Privacy Policy

Last updated: 10/11/2025

1) Who we are & scope

Canopy (“we”, “us”) provides remote hiring and managed services to clients in the UK, EU and North America, delivered from Ghana and other locations. This notice explains how we collect and use personal data when you: (a) visit our site, (b) apply to the Canopy Talent Pool, or (c) engage us as a client.

Role clarity. For website visitors and our own operations, we act as Data Controller. When we process candidates’ or end-users’ data on a client’s documented instructions (e.g., during client projects), we act as Data Processor and the client is the Data Controller; we then enter a Data Processing Agreement (DPA) with the client.

Jurisdictions. We comply with Ghana’s Data Protection Act, 2012 (Act 843), and where applicable UK GDPR/EU GDPR and US state laws such as CCPA/CPRA for California residents. (Act 843 sets registration and processing duties; GDPR/CCPA coverage is standard among global talent/EOR players.

2) Data we collect

  • Website & marketing: device data, cookies, analytics, form submissions.
  • Talent applicants: identity and contact details, CV/portfolio, skills, assessments, interview recordings/notes, right-to-work status, references.
  • Client contacts: business contact details, role, billing info, communications.
  • Project delivery (processor role): only data the client instructs us to process.

3) Purposes & legal bases

  • Operate the site & respond to enquiries (legitimate interests/consent where needed).
  • Recruitment & talent matching (legitimate interests; consent for certain assessments where required).
  • Contracting & service delivery (performance of a contract).
  • Marketing (consent where required; opt-out available).
  • Compliance & record-keeping (legal obligation).

4) Sharing & recipients

  • Clients (for talent matching/onboarding, with your knowledge).
  • Vetted service providers/sub-processors (HR tools, ATS, cloud hosting, communications, analytics) bound by contract, confidentiality, and security obligations.
  • Corporate/legal: where required by law, to protect rights, or in a reorganization.

5) International data transfers

Where data moves outside your country (e.g., Ghana ↔ UK/EU/US), we rely on:

  • EU Standard Contractual Clauses (2021) + UK Addendum for EEA/UK exports, or
  • Adequacy decisions / Data Privacy Framework (DPF) where applicable, and
  • Additional technical and organizational measures (encryption in transit/at rest, access controls).

6) Data subject rights

Depending on your location: access, rectification, deletion, portability, restriction, objection; and CCPA/CPRA rights to know, delete, correct and opt-out of sale/sharing (we do not sell personal data). Requests: {{privacy email/contact form}}. 

7) Security

We apply administrative, technical, and physical safeguards appropriate to the risk (e.g., least-privilege access, encryption, audit logging, vendor reviews).

8) Retention

We keep personal data only as long as necessary for the purposes above, then delete or anonymize it per our retention schedule, unless longer is required by law.

9) Cookies & analytics

Our website uses the following categories of cookies:

  • Strictly necessary cookies: These are required for the website to function properly (for example, page navigation, security, and session management). They do not require your consent.
  • Analytics cookies: These help us measure and analyze how visitors use our site—for example, which pages are most viewed, how long users stay, and how they found us.
    These cookies are only set after you give explicit consent through the cookie banner.
  • Personalization cookies: These allow the website to remember your preferences and tailor content or features to enhance your experience—for example, remembering your language choice or showing personalized recommendations.
  • Marketing cookies: These are used to track visitors across websites and deliver relevant advertisements based on your interests. They help measure the effectiveness of ad campaigns and limit how often you see the same ad.

When you first visit our website, a cookie banner will ask for your consent to use non-essential cookies.If you decline analytics cookies, your browsing experience will not be affected.

  • You can accept all, reject all, or manage preferences by category.
  • Only cookies you consent to will be activated.
  • You can withdraw or change your consent at any time by clicking “Cookie preferences” in the footer of our site.

10) Children’s data

11) Contact & Ghana registration

Data Controller: Canopy (Foundervine group entity operating Canopy).
Ghana Data Protection Commission registration: {{insert number}} (Act 843 requires controller registration). National Information Technology Agency
Contact: {{privacy email}} | {{postal address}}.

12) Updates

We may update this notice; material changes will be communicated on the site with a new “Last updated” date.

Contact us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.