Privacy Policy

1. Scope and Application

This Privacy Policy applies to all personal information collected by AfriTech ThinkLab through our various touchpoints, including our primary website, client portals, mobile applications, consulting services, data analytics platforms, and any other digital services we provide. The policy covers information collected from clients, prospective clients, website visitors, newsletter subscribers, event attendees, and any other individuals who interact with our organization.

As a technology company operating across multiple African jurisdictions, we ensure our privacy practices meet the highest standards applicable in any region where we operate. This includes compliance with international frameworks such as GDPR where applicable, as well as local data protection laws in Uganda, Kenya, Nigeria, South Africa, Ghana, and other African countries where we provide services.

2. Information We Collect

Personal and Contact Information

We collect personal information that you voluntarily provide to us when engaging with our services. This includes your full name, professional title, organization name, business email address, phone numbers, and physical business address. When you subscribe to our newsletters or register for events, we collect your communication preferences and areas of interest. For our consulting and custom development services, we may also collect additional professional information such as your role in decision-making processes, technical expertise level, and specific business requirements.

Business and Transactional Data

When you engage our services, we collect comprehensive business information necessary to deliver effective solutions. This includes detailed project requirements, organizational structure information, existing technology infrastructure details, business processes documentation, and performance metrics. For billing and payment processing, we collect financial information including billing addresses, payment method details, purchase history, and invoicing information. We maintain records of all business communications, including emails, meeting notes, project documentation, and service delivery records.

Technical and Usage Information

Our systems automatically collect technical information when you interact with our digital platforms. This includes your device's IP address, browser type and version, operating system, screen resolution, and general location information derived from your IP address. We track your navigation patterns on our website, including pages visited, time spent on each page, click-through rates, and download activities. For our web applications and client portals, we monitor usage patterns, feature utilization, performance metrics, and error logs to continuously improve service delivery and user experience.

Client Project Data

In the course of delivering our specialized services, we may have access to and process various types of client data. This can include business intelligence data, operational metrics, customer information, financial records, proprietary algorithms, and other confidential business information that you share with us for analysis, system integration, or consulting purposes. We treat all such information with the highest level of confidentiality and implement strict access controls and data handling procedures.

3. Legal Basis for Processing

We process your personal information based on several legal grounds, depending on the nature of our relationship and the specific processing activity. When you engage our services through a contract, we process information necessary for contract performance, including delivering services, managing your account, processing payments, and providing customer support. We also process information based on our legitimate business interests, such as improving our services, conducting market research, preventing fraud, and ensuring network security, provided these interests do not override your fundamental rights and freedoms.

For marketing communications and certain analytics activities, we rely on your explicit consent, which you can withdraw at any time. In some circumstances, we may process information to comply with legal obligations, such as tax reporting requirements, regulatory compliance, or responding to lawful requests from government authorities. We never process personal information for purposes that are incompatible with the original collection purpose without obtaining your consent or having another legal basis.

4. How We Use Your Information

Service Delivery and Account Management

We use your personal information primarily to deliver our comprehensive range of technology services effectively. This includes project planning and execution, custom software development, data analytics and business intelligence solutions, technology consulting, and ongoing support services. We maintain detailed client profiles to understand your specific needs, track project progress, manage deliverables, and ensure consistent service quality across all touchpoints. Your contact information enables us to provide timely updates, schedule meetings, deliver reports, and maintain ongoing communication throughout our business relationship.

Business Operations and Improvement

We analyze usage patterns and feedback to continuously enhance our service offerings and develop new solutions that better serve the African technology ecosystem. This includes conducting market research, identifying emerging trends in technology adoption across African markets, and developing targeted solutions for specific industry sectors. We use aggregated and anonymized data to create insights about technology adoption patterns, business transformation challenges, and opportunities for innovation across different African countries and industries.

Communications and Marketing

With your consent, we use your information to send relevant communications about our services, industry insights, upcoming events, and educational content that may interest you. Our marketing communications are tailored based on your industry, role, and expressed interests to ensure relevance and value. We maintain comprehensive communication preferences that allow you to control what types of information you receive and how frequently. All marketing communications include clear opt-out mechanisms, and we honor unsubscribe requests promptly.

5. Information Sharing and Disclosure

Service Providers and Partners

We work with carefully selected third-party service providers who assist us in delivering our services effectively. These may include cloud hosting providers, payment processors, email marketing platforms, customer relationship management systems, and specialized technology vendors. All service providers are bound by strict contractual agreements that require them to protect your information with the same level of care that we apply, use the information only for specified purposes, and implement appropriate technical and organizational security measures.

When collaborating with implementation partners or subcontractors on client projects, we ensure that appropriate data sharing agreements are in place and that all parties understand their obligations regarding data protection. We conduct due diligence on all partners to verify their security practices and compliance with applicable data protection laws.

Legal and Regulatory Requirements

We may disclose your personal information when required by law, regulation, or legal process, or when we believe disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others. This includes cooperating with law enforcement agencies, regulatory bodies, and government authorities when presented with valid legal requests. We will notify you of such disclosures when legally permitted to do so and will limit disclosure to the minimum necessary to comply with the legal requirement.

