HomePrivacy Policy
Botswana Data Protection Act 2018 — Compliant

Privacy Policy

This policy explains how Dantech Enterprises collects, uses, stores, and protects your personal data in accordance with the Botswana Data Protection Act, 2018 and its subsidiary legislation.

Effective Date
1 May 2025
Last Reviewed
1 May 2025
Governing Law
Botswana DPA 2018
Controller
Dantech Enterprises

1. Who We Are

Dantech Enterprises ("Dantech Enterprises", "we", "us", or "our") is a technology services company registered in Botswana (BW·REG·[Registration Number]), with its principal place of business at Gaborone, Botswana.

For the purposes of the Botswana Data Protection Act, 2018 ("the DPA"), Dantech Enterprises is the data controller responsible for the personal data we process.

Data Protection Contact:
Email: info@dantech.co.bw
Address: Gaborone, Botswana

2. Scope

This Privacy Policy applies to all personal data that Dantech Enterprises processes in connection with:

  • Visitors to our website (dantech.co.bw and related sub-domains)
  • Prospective clients who submit enquiries or book discovery calls
  • Clients who engage Dantech for technology services
  • Individuals who communicate with us by email, phone, or other channels
  • Any other natural persons whose data we process in the course of our business

This policy does not apply to third-party websites linked from our site. We are not responsible for the privacy practices of those websites.

3. What Personal Data We Collect

We collect only the personal data necessary for the purposes described in this policy. The categories of personal data we may collect include:

  • Identity data: full name, job title, company or business name
  • Contact data: email address, telephone number, physical address
  • Communication data: the content of messages, emails, or enquiries you send us
  • Engagement data: information about the services you are interested in, budget ranges, and project requirements you share with us
  • Technical data: IP address, browser type, device type, pages visited, and approximate location (collected via website analytics tools)
  • Financial data: billing information and payment records where a client engagement is formalised (processed through secure payment processors — we do not store card details)

We do not intentionally collect sensitive personal data (also known as "special categories" of data under the DPA) such as health information, racial or ethnic origin, political opinions, or biometric data. If such data is shared with us inadvertently, we will delete it promptly and notify you.

4. How We Collect Personal Data

We collect personal data through the following means:

  • Directly from you: when you complete our contact or enquiry form, email us, call us, or schedule a discovery call
  • Automatically: when you visit our website, through cookies and analytics tools (see Section 10)
  • From third parties: in limited circumstances, from referral partners or publicly available professional directories

5. Legal Basis for Processing

Under the Botswana Data Protection Act, 2018 (section 23 and related provisions), we are required to have a lawful basis for processing personal data. We rely on the following bases:

  • Performance of a contract (s.23(b) DPA): Processing necessary to provide the technology services you have engaged us to deliver, or to take steps at your request before entering a contract
  • Legitimate interests (s.23(f) DPA): Processing necessary for our legitimate business interests — including responding to enquiries, business development, improving our services, and maintaining our records — where those interests are not overridden by your rights
  • Legal obligation (s.23(c) DPA): Processing necessary to comply with applicable law, including tax, accounting, and regulatory obligations
  • Consent (s.23(a) DPA): Where we send marketing communications or use non-essential cookies, we rely on your express consent, which you may withdraw at any time
Note on legitimate interests: Where we rely on legitimate interests, we have considered whether our interests are proportionate to your rights and freedoms. You may object to this processing at any time (see Section 11).

6. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and communicate with you about our services
  • To prepare and deliver proposals, contracts, and service engagements
  • To manage and fulfil our contractual obligations to you as a client
  • To process payments and maintain accurate financial records
  • To send you relevant updates, service information, or follow-up communications (where you have a relationship with us or have