Grooply

PRIVACY POLICY

INTRODUCTION

Thank you for choosing ioTec Limited. We, as a data collector, controller, and processor, respect your privacy and are committed to protecting your personal data and the personal data of third parties that you provide to us. This Privacy Notice is a summary of our Privacy Policy and describes how we collect, use, disclose, transfer, store or otherwise process your personal data and tells you about your privacy rights and how the law protects you. For the full version of the Privacy Policy, please see here or contact us for a copy.

PURPOSE

The purpose of this Privacy Notice is to inform you about how ioTec Limited collects and processes your personal data. This Notice outlines the types of data we collect, the legal bases for its processing, how we store and protect it, and the rights you have regarding your personal information.

DEFINITIONS
  • 1. Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • 2. Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
  • 3. Data Subject means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
  • 4. Personal Data means any information relating to you as an identified or identifiable natural person. In order for us to provide the services you have requested from us, it is necessary that we collect and process personal data from you.
  • 5. Data Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as a) collection, b) recording, c) organisation, d) structuring, e) storage, f) adaptation or alteration, g) retrieval, h) consultation, i) use, j) disclosure by transmission, k) dissemination or otherwise making available, l)alignment or combination, m) restriction, n) erasure or o) destruction.
  • 6. Consent means an agreement which must be express, freely given, specific, informed and be an unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear positive action, signify agreement to the Processing of personal data relating to them.
  • 7. ioTec means ("we," "us," or "our", "the Company")
RIGHTS OF DATA SUBJECTS

As a data subject, you have the following rights:

  • • The right to be informed: You have the right to be informed about the collection and use of your personal data.
  • • The right of access: You have the right to access the personal data that ioTec Limited holds about you.
  • • The right to rectification: You can request correction of inaccurate or incomplete personal data.
  • • The right to erasure (to be forgotten): You can request the deletion of your personal data in certain circumstances, including: a) If the data is no longer needed for the purpose for which it was originally collected, b) If you withdraw consent (where processing is based on consent) and no other legal grounds for processing apply, c) If you object to processing.
  • • The right to restrict processing: You can request that ioTec Limited restrict the processing of your personal data under specific circumstances, including: a) When you contest the accuracy of the data. In this case, processing will be restricted until we verify the accuracy. b) If the processing is unlawful but you oppose the erasure of your data and instead request restriction of its use. c) If you have objected to processing pending the verification of whether ioTec Limited's legitimate grounds override your rights as a data subject.
  • • The right to data portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable format (e.g., CSV, XML) and transfer that data to another controller. This applies when: a) The processing is based on consent or contract, and b) The processing is carried out by automated means. This right allows for easier transfer of personal data between service providers. It ensures that you can move, copy, or transmit your data seamlessly from one IT environment to another without hindrance.
  • • The right to object: You have the right to object to the processing of your personal data in certain situations e.g. a) direct marketing, b) Processing based on legitimate interests (You can object to processing based on our legitimate interests or those of a third party, unless we can demonstrate compelling legitimate grounds that override your rights and freedoms.)
  • • Rights in relation to automated decision making and profiling: You have the right not to be subject to decisions made solely based on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
THE TYPES OF PERSONAL DATA THAT WE COLLECT

We may collect and process the following categories of personal data:

  • • Personal Identification Information: Name, national identification number, passport details, gender, age, tribe, nationality etc.
  • • Contact Information: Phone number, email address, physical address.
  • • Financial Data: Bank details, credit history, transaction records.
  • • Biometric Data: Fingerprints, facial recognition data (when applicable).
  • • Communication Records: Any correspondence between you and us.
  • • Technical Data: IP address, browser type, login information, location data.

