GDPR Compliance

Your data protection rights and our commitment to privacy under European law

Our Commitment to GDPR

Magoba is fully committed to compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We have implemented comprehensive measures to ensure the protection of your personal data and respect for your privacy rights.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access

Article 15 - Access to your personal data and processing information

Right to Rectification

Article 16 - Correct inaccurate or incomplete personal data

Right to Erasure

Article 17 - "Right to be forgotten" - request data deletion

Right to Restrict Processing

Article 18 - Limit how your data is processed

Right to Data Portability

Article 20 - Receive your data in a portable format

Right to Object

Article 21 - Object to certain processing activities

Automated Decision Rights

Article 22 - Rights related to automated decision-making

How We Protect Your Data

Data Minimization

We only collect and process personal data that is necessary for the purposes for which it is processed.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Storage Limitation

Personal data is kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and kept up to date.

Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent (Article 6(1)(a))

Clear consent for specific purposes like marketing communications

Contract (Article 6(1)(b))

Necessary for performance of contract with you

Legal Obligation (Article 6(1)(c))

Necessary for compliance with legal obligations

Legitimate Interests (Article 6(1)(f))

Necessary for our legitimate interests, not overridden by your rights

Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO at:

Email: dpo@magobapp.com

Phone: +256-782804992, +256-701370823

Address: 112327 Mackay Rd, Nateete, Kampala, Uganda

Data Processing Records

We maintain detailed records of our data processing activities, including:

Purposes of processing

Categories of data subjects and personal data

Recipients of personal data

Data retention periods

Security measures implemented

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to:

Detection & Assessment

Detect and assess the breach

Authority Notification

Notify supervisory authority within 72 hours

Data Subject Notification

Inform affected subjects without undue delay

Documentation

Document all breaches and remedial actions

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

Adequacy decisions by the European Commission

Standard Contractual Clauses (SCCs)

Binding Corporate Rules (BCRs)

Certification schemes and codes of conduct

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month of receipt, though this may be extended by two months in complex cases.

Request Form

You can submit a data subject request using our online form or by contacting us directly. Please include:

Your full name and contact information

Description of the right you wish to exercise

Any relevant account information

Proof of identity (if required)

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant supervisory authority depends on your location:

UK

Information Commissioner's Office (ICO)

Ireland

Data Protection Commission (DPC)

Germany

Federal Commissioner for Data Protection and Freedom of Information

France

Commission Nationale de l'Informatique et des Libertés (CNIL)

Privacy by Design and Default

We implement privacy by design and default principles, ensuring that:

Data protection is considered from the outset of any new project

Privacy settings are set to the most privacy-friendly defaults

Only necessary data is collected and processed

Data is automatically deleted when no longer needed

Regular Audits and Reviews

We conduct regular audits and reviews of our data processing activities to ensure ongoing GDPR compliance, including:

Privacy Impact Assessments

Annual privacy impact assessments

Staff Training

Regular staff training on data protection

Vendor Assessments

Third-party vendor assessments

Security Assessments

Security vulnerability assessments

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data protection rights, please contact us:

Email: privacy@magobapp.com

Phone: +256-782804992, +256-701370823

Address: 112327 Mackay Rd, Nateete, Kampala, Uganda

Data Protection Officer: dpo@magobapp.com