+256 0200 919620

Last Update; 17th January, 2024.

PinniSOFT ("the Company") recognizes the importance of safeguarding personal data and respecting individuals' privacy rights. This Data Protection Policy outlines our commitment to protecting personal data by various data protection laws and regulations, which may include but are not limited to:

This policy establishes the framework for how we collect, process, store, and manage personal data responsibly and in compliance with these laws.

A. Responsibilities.

  1. Employees

    All employees are responsible for ensuring the proper handling of personal data in their day-to-day activities. They must adhere to this policy and report any data protection concerns to the DPO.

  2. Contactors and third parties.

    Contractors and third parties engaged by the Company are also responsible for adhering to this policy and for ensuring the proper handling of personal data in their activities on behalf of the Company. They must comply with applicable data protection laws and regulations and report any data protection concerns to the DPO.

  3. Data Protection Officer (DPO)

    The Company has an appointed Data Protection Officer who is responsible for overseeing data protection matters, ensuring compliance with applicable laws, conducting regular audits or reviews of data processing activities, and acting as a point of contact for data subjects and regulatory authorities.

B. Data Collection and Processing:

  1. Lawful Processing.

    The Company will only collect and process personal data when it has a lawful basis to do so, including but not limited to:

    1. The consent of the data subject
    2. Contractual necessity
    3. Legal obligation
    4. Legitimate interests
    5. The protection of vital interests

  2. Transparency.

    Data subjects will be informed of the purposes for which their data is collected and processed, including the lawful basis for processing, at the point of data collection or before, and their rights about their data.

  3. Consent.

    Where consent is required for processing personal data, the Company will obtain explicit and freely given consent from data subjects. Consent will be obtained through clear and easily accessible means, and records of consent will be maintained.

C. Data Security.

  1. Data Breach Response.

    A data breach is defined as any unauthorized access, disclosure, or acquisition of personal data that compromises its confidentiality, integrity, or availability. In the event of a data breach, the Company will promptly:

    • • Assess and mitigate the impact of the breach
    • • Notify affected data subjects promptly, providing details of the breach and actions they can take to protect themselves.
    • • Notify relevant regulatory authorities where required by applicable law.

  2. Data Subject Rights.

    Data subjects have the following rights regarding their data:

    • • Right to Access: Data subjects can request access to their data.
    • • Right to Rectification: Data subjects can request corrections to their data.
    • • Right to Erasure: Data subjects can request the deletion of their data.
    • • Right to Data Portability: Data subjects can request the transfer of their data.
    • • Right to Object: Data subjects can object to the processing of their data.
    • • Right to Restriction of Processing: Data subjects can request the restriction of processing under certain circumstances.
    • To exercise these rights, data subjects can contact the Data Protection

Approval and Effective Date.

This Data Protection Policy was approved by Jjunju Karim and is effective from 18thOctober 2023.