privacy Policy

What does this privacy statement cover?

This Privacy Policy explains how Magneto Limited and its subsidiaries (referred to as “Magneto,” “we,” “us,” or “our” when talking about the company) gather and handle your personal information. It applies to anyone who visits our website or registers with us. We’ll tell you what personal information we collect, how we use it, and who we might share it with.

What kind of personal information do we collect?

Before we gather and use your personal information, we ask for your explicit consent. By agreeing to this Privacy Policy, you’re giving us permission to collect, use, share, transfer, store, and process your personal information as outlined here.

Here are the types of personal information we may collect, process, use, store, maintain, and transfer:

  • We may collect personal information like your name, company name, email address, and phone number. This data is stored by Magneto and may be kept in one or more databases maintained directly by us.
  • For individuals interested in our recruitment, we also collect personal information. You can learn more about how we handle this data by checking out our Recruitment Privacy Policy.
  • Apart from the information you provide, we may also collect technical details such as your IP address, browser type, and device information when you use our website.
  • We also gather data about your marketing preferences and communication choices.
  • We don’t collect any sensitive personal information (like your race, religion, or health details) through our website. Please avoid sharing such sensitive information on our site or through email.
  • We advise against sharing personal data in the comments section of our social media platforms. Each social media site has its own privacy policy explaining how they handle your information. Our website’s privacy policy applies to any personal data collected through our social media pages.
  • We may also collect personal data from HR events or forums. This privacy policy covers data collected through these channels as well.

What do we do with the information we collect from you on our website?

We’ll use your personal information for the purpose it was collected or provided to us, as explained during collection. Additionally, we might also use your personal data in the following ways:

  • Apart from using your data for identification, registration, authentication, and processing transactions, Magneto might use it for marketing purposes. This could involve letting you know about other products and services that might interest you, informing you about changes or new offerings on our website, and notifying you about special events and promotions. We may reach out to you through various channels like email, postal mail, online, social media platforms, text messages, and more.
  • We also use your data to manage and enhance our website, providing you with a more personalized experience. You can find more details about this in our Cookie Policy.
  • If you submit any requests through our website, we’ll manage and respond to them accordingly.
  • Even if your mobile number is on the national Do Not Disturb (DND) list under TRAI regulations, we may still send communications to the provided number. For this purpose, we might share your information with third-party service providers, affiliates, group companies, or their authorized agents.

If we ever plan to use your personal data for purposes other than those mentioned above, we’ll ask for your consent beforehand.

Who do we share your personal data with?

Within Magneto: We might share your personal data and usage information within Magneto and its subsidiaries. This sharing is for business purposes and aligns with the reasons why the information was collected in the first place or as authorized by you.

Outside of Magneto: Your data may also be shared with a leading email marketing service provider.

Magneto uses Enterprise Email services provided by Informaniak and Gmail for its business communications.

Our website is hosted on servers provided by Mochahost. Mochahost has implemented reasonable and appropriate controls to safeguard your data against accidental or unlawful loss, access, or disclosure. You can find more details at https://mochahost.com/terms-of-service.

How does Magneto safeguard the personal data it holds?

Magneto prioritizes the protection of your personal data by implementing appropriate technical and organizational security measures in line with international standards. Here’s how we do it:

  • Data Classification: We classify any personal or sensitive data as confidential according to Magneto’s information classification policy.
  • Risk Assessment: Regular risk assessments are carried out to evaluate potential risks, and based on these assessments, we identify and implement necessary security controls to safeguard personal data.
  • Personnel Security: Before granting access to personal data, all employees undergo background verification. We also ensure that employees sign confidentiality agreements and acceptable use policies. Periodic awareness training covering data privacy, data security, and incident reporting procedures is provided to all employees. Additionally, our third-party service providers undergo background verification and are required to sign agreements that include data privacy and security obligations, as well as non-disclosure agreements and codes of conduct.

