Last updated: March 2022
Version no: 1
Last updated: March 2022
Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.
1.1 Our Site, https://www.laboremus.ugis owned and operated by Laboremus Uganda Limited, a limited liability companyregistered in Uganda whose main trading address is Plot 57B, Luthuli Avenue,Bugolobi, Kampala, Uganda.
1.2 We are regulated by the Data Protection and Privacy Act 2019 of Uganda.
2.2 By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third party Cookies are those placed by websites, services, and/or parties other than Us.
A Cookie falls into this category if it is essential to the operation of OurSite, supporting functions such as logging in, your shopping basket, and payment transactions.
2.3.2 Analytics Cookies
It is important for Us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use.Analytics Cookies enable us to gather this information, helping Us to improveOur Site and your experience of it.
2.3.3 Functionality Cookies
Functionality Cookies enable Us to provide additional functions to you on Our Site such as personalisation and remembering your saved preferences. Some functionalityCookies may also be strictly necessary Cookies, but not all necessarily fall into that category.
2.3.4 Targeting Cookies
It is important for Us to know when and how often you visit Our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make Our Site and advertising more relevant to your interests. Some information gathered by targeting Cookies may also be shared with third parties.
2.3.5 Third Party Cookies
Third party Cookies are not placed by Us; instead, they are placed by third parties that provide services to Us and/or to you. Third party Cookies may be used by advertising services to serve up tailored advertising to you on Our Site, or by third parties providing analytics services to Us (these Cookies will work in the same way as analytics Cookies described above).
2.3.6 Persistent Cookies
Any of the above types of Cookies may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site.
2.3.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
2.4 Cookies on Our Site are not permanent and will expire after a period of
2.6 For more specific details of the Cookies that We use, you can contact us on the provided address.
3.1 Before Cookies are placed on your computer or device, you will be shown a prompt requesting your consent to set thoseCookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies (unless those Cookies are strictly necessary); however certain features of Our Site may not function fully or as intended. You will be given the opportunity to allow and/or deny different categories of Cookie that We use. You can return to your Cookie preferences to review and/or change them at any time.
3.2 In addition to the controls that We provide, you can choose to enable or disableCookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third- party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
3.3 The links below provide instructions on how to control Cookies in all mainstream browsers:
3.3.1 Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB
3.3.2 Microsoft Internet Explorer: https://support.microsoft.com/en-us/kb/278835
3.3.3 Microsoft Edge: https://support.microsoft.com/en-gb/products/microsoft-edge (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
3.3.4 Safari (macOS): https://support.apple.com/kb/PH21411?viewlocale=en_GB&locale=en_GB
3.3.5 Safari (iOS): https://support.apple.com/en-gb/HT201265
3.3.6 Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-Cookies-website-preferences
3.3.7 Android: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DAndroid&hl=en (Please refer to your device’s documentation for manufacturers’ own browsers)
5.2 For more information about privacy, data protection and our terms and conditions, please visit the following:
5.2.2 Terms and Conditions.
Version no: 1
Last updated: March 2022
Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.
1.1. Laboremus understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who visits this website. We do not collect personal data about you unless you contact us. Any personal data we do collect will only be used as permitted by law.
1.4. The use of our website is possible without any indication of personal data, although data processing may occur once a user goes forward to use specific services offered on the website thus disclosing certain data. If data processing is necessary, we generally obtain consent from the data subject. This shall be in compliance with the DataProtection and Privacy Act, 2019.
1.5. Although we have taken every prudent step to ensure that data is processed fairly and transparently, there are may be data that is transferred to us through alternative means such as by telephone calls and the user takes personal responsibility to ensure transferred data safety.
2.1. Processor for the purposes of the Data Protection and Privacy Act, 2019 is Laboremus Uganda Limited of Phone number: +256 751 069 277 and email of the Data Protection Officer: firstname.lastname@example.org or email@example.com
4.1. Laboremus website collects a series of general data and information when a data subject or automated system calls up the website.
4.2. This general data and information are stored in the server log files.
4.3. The processed data includes:
4.3.1. the person’s name;
4.3.4. identity document number;
4.3.5. personal code (if it is issued);
4.3.6. number (i.e., national identification number) (if it is issued);
4.3.7. birth date;
4.3.8. identity document expiry date;
4.3.9. identity document issued date ((if it is issued);
4.3.10. identity document photograph(s);
4.3.11. face photograph(s);
4.3.13. client id;
4.3.14. identification date and method;
4.3.15. IP address;
4.3.16. device fingerprint (“user agent”).
4.4. Processed information is needed to;
4.4.1. deliver the content of our website correctly;
4.4.2. optimize the content of our website as well as its advertisement;
4.4.3. ensure the long-term viability of our information technology systems and website technology, and
4.4.4. provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack;
4.4.5. provide products and services for our clients and fulfill the agreement conditions between the Parties.
5.1. In furtherance to the processing of data in clause 4 above, we use your data for the necessary performance of a contract with you and because you have consented to the use of your personal data or because it is in our legitimate business interests to use it. Your personal data may also be used for the following purposes;
5.1.1. Providing and managing your account;
5.1.2. Providing and managing access to our site;
5.1.3. Personalizing and tailoring your experience on our site;
5.1.4. Supplying our services to you. Your personal details are required in order for us to enter into a contact with you;
5.1.5. We may also use your personal data for marketing purposes, which may include contacting you one mail, telephone, text message, or any other means, with information, news, and offers on services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection and Privacy Act, 2019, and you will always have the opportunity to opt out.
6.1. Identify you;
6.2. Locate you;
6.3. Improve the service such as saving common destinations;
6.4. Connect services like"send" and "share" with your contacts;
6.5. For product research and development;
6.6. To provide measurement and analytics;
6.7. Communicate with you (share marketing communications on our products);
6.8. Generally, improve your user experience
7.1. Laboremus stores data until retention only in Uganda.
7.2. In some extra cases data can be sent outside Uganda to countries with equivalent data protection safeguards as Uganda.
8.1. The data subject has the possibility to register on the website of the controller with an indication of personal data. Personal data is transmitted to the controller by the respective input mask used for the registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller, and for their own purposes. The controller may request transfer to one or more processors that also uses personal data for an internal purpose which is attributable to the controller.
8.2. By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses.
8.3. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal investigations.
8.4. The registration of the data subject with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.
8.5. Laboremus acts as a Data Processor when dealing with website visitors’ collected data. Laboremus as a Data processor will cooperate with Data Controller to ensure that the data controller at any time could provide information upon request to each data subject as to what personal data are stored about the data subject.
9.1. The website of Laboremus contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general e-mail address. If Laboremus as a Data processor receives a request from the Data Subject, the obligation of Laboremus is to transfer such a request to be considered.
10.1. We may disclose or share your Personal Information with third parties which include our affiliates, employees, officers, service providers, agents, suppliers, subcontractors as may be reasonably necessary for the purposes set out in this policy.
10.2. We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process or enforceable governmental request, enforce applicable Terms of Service, including investigation of potential violations thereof, detect, prevent, or otherwise address fraud, security or technical issues, or protect against imminent harm to the rights, property or safety of Laboremus, its users or the public as required or permitted by law.
11.1. The data processor shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as is permitted under the Data Protection and Privacy Act, 2019.
11.2. If the storage purpose is not applicable, or if a storage period prescribed by the Data Protection andPrivacy Act, 2019 or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
12.1. Be accountable to the data subject for data controlled, processed, held or used;
12.2. Collection and processing of data fairly and lawfully;
12.3. Collection, processing use or holding data adequately relevant and not excessive or unnecessary personal data;
12.4. Retain personal data for the period authorized by law for which data is required;
12.5. Ensure quality of information collected, processed or held;
12.6. Ensure transparency of the personal data collected, processed, used or held;
12.7. To observe security safeguards in respect of that data.
13.1. Right of confirmation. Each data subject shall have the right granted under the Data Protection and Privacy Act, 2019 to obtain from Laboremus as the controller the confirmation as to whether or not personal data concerning them is processed. If a data subject wishes to avail themselves of this right of confirmation, they may at any time contact Laboremus at the address provided in this policy.
13.2. Right of access. Each data subject shall have the right granted by Ugandan law to obtain from the controller free information about their personal data stored at any time and a copy of this information. Furthermore, the Data Protection and Privacy Act, 2019 provides that a data subject may have access to the following information:
13.2.1. confirmation of whether Laboremus holds personal data about the data subject;
13.2.2. a brief description of personal data held by data controller;
13.2.3. provide the identity of at hird party or category of a third party who has had access to the information;
13.2.4. Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer;
13.2.5. If a data subject wishes to avail themselves of this right of access, they may, at any time, contact theData Protection Officer and Laboremus as Data Processor will act accordingly with all known information.
13.3. Right to rectification. Each data subject shall have the right under the Data Protection and PrivacyAct, 2019, to obtain from the controller without undue delay the rectification of inaccurate personal data concerning them.
13.4. Right to erasure (Right to be forgotten). Each data subject shall have the right granted under the Data Protection andPrivacy Act, 2019 to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have the obligation to erase personal data without undue delay where the personal data is no longer necessary in relation to the purposes for which it is collected or otherwise processed.
13.4.1. The right to erasure also arises where the data subject withdraws consent to which the processing is based according to the Data Protection and Privacy Act, 2019.
13.4.2. A data subject who wishes to request the erasure of personal data stored by Laboremus as explained in this clause may at any time contact the Personal Data Protection Officer to ensure that the erasure request is complied with within a reasonable time.
13.5. Right of restriction of processing. Each data subject shall have the right granted under the Data Protection and Privacy Act, 2019 to obtain from the controller restriction of processing where one of the following applies:
13.5.1. The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
13.5.2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead of the restriction of their use instead;
13.5.3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
13.5.4. If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by Laboremus, they may at any time contact the Data Protection Officer to arrange the restriction of the processing.
13.6. Right to object– Each data subject shall have the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning them.
13.6.1. Laboremus shall no longer process the personal data in the event of the objection, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
14.1. Should Laboremus process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Laboremus processing for direct marketing purposes, Laboremus shall no longer process the personal data for these purposes.
14.2. Automated individual decision-making, including profiling – Each data subject may have the right granted by the Data Protection and Privacy Act, 2019 to, upon a notice in writing in data controller for any decision taken by and on behalf of the data controller which significantly affects the data subject is not based solely on the processing by automatic means of personal data in respect of that data subject.
14.3. Right to withdraw data protection consent – Each data subject shall have the right granted by the Data Protection and Privacy Act, 2019 to withdraw their consent to the processing of his or her personal data at any time. If the data subject wishes to exercise the right to withdraw their consent, they may at anytime, contact the Data Protection officer at Laboremus Uganda.
15.1. The Data Protection and Privacy Act, 2019 serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the activities as communicated by Laboremus to the data subject, then the processing is based on the Data Protection and Privacy Act, 2019.
15.2. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
16.1. The criteria used to determine the period of storage of personal data is the respective statutory retention period for the respective personal data collected. After the expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract or the initiation of a contract.
16.2. The Data Protection Officer is the existing Legal Officer at Laboremus Uganda.
Version no: 1
Last updated: March 2022
Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.
1.2 Your agreement to comply with and be bound by these Terms and Conditions is deemed to occur upon your first use of Our Site. If you do not agree to comply with and be bound by these Terms and Conditions, you must stop using Our Site immediately.
2.1 Our Site, https://www.laboremus.ug/ is owned and operated by Laboremus Uganda Limited, a limited liability company registered in Uganda whose main trading address is Plot 57B, Luthuli Avenue, Bugolobi, Kampala, Uganda.
3.1 Access to Our Site is free of charge.
3.2 It is your responsibility to make any and all arrangements necessary in order to access Our Site.
3.3 Access to Our Site is provided “as is” and on an “as available” basis. We may alter, suspend or discontinue Our Site (or any part of it) at any time and without notice. We will not be liable to you in any way if Our Site (or any part of it) is unavailable at any time and for any period.
4.1 All Content included on Our Site and the copyright and other intellectual property rights subsisting in that Content, unless specifically labelled otherwise, belongs to or has been licensed byUs. All Content is protected by applicable Ugandan law and its ratified treaties.
4.2 Subject to this clause, you may not reproduce, copy, distribute, sell, rent, sub-licence, store, or in any other manner re-use Content from Our Site unless given express written permission todo so by Us.
4.3 You may:
4.3.1 Access, view and use Our Site in a web browser (including any web browsing capability built into other types of software or app);
4.3.2 Download Our Site (or any part of it) for caching;
4.3.3 Print a copy of any pages from Our Site;
4.3.4 Download extracts from pages on Our Site; and
4.3.5 Save pages from Our Site for later and/or offline viewing.
4.4 Our status as the owner and author of theContent on Our Site (or that of identified licensors, as appropriate) must always be acknowledged.
4.5 You may not use any Content saved or downloaded from Our Site for commercial purposes without first obtaining a licence from Us (or our licensors, as appropriate) to do so.
4.6 This does not prohibit the normal access, viewing and use of Our Site for general information purposes whether by business users or consumers.
5.1.1 You may link to Our Site provided that:
184.108.40.206 You do so in a fair and legal manner;
220.127.116.11 You do not do so in a manner that suggests any form of association, endorsement or approval on Our part where none exists;
18.104.22.168 You do not use any logos or trademarks displayed on Our Site without Our express written permission; and
22.214.171.124 You may not link to Our Site from any other site the main content of which contains material that:
126.96.36.199 is sexually explicit;
188.8.131.52 is obscene, deliberately offensive, hateful or otherwise inflammatory;
184.108.40.206 promotes violence;
220.127.116.11 promotes or assists in any form of unlawful activity;
18.104.22.168 discriminates against, or is in any way defamatory of, any person, group or class of persons, race, sex, religion, nationality, disability, sexual orientation, or age;
22.214.171.124 is intended or is otherwise likely to threaten, harass, annoy, alarm, inconvenience, upset, or embarrass another person;
126.96.36.199 is calculated or is otherwise likely to deceive another person;
188.8.131.52 is intended or otherwise likely to infringe (or threaten to infringe)another person’s right to privacy;
184.108.40.206 misleadingly impersonates any person or otherwise misrepresents the identity or affiliation of a particular person in a way that is calculated to deceive;
220.127.116.11 implies any form of affiliation with Us where none exists;
18.104.22.168 infringes, or assists in the infringement of, the intellectual property rights (including, but not limited to, copyright, trademarks and database rights) of any other party; or
22.214.171.124 is made in breach of any legal duty owed to a third party including, but not limited to, contractual duties and duties of confidence.
6.1.1 Links to other sites may be included on OurSite. Unless expressly stated, these sites are not under Our control. We neither assume nor accept responsibility or liability for the content of third-party sites. The inclusion of a link to another site on Our Site is for information only and does not imply any endorsement of the sites themselves or of those in control of them.
7.1.1 Nothing on Our Site constitutes advice on which you should rely. It is provided for general information purposes only.
7.1.2 Insofar as is permitted by law, we make no representation, warranty, or guarantee thatOur Site will meet your requirements, that it will not infringe the rights of third parties, that it will be compatible with all software and hardware, or that it will be secure.
7.1.3 We make reasonable efforts to ensure that the Content on Our Site is complete, accurate, and up-to-date. We do not, however, make any representations, warranties or guarantees (whether express or implied) that the Content is complete, accurate, or up-to-date.
8.1 To the fullest extent permissible by law, We accept no liability to any user for any loss or damage, whether foreseeable or otherwise, in contract, tort (including negligence), for breach of statutory duty, or otherwise, arising out of or in connection with the use of (or inability to use) Our Site or the use of or reliance upon any Content included on Our Site.
8.2 To the fullest extent permissible by law, We exclude all representations, warranties, and guarantees (whether express or implied) that may apply to Our Site or any Content included on Our Site.
8.3 Our Site is intended for non-commercial use only. If you are a business user, We accept no liability for loss of profits, sales, business or revenue; loss of business opportunity, goodwill or reputation; loss of anticipated savings; business interruption; or for any indirect or consequential loss or damage.
8.4 We exercise all reasonable skill and care to ensure that Our Site is free from viruses and other malware. We accept no liability for any loss or damage resulting from a virus or other malware, a distributed denial of service attack, or other harmful material or event that may adversely affect your hardware, software, data or other material that occurs as a result of your use of Our Site (including the downloading of any Content from it) or any other site referred to on Our Site.
8.5 We neither assume nor accept responsibility or liability arising out of any disruption or non-availability of Our Site resulting from external causes including, but not limited to, ISP equipment failure, host equipment failure, communications network failure, natural events, acts of war, or legal restrictions and censorship.
8.6 Nothing in these Terms and Conditions excludes or restricts Our liability for fraud or fraudulent misrepresentation, for death or personal injury resulting from negligence, or for any other forms of liability which cannot be excluded or restricted by law.
9.1 We exercise all reasonable skill and care to ensure that Our Site is secure and free from viruses and other malware.
9.2 You are responsible for protecting your hardware, software, data and other material from viruses, malware, and other internet security risks.
9.3 You must not deliberately introduce viruses or other malware, or any other material which is malicious or technologically harmful either to or via Our Site.
9.4 You must not attempt to gain unauthorised access to any part of Our Site, the server on which Our Site is stored, or any other server, computer, or database connected to Our Site.
9.5 You must not attack Our Site by means of a denial-of-service attack, a distributed denial of service attack, or by any other means.
9.6 By breaching the provisions of this clause, you may be committing a criminal offence under the Computer Misuse Act,2011. Any and all such breaches will be reported to the relevant law enforcement authorities and We will cooperate fully with those authorities by disclosing your identity to them. Your right to use Our Site will cease immediately in the event of such a breach.
10.1 You may only use Our Site in a manner that is lawful. Specifically:
10.2 you must ensure that you comply fully with any and all local, national or international laws and/or regulations;
10.3 you must not use Our Site in any way, or for any purpose, that is unlawful or fraudulent;
10.4 you must not use Our Site to knowingly send, upload, or in any other way transmit data that contains any form of virus or other malware, or any other code designed to adversely affect computer hardware, software, or data of any kind; and
10.5 you must not use Our Site in any way, or for any purpose, that is intended to harm any person or persons in any way.
10.6 We reserve the right to suspend or terminate your access to Our Site if you materially breach the provisions of this Clause 10 or any of the other provisions of these Terms and Conditions. Specifically, We may take one or more of the following actions:
10.6.1 suspend, whether temporarily or permanently, your right to access Our Site;
10.6.2 issue you with a written warning;
10.6.3 take legal proceedings against you for reimbursement of any and all relevant costs on an indemnity basis resulting from your breach;
10.6.4 take further legal action against you as appropriate;
10.6.5 disclose such information to law enforcement authorities as required or as We deem reasonably necessary; and/or
10.6.6 any other actions which We deem reasonably appropriate (and lawful).
10.7 We hereby exclude any and all liability arising out of any actions (including, but not limited to those set out above)that We may take in response to breaches of these Terms and Conditions.
12.1 We may alter these Terms and Conditions at any time. Any such changes will become binding on you upon your first use of Our Site after the changes have been implemented. You are therefore advised to check this page from time to time.
12.2 In the event of any conflict between the current version of these Terms and Conditions and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.
13.1 To contact Us, please email Us at firstname.lastname@example.org or using any of the methods provided on Our contact page at https://www.laboremus.ug/contact-us
14.1 If We have your contact details, We may from time to time send you important notices by email. Such notices may relate to matters including, but not limited to, service changes and changes to these Terms and Conditions.
14.2 We will never send you marketing emails of any kind without your express consent. If you do give such consent, you may opt out at any time. Any and all marketing emails sent by Us include an unsubscribe link. If you opt out of receiving emails from Us at any time, it may take up to 2 business days for Us to comply with your request. During that time, you may continue to receive emails from Us.
14.3 For questions or complaints about communications from Us (including, but not limited to marketing emails), please contact Us at email@example.com or via https://www.laboremus.ug/contact-us
15.1 All personal information that We may use will be collected, processed, and held in accordance with Uganda's DataProtection and Privacy Act, 2019.
16.1 These Terms and Conditions, and the relationship between you and Us (whether contractual or otherwise) shall be governed by, and construed in accordance with the law of Uganda.
Version no: 1
Last updated: March 2022
Authorised by: Timothy Musoke, CEO, Laboremus Uganda Ltd.
This Policy sets out the obligations of Laboremus Uganda Limited (“the Company”), a company incorporated in Uganda under registration number 164360, whose registered office is Plot 57B, Luthuli Avenue Bugolobi, Kampala Uganda, regarding the constraints and practices that a user must agree to for access to a Laboremus Network, and the ancillary resources used to access or connect to such networks, in accordance with the Data Protection and Privacy Act, 2019 (“DPPA”).
For further information on other aspects of data protection and compliance with theDPPA, please refer to the Company’s Data Policies that can be found here https://www.laboremus.ug/legal
You can also contact our Data Protection Officer(“DPO”);
Personnel are responsible for complying with Laboremus policies when using Laboremus information resources. If requirements or responsibilities are unclear, please seek assistance from the Laboremus’ DPO.
Personnel must promptly report harmful events or policy violations involving Laboremus assets or information to their contact at Laboremus, who shall then alert a member of the IT management Team in accordance with the IT Incident process. Events include, but are not limited to, the following:
I. Technology incident: any potentially harmful event that may cause a failure, interruption, or loss in availability to Laboremus’ Information resources.
II. Data incident: any potential loss, theft, or compromise of Laboremus information.
III. Unauthorized access incident: any potential unauthorized access to Laboremus’ information resources.
IV. Facility security incident: ant damage or potentially unauthorized access to a Laboremus owned, leased, or managed facility.
V. Policy violation: any potential violation to this or other Laboremus policies, standards, or procedures.
Personnel should not purposely engage in activities that may:
I. Harass, threaten, impersonate, or abuse others.
II. Degrade the performance of Laboremus Information resources.
III. Deprive authorized Laboremus personnel access to a Laboremus Information resource.
IV. Obtain additional resources beyond those allocated or,
V. Circumvent Laboremus computer security measures.
Personnel should not download, install, or run security programs or utilities that reveal or exploit weakness in the security of a system. For example, personnel should not run password cracking programs, packet sniffers, port scanners, or any other non-approved programs on any Laboremus Information resource.
All inventions, intellectual property, and proprietary information, including reports, drawings, blueprints, software codes, computer programs, data, writings and technical information, developed by Laboremus are the property of Laboremus.
Personnel are expected to cooperate with incident investigations, including any state investigations.
Personnel are expected to respect and comply with all legal protections provided by patents, copyrights, trademarks and intellectual property rights for any and all software and/or materials viewed, used, or obtained using Laboremus information resources.
Access to information is based on a “need to know”.
Personnel are permitted to use only those network and host addresses issued to them by Laboremus and should not attempt to access any data or programs contained on Laboremus systems for which they do not have authorization or explicit consent.
All remote access connections made to internal Laboremus networks and/or environments must be made through approved, and Laboremus-provided, VirtualPrivate Networks (VPNs).
Personnel should not divulge any access information to anyone not specifically authorized to receive such information, including IT support personnel.
Personnel must not share their personal authentication information, including:
i. Account passwords
ii. Personal Identification Numbers (PINs)
iii. Security Tokens
iv. Multi-factor authentication information
v. Access cards and/or keys
vi. Digital certificates
vii. Similar information or devices used foridentification and authentication purposes.
Accesscards and/or keys that are no longer required must be returned to physicalsecurity personnel.
Lost ofstollen access cards, security tokens and/or keys must be reported to physicalsecurity personnel as soon as possible.
All personnel are required to maintain the confidentiality of personal authentication information.
Any group/shared authentication information must be maintained solely among the authorized members of the group.
All passwords, including initial and/or temporary passwords, must be constructed, and implemented according to the following rules:
i. Must meet all requirements according to Laboremus’ Password Policy to conform to the following standards:- contain at least three of the five following character classes:
(a) Lowercase characters
(b) Uppercase characters
(e) Special characters
And contain at least eight to fifteen alphanumeric characters.
ii. Must not be easily tied back to the account owner by using known information such as social security numbers, nicknames, relative’s names, birth dates, etc.
iii. Must not be the same passwords used for non-business purposes.
Unique passwords should be used for each system, whenever possible.
User account passwords must not be divulged to anyone. Laboremus support personnel and/or contractors should never ask for user account passwords.
If the security of a password is in doubt, the password should be changed immediately.
Personnel should not circumvent password entry with application remembering, embedded scripts or hard coded passwords in client software.
Security tokens must be returned on demand or upon termination of the relationship with Laboremus, if issued.
CLEAR DESK/CLEAR SCREEN
Personnel should log off from applications or network services when they are no longer needed.
Personnel should log off or lock their workstations and laptops when their workspace is unattended.
Confidential or internalinformation should be removed or placed in a locked drawer or file cabinet whenthe workstation is unattended and at the end of the workday if physical accessto the workspace cannot be secured by other means.
File cabinets containing confidential information should be locked when not in use or when unattended.
Physical and/or electronic keys used to access confidential information should not be left on an unattendeddesk or in an unattended workspace if the workspace itself is not physicallys ecured.
Passwords must not be posted on or under a computer or in any other physically accessible location.
Copies of documents containing confidential information should be immediately removed from printers and fax machines.
Personnel should use approved encrypted communication methods whenever sending confidential information over the internet.
Confidential Information transmitted through mail services must be secured in compliance with Laboremus’ Data Security Policy.
Only authorized cloud computing applications may be used for sharing, storing and transferring confidential or internal information.
Information must be appropriately shared, handled, transferred, saved and destroyed, based on the information sensitivity.
Personnel should not have confidential conversations in public places or over insecure communication channels, open offices and meeting places.
Confidential information mustbe transported either by an employee or a courier approved by IT management.
All electronic media containing confidential information must be securely disposed.
EMAIL AND ELECTRONIC COMMUNICATION
Auto-forwarding electronic messages outside the company internal systems is prohibited.
Electronic communications should not misrepresent the originator or Laboremus.
Personnel are responsible for the accounts assigned to them and for the actions taken with their accounts.
Accounts must not be shared, without prior authorization from the Laboremus IT Management Team.
Employees should not use personal email accounts to send or receive confidential information.
Any personal use of Laboremus provided emails, should not:
i. Involve solicitation
ii. Be associated with any political entity
iii. Have the potential to harm the reputation of Laboremus
iv. Forward chain emails
v. Contain or promote anti-social or unethical behavior
vi. Violate local or international laws or regulations.
vii. Result in unauthorized disclosure of confidential information.
viii. Or otherwise violate any other Laboremus policies.
Personnel should only send confidential information using approved secure electronic messaging solutions.
Personnel should use caution when responding to, clicking on links within, or opening attachments included in electronic communications.
Personnel should use discretion in disclosing confidential or internal information in automated responses, such as employment data, internal telephone numbers, location information or other sensitive data.
HARDWARE AND SOFTWARE
All hardware must be formally approved by IT management before being connected to Laboremus networks.
Software installed on Laboremus equipment must be approved by IT management and installed by Laboremus IT personnel.
All Laboremus assets taken off-site should be physically secured at all times.
Employees should not allow family members or other non-employees to access Laboremus Information resources.
The internet must not be used to communicate confidential or internal information unless the confidentiality and integrity of the information is ensured and the identity of the recipient is established.
Use of the internet with Laboremus networking or computing resources must only be used for business-related activities. Unapproved activities include, but are not limited to:
i. Recreational games
ii. Streaming media
iii. Personal social media
iv. Accessing or distributing pornographic or sexually oriented materials
v. Attempting or making unauthorized entry to any network or computer accessible from the internet.
vi. Or otherwise violate any other Laboremus policies.
Access to the internet from outside the Laboremus network, using a Laboremus owned computer must adhere to all of the same policies that apply to use from within Laboremus facilities.
The use of a personally owned mobile device to connect to the Laboremus network is a privilege granted to employees only upon formal approval of IT management.
All personally owned laptops and/or workstations must have approved virus and spyware detection/protection software along with personal firewall protection, active.
Mobile devices that access Laboremus email must have a PIN or other authentication mechanism enabled.
Confidential Information should only be stored on devices that are encrypted in compliance with Laboremus’ encryption standard.
Confidential Information should not be stored on any personally owned mobile device.
Theft or loss of any mobile device that has been used to create, store, or access confidential or internal information must be reported to the Laboremus IT Management team immediately.
All mobile devices must maintain up-to-date versions of all software and applications.
All personnel are expected to use mobile devices in an ethical manner.
Jail-broken or rooted devices should not be used to connect to Laboremus information resources.
In the event that there is a suspected incident or breach associated with a mobile device, it may be necessary to remove the device from the personnel’s possession as part of a formal investigation.
All mobile device usage in relation to Laboremus information resources may be monitored, at the discretion of Laboremus IT management.
Laboremus IT support for personally owned mobile devices is limited to assistance in complying with this policy.
Use of personally owned devices must be in compliance with all other Laboremus Policies.
Laboremus reserves the right to revoke personally owned mobile devices use privileges in the event that personnel do not abide by the requirements set forth in this policy.
Personnel must badge in and out of access-controlled areas. Piggy-backing, tailgating, door propping and anyother activity to circumvent door access controls are prohibited.
Visitors accessing card-controlled areas of facilities must be accompanied by authorized personnel at all times.
Eating or drinking are not allowed in data centers. Caution must be used when eating or drinking near workstations or information processing facilities.
Laboremus may log, review and otherwise utilize any information stored on or passing through its information resources.
Systems Administrators, Laboremus IT, and other authorized Laboremus personnel may have privileges that extend beyond those granted to standard business personnel. Personnel with extended privileges should not access files and/or other information that is not specifically required to carry out an employment related task.
The use of removable media for storage of Laboremus information must be supported by a reasonable explanation.
All removable media use must be approved by Laboremus IT prior to use.
Personally owned removable media use is not permitted for storage of Laboremus information.
Personnel are not permitted to connect removable media from an unknown origin without prior approval from Laboremus.
Confidential and internal Laboremus information should not be stored on removable media without the use of encryption.
All removable media must be stored in a safe and secure environment.
The loss or theft or are movable media device that may have contained any Laboremus information must be reported to Laboremus.
SECURITY TRAINING AND AWARENESS
All new personnel must complete an approved security awareness training session prior to, or at least within 30days of, being granted access to any Laboremus Information resources.
All personnel must be provided with an acknowledge they have received and agree to adhere to the Laboremus Information Security Policies before they are granted access to Laboremus Information resources.
All personnel must complete the annual security awareness training.
Visit us at our office:
Laboremus Uganda Ltd.
Plot 57B, Luthuli Avenue, Bugolobi