1. Data Protection Policy Statement
Zotshop is committed to protecting the privacy of business owners and their customers. We implement comprehensive data protection measures to safeguard all user data.
We comply with all relevant Laws and Regulations, including:
- Data Protection and Privacy Act, 2019 - Uganda
- Data Protection and Privacy Regulation 2020 - Uganda
- Data Protection and Privacy Regulations March 2021 – Uganda
- General Data Protection Regulation 2018 - EU
2. Types of Data We Handle
Our Data Protection Policy applies to all personal data of:
- Business owners and representatives
- Product and service information
- Customer inquiries and messages
- Location information
Personal data includes but is not limited to:
- Business names and contact information
- Product photos and descriptions
- Business location data
- Store visitor analytics
- System usage data
3. Data Collection and Use
We collect and use data to:
- Create and manage your business profile
- Connect businesses with potential customers
- Improve our services and features
- Provide customer support
- Comply with legal obligations
4. Data Protection Principles
- Data will be processed lawfully and transparently
- Data collection will be limited to business necessities
- Data will be kept accurate and current
- Data will be stored securely
- Data will be deleted when no longer needed
5. Your Business Data
- You retain ownership of all business content
- You control who can access your business data
- You can export your data at any time
- You can request complete data deletion
6. Customer Data Protection
When customers interact with your business profile:
- Customer data is encrypted end-to-end
- Customer messages are stored securely
- Contact information is handled securely
- Customer data is not shared with third parties
7. Data Security
We implement robust security measures including:
- SSL/TLS encryption for all data transmission
- Secure cloud storage with encryption
- Regular security audits and updates
- Access controls and authentication
- Automated threat detection
8. Data Retention
- Active business profiles are retained indefinitely
- Deleted profiles are removed within 30 days
- Transaction records are kept as required by law
- Backup data is retained for 90 days
9. Your Rights
You have the right to:
- Access your stored data
- Correct inaccurate information
- Export your data
- Delete your account and data
- Object to data processing
10. Data Breaches
In the event of a data breach:
- We will notify affected users within 72 hours
- We will investigate and document the incident
- We will implement necessary security improvements
- We will cooperate with authorities as required
11. Contact Information
For privacy-related inquiries, please contact us at: