1. Introduction
1.1
RBM Enterprise Solutions Ltd (“RBM”) respects your privacy and is
committed to protecting your personal data.
1.2 This policy
explains how we collect, use, share, and safeguard your information
when you interact with RBM’s services.
1.3 The policy applies
to all services, websites, mobile applications, integrations, and
platforms operated by RBM.
2. Information We Collect
2.1 Personal Data Provided by You
- Name, email, phone number, company/organization, billing details.
- Login credentials and account registration information.
- Information shared during trainings, events, or consultancy engagements.
2.2 Automatically Collected Data
- IP address, browser type, device identifiers.
- Usage logs, cookies, and analytics data.
2.3 Sensitive Data
- We do not intentionally collect sensitive data (religious, political, biometric, health), unless required by law or explicitly consented to.
3. How We Use Your Data
3.1 To
provide and improve services (ERP, SaaS, integrations,
consultancy).
3.2 To process payments via Flutterwave,
Pesapal, SchoolPay, URA EFRIS.
3.3 To communicate with
clients about contracts, invoices, support.
3.4 To comply with
laws including Data Protection and Privacy Act (Uganda,
2019).
3.5 To enhance security and prevent fraud.
3.6
To send updates and marketing (where consent is given).
4. Data Sharing & Disclosure
4.1 We may share data with:
- Payment providers (Flutterwave, Pesapal, SchoolPay, URA EFRIS).
- Technology partners (Odoo, QuickBooks, Microsoft, 1C Company, Serosoft, BigDot.AI, TNC Dubai, eScan, Dell, Lenovo).
- Regulators such as NITA-U and the Personal Data Protection Office (PDPO).
4.2 We will never sell your data to third parties.
5. Data Security
5.1
RBM implements technical, organizational, and physical safeguards to
protect data.
5.2 Security measures include firewalls,
eScan endpoint protection, encryption, and access controls.
5.3
Staff are trained in data protection best practices.
6. Data Retention
6.1 We
retain personal data only as long as necessary for service delivery,
legal compliance, or dispute resolution.
6.2 Unnecessary data is
securely deleted or anonymized.
7. Your Rights (under Uganda’s PDPA 2019)
7.1
Right to access personal data.
7.2 Right to correct inaccurate
data.
7.3 Right to withdraw consent.
7.4 Right to object to
processing.
7.5 Right to request deletion (“right to be
forgotten”).
7.6 Right to lodge a complaint with the PDPO.
8. Children’s Data
8.1
RBM recognizes that Steward EMS and related solutions involve
processing personal data of children (under 18 years).
8.2
Such data is collected only through schools, parents/guardians, or
authorized education authorities.
8.3
Parental/guardian consent will be obtained where required, and
schools must ensure they are authorized to share the data.
8.4
Children’s data is used strictly for educational, administrative,
and support purposes, and never for resale or unrelated
marketing.
8.5
RBM safeguards children’s data through minimization, encryption,
restricted access, and compliance with the Uganda Data Protection and
Privacy Act (2019).
9. International Transfers
9.1 Where RBM partners or systems are hosted outside Uganda, we ensure appropriate safeguards and compliance with applicable laws.
10. Policy Updates
10.1
RBM may update this policy from time to time.
10.2 Significant
changes will be communicated via email, notices on our website, or
contractual updates.
10.3 Continued use after updates constitutes acceptance.
11. Contact Information
Email:
policy@rbmafrica.com
Phone: +256 752 762378
Website:
www.rbmafrica.com
12. Document Control & Version History
Version |
Date |
Description of Change |
Approved By |
1.0 |
Jan 2025 |
Initial Terms & Conditions issued |
Managing Director, RBM |
1.1 |
June 2025 |
Revised to align with NITA review |
Compliance/DPO Officer |
1.2 |
September 2025 |
Expanded for SaaS & fintech scope |
Managing Director, RBM |
1.3 |
January 2026 |
Reviewed for compliance update |
Compliance/DPO Officer |
Next Review Date: January 2027
Responsible
Officer: Data Protection Officer