Business Transactions

In the event of a merger, acquisition, sale of assets, or other business transaction involving AfriTech ThinkLab, your personal information may be transferred to the acquiring entity. We will provide notice of such transfers and ensure that the receiving party commits to protecting your information under terms no less protective than those outlined in this Privacy Policy. You will be notified of any such transaction and provided with information about your choices regarding your personal information.

6. Data Security and Protection

We implement comprehensive security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security framework includes multiple layers of protection, starting with advanced encryption protocols for data both at rest and in transit. We use industry-standard AES-256 encryption for stored data and TLS 1.3 for data transmission, ensuring that your information remains protected throughout its lifecycle within our systems.

Access to personal information is strictly controlled through role-based access controls, multi-factor authentication, and regular access reviews. Our staff members receive comprehensive training on data protection principles and are bound by strict confidentiality agreements. We maintain detailed audit logs of all access to personal information and conduct regular security assessments, including penetration testing and vulnerability assessments, to identify and address potential security risks.

Our data centers and cloud infrastructure partners maintain internationally recognized security certifications, including ISO 27001, SOC 2 Type II, and other relevant compliance frameworks. We have established incident response procedures that enable us to quickly identify, contain, and resolve any security incidents while providing timely notification to affected individuals and relevant authorities as required by applicable laws.

7. International Data Transfers

As a company serving clients across all 54 African countries and potentially working with international technology partners, we may need to transfer your personal information across borders. We ensure that all international transfers are conducted in compliance with applicable data protection laws and are protected by appropriate safeguards. For transfers outside of Africa, we rely on adequacy decisions where available, Standard Contractual Clauses approved by relevant data protection authorities, or other legally recognized transfer mechanisms.

When selecting cloud services and technology partners, we prioritize providers with strong data localization capabilities and those that can demonstrate compliance with international data protection standards. We maintain detailed records of all international transfers and the safeguards applied to ensure transparency and compliance with regulatory requirements.

8. Your Privacy Rights

We respect your rights regarding your personal information and have established procedures to handle your requests promptly and effectively. You have the right to access your personal information and receive a copy of the data we hold about you, presented in a clear and understandable format. If you believe any information we hold is inaccurate or incomplete, you can request correction, and we will update our records accordingly after verifying the accuracy of the new information.

Under certain circumstances, you may request deletion of your personal information, and we will comply unless we have a legitimate reason to retain the information, such as ongoing contractual obligations or legal requirements. You also have the right to request restriction of processing in specific situations, such as when you contest the accuracy of your data or object to processing based on legitimate interests.

For your convenience, you can exercise many of these rights through your account settings or by contacting our Privacy Officer directly. We will respond to all requests within the timeframes required by applicable law, typically within 30 days, and will provide clear explanations if we cannot fulfill a request. There is no charge for most requests, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. For client relationship data, we typically retain information for the duration of our business relationship plus seven years to comply with business record retention requirements and potential legal claims. Marketing communications data is retained until you opt out of communications or close your account, whichever occurs first.

Technical logs and usage data are typically retained for shorter periods, generally not exceeding 24 months, unless longer retention is required for security or legal compliance purposes. We regularly review our data retention practices and delete information that is no longer necessary for business or legal purposes. When information is deleted, we ensure secure deletion using industry-standard data destruction methods.

10. Children's Privacy

Our services are designed for business and professional use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have inadvertently collected information from a child under 18, we will take immediate steps to delete such information from our systems and implement additional safeguards to prevent similar occurrences in the future.

Parents or guardians who believe we may have collected information from their child should contact us immediately using the contact information provided in this policy. We encourage parents and guardians to monitor their children's internet usage and to help enforce this policy by instructing their children never to provide personal information through our services without permission.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and platforms. Essential cookies are necessary for basic website functionality, including security, network management, and accessibility features. These cookies cannot be disabled without affecting the basic functionality of our services. Analytics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously, enabling us to improve our services and user experience.

Functional cookies enable enhanced functionality and personalization, such as remembering your preferences and settings. Marketing cookies may be used to track visitors across websites to display relevant advertisements and measure the effectiveness of our marketing campaigns, but only with your explicit consent. You can control cookie settings through your browser preferences, and we provide detailed information about our cookie usage in our Cookie Policy, which is available on our website.

12. Updates to This Privacy Policy

We regularly review and update this Privacy Policy to reflect changes in our practices, services, legal requirements, or industry standards. When we make material changes that affect how we collect, use, or protect your personal information, we will provide prominent notice through multiple channels, including email notification to registered users, website banners, and updates to our terms of service where applicable.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. The "Last Updated" date at the top of this policy indicates when the most recent changes were made. Continued use of our services after changes become effective constitutes acceptance of the updated policy, though we will seek additional consent for material changes that significantly expand our use of personal information.

13. Contact Information and Privacy Officer

We have designated a Privacy Officer who is responsible for overseeing our data protection practices, handling privacy-related inquiries, and ensuring compliance with applicable privacy laws. Our Privacy Officer is available to answer questions about this Privacy Policy, assist with exercising your privacy rights, and address any concerns you may have about how we handle your personal information.