1. Data Protection Policy Statement
Zorentia Schools is committed to implementing comprehensive data protection measures aimed at safeguarding all stakeholder data. We believe user privacy and data protection are fundamental rights.
We aim to be compliant with all relevant Laws and Regulations, including:
- Data Protection and Privacy Act, 2019 - Uganda
- Data Protection and Privacy Regulation 2020 - Uganda
- Data Protection and Privacy Regulations March 2021 – Uganda
- General Data Protection Regulation 2018 - EU
2. Types of Data We Handle
Our Data Protection Policy applies to all personal data of:
- School administrators and staff
- Students and their academic records
- Parents and guardians
- Service providers and partners
Personal data includes but is not limited to:
- Names and contact information
- Student academic records and attendance
- Financial records and payment information
- Staff employment records
- System usage data
3. Application of Laws
This Privacy Policy:
- Complements existing national data privacy laws
- Applies even in the absence of corresponding national legislation
- May be stricter than national or local laws in some cases
- Will defer to national law when conflicts arise
4. Data Protection Principles
- Data will be processed lawfully, fairly, and transparently
- Data will be collected for specified and legitimate purposes only
- Data collection will be limited to what is necessary
- Data will be kept accurate and up-to-date
- Data will be stored only as long as necessary
- Data will be processed securely and protected against unauthorized access
5. General Provisions
- The Chief Technical Officer is responsible for ongoing compliance
- This policy is reviewed bi-annually
- Zorentia Schools is registered with the Personal Data Protection Office
- All processing is done on lawful bases such as consent or legal obligation
6. Individual Rights
All individuals have the following rights regarding their data:
- Right to access their personal data
- Right to be informed about data collection and use
- Right to request data rectification
- Right to request data erasure
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Rights regarding automated decision-making
7. Data Transmission and Minimisation
- Data transmission requires authorization and subject consent
- Recipients must maintain equivalent protection levels
- Legal obligations may require data disclosure
- Only necessary data will be collected and processed
8. Data Security
We implement robust security measures including:
- Encryption during transmission and storage
- Secure backup systems
- Access controls and authentication
- Regular security audits
- Staff training on data protection
9. Data Retention and Archiving
- Data retention periods are defined for each data type
- Regular archiving policy reviews are conducted
- Secure deletion procedures are followed
- Archives are maintained for legal and historical purposes
10. Violations and Breaches
In case of violations or breaches:
- Immediate investigation will be launched
- Appropriate disciplinary action will be taken
- Authorities will be notified as required
- Affected individuals will be informed
- Incident reports will be documented
11. Implementation
- Regular staff training is conducted
- Compliance is monitored continuously
- Policy is reviewed and updated regularly
- Documentation is maintained
12. Contact Information
For privacy-related inquiries, please contact us at: