Enjoy free shipping on all orders over $99! Shop now and save on delivery costs.
0
0
0
  • No categories available
Sell on e-BETP

Privacy Policy

Version: 1.0

Audience: Vendors, Tourists, Guides, Artisans

Jurisdiction: Uganda Data Protection & Privacy Act, Cap 97

1. Introduction

This Privacy Policy explains in detail how e-BETP (operated by Likana Safaris Uganda Ltd) collects, uses, stores, secures, and shares your personal data when you use our platform. We are committed to transparency, security, and compliance with Ugandan law.

2. Data We Collect (Fully Detailed)

Below is a complete breakdown of each data point collected at this stage of the platform.

2.1 Identification Data

A. Customer or Vendor Contact Person Full Name

What it is: Your first name and last name.

Why we collect it:

  • To create and identify your account
  • To personalize communication
  • To verify vendor authenticity
  • To display the vendor/business contact person name on their public profile (for trust)

How it is used: Account display, receipts and confirmations, vendor verification.

Retention: As long as the account is active.

B. Business / Organization Name (Vendors)

What it is: The registered name of your craft shop, tourism business, or service entity.

Why we collect it:

  • To verify legitimacy
  • To display provider details to tourists
  • For invoicing and compliance (URA/UTB)

How it is used: Vendor profile, payout documents, compliance reporting.

Retention: 5 years after business deactivation (URA compliance rule).

2.2 Contact Information

A. Phone Number

What it is: The number you use to register and receive notifications.

Why we collect it:

  • To verify your identity
  • To send booking updates
  • For customer support and service coordination
  • For vendor payouts (mobile money integrations)

How it is used: SMS confirmations, password resets, vendor–customer communication (masked when needed).

Retention: As long as your account exists.

B. Email Address

What it is: An email used for login, receipts, and support.

Why we collect it:

  • Security notifications
  • Receipts and invoices
  • Communication with vendors or tourists (Users)
  • Account recovery

How it is used: Transaction emails, customer care, policy updates.

Retention: Active account lifetime.

2.3 Transaction Data

A. Payment Confirmation Tokens

What it is: Secure, encrypted references from payment processors (NOT your full card/mobile money details).

Why we collect it:

  • Verify payments
  • Process bookings
  • Track payouts to vendors

How it is used: Matching orders to successful payments, resolving disputes, financial reporting.

Retention: 5 years (URA requirement).

B. Order & Booking Details

What it is: Information on items purchased or tours booked, including:

  • Product/service name
  • Price
  • Vendor name
  • Dates of tours
  • Quantity

Why we collect it: To fulfill your order, to manage your bookings, to support dispute resolution.

How it is used: Receipts, vendor dashboards, delivery of services.

Retention: 5 years.

2.4 Platform Activity Data

A. Login History

What it is: Record of when and where your account logs in.

Why we collect it: Security monitoring, fraud detection, user support.

How it is used: Account protection, suspicious activity alerts, authentication troubleshooting.

Retention: 12–24 months.

B. Usage Logs

What it is: Pages visited, actions taken, buttons clicked — without tracking deeper behavioral analytics.

Why we collect it: To improve platform performance, understand user journeys, detect errors.

How it is used: Dashboard improvements, service reliability, troubleshooting.

Retention: 6–12 months.

2.5 Device & Technical Data

A. IP Address

What it is: The network address used when you connect to our platform.

Why we collect it: Security and fraud prevention, location-based service adjustments, error detection.

How it is used: Blocking suspicious activity, content optimization, system diagnostics.

Retention: 12 months.

B. Browser & Device Type

What it is: Your browser version (e.g., Chrome) and device type (e.g., mobile/desktop).

Why we collect it: To ensure the platform displays correctly, for bug fixes, to optimize website experience.

How it is used: UI/UX improvements, device compatibility enhancements.

Retention: 6–12 months.

C. Basic Cookies

What they are: Small data files stored on your device for:

  • Login/session management
  • Keeping you signed in
  • Remembering settings

Why we collect them: Security, smooth navigation, preventing repeated logins.

Retention: 7–30 days, depending on session settings.

3. Why We Use Your Data (Fully Detailed)

For each purpose, here is what we do and why:

A. Account Creation & Management
  • Validate identity
  • Manage user profiles
  • Authenticate access
B. Order & Booking Processing
  • Confirm payments
  • Generate receipts
  • Notify vendors and tourists
C. Vendor Payouts
  • Link vendor account to mobile money
  • Ensure compliance with tax and tourism regulations
D. Security & Fraud Prevention
  • Detect suspicious activity
  • Prevent unauthorized access
  • Investigate account misuse
E. Platform Performance
  • Identify bugs
  • Improve navigation
  • Understand service usage patterns
F. Compliance with Regulations

We comply with:

  • Uganda Data Protection & Privacy Act Cap 97
  • URA tax requirements
  • UCC consumer safety rules
  • UTB tourism quality standards

4. Legal Basis for Processing

We rely on:

  1. Consent: During onboarding and cookie acceptance.
  2. Contractual Necessity: Processing orders and vendor payments.
  3. Legal Obligation: Keeping financial records for URA, UCC, UTB.
  4. Legitimate Interest: Security, fraud prevention, service improvement.

5. Data Sharing (Detailed Explanation)

We only share your data with essential partners:

A. Payment Providers
  • MTN MoMo
  • Airtel Money
  • VISA/Pesapal

Shared Data: Payment token, transaction amount, order reference.

Why: To complete your booking or purchase.

B. Hosting & Cloud Providers

Shared Data: Encrypted account and session data.

Why: To operate the platform securely.

C. Regulatory Authorities

Shared Data (when required by law): Transaction totals, vendor details, compliance records.

Why: For audits or legal reporting.

D. Customer Support Tools

Shared Data: Email address, ticket content.

Why: To assist you when you submit a support request.

6. Data Protection Measures

We apply the following safeguards:

  1. Encryption (AES-256)
  2. Secure transmission (TLS 1.3)
  3. Password hashing (bcrypt/argon2)
  4. Limited access for authorized staff
  5. Activity logging and monitoring
  6. Regular security updates

7. Data Retention

Data Type Retention Period
Account details Active account lifetime
Payment records 5 years
Bookings/orders 5 years
Login logs 12–24 months
Cookies 7–30 days
Support messages 12–24 months

After expiry, data is securely deleted or anonymized.

8. User Rights and Responsibilities (Practical & Detailed)

It is the responsibility of every member/staff, or any person who comes across Personal Data on the e-BETP platform or third parties interacting with e-BETP staff, vendors, customers or agents to protect the platform's information or collected data.

e-BETP shall communicate any personal data breach to the data subject without undue delay.

e-BETP shall not process personal data for direct marketing purposes.

You (the data subject) may request at any time:

  1. Access: We provide a copy of your data.
  2. Correction: You can update inaccurate or outdated information.
  3. Deletion: We can delete your account and remove personal identifiers.
  4. Withdrawal of Consent: You can withdraw consent for communication or cookies.
  5. Objection: You may object to non-essential processing (e.g., marketing).

To exercise your rights: privacy@ebetp.africa

9. Children's Privacy

  • We do NOT collect information from children under 18 without guardian consent.
  • Vendors and tourists must comply with our Child Protection Policy.
  • Any violation leads to immediate suspension and reporting to authorities.

10. Data Breach Procedure

If a breach occurs:

  • We identify and contain the incident
  • Notify affected users within 72 hours
  • Notify UCC and NITA-U where required
  • Provide recommended safety steps
  • Document and investigate the cause

11. Updates to the Policy

We update this policy when:

  • Laws change
  • New features launch
  • Security practices evolve

Users will be informed of major updates.

Policy Compliance

Compliance Measurement

The organization will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits and feedback to the policy owner.

Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Definitions and Terms

“Personal Data” means information about a person from which the person can be identified, that is recorded in any form and includes data that relates to:

  1. The nationality, age or marital status of the person
  2. The educational level, or occupation of the person
  3. An identification number, symbol or other particulars assigned to a person
  4. Identity data
  5. Other information which is in the possession of or is likely to come into the possession of the data controller and includes an expression of opinion about the individual

“Data subject” means an individual from whom or in respect of whom personal information has been requested, collected, processed or stored.

12. Contact

Data Protection Officer (DPO)

Back to Home
Item added to cart!