Privacy Policy

Here is a revised  Privacy Policy for Border Zones Security Company Limited (the “Company”, “we”, “us”, or “our”) which incorporates key provisions of the Data Protection and Privacy Act, 2019 of Uganda (the “Act”). You should review this draft with your legal counsel to ensure it meets all applicable laws, fits your specific operations (especially given your security-services context), and is adapted to your actual data flows.

1. Introduction

Border Zones Security Company Limited is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with our security services, visit our offices, use our website or contact us, and how we comply with Uganda’s Data Protection and Privacy Act, 2019 (the “Act”).

2. Scope

This policy applies to all personal information we collect about:

• Clients and prospective clients seeking our security services;

• Employees, contractors, job-applicants;

• Visitors to our website or to our business premises;

• Other individuals whose information is processed in connection with our business (such as subcontractors, suppliers, service providers).
  This policy governs personal data collected, processed, held or used within Uganda, and personal data relating to Ugandan citizens even if processed outside Uganda (as per the Act). RSM Global+2Ulii+2

3. Definitions (in-line with the Act)

• Personal data / personal information: information about a person from which the person can be identified (including age, marital status, education level, occupation, identification number, etc.) Ulii+1

• Data subject: the individual to whom personal data relates. Ulii+1

• Data controller / data collector: a person or organisation that determines the purposes and means of processing personal data. Ulii+1

• Data processor: a person or organisation (other than an employee of controller) who processes data on behalf of the controller. Ulii

• Processing: any operation performed on personal data, such as collection, storage, retrieval, use, disclosure, destruction. GCIC Uganda

4. The Seven Principles (as per the Act)

As required by the Act, when we handle personal data we will ensure compliance with these principles:

• Accountability to the data subject. Mondaq

• Fair and lawful collection and processing. Ulii+1

• Adequate, relevant and not excessive data in relation to the purposes. Ulii

• Retention only for the period authorised by law or purpose. Mondaq+1

• Ensuring quality (accuracy) of the information. Mondaq+1

• Ensuring transparency and participation of the data subject. Ulii

• Observing security safeguards for the personal data. KAA Uganda+1

5. Information We Collect

We may collect the following categories of personal information:

• Identity and contact information: name, address, telephone number, email, organisation etc.

• Service-related information: nature of security services required (site details, access logs, incident reports, CCTV footage where relevant and permitted by law).

• Transactional information: contract details, billing and payment records.

• Employment / HR information (for staff or applicants): CV/resume, employment history, certifications, references, background check data.

• Technical and usage information: IP address, website usage data, system logs if applicable.

• Sensitive / “special category” data (if applicable): For example, criminal conviction data or security risk assessments may be processed — the Act places special restrictions here. KAA Uganda+1

6. How We Use Your Information

We may use your personal data for purposes including:

• Provision, delivery and management of our security services (site monitoring, incident response, reporting).

• Risk assessments, compliance, audits and investigations.

• Communication with clients, employees, contractors and service providers.

• Billing, accounting, business administration.

• Recruitment, hiring, training, HR management.

• Improving our website and services, monitoring usage, enhancing security of our systems.

• Ensuring compliance with legal, regulatory or contractual obligations.

• In limited cases, for direct marketing (only where permitted and with consent).

7. Legal Basis & Consent

Under the Act, we will collect and process personal data only where we have the data subject’s prior consent or where the processing is authorised or required by law (for example, performance of a contract, compliance with legal obligation, prevention of crime). Mondaq
In cases where we rely on consent, that consent will be freely given, specific, informed and unambiguous.
Where sensitive data or special categories are processed, we will apply the stricter conditions under the Act (e.g., special purposes, clear consent). Ulii+1

8. How We Share Your Information

We may share personal data with:

• Subcontractors, service providers or suppliers assisting in service delivery (e.g., CCTV monitoring, alarm-systems maintenance, access-control vendors).

• Clients or their authorised representatives (for the purposes of providing the security services).

• Regulatory, law-enforcement or government authorities, where obliged by law (for example pursuant to legal investigations or statutory duties).

• Our insurers, professional advisors, auditors, legal advisors.

• In the event of a sale, merger or restructuring of the Company, personal data may be transferred as part of that transaction (with an appropriate notice and safeguards).
  We will ensure that any third party we share data with is compliant with the Act (and any applicable regulations) and has adequate protections in place.

9. Transfers of Data Outside Uganda

If we transfer personal data outside Uganda (including storing or processing in another country), we will ensure that the destination country provides adequate protection (equivalent to what is required under the Act) or the data subject has given consent for the transfer. Ulii+1

10. Security of Your Information

We take reasonable technical, administrative and organisational measures to protect your personal information from unauthorised access, disclosure, alteration or destruction. For example: access control, encryption where appropriate, physical security of offices and servers, staff training, vendor management.
Under the Act, the controller/processor must identify reasonably foreseeable internal and external risks and maintain safeguards, verify them periodically and update them as needed. KAA Uganda

11. Data Retention

We will retain your personal data only as long as necessary for the purpose for which it was collected, or as required by law (for example contractual, insurance, regulatory obligations). At the expiry of the retention period, we will securely delete, destroy or anonymise the data in a manner that prevents its reconstruction. Ulii+1

12. Your Rights (under the Act)

As a data subject under the Act you have the following rights:

• The right to access your personal information held by us and to obtain a copy of it. Mondaq+1

• The right to correct, update or delete your personal information where it is inaccurate, incomplete, outdated or processed in contravention of the Act. KAA Uganda

• The right to object to processing of your personal data which causes or is likely to cause unwarranted substantial damage or distress to you. Mondaq

• The right to prevent processing of your personal data for direct marketing. Mondaq

• The right to lodge a complaint with the regulatory authority, Personal Data Protection Office (under National Information Technology Authority–Uganda) if you believe your rights under the Act have been infringed. GCIC Uganda

• The right to compensation for damage or distress caused by failure to comply with the Act. Mondaq

If you wish to exercise one of your rights, or have a question about our data processing, you may contact us (see Section 15).

13. Collection & Processing of CCTV / Access-Control / Biometric Data

Given our role as a security services provider, we may collect and process personal data through CCTV, access-control systems, biometric scans, guard logs, incident recordings.

• We will ensure that such processing is necessary, proportionate and in compliance with the Act (including the requirement that personal data not be processed in a way that infringes on the privacy of the data subject). KAA Uganda

• If such data qualifies as special category or sensitive data (e.g., biometric, criminal history), we will ensure we have appropriate legal basis, obtain explicit consent (where required), or rely on other permissible ground (e.g., prevention of crime, performance of contract).

• We will inform individuals subject to CCTV/biometric processing (where feasible) by signage, notices or otherwise with information about this processing, and their rights.

• We will delete or securely anonymous such data after the retention period has expired (or earlier if no longer needed for the service) in line with our retention policy.

14. Data Processor / Subcontractor Obligations

We require that any service provider, subcontractor or vendor (data processor) we engage:

• only processes data on our documented instructions;

• implements appropriate technical and organizational security measures;

• assists us in complying with data subject rights (access, correction, deletion);

• not engage another sub-processor without our prior authorisation;

• if outside Uganda, ensures appropriate safeguards for data transfer;

• enters into a written contract with us setting out these obligations.

15. Contact Us / Data Protection Officer

If you have any questions, requests or complaints regarding this Privacy Policy or our information practices, please contact:
Border Zones Security Company Limited
Address: Kampala
Email: admin@borderzonesecurity.com
Phone: 0705832007
We have appointed a Data Protection Officer (DPO) who can be contacted at [Insert DPO Email] and will serve as the point of contact for data-protection matters within our organization, in accordance with the Act. Mondaq

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory updates (including changes to the Act or Regulations thereunder). The revised version will be posted on our website and, where appropriate, we will notify you through other communication channels. Your continued use of our services after changes means you accept the updated policy.

17. Effective Date

This Privacy Policy is effective as of 1 November 2025

Bottom of Form

Here is a revised  Privacy Policy for Border Zones Security Company Limited (the “Company”, “we”, “us”, or “our”) which incorporates key provisions of the Data Protection and Privacy Act, 2019 of Uganda (the “Act”). You should review this draft with your legal counsel to ensure it meets all applicable laws, fits your specific operations (especially given your security-services context), and is adapted to your actual data flows.

1. Introduction

Border Zones Security Company Limited is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you engage with our security services, visit our offices, use our website or contact us, and how we comply with Uganda’s Data Protection and Privacy Act, 2019 (the “Act”).

2. Scope

This policy applies to all personal information we collect about:

• Clients and prospective clients seeking our security services;

• Employees, contractors, job-applicants;

• Visitors to our website or to our business premises;

• Other individuals whose information is processed in connection with our business (such as subcontractors, suppliers, service providers).
  This policy governs personal data collected, processed, held or used within Uganda, and personal data relating to Ugandan citizens even if processed outside Uganda (as per the Act). RSM Global+2Ulii+2

3. Definitions (in-line with the Act)

• Personal data / personal information: information about a person from which the person can be identified (including age, marital status, education level, occupation, identification number, etc.) Ulii+1

• Data subject: the individual to whom personal data relates. Ulii+1

• Data controller / data collector: a person or organisation that determines the purposes and means of processing personal data. Ulii+1

• Data processor: a person or organisation (other than an employee of controller) who processes data on behalf of the controller. Ulii

• Processing: any operation performed on personal data, such as collection, storage, retrieval, use, disclosure, destruction. GCIC Uganda

4. The Seven Principles (as per the Act)

As required by the Act, when we handle personal data we will ensure compliance with these principles:

• Accountability to the data subject. Mondaq

• Fair and lawful collection and processing. Ulii+1

• Adequate, relevant and not excessive data in relation to the purposes. Ulii

• Retention only for the period authorised by law or purpose. Mondaq+1

• Ensuring quality (accuracy) of the information. Mondaq+1

• Ensuring transparency and participation of the data subject. Ulii

• Observing security safeguards for the personal data. KAA Uganda+1

5. Information We Collect

We may collect the following categories of personal information:

• Identity and contact information: name, address, telephone number, email, organisation etc.

• Service-related information: nature of security services required (site details, access logs, incident reports, CCTV footage where relevant and permitted by law).

• Transactional information: contract details, billing and payment records.

• Employment / HR information (for staff or applicants): CV/resume, employment history, certifications, references, background check data.

• Technical and usage information: IP address, website usage data, system logs if applicable.

• Sensitive / “special category” data (if applicable): For example, criminal conviction data or security risk assessments may be processed — the Act places special restrictions here. KAA Uganda+1

6. How We Use Your Information

We may use your personal data for purposes including:

• Provision, delivery and management of our security services (site monitoring, incident response, reporting).

• Risk assessments, compliance, audits and investigations.

• Communication with clients, employees, contractors and service providers.

• Billing, accounting, business administration.

• Recruitment, hiring, training, HR management.

• Improving our website and services, monitoring usage, enhancing security of our systems.

• Ensuring compliance with legal, regulatory or contractual obligations.

• In limited cases, for direct marketing (only where permitted and with consent).

7. Legal Basis & Consent

Under the Act, we will collect and process personal data only where we have the data subject’s prior consent or where the processing is authorised or required by law (for example, performance of a contract, compliance with legal obligation, prevention of crime). Mondaq
In cases where we rely on consent, that consent will be freely given, specific, informed and unambiguous.
Where sensitive data or special categories are processed, we will apply the stricter conditions under the Act (e.g., special purposes, clear consent). Ulii+1

8. How We Share Your Information

We may share personal data with:

• Subcontractors, service providers or suppliers assisting in service delivery (e.g., CCTV monitoring, alarm-systems maintenance, access-control vendors).

• Clients or their authorised representatives (for the purposes of providing the security services).

• Regulatory, law-enforcement or government authorities, where obliged by law (for example pursuant to legal investigations or statutory duties).

• Our insurers, professional advisors, auditors, legal advisors.

• In the event of a sale, merger or restructuring of the Company, personal data may be transferred as part of that transaction (with an appropriate notice and safeguards).
  We will ensure that any third party we share data with is compliant with the Act (and any applicable regulations) and has adequate protections in place.

9. Transfers of Data Outside Uganda

If we transfer personal data outside Uganda (including storing or processing in another country), we will ensure that the destination country provides adequate protection (equivalent to what is required under the Act) or the data subject has given consent for the transfer. Ulii+1

10. Security of Your Information

We take reasonable technical, administrative and organisational measures to protect your personal information from unauthorised access, disclosure, alteration or destruction. For example: access control, encryption where appropriate, physical security of offices and servers, staff training, vendor management.
Under the Act, the controller/processor must identify reasonably foreseeable internal and external risks and maintain safeguards, verify them periodically and update them as needed. KAA Uganda

11. Data Retention

We will retain your personal data only as long as necessary for the purpose for which it was collected, or as required by law (for example contractual, insurance, regulatory obligations). At the expiry of the retention period, we will securely delete, destroy or anonymise the data in a manner that prevents its reconstruction. Ulii+1

12. Your Rights (under the Act)

As a data subject under the Act you have the following rights:

• The right to access your personal information held by us and to obtain a copy of it. Mondaq+1

• The right to correct, update or delete your personal information where it is inaccurate, incomplete, outdated or processed in contravention of the Act. KAA Uganda

• The right to object to processing of your personal data which causes or is likely to cause unwarranted substantial damage or distress to you. Mondaq

• The right to prevent processing of your personal data for direct marketing. Mondaq

• The right to lodge a complaint with the regulatory authority, Personal Data Protection Office (under National Information Technology Authority–Uganda) if you believe your rights under the Act have been infringed. GCIC Uganda

• The right to compensation for damage or distress caused by failure to comply with the Act. Mondaq

If you wish to exercise one of your rights, or have a question about our data processing, you may contact us (see Section 15).

13. Collection & Processing of CCTV / Access-Control / Biometric Data

Given our role as a security services provider, we may collect and process personal data through CCTV, access-control systems, biometric scans, guard logs, incident recordings.

• We will ensure that such processing is necessary, proportionate and in compliance with the Act (including the requirement that personal data not be processed in a way that infringes on the privacy of the data subject). KAA Uganda

• If such data qualifies as special category or sensitive data (e.g., biometric, criminal history), we will ensure we have appropriate legal basis, obtain explicit consent (where required), or rely on other permissible ground (e.g., prevention of crime, performance of contract).

• We will inform individuals subject to CCTV/biometric processing (where feasible) by signage, notices or otherwise with information about this processing, and their rights.

• We will delete or securely anonymous such data after the retention period has expired (or earlier if no longer needed for the service) in line with our retention policy.

14. Data Processor / Subcontractor Obligations

We require that any service provider, subcontractor or vendor (data processor) we engage:

• only processes data on our documented instructions;

• implements appropriate technical and organizational security measures;

• assists us in complying with data subject rights (access, correction, deletion);

• not engage another sub-processor without our prior authorisation;

• if outside Uganda, ensures appropriate safeguards for data transfer;

• enters into a written contract with us setting out these obligations.

15. Contact Us / Data Protection Officer

If you have any questions, requests or complaints regarding this Privacy Policy or our information practices, please contact:
Border Zones Security Company Limited
Address: Kampala
Email: admin@borderzonesecurity.com
Phone: 0705832007
We have appointed a Data Protection Officer (DPO) who can be contacted at [Insert DPO Email] and will serve as the point of contact for data-protection matters within our organization, in accordance with the Act. Mondaq

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory updates (including changes to the Act or Regulations thereunder). The revised version will be posted on our website and, where appropriate, we will notify you through other communication channels. Your continued use of our services after changes means you accept the updated policy.

17. Effective Date

This Privacy Policy is effective as of 1 November 2025

Bottom of Form