© 2025 OIET. Created with ❤️ using WordPress and Kubio

Privacy Policy

OTIC INSTITUTE OF EMERGING TECHNOLOGIES LIMITED DATA PRIVACY
AND PROTECTION POLICY


1.0 INTRODUCTION


At OTIC INSTITUTE OF EMERGING TECHNOLOGIES LIMITED, we are
committed to ensuring the lawful, secure, and ethical collection, use, and
management of personal and institutional data and protecting of the right to
privacy of our data subjects (our customers, employees, and other stake
holders). This data privacy and protection policy outlines the guidelines,
principles and procedures that govern how OTIC INSTITUTE OF EMERGING
TECHNOLOGIES LIMITED (herein after referred to as “the Company”, “we”,
or “us”) collects, processes, stores, shares, and disposes of data in a bid to
ensure the protection and privacy of personal. It is designed to comply with
the Data Privacy and Protection Laws of Uganda and the Regulations thereto.


2.0 DEFINITIONS


2.1 Data: means information which —
a) is processed by means of equipment operating automatically in response
to instructions given for that purpose;
b) is recorded with the intention that it should be processed by means of such
equipment;
c) is recorded as part of a relevant filing system or with the intention that it
should form part of a relevant filing system; or
d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible
record;
2.2 Personal Data: means information about a person from which the person
can be identified, that is recorded in any form and includes data that relates to —
a) the nationality, age or marital status of the person;
b) the educational level, or occupation of the person;
c) an identification number, symbol or other particulars assigned to a person;
identity data; or

d) other information which is in the possession of, or is likely to come into the
possession of the data controller and includes an expression of opinion
about the individual;

2.3 Data subject: means an individual from whom or in respect of whom personal
information has been requested, collected, collated, processed or stored;
2.4 Data collector: means a person who collects personal data;
2.5 Data Controller: means a person who alone, jointly with other persons or in
common with other persons or as a statutory duty determines the purposes
for and the manner in which personal data is processed or is to be processed;
2.6 Data Processor: means a person other than an employee of the data
controller who processes the data on behalf of the data controller;
2.7 Policy: means the OTIC INSTITUTE OF EMERGING TECHNOLOGIES
LIMITED Privacy and Protection Policy.

3.0 SCOPE

3.1 This Data Protection and Privacy policy is a critical need to the company
because it is a move to adhere to the lawful requirement a data collector,
controller or processor.
3.2 All the provisions therein apply and must be adhered to by all employees/staff,
volunteers, contractors and third-party service providers so as the Company
to meet the four corners of the law.
3.3 This policy covers data protection, records management, information security
and provides links to other policies and procedures on the three areas.

4.0 POLICY STATEMENT

4.1 OTIC INSTITUTE OF EMERGING TECHNOLOGIES LIMITED is committed
to protect the privacy, integrity and authenticity of all personal data that is
collected and processed from all data subjects and to address all complaints
which may arise in case of mishandling of the same.

5.0 DATA PROTECTION PRINCIPLES AND DATA SUBJECT RIGHTS


5.1 Data Protection Principles
OTIC INSTITUTE OF EMERGING TECHNOLOGIES LIMTED is committed to
upholding the following principles of data protection: –
(a) the Company be accountable to the data subject for data collected,
processed held or used;
(b) the Company shall collect and process data fairly and lawfully;
(c) the Company shall collect, process, use or hold adequate, relevant and not
excessive or unnecessary personal data;
(d) the Company shall retain personal data for the period authorized by law or
for which the data is required;
(e) the Company ensure quality of information collected, processed, used or
held;
(f) the Company shall ensure transparency and participation of the data
subject in the collection, processing, use and holding of the personal data;
and
(g) the Company shall at all times observe security safeguards in respect of
the data.

5.2 Data subject Rights.

(a) A data subject has the right to request for the correction of his or her personal
data.
(b) A data subject has the right to know the purpose for which personal data is
being collected.
(c) A data subject has the right to request for the erasing of any personal data the
company holds on him or her.
(d) A data subject has the right to withdraw his or her consent at anytime in
relation to collecting, controlling and processing of the personal data.
(e) A data subject has the right to lodge complaints with the National Data
Protection Office.

6.0 REPORTING DATA SECURITY BREACHES


All employees and contractors shall immediately report all security breaches
that involve personal data to the Data Protection Officer of the Company and
in return the DPO shall take all reasonable steps to remedy the breach.

6.1 Steps to be taken in case of a security breach.

6.1.1 Containment and Initial Response
The employees should take immediate action to stop the breach and prevent
further unauthorized access to personal data.
The employees should at all material times isolate the affected systems or
devices from the network to prevent further damage and should preserve
save logs, system data, and other relevant information that may be useful for
investigations.

6.1.2 Notification
The employees should notify the following persons in case of any security
breach;
Internal stakeholders
The Data Protection Officer of the Company providing him or her detailed
information about the incident or breach.
The management of the Company and IT and security team.
External stakeholders.
The data subjects to whose personal data has fallen victim to the breach.
The Personal Data Protection Office.
The Police.
6.1.3 Notify the affected individuals.
The Data Protection Officer shall maintain transparent communication with all
data subjects whose data was affected by the breach and provide clear
information about; what happened, the potential risks and consequences and
the steps that can be taken to protect themselves e.g. monitoring the
accounts, changing passwords etc.
6.1.4 Cooperate with investigations.
All employees should collaborate with internal and external investigators to
determine the cause of the breach and implement measures to prevent further
breaches.

7.0 STAFF AWARENESS.
7.1 All staff members shall be availed with a copy of this policy whenever possible
by the company and in the alternative, the staff members can access the
same on the Company website.

7.2 A summary of the data protection guidelines and procedures of the Company
will be pinned on a notice board that will be in a conspicuous place at the
Company premises.

8.0 POLICY COMPLIANCE
8.1 All staff must at all times comply with the policy and in case of non compliance by
any staff member, he or she shall be subjected to any of the following disciplinary
actions;
A reprimand.
Suspension for 1 month and without pay.
Dismissal from employment.

9.0 CONTACT INFORMATION
9.1 The following are the contacts to reach out to in case of any question in line with
data protection and privacy in the company;
legal@oiet.ac.ug (Head Legal Department, OTIC INSTITUTE OF EMERGING
TECHNOLOGIES LIMITED)

10.0 REVIEW AND APPROVAL
10.1 All policies and procedures are reviewed by the Head Legal department and
then forwarded to the CEO for approval.

At Otic Institute of Emerging Technologies, we are committed to excellence in education, innovation, and skill development. Empowering future leaders with cutting-edge knowledge and practical expertise.

Useful links
Get in touch with us

Call Us On : +256 756722263 / +256 706867547

Email Us At : info@oiet.ac.ug

Find Us AtInnovation Hub, Nakawa

© 2025 OIET