Cookie Preferences

ISO/IEC 27001 Aligned

Data Protection & Privacy | ISO/IEC 27001:2022

• Analytics for site improvement • No data sold to third parties
Privacy PolicyCookie PolicyTerms of Service

Privacy Policy

Last updated: January 20, 2025

Overview

ISO Certification Uganda Project ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. As an ISO certification consultancy, we adhere to the highest standards of data protection, including ISO 27001 Information Security Management and the Uganda Data Protection and Privacy Act, 2019.

Information We Collect

Personal Information

  • • Contact details (name, email, phone number, company)
  • • Professional information (job title, industry, certification interests)
  • • Training enrollment and certification records
  • • Payment information (processed securely through third-party providers)

Automatically Collected Information

  • • Website usage data through Google Analytics
  • • IP addresses and browser information
  • • Device information and operating system
  • • Cookies and similar technologies

How We Use Your Information

Service Delivery

  • • ISO certification consulting
  • • Training program delivery
  • • Event registration and management
  • • Customer support

Communication

  • • Training announcements
  • • Certification updates
  • • Industry newsletters
  • • Service improvements

Data Security & ISO 27001 Compliance

We implement comprehensive security measures aligned with ISO 27001 standards:

  • • Encryption of data in transit and at rest
  • • Regular security assessments and audits
  • • Access controls and authentication
  • • Incident response procedures
  • • Staff training on data protection
  • • Secure data backup and recovery

Your Rights Under Uganda Data Protection Act

Access

Request copies of your personal data

Rectification

Correct inaccurate information

Erasure

Delete your personal data

Restriction

Limit processing of your data

Portability

Transfer data to another service

Objection

Object to data processing

Data Retention & Storage

Retention Periods

  • User Profiles: Retained while account is active + 3 years after last login for audit purposes
  • Training Records: Retained for 7 years as required by ISO certification standards
  • Payment Data: Retained for 7 years for tax and audit compliance
  • Communication Records: Retained for 2 years unless legally required otherwise
  • Analytics Data: Anonymized after 24 months, aggregated data retained indefinitely
  • Inactive Accounts: Automatically deleted after 5 years of inactivity with 90-day notice

Legal Basis for Retention

We retain data based on legitimate business interests, legal compliance requirements (Uganda Companies Act, Tax laws), ISO certification standards, and contractual obligations. Retention periods align with Uganda Data Protection Act 2019 and international best practices.

Account Deletion & Your Data Rights

Right to Deletion ("Right to be Forgotten")

Under the Uganda Data Protection Act 2019 and GDPR, you have the right to request deletion of your personal data. We provide both self-service and assisted deletion options.

  • Self-Service Deletion: Use the "Danger Zone" in your account settings
  • Assisted Deletion: Contact our Data Protection Officer
  • Response Time: Deletion completed within 30 days of request
  • Verification Required: Identity verification protects against malicious deletion

What Gets Permanently Deleted

  • • Your user profile and personal information
  • • Training enrollment records and certificates
  • • Payment history and transaction records
  • • Consultant availability and service data
  • • Learning progress and material access rights
  • • Profile images and uploaded documents
  • • Authentication credentials and login access
  • • All associated metadata and activity logs

Data That May Be Retained

  • • Anonymized analytics data (no personal identifiers)
  • • Financial records required by law (7-year retention)
  • • Aggregated usage statistics (non-personal)
  • • Legal communications (if involved in disputes)
  • • Backup copies (automatically purged within 90 days)

Additional Data Protection Rights

Access & Portability

  • • Request copy of your data
  • • Export in machine-readable format
  • • Transfer to another service provider
  • • View processing purposes and recipients

Correction & Restriction

  • • Correct inaccurate personal data
  • • Restrict processing in certain cases
  • • Object to direct marketing
  • • Withdraw consent at any time

Regulatory Compliance

Uganda Data Protection and Privacy Act 2019: We comply with all data protection requirements including lawful processing, data subject rights, security measures, and breach notification procedures.

ISO/IEC 27001:2022 Information Security: Our data handling practices follow international information security standards with regular audits and continuous improvement.

GDPR Alignment: While primarily Uganda-based, we maintain GDPR-compatible practices for international clients and data transfers.

Commitment: We implement technical and organizational measures to ensure data protection by design and by default.

Contact Our Data Protection Officer for any privacy inquiries

Changes to This Privacy Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the "last updated" date.