IT Controls:

We implement various controls to ensure the security of our systems and networks:

  • Systems & Network Security: Measures such as system hardening, patch management, VPN connectivity, firewall, intrusion detection and prevention systems, endpoint protection, antivirus software, data leak prevention, vulnerability assessment and penetration testing (VAPT), and log management are applied.
  • Communication Security: We employ encryption for data at rest and in transit, utilizing protocols such as SSL/TLS, SSH, and message digest.
  • Application Security: Our practices include secure software development life cycle (SDLC) processes, security scanning, IP-based restrictions, and other data security and access management practices.
  • Access Management: We use role-based access controls, password protection, multi-factor authentication, and the principle of least privilege to manage access. Personal data is masked when not required, and access is regularly reviewed and reconciled.
  • Log Management: Logs are securely stored, and all accesses to applications are logged at a detailed level in a secure platform or application-specific database.
  • Business Continuity: We ensure business continuity through resilient and redundant architecture, regular backups of critical applications and servers, periodic testing of business continuity and disaster recovery plans, and continuous improvement actions.

These measures help to safeguard your personal data and ensure the continuity and security of our operations.

Physical Security Controls:

At Magneto, we prioritize physical security with the following measures:

  • 24/7 Security Presence: Our premises are guarded around the clock by security personnel to prevent unauthorized entry.
  • Visitor Management: We have implemented a visitor management process and a material in/out process to monitor and control access.
  • CCTV Monitoring: We have continuous CCTV monitoring, ensuring surveillance of our premises at all times. Restricted areas are clearly labeled, and entry is restricted to authorized personnel only.
  • Power Backup: We have 24/7 power backup to ensure uninterrupted operations. Preventive maintenance is regularly conducted on support equipment, and facility temperatures are maintained with air conditioning systems.
  • Fire Safety: We have fire detection and prevention systems in place to mitigate risks and ensure the safety of our facilities.

These measures are designed to safeguard our physical premises and ensure the safety and security of our operations.

Incident Management Process:

While Magneto employs robust controls to safeguard your personal data, we have also implemented an incident management policy and procedure to address any security incidents or privacy breaches. When incidents occur, they are promptly reported, recorded, investigated, and responded to with a corrective action plan.

If necessary, impacted clients are notified through a designated mechanism, and they are responsible for further notifying the individuals affected by the incident. This ensures that any security incidents or privacy breaches are managed effectively and transparently, minimizing potential impact on individuals’ data privacy.

Will profiling occur?

As a fundamental principle, we won’t automatically process your personal data to evaluate specific personal aspects (profiling). If we ever need to process your personal data for profiling purposes, we’ll inform you specifically about this and your rights in accordance with the law. Additionally, when we analyze trends in background verification results and discrepancies, the data used for analysis doesn’t include any personal data.

Retention Period:

We’ll keep your personal data for as long as it’s needed to fulfill the purposes for which it was collected or as required by applicable laws and regulations.

Children’s Privacy:

We do not knowingly collect personally identifiable data from individuals under the age of 18 (minors), nor do we provide any services to them. If you are under 18 years old, please do not register on our website. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us.

Rights for EU Data Subjects:

If you are an EU (European Union) subject, you have certain rights regarding your personal data that we process, subject to conditions and restrictions set out in applicable laws:

  • You have the right to know whether we process your personal data and to request a copy of your personal data, along with information about how it is processed.
  • You can request the correction of any inaccurate or incomplete personal data we hold.
  • You have the right to request the deletion of your personal data or the restriction of its processing.
  • You can object to our processing of your personal data.
  • You have the right to withdraw any consent you have given.
  • You can lodge a complaint with the relevant regulatory or supervisory authority.

User Communications:

Any information you communicate to Magneto, excluding your personal data, such as feedback, data, questions, comments, suggestions, or other items regarding Magneto, this site, its content, or the services offered, shall not be considered confidential and will become the property of Magneto. Magneto will have the freedom to reproduce, use, disclose, and distribute such communication to others without limitation. Additionally, Magneto will have the unrestricted right to utilize any ideas, concepts, know-how, software, documentation, diagrams, drawings, schematics, or techniques contained in your communication for any purpose, including developing, manufacturing, and marketing products or providing services.

Contact Us:

We are committed to handling your personal data in a manner that instills comfort and confidence. We also have procedures in place to investigate and address any complaints regarding privacy concerns.

If you have any queries or concerns related to privacy, please feel free to contact Magneto by sending an email to hello@magnetolimited.africa or mailing us at:

Magneto Administration
Magneto Limited.
Kyaliwajjala – Namugongo,
Kira Municipality,
Wakiso – Uganda.

Updates to the Privacy Policy:

We may periodically update our Privacy Policy. To keep you informed, we will revise the date at the top of this page.