If we require information about other people connected to you, we may request you to provide such information. If you are providing information about another person, please ensure that they know you are doing so and are content with the information being provided to us. It might be helpful to show them this Privacy Notice and direct them to us if they have any concerns.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal data from multiple sources, including but not limited to:

  • • Self-Onboarding: Through registration for our products and services.
  • • Public Agencies: From government institutions such as the National Identification and Registration Authority (NIRA) and Uganda Registration Services Bureau (URSB).
  • • Telecommunication Companies: Data from your mobile service providers.
  • • Credit Reference Bureaus: Creditworthiness and financial data.
  • • Third-Party Service Providers: As necessary for service delivery or legal compliance.

For the most part, we will collect personal data through our website and this may include personal data you provide when you apply for our products or services, make enquiries, register for our products offered through the online platform, request marketing information to be sent to you, give us feedback or contact us. In some instances, we may collect and receive your personal data from third parties or publicly available sources including the National Identification and Registration Authority (NIRA), Uganda Registration Services Bureau, Credit Reference Bureaus, Telecommunication Companies among others.

HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE HAVE FOR PROCESSING YOUR PERSONAL DATA?

We use your personal data, including sensitive personal data in certain instances, for the following purposes:

  • • To consider your application for our products and services and for initiating your contract in relation to our products and services.
  • • To provide you with our products and services.
  • • To meet our legal and regulatory obligations.
  • • To maintain consistent practices and procedures across the Company.
  • • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.
  • • To provide you with optimized marketing analytics and information about our products and services that we consider may be of interest to you.

In this regard, we rely on the following lawful basis for processing your personal data:

Performance of a contract: Including setting up and administering a contract for our products and services.

Legal and regulatory obligations: Compliance with our legal and regulatory obligations such as KYC obligations under different statutes including the National Payment Systems Act 2020, and Anti Money Laundering Act 2013, etc.

Consent: We will also rely on your consent as a lawful basis for processing your personal data in the instances where we (a) process personal data relating to a child; (b) process sensitive personal data outside Uganda; and (c) provide you with marketing information; and

Legitimate interests: for our legitimate business interests, including product and service improvement, prevention, and detection of fraud.

In the event that you fail to provide us with your personal data when requested, we may not be able to perform the contract we have or that we wish to enter into with you. In that case, we may have to cancel a product or service you have with us.

You have the right to withdraw your consent to our processing of your personal data at any time but please note, that your withdrawal will not affect the lawfulness of our processing of your personal data which was based on prior consent before your withdrawal, or which is based on other legal basis for processing of your personal data. Please further note we may not be able to provide you with our products and services if you withdraw your consent.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In connection with the above purposes, we may share your personal data with third parties located within and outside Uganda such as public authorities, or governments when required by law, third-parties whom we have partnered with to provide you with our products and services including those service providers who provide marketing and advertising services. We take steps to ensure that any data transferred outside Uganda is protected in accordance with Uganda's Data Protection and Privacy Act, 2019, and any applicable international standards. In that connection, we will take adequate steps to protect your personal data including entering into agreements with third-party recipients of your personal data (as applicable) governing the protection of personal data.

STORING OF PERSONAL DATA OUTSIDE UGANDA

By using ioTec's services and providing us with your personal data, you CONSENT to its transfer and storage outside Uganda. ioTec remains committed to handling your data responsibly and ensuring that it is processed in accordance with your rights and the applicable data protection principles outlined in the applicable Data protection laws.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

RETENTION AND STORAGE OF YOUR PERSONAL DATA

We will only retain your personal data for as long as may be necessary to fulfil the purpose we collected it for including for the purposes of satisfying any legal regulatory, tax, accounting, or reporting obligations.

KEEPING YOUR DATA UP-TO-DATE

We regularly review and update our privacy practices against our Records of Processing Activities to ensure your data remains secure and the information is up to date.

REVIEW DATE

This Data Privacy Notice will be reviewed annually or as required by changes in the regulatory environment.

COMPLAINTS PROCEDURE

If you wish to make a complaint about how your personal data has been handled, you can contact us via:

Email: support@iotec.io

Phone: 0200903894

Company
Social
All Rights Reserved.© 2025