Get Started

DATA PRIVACY NOTICE

INTRODUCTION

ioTec Limited (“ioTec”, “we”, “us”, “our”) is a licensed financial solutions provider offering a range of digital services, including identity verification (ioTec Verify), SMS communications, credit scoring (Lumen), digital payments (ioTecPay), Ticketing (ioTec Events), among others. We are committed to protecting the privacy, confidentiality, and security of our clients’ personal information in line with the Data Protection and Privacy Act, Cap 97 and other applicable laws.

Because of the integrated nature of our products and services, clients who use any of our solutions are viewed as ioTec clients as a whole for service delivery, information quality, and risk management purposes.

A. PURPOSE

This Privacy Notice explains how we collect, use, store, share, safeguard, and eventually delete personal information. It also explains your rights under applicable data protection laws and how to exercise them.

Protecting your privacy is critical for us to maintain your trust. ioTec has implemented company-wide policies and security controls to ensure that your personal information is handled lawfully, fairly, and securely.

B. DEFINITIONS
  • 1. Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • 2. Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
  • 3. Data Subject means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
  • 4. Personal Data means any information relating to you as an identified or identifiable natural person. In order for us to provide the services you have requested from us, it is necessary that we collect and process personal data from you.
  • 5. Data Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as a) collection, b) recording, c) organisation, d) structuring, e) storage, f) adaptation or alteration, g) retrieval, h) consultation, i) use, j) disclosure by transmission, k) dissemination or otherwise making available, l) alignment or combination, m) restriction, n) erasure or o) destruction.
  • 6. Consent means an agreement which must be express, freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of personal data relating to them.
  • 7. ioTec: ("we," "us," "our", “the Company”)
C. THE TYPES OF PERSONAL DATA THAT WE COLLECT

We may collect and process the following categories of personal data:

  • i. Personal Identification Information: Name, national identification number, passport details, gender, age, tribe, nationality, etc.
  • ii. Contact Information: Phone number, email address, physical address.
  • iii. Financial Data: Bank details, credit history, transaction records.
  • iv. Biometric Data: Fingerprints, facial recognition data (when applicable).
  • v. Communication Records: Any correspondence between you and us.
  • vi. Technical Data/Online identifiers: IP address, browser type, login information, location data, cookies, login credentials.
  • vii. Sensitive information such as criminal history, health data, or political/religious affiliation—only when legally required or with your consent.

If we require information about other people connected to you, we may request you to provide such information. If you are providing information about another person, please ensure that they know you are doing so and are content with the information being provided to us. It might be helpful to show them this Privacy Notice and direct them to us if they have any concerns.

D. HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal data from multiple sources, including but not limited to:

  • i. Self-Onboarding: Through our website as you register for our products and services, mobile apps, or customer support.
  • ii. Public Agencies: From government institutions such as the National Identification and Registration Authority (NIRA) and Uganda Registration Services Bureau (URSB).
  • iii. Telecommunication Companies: Data from your mobile service providers.
  • iv. Credit Reference Bureaus: Creditworthiness and financial data.
  • v. Third-Party Service Providers: As necessary for service delivery or legal compliance.

For the most part, we will collect personal data through our website and this may include personal data you provide when you apply for our products or services, make enquiries, register for our products offered through the online platform, request marketing information to be sent to you, give us feedback or contact us. In some instances, we may collect and receive your personal data from third parties or publicly available sources including the National Identification and Registration Authority (NIRA), Uganda Registration Services Bureau, Credit Reference Bureaus, Telecommunication Companies among others.

In cases where you provide information about another person (e.g., a director, shareholder, or group member), you confirm that you are authorized to do so.

E. RIGHTS OF DATA SUBJECTS

As a data subject, you have the following rights:

  • i. The right to be informed: You have the right to be informed about the collection and use of your personal data.
  • ii. The right of access: You have the right to access the personal data that ioTec Limited holds about you.
  • iii. The right to rectification: You can request correction of inaccurate or incomplete personal data.
  • iv. The right to erasure (to be forgotten): You can request the deletion of your personal data in certain circumstances, including: a) If the data is no longer needed for the purpose for which it was originally collected, b) If you withdraw consent (where processing is based on consent) and no other legal grounds for processing apply, c) If you object to processing.
  • v. The right to restrict processing: You can request that ioTec Limited restrict the processing of your personal data under specific circumstances, including: a) When you contest the accuracy of the data. In this case, processing will be restricted until we verify the accuracy. b) If the processing is unlawful but you oppose the erasure of your data and instead request restriction of its use. c) If you have objected to processing pending the verification of whether ioTec Limited’s legitimate grounds override your rights as a data subject.
  • vi. The right to data portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, XML) and transfer that data to another controller. This applies when: a) The processing is based on consent or contract, and b) The processing is carried out by automated means. This right allows for easier transfer of personal data between service providers. It ensures that you can move, copy, or transmit your data seamlessly from one IT environment to another without hindrance.
  • vii. The right to object: You have the right to object to the processing of your personal data in certain situations e.g. a) direct marketing, b) Processing based on legitimate interests (You can object to processing based on our legitimate interests or those of a third party, unless we can demonstrate compelling legitimate grounds that override your rights and freedoms.)
  • viii. Rights in relation to automated decision making and profiling: You have the right not to be subject to decisions made solely based on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
F. HOW DO WE USE YOUR PERSONAL DATA?

We use your personal data, including sensitive personal data in certain instances, for the following purposes:

  • i. To consider your application for our products and services and for initiating your contract in relation to our products and services.
  • ii. To provide you with our products and services.
  • iii. To meet our legal and regulatory obligations.
  • iv. To maintain consistent practices and procedures across the Company.
  • v. To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.
  • vi. To provide you with optimized marketing analytics and information about our products and services that we consider may be of interest to you.
G. WHY WE PROCESS YOUR INFORMATION?

In this regard, we rely on the following lawful basis for processing your personal data:

  • a. Performance of a contract: Including setting up and administering a contract for our products and services.
  • b. Legal and regulatory obligations: Compliance with our legal and regulatory obligations such as KYC obligations under different statutes including the National Payment Systems Act 2020, and Anti Money Laundering Act 2013, etc.
  • c. Consent: We will also rely on your consent as a lawful basis for processing your personal data in the instances where we (a) process personal data relating to a child; (b) process sensitive personal data outside Uganda; and (c) provide you with marketing information.
  • d. Legitimate interests: For our legitimate business interests, including product and service improvement, prevention, and detection of fraud.

You have the right to withdraw your consent to our processing of your personal data at any time but please note, that your withdrawal will not affect the lawfulness of our processing of your personal data which was based on prior consent before your withdrawal, or which is based on other legal basis for processing of your personal data. Please further note we may not be able to provide you with our products and services if you withdraw your consent.

H. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In connection with the above purposes, we may share your personal data with third parties located within and outside Uganda such as public authorities, or governments when required by law, third-parties whom we have partnered with to provide you with our products and services including those service providers who provide marketing and advertising services. We take steps to ensure that any data transferred outside Uganda is protected in accordance with Uganda’s Data Protection and Privacy Act, 2019, and any applicable international standards. In that connection, we will take adequate steps to protect your personal data including entering into agreements with third-party recipients of your personal data (as applicable) governing the protection of personal data.

I. WHERE WE PROCESS YOUR INFORMATION

ioTec may process and store your personal data in Uganda or in other countries where our trusted service providers operate. Transfers will only take place where adequate safeguards are in place to protect your information.

J. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

K. RETENTION AND STORAGE OF YOUR PERSONAL DATA

We retain your personal information for as long as required by law or for business purposes, generally at least 10 years from your last transaction, unless a longer retention period is required.

L. COMMUNICATION WITH YOU

We may communicate with you via SMS, email, phone calls, mobile push notifications, or in-app messages about your services, security updates, and new features. Where required by law, we will obtain your consent before sending you marketing messages.

M. MARKETING

We may contact you with information about our products, services, or promotions. You can opt out at any time by following the instructions in the message or contacting us directly.

N. DATA SECURITY

We implement technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or loss. This includes encryption, access controls, and regular system monitoring.

O. COOKIES

Our website and mobile platforms may use cookies to enhance user experience, analyze site performance, and deliver relevant advertising. You can manage or disable cookies through your browser settings, though some features may not work properly without them.

P. SOCIAL MEDIA

If you interact with us on social media, your information may be processed by the platform provider under their own policies. We will never request sensitive or account-specific information through public social media channels.

Q. KEEPING YOUR DATA UP-TO-DATE

We regularly review and update our privacy practices against our Records of Processing Activities to ensure your data remains secure and the information is up to date.

R. REVIEW DATE

We may update this Statement from time to time to reflect changes in our services, legal requirements, or operational practices. The latest version will always be available on our website.

S. COMPLAINTS PROCEDURE

If you wish to make a complaint about how your personal data has been handled, you can contact our Data Protection Officer.
Data Protection Officer (DPO)
Email: admin@iotec.io
Phone: 0200903894
If you are unsatisfied with the response, you can escalate the matter to the Personal Data Protection Office: https://www.pdpo.go.ug/file-complaint

Products
Company
Social
Resources
All Rights Reserved.© 2025