is used to provide services to the user and for administering University programmes and operations, responding to user’s requests, providing promotional or educational materials that may be of interest to the user, completing requested transactions such as conducting internal research, improving programmes offered by the University, and to meet the University’s legal and regulatory obligations. The personal information collected will be stored in the University or in the cloud. In addition, personal information may be transferred to other affiliates of the University or institutions based upon the user’s consent.

The most common uses of personal information are described below:
i. Student Information
Student information including user’s name, contact information, University ID Number, studentprovided profile information, academic performance, interactions with University resources, building access, immunisation status, health information, documentation in support of academic accommodations, payment information, participation in extracurricular activities, and any other information provided by the user to the University in their capacity as a student.

The university may combine the information the user provides directly with information from third parties. This information may be used to manage student academic and residential activities such as course registration, housing assignments, billing and financial aid, student advising, library resource management, course evaluation and quality improvement initiatives, academic and other accommodations related to disabilities.
The use and disclosure of student information are managed in compliance with the Ghana Data Protection law.

Registration for online courses may involve collecting personal information, including the user’s name, University ID number, email address, and any information the user voluntarily provides when creating a learner profile. The university also collects information on users’ interactions on the course, including online interactions with other course participants, posts to the learning community, engagement with course materials, and test and assignment scores. 

International students attending UG will be asked to provide information to the UG International Programmes Office, which helps students apply for and maintain the appropriate visa status. The information users provide, including their name, contact information, financial resources, and enrolment status, will be shared where required with authorised persons or offices as provided under Ghanaian Immigration laws.

ii. Prospective Student Information
UG collects information related to prospective students and their family members to process applications for admission and determine eligibility for financial aid. The information provided in users’ applications will be available to university staff and admission reviewers and stored within UG storage spaces and the cloud. The application requires that users provide their names and contact information, educational and employment history, recommendations, test scores where applicable, and other materials needed to assess the user’s application to study at UG. If the user applies for financial aid, the user will be asked to provide financial information, including scholarships and family financial resources.

Any personal information collected for admissions or residence purposes is collected either directly from the user or with the user’s consent. The information the user provides may be shared with third-party software vendors, who are contractually obligated to protect the privacy and security of the information. The University may use information from admissions applications for internal quality improvement and other administrative processes necessary to provide educational services.

If admitted to UG, the information will become part of the user’s student record and will be subject to the Data Protection Act 2012 (Act 843).

iii. Human Resource and Employment Information 
UG collects personal information such as contact and demographic information, employment and educational background, salary and benefits, banking information for payroll deposits, tax and withholding information, and information related to job performance in connection with employment applications and trend analysis. UG’s hiring processes may incorporate software with artificial intelligence components to assess an applicant’s objective job-related characteristics. Results from such assessments will not be used as the sole basis or most important factor in decisions on job applications. Such results will not be used to overrule human evaluation of job applications. These systems are subject to oversight and review by the Human Resource and Organisational Development Directorate.

International faculty working at UG will be asked to provide information to the UG International Programmes Office, which will help these faculty apply for and maintain the appropriate immigration status. The information the user provides, including user’s name, contact information, financial resources, and employment status, will be shared where required with authorised persons or offices as provided under Ghanaian Immigration laws. 

The University Health Services Directorate (UHSD) serves as the University’s occupational health department and provides health services related to workforce health and safety, including management of workplace injury, oversight of employee immunization requirements, medical surveillance, and workforce medical clearances. In this context, UHSD collects and creates health information about students, prospective students, employees and prospective employees and retains this information per data protection requirements for the confidentiality of student/employee medical information. This information includes medical records that user has provided or released to UG. While user’s medical records shall not be shared with any third party except with user’s consent, user’s medical records shall be shared where appropriate with third parties, including relevant University staff, under circumstances provided under the law to protect user’s health and safety.

Employees whose role requires access to restricted facilities may be asked to provide biometric information, such as fingerprint and or face scans, to control access to areas with sensitive information or materials. Where biometric information is needed, the employee will be notified regarding the data collection. Use is limited to those purposes described in the notice. Biometric information is secured per university policies for high-risk data and will only be disclosed to manage access, with user’s consent or as required by law. Biometric information is destroyed as soon as it is no longer needed for the collected purposes unless required to be retained under applicable laws or regulations.

iv. Research Data
UG researchers gather personal information to conduct scientific studies. In most cases,researchers collect personal information as agreed to by participants in study consent forms, but researchers may gather information from other sources with approval from UG’s institutional review board (research ethics board). Commonly collected information includes name, contact information, interview and survey responses, and medical records. UG’s institutional review board sets standards to minimise the amount of information collected and to limit access to the information. Information collected internationally will be transferred to Ghana for analysis and retained throughout the project period. In some instances, the information may be retained indefinitely and archived for public interest, scientific or historical research or statistical purposes.

UG shall ensure that such information is protected from unauthorised access. Where researchers gather personal information for research purposes, the researcher shall ensure that the resultant data is not published in a form likely to reveal the identity of the research participants. Participant’s rights in research information may be limited in some cases based on study integrity needs and required reporting to governmental agencies, such as the Food and Drug Authority. 

The Research Policy Guideline on Good Practices: Record Keeping and Data Management must be referred to for guidance on research data management.

v. Information stored on UG Information Technology (IT) Systems
UG’s policies and procedures regarding access to faculty, staff, and student information stored in UG IT systems are described in the UG Information Communication Technology Policy. The University will not access IT systems without user consent except authorised by law.

UG may utilise application logs in university systems to improve data accuracy or user experience. For example, some University systems allow machine learning to identify possible data entry errors and then flag these for review by the user or supervisor. Other features may use application logs to enhance user navigation based on frequent use patterns. 

vi. Alumni and Donor Information
The University’s practices regarding alumni and donor information, whether provided by user or third parties, is directed by the Institutional Advancement Directorate.

b. Information automatically collected from the use of UG website or mobile applications
As is standard practice, UG tracks visitors’ web-browsing patterns. Generic information is collected through “cookies,” which are text files placed on computers to evaluate usage patterns to improve both content and distribution. Users may refuse to accept cookies by selecting the appropriate settings on their browser, but doing so may prevent the user from using the full functionality of UG websites.

Some sections of the UG website use Google Analytics, a service provided by Google, Inc. Google Analytics uses cookies to help analyse the use of UGs site. This information is transmitted to Google and stored on its servers. Google uses this information on UG’s behalf to evaluate the use of the website, compile reports on website activity, and provide other services relating to Internet usage. Google may also transfer this information to third parties where required by law or where third parties process the information on Google’s behalf. The information generated by cookies about an individual’s website use includes the IP address, but Google will not associate a user’s IP address with any other information held by Google. By using UG’s website, users consent to the processing of information about them by Google in the manner and for the purposes set out above. Further information is available on Google Analytics terms of use and Google’s privacy practices.

UG maintains an information technology security office that monitors the security of UG IT services and IT infrastructure. Industry-standard practices are employed to identify and respond to vulnerabilities, attacks, or compromises impacting UG information and technology assets. 

2. Sharing of Personal Information
UG may share users’ personal information with organisations that provide services to UG to facilitate the provision of services to users. UG shall endeavour to minimise the information provided to service providers and to obtain appropriate agreements regarding their handling of personal information. UG may also share personal information as necessary to comply with applicable laws and regulations, to detect and prevent fraud, to protect the security of UG information, and to protect the rights and safety of others. 

3. Information Retention
UG shall follow applicable laws governing the retention of users’ personal information. Users’ information shall be retained for as long as needed to fulfil business and archival purposes, and some information may be retained indefinitely. Factors that influence the length of time that users’ information shall be retained includes UGs legal obligations, need for information to provide services to users, and interest in preserving historical records of the University. If user’s information must be destroyed at the end of the retention period (if any), the information shall be destroyed in such a manner that would prevent intelligible reconstruction of the user’s destroyed information. 

4. Security Safeguards
UG has established security safeguards to ensure that the information users provide to the University is safe and restricted from unauthorised access or use. UG shall continue to review these safeguards to ensure compliance with requisite standards.

5. Users’ rights in personal information collected
Users may have the right to access, view, or amend personal information. Requests to access, view, or amend personal information may be sent to the Office of Registrar through registrar@ug.edu.gh.

6. Changes to UG Privacy Notice
This Privacy Notice may be changed occasionally, and updates will be posted to this website. This version is current as of March 2026. 

7. Contact information
Questions about UG’s privacy practices and rights, should be addressed to the Office of the Registrar at registrar@ug.edu.gh.