Privacy & Policy

GHEXAM.com (“we,” “us,” or “our”) is deeply committed to maintaining the confidentiality, integrity, and security of the highly sensitive personal and professional data entrusted to us. This Privacy Policy details how we collect, use, store, share, and protect the information gathered through your use of the GHEXAM.com website, our learning management system (LMS), and our professional visa and consulting services (collectively, the “Service”). As a provider handling sensitive educational and migration data, we adhere to strict international data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), alongside relevant Ghana data protection regulations. By engaging our Service, you consent to the data practices described in this policy.

1. Information We Collect

Due to the nature of our business—exam preparation and visa consulting—we necessarily collect both standard personal data and highly sensitive professional and financial data.

A. Personal and Contact Information (PII):

• Identity Data: Full legal name, date of birth, nationality, gender, passport/national ID details, marriage status (as required for visa/licensing applications).
• Contact Data: Postal address, email address, telephone numbers.
• Financial Data: Payment details for course enrollment (processed by a third-party gateway; we do not store full credit card numbers), and financial history/bank statements (required for visa financial proofs).

B. Sensitive Professional and Educational Data:

• Educational Credentials: Transcripts, professional diplomas, training certificates, secondary school information (required for credentialing bodies like CGFNS/NNAS).
• Professional Status: Nursing/Midwifery licenses (current and previous), professional identification numbers (PIN/AIN), employment history, testimonials, and disciplinary records (if applicable).
• Exam Results: Scores from English proficiency tests (IELTS, OET, TOEFL) and prior attempts at licensing exams (CBT, NCLEX, Prometric).
• Health Data (Visa Specific): Medical examination reports and vaccination records required by immigration authorities for visa issuance.
• Biometric Data: Passport photographs and sometimes biometric information (fingerprints/scans) necessary for certain visa applications, which are only collected and transmitted as per specific government instruction and are not stored by GHEXAM.

2. How We Use Your Information (Legal Bases)

We use your data based on one or more of the following legal bases: Contractual Necessity, Legal Obligation, or Explicit Consent.

• Contractual Necessity: To provide the core services you enroll in:
  • To enroll you in and grant access to the exam preparation courses (LMS).
  • To assess your eligibility for international licensure and migration.
  • To prepare, verify, and submit your documentation to credentialing bodies (e.g., NMC, CGFNS, NNAS) and government visa agencies.
  • To communicate with you regarding your application and case status.
• Legal Obligation: To comply with anti-money laundering regulations, tax requirements, and to disclose information when legally compelled by government authorities (e.g., in response to a subpoena).
• Legitimate Interests: To improve our services and internal operations:
  • To conduct data analysis on course performance to improve our curriculum and predict student success rates.
  • To conduct quality assurance on our consulting services.
  • To prevent fraudulent activity and ensure network security.
• Explicit Consent: For marketing purposes:
  • To send you promotional material about new courses, visa route updates, or partner job opportunities only if you have provided explicit opt-in consent.

3. Data Sharing and Disclosure

We will only share your sensitive data with external parties essential to the fulfillment of the service you have contracted:

• Regulatory and Government Bodies: We are required to transmit your professional and personal data directly to licensing bodies (e.g., NMC, Prometric), credentialing agencies (e.g., CGFNS, NNAS), and Immigration/Visa Authorities (e.g., UKVI, USCIS) as part of your application process.
• Service Providers: We share necessary data with third parties who perform business functions on our behalf, such as secure data hosting (cloud services), payment processors, and mailing services. These providers are strictly contractually obligated to protect your data.
• Recruitment Partners (Optional): If you explicitly opt-in to our job placement assistance, we will share relevant professional data (CV, exam results, license status) with our vetted partner hospitals and recruitment agencies. You have the right to revoke this consent at any time.

4. Data Security and Retention

We implement robust technical and organizational security measures, including encryption, multi-factor authentication, and strict access controls, to protect your data from unauthorized access, loss, or disclosure. We retain your data for the duration required to complete the contracted service and for a subsequent period (typically seven years) as mandated by immigration and professional record-keeping regulations, or as necessary for legal defense.

5. Your Data Rights

You maintain control over your personal data. You have the right to:

• Access: Request copies of the personal data we hold about you.
• Rectification: Request the correction of incomplete or inaccurate data.
• Erasure (Right to be Forgotten): Request the deletion of your data, provided there is no overriding legal or contractual necessity for retention (e.g., a pending visa application).
• Withdraw Consent: Withdraw any consent given for marketing or optional data sharing (e.g., recruitment), without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Data Protection Officer (DPO) at privacy-dpo@ghexam.com.