PRIVACY NOTICE

INTRODUCTION

Thank you for choosing ioTec Limited. We, as a data collector, controller, and processor, respect your privacy and are committed to protecting your personal data and the personal data of third parties that you provide to us. This Privacy Notice is a summary of our Privacy Policy and describes how we collect, use, disclose, transfer, store or otherwise process your personal data and tells you about your privacy rights and how the law protects you.

PURPOSE

The purpose of this Privacy Notice is to inform you about how ioTec Limited collects and processes your personal data. This Notice outlines the types of data we collect, the legal bases for its processing, how we store and protect it, and the rights you have regarding your personal information.

DEFINITIONS
RIGHTS OF DATA SUBJECTS

As a data subject, you have the following rights:

THE TYPES OF PERSONAL DATA THAT WE COLLECT

We may collect and process the following categories of personal data:

If we require information about other people connected to you, we may request you to provide such information. If you are providing information about another person, please ensure that they know you are doing so and are content with the information being provided to us. It might be helpful to show them this Privacy Notice and direct them to us if they have any concerns.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal data from multiple sources, including but not limited to:

For the most part, we will collect personal data through our website and this may include personal data you provide when you apply for our products or services, make enquiries, register for our products offered through the online platform, request marketing information to be sent to you, give us feedback or contact us. In some instances, we may collect and receive your personal data from third parties or publicly available sources including the National Identification and Registration Authority (NIRA), Uganda Registration Services Bureau, Credit Reference Bureaus, Telecommunication Companies among others.

In cases where you provide information about another person (e.g., a director, shareholder, or group member), you confirm that you are authorized to do so.

HOW DO WE USE YOUR PERSONAL DATA ND WHAT LEGAL BASIS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA?

We use your personal data, including sensitive personal data in certain instances, for the following purposes:

In this regard, we rely on the following lawful basis for processing your personal data:

You have the right to withdraw your consent to our processing of your personal data at any time but please note, that your withdrawal will not affect the lawfulness of our processing of your personal data which was based on prior consent before your withdrawal, or which is based on other legal basis for processing of your personal data. Please further note we may not be able to provide you with our products and services if you withdraw your consent.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In connection with the above purposes, we may share your personal data with third parties located within and outside Uganda such as public authorities, or governments when required by law, third-parties whom we have partnered with to provide you with our products and services including those service providers who provide marketing and advertising services. We take steps to ensure that any data transferred outside Uganda is protected in accordance with Uganda’s Data Protection and Privacy Act, 2019, and any applicable international standards. In that connection, we will take adequate steps to protect your personal data including entering into agreements with third-party recipients of your personal data (as applicable) governing the protection of personal data.

STORING OF PERSONAL DATA OUTSIDE UGANDA

By using ioTec’s services and providing us with your personal data, you CONSENT to its transfer and storage outside Uganda. ioTec remains committed to handling your data responsibly and ensuring that it is processed in accordance with your rights and the applicable data protection principles outlined in the applicable Data protection laws.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

RETENTION AND STORAGE OF YOUR PERSONAL DATA

We will only retain your personal data for as long as may be necessary to fulfil the purpose we collected it for including for the purposes of satisfying any legal regulatory, tax, accounting, or reporting obligations.

KEEPING YOUR DATA UP-TO-DATE

We regularly review and update our privacy practices against our Records of Processing Activities to ensure your data remains secure and the information is up to date.

REVIEW DATE

This Data Privacy Notice will be reviewed annually or as required by changes in the regulatory environment.

COMPLAINTS PROCEDURE

If you wish to make a complaint about how your personal data has been handled, you can contact our Data Protection Officer.
Data Protection Officer (DPO)
Email: admin@iotec.io
Phone: 0200903894
If you are unsatisfied with the response, you can escalate the matter to the Personal Data Protection Office: https://www.pdpo.go.ug/file-complaint

DECLARATION

I confirm that I have read and understood the Privacy Notice and that any queries/concerns I have about the nature and purpose of the processing of personal data have been adequately addressed.