Data Protection and Privacy Policy

Policy statement:

Q-Training Limited t/a The Assessment and Skilling Centre is committed to protecting the privacy and security of personal data entrusted to it. This Data Protection Policy outlines how personal data is collected, stored, used, and disclosed in accordance with the relevant data protection regulations of Uganda (The Data Protection and Privacy Act, 2019).

Scope:

This Data Protection and Privacy Policy applies to all personal data that Q-Training/TASC collects during its operations. It outlines how personal data is collected, stored, used, and disclosed, adhering to the relevant data protection regulations, while prioritizing data security, respecting individual privacy rights, and ensuring data is only retained for as long as necessary for legitimate business purposes.

The Policy

What is Personal Data?

Personal data is any information that relates to an identified or identifiable individual. This can include:

  • Names
  • Contact details (email address, phone number, physical address)
  • Identification numbers (national ID, passport number)
  • Employment information where applicable for training
  • Education background
  • Emergency/Next of Kin contact details

Personal Data Collection Channels

Personal data is collected directly from individuals, through;

 

  1. Applications for trainings
  2. Evaluations/surveys from interested parties e.g. clients, suppliers, and trainees.
  3. Social Media interactions through the company website and other social media networks that represent the company.
  4. Workshop events and (or) meetings interactions.

 

 

Personal Data Usage

 

Personal data is used for legitimate business purposes only, such as;

 

  • Training services: This is to acquire trainee/learner details, education background, and employment history as required per training.
  • Compliance with legal and regulatory requirements: Meeting tax, reporting, and other legal/regulatory obligations.
  • Client and vendor services: Providing training, assessment, and certification services’ delivery.
  • Recruitment and employment purposes: Evaluating employment applications as advertised/required by the company, and managing employee records.
  • Marketing and communication: Sending relevant information about our services and events.

Lawful Basis for Processing Personal Data

Personal data is processed on lawful basis, as applicable as follows:

  • Consent: Explicit consent is obtained for specific purposes, such as social media postings and marketing communications.
  • Contractual obligations: Data is obtained as required, to fulfill contractual agreements with interested parties (e.g., projects/training contracts, employment contracts).
  • Legal obligations: Personal data might be obtained/processed, as a requirement, to comply with laws and regulations.
  • Legitimate interests: Data might be used for the company’s legitimate interests, such as improving its services or preventing fraud, provided the interests do not override the fundamental rights and freedom of interested parties.

Data Storage and Security

 

The company takes appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. This includes secure data storage practices, access controls, and regular security assessments.

Data Retention

The company retains personal data for no longer than necessary for the purposes for which it was collected, considering legal and regulatory requirements. We have established data retention policies that define specific timeframes for deleting different types of personal data.

Rights for Interested parties

Under the relevant data protection regulations, interested parties have certain rights regarding their personal data. These may include:

 

  • Right to Access: Interested parties have the right to request a copy of their personal data held by Q-Training/TASC.
  • Right to Rectification: Interested parties have the right to request the correction of any inaccurate or incomplete personal data.
  • Right to Erasure: Interested parties have the right to request the deletion of their personal data under certain circumstances.
  • Right to Restriction of Processing: Interested parties have the right to restrict the processing of their personal data in certain situations.
  • Right to Object: Interested parties have the right to object to the processing of their personal data for marketing purposes.
  • Right to Data portability: Interested parties have the right to request the transfer of their personal data to another controller in a structured, commonly used, and machine- readable format.

Exercising One’s Rights

If any one (interested parties) wish to exercise any of their data protection rights, please contact our Data Protection Office through admin@tasc.co.ug

Disclaimer

This Data Protection Policy is for informational purposes only and should not be construed as legal advice. We recommend consulting with legal counsel for specific guidance on data protection compliance in Uganda.

 

Reference – The Data Protection Act 2019

 

https://ict.go.ug/wp-content/uploads/2019/03/Data-Protection-and-Privacy-Act-2019.pdf

This policy will be reviewed annually and be revised where necessary notification of any significant changes to the policy if any, shall be posted over the company website.