This Privacy Policy explains how Eirmond ("we", "us", or "our") collects, uses, stores, and protects your personal data. We are committed to safeguarding your privacy in accordance with the Data Protection and Privacy Act, 2019 (Act No. 9 of 2019) of the Republic of Uganda and its implementing regulations.
Eirmond is registered with the Personal Data Protection Office (PDPO) under the National Information Technology Authority-Uganda (NITA-U), as required by Section 29 of the Act.
The data controller responsible for your personal data is:
Eirmond
AHA Towers, Lodel Road, Nakasero — Kampala, Uganda
Email: info@eirmondserv.com
Phone: +256 785 081 034
In accordance with Section 6 of the Act, we have designated a Data Protection Officer who is responsible for ensuring our compliance with the Act. For any data protection enquiries, please contact us using the details above.
In line with Section 12 (collection for a specific purpose) and Section 14 (data minimality) of the Act, we only collect personal data that is necessary for and directly related to our business functions. This may include:
We do not collect special personal data (as defined in Section 9 of the Act) — including data relating to religious beliefs, political opinions, sexual life, financial information, or health status — unless explicitly required for a specific engagement and with your express consent.
In accordance with Section 11 of the Act, we collect personal data directly from you through:
As required by Section 13 of the Act, we inform you of the nature, category, and purpose of data collection before or at the time of collection.
Under Section 7 of the Act, we process your personal data only where we have a lawful basis to do so. Our processing activities and their legal bases include:
| Purpose | Legal Basis (Section 7) |
|---|---|
| Providing software development services | Performance of a contract |
| Responding to enquiries | Your consent |
| Sending project updates and invoices | Performance of a contract |
| Improving our website and services | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
We do not process your personal data for purposes beyond those for which it was originally collected, unless we obtain your consent or are permitted to do so under Section 17 of the Act.
Where our processing of your personal data is based on consent, that consent must be freely given, specific, informed, and unambiguous, as defined in Section 2 of the Act.
You have the right to withdraw your consent at any time by contacting us at info@eirmondserv.com. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
In accordance with Section 8 of the Act, we do not knowingly collect personal data from children without the consent of a parent or guardian. Our services are directed at businesses and organisations, not at children. If we become aware that we have collected a child's personal data without proper consent, we will take steps to delete it promptly.
We may share your personal data with the following categories of recipients:
We do not sell, rent, or trade your personal data to any third party (Section 37 of the Act makes the sale of personal data a criminal offence punishable by imprisonment of up to 10 years).
In the course of providing our services, your personal data may be transferred to and stored in countries outside Uganda — for example, where we use cloud-based infrastructure or third-party tools hosted internationally.
In accordance with Section 19 of the Act, we ensure that any country to which your data is transferred has adequate data protection measures in place that are at least equivalent to those provided under the Act. Where adequacy has not been established, we will obtain your specific consent for the transfer, taking into consideration the nature of the personal data involved.
Under Section 18 of the Act, we retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Specifically:
Once the retention period expires, personal data is securely deleted or de-identified in accordance with the Act.
You may request the deletion of your personal data at any time by emailing us at info@eirmondserv.com with the subject line "Data Deletion Request". We will process your request within thirty (30) days. Please note that we may be required to retain certain data where there is a legal or regulatory obligation to do so, in which case we will inform you accordingly.
In compliance with Section 20 of the Act, we implement appropriate technical and organisational measures to protect your personal data against loss, damage, unauthorised destruction, or unlawful access. These measures include:
We also ensure that any third-party processors we engage maintain adequate security safeguards as required by Section 21 of the Act.
In the event that your personal data is accessed or acquired by an unauthorised person, we will immediately notify the Personal Data Protection Office (PDPO) as required by Section 23 of the Act, together with a description of the remedial actions taken.
Where the PDPO determines that you should be notified, we will inform you via email or other appropriate means, providing sufficient information for you to take protective measures against the potential consequences of the breach.
Under Part V of the Data Protection and Privacy Act, 2019, you have the following rights:
Request confirmation of whether we hold your personal data and obtain a copy. We will respond within 30 days.
Request correction of inaccurate or incomplete personal data we hold about you.
Request deletion of personal data that is inaccurate, excessive, or unlawfully obtained.
Demand cessation of processing that causes or is likely to cause substantial damage or distress. We will respond within 14 days.
Require us to stop processing your data for direct marketing purposes. We will comply within 14 days.
Require that significant decisions affecting you are not based solely on automated processing.
To exercise any of these rights, please contact us at info@eirmondserv.com. If we reject your request, we will provide written reasons as required by the Act.
If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with:
Personal Data Protection Office (PDPO)
National Information Technology Authority-Uganda (NITA-U)
Website: pdpo.go.ug
Under Section 31 of the Act, the PDPO is required to investigate your complaint within 21 days of receipt. You also have the right to seek compensation through the courts under Section 33 if you suffer damage or distress due to non-compliance.
Our website may use cookies — small text files stored on your device — to improve your browsing experience and analyse website usage. You can control cookie settings through your browser preferences. Disabling cookies may affect the functionality of certain features on our website.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this page periodically.
If you have any questions about this Privacy Policy or wish to exercise your rights under the Data Protection and Privacy Act, 2019, please contact us:
Eirmond
AHA Towers, Lodel Road, Nakasero — Kampala, Uganda
Email: info@eirmondserv.com
Phone: +256 785 081 034
This Privacy Policy is drafted in accordance with the Data Protection and Privacy Act, 2019 (Act No. 9 of 2019), Chapter 97 of the Laws of Uganda, and the Data Protection and Privacy Regulations, 2021 (Statutory Instrument No. 21 of 2021).