Privacy Statement
Your privacy and trust are very important to us. This document explains how Laboremus Uganda Limited ("We") processes personal information about you. Processing covers any operation which is performed upon collected data by automated means or otherwise, including collecting, storing, sharing, transferring, handling, and protecting the data. This document also provides information about your rights as a data subject and how you can contact us if you have questions about how we handle your information. Based on the specific Laboremus service you are using, we may furnish additional or distinct privacy statements or notifications to address the specific interactions you have with us. In such cases, clarity will be maintained regarding which statements are applicable to those interactions and services.
Scope of this statement
This Statement applies to data subjects and individuals who access, use and/or interact with our products, services, websites, digital properties, platforms, software, and applications including mobile applications, and those who attend our events. This Statement does not pertain to situations where we are serving as a processor or service provider managing personal data on behalf of a third party; in these instances, our processing of personal data is carried out according to their direction and instructions, and their privacy statement shall be the governing factor. Our products and services may contain links to third-party websites and applications; however, we are not responsible for the content or privacy compliance of third-party websites or applications.
Legal basis for processing your personal data
We collect and process your personal data only where we have a lawful basis for doing so. Our lawful bases include:
- Consent: Where you have freely given, specific, informed and unambiguous consent to the processing of your personal data for one or more specific purposes. You have the right to withdraw your consent at any time, whereupon we shall cease processing unless another lawful basis applies.
- Contract: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation to which Laboremus is subject, including obligations under the Anti-Money Laundering Act, the Financial Institutions Act, and other applicable Ugandan legislation.
- Legitimate Interests: Where processing is necessary for the legitimate interests of Laboremus or a third party, provided that such interests are not overridden by your fundamental rights and freedoms.
- Public Duty: Where processing is necessary for the proper performance of a public duty by a public body, or for national security purposes.
- Crime Prevention: Where processing is necessary for the prevention, detection, investigation, prosecution, or punishment of an offence or breach of law.
Personal data that we process and how we use it
We process personal data about you as a data subject in the operation of our business through our interactions with you, and through our products including Streamline, STREAMLINE FLEX, or through other services we offer. You provide some of this data directly, while we may also process personal data through collecting data about your interactions, use, and experiences with our products, through our customer support channels, or otherwise, for example through cookies. See our Cookie Policy for more information.
We may also process data obtained through our systems and by use of our services; for example, through our servers, logs, and other technologies that automatically collect certain information from or about you and your systems (for example, a User Identifier or an Internet Protocol Address) that help us administer, protect, and improve our products and services.
We may process personal data about you from third parties such as those arranging for you to access our services, through partners and service providers who work with us, or from publicly available sources. Such third parties shall also be independently responsible for compliance with the applicable law. We may collect personal data through cookies and other similar technologies. More information relating to cookies and how to control their use can be found in our Cookie Policy.
As a KYC (Know-Your-Customer) infrastructure provider, we may use your information to help prevent and detect unlawful acts under local and applicable international laws, including money laundering, counterterrorism financing, fraud, or any other criminal activity, in provision of services to third parties pursuant to contractual obligations and legitimate interests recognised under the Act.
Where you give consent (for example, by signing up to receive promotional material or regular communications), we shall also use your personal data to provide you with such material, in compliance with the applicable law. Other purposes for which we may use your personal data include:
- Communicating with you to provide important notices, updates, product changes, and other necessary notices
- Marketing our other services to you (subject to your opt-in consent)
- Facilitating reporting and analysing the performance of our products or features
- Providing webinars or public presentations
- Providing you with support by responding to your requests for information, and helping to identify and troubleshoot issues with our products or services
- Resolving support requests
- Providing you with usage reports
As a data subject, you have the right to decline when we ask for personal data. However, many of our products require certain personal data to operate. If you choose not to provide required data, you will be unable to use the relevant product or feature. Where we need to collect personal data by law or to fulfil a contract with you and you choose not to provide it, we may be unable to enter into or perform that contract, or may have to cancel or suspend an existing product. We shall notify you if this is the case.
Types of data we collect from you
The type of data we collect depends on how you are interacting with us, which products you are using, and/or which services you are purchasing or using. Such information may include:
- Name and contact data, including names, email addresses, phone numbers, and other similar data
- Account credentials for security and authentication purposes
- User content such as communications and files provided by you in your use of our services
- Usage information and browsing history, including information about how you navigate our services, your browsing history, and which elements of our services you use most
- Payment information required to process any payments
- Identifiers such as unique identification numbers, cookie identifiers, and national identifiers
- Images and/or photographs if you visit or work from our offices or attend an event that we sponsor or organise
If you directly interact with our staff or authorised representatives (such as our sales, user research, or user operations groups), or if you participate in research conducted by us, we may also process the following information voluntarily provided by you:
- Your requests, questions, and responses to us via forms or email
- Social media information
- Your date of birth
- Geographic information such as region and country
- Information to verify your identity
How we may disclose your personal data
We may need to disclose the personal data we collect about you to operate our business and deliver our products and services, under the following circumstances:
- Service Delivery Partners: Entities that provide access to our services may have access to your personal data for the purpose of facilitating the use of our services. We also collaborate with business partners to deliver co-branded services, engage in product or service co-selling activities, and provide content or host events, conferences, and seminars.
- Service Providers and Sub-Processors: Service providers and sub-processors may use your personal data on our behalf to assist in providing our services, website, and features. Such third parties provide services including sales, marketing, analytics, research, data storage, and security.
- Business Transfers: Should ownership of all or substantially all of our business change, or should all or some of our assets be sold as part of a bankruptcy or other proceeding, we may transfer your personal data to the new owner so that services can continue to be provided. Your personal data would remain subject to the commitments contained in this Statement until updated by the acquiring party.
- Legal Compliance: We may disclose your personal data to comply in good faith with any lawful process, including orders from courts, law enforcement agencies, regulatory authorities, or other governmental bodies. Where permitted by law and court order, we shall endeavour to notify you of any such request prior to disclosure. We shall not disclose personal data beyond what is strictly required to comply with a lawful request.
Storage, protection, and retention of your personal data
We take the requisite technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure, or access. While no method of internet transmission or electronic/physical storage is absolutely secure, we have in place mitigation measures that include constantly updating and improving our safeguards.
When you use our products and services, information about you shall be stored in Uganda.
Personal data relating to children
Our services are not directed at children, and we do not knowingly collect or process personal data relating to individuals under the age of eighteen (18), except where you, as our client, engage us to provide onboarding or identity verification services for your underage customers. In such cases, you are solely responsible for obtaining the prior explicit consent of the child's parent or legal guardian before submitting the child's personal data to Laboremus for processing.
By submitting children's personal data to us, you confirm that all required parental or guardian consents have been obtained and agree to indemnify Laboremus against any claims, liabilities, losses, or proceedings arising from your failure to obtain such consent.
If you are a parent or guardian and believe that your child's personal data has been submitted to us without your consent, please contact the entity that collected and provided the data to us. As we do not control the initial collection of such data, we are not responsible for verifying parental or guardian consent.
Where we become aware that we have inadvertently processed a child's personal data without the required consent, we will take appropriate steps to delete that data from our systems, unless retention is required by law.
Marketing
We communicate marketing and event information to you through various channels, including email, telephone, text messaging, direct mail, and online platforms. If you receive a marketing message from us, it shall include clear and conspicuous instructions on how to opt out of future communications.
Respecting your preferences is important to us. You have the right to opt out of direct marketing and targeted online advertising at any time without penalty. We employ tools and technologies including cookies and related methods to deliver targeted marketing content. We may use email tracking technology to assess engagement and the effectiveness of our communications. While we may engage in marketing on third-party platforms, such activities are governed by the privacy statements and terms and conditions of those platforms.
To opt out of marketing activities, including email, post, and telephone marketing, you may use the "Contact Us" feature, the specific opt-out mechanisms provided in marketing communications, or contact your Laboremus account representative.
Your rights as a data subject
Under the applicable law, you have the following rights in relation to your personal data. Upon a written request delivered to our Data Protection Officer (accompanied by proof of your identity as required under the applicable law; for example, a national identification card, passport, or driver's licence), and subject to applicable legal exceptions, we shall:
- Provide you with access to, and/or a copy of, the personal data we hold about you.
- Provide you with information about the categories of personal data we collect or disclose about you, the categories of sources, the purposes for which it is collected, and the categories of third parties to which we disclose it.
- Prevent the processing of your personal data for direct marketing purposes (including any direct marketing processing).
- Correct or update personal data that is out of date or incorrect.
- Delete personal data which we hold about you (to the extent permitted under applicable law; noting that erasure is available in the context of correcting or deleting inaccurate data or unlawfully held data).
- Restrict the manner in which we process and disclose some of your personal data.
- Transfer your personal data to a third-party provider of services (data portability).
- Withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent given before withdrawal.
We may take further steps to verify that the request concerns you, or that you are authorised to make the request. Please note that certain information may be exempt from such requests in special circumstances, for example if we need to comply with a legal obligation.
Specific purposes and legal basis for use of your information
More specifically, we use personal information to:
- Account set-up and administration: management of your account, access credentialling, technical and customer support, training delivery, identity verification, authentication, transaction processing, and service suggestions. Legal basis: contract and legitimate interests.
- Relationship administration: sending invoices and maintaining communication with you, our business, and third-party providers. Legal basis: contract and legitimate interests.
- Understanding customer patterns: to enhance and improve our services. Legal basis: legitimate interests.
- Handling inquiries and complaints: to address and resolve inquiries and complaints. Legal basis: legitimate interests and legal obligation.
- Event management: to contact you regarding participation in and management of events, webinars, seminars, meetings, and related activities. Legal basis: legitimate interests and consent.
- Screening and investigation: conducting screening, investigation, and enforcement activities. Legal basis: legal obligation and legitimate interests.
- Content delivery and personalisation: delivering tailored content, analysing usage patterns to make service suggestions, and personalising your experience. Legal basis: legitimate interests and consent.
- Marketing and surveys: including polls and research activities. Legal basis: consent.
- User-generated content: processing information you post, share, or upload for collaboration, peer connection, and information exchange. Legal basis: contract and consent.
- Legal and regulatory compliance: to meet internal and external audit requirements, regulatory reporting, and to enforce our terms and conditions. Legal basis: legal obligation.
- Security and protection: to protect our rights, privacy, safety, networks, systems, and property, including identity verification and security monitoring. Legal basis: legitimate interests and legal obligation.
- Business operations: onboarding and managing relationships, negotiating and finalising business transactions, appointments, and periodic reviews. Legal basis: contract and legitimate interests.
- Crime prevention and investigation: prevention, detection, or investigation of crime, loss prevention, or fraud. Legal basis: legal obligation and legitimate interests.
- Legal compliance and defence: to comply with requests from courts, law enforcement, regulatory agencies, and other authorities; to exercise our rights; and to defend against claims. Legal basis: legal obligation.
Changes to this statement
We may update our Privacy Statement from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons, and to better provide you with our services. We will notify you of any changes by posting the new statement on this page and will update the "Last updated" date at the top of this Statement. We encourage you to review this Statement regularly. Changes take effect when posted unless we specify a later effective date.
For any further information
We are located at Plot 51, Ntinda Road, Kampala, Uganda. If you wish to contact us or have any questions or complaints in relation to this notice, please contact us at hello@laboremus.ug. To contact our Data Protection Officer, please email brian@laboremus.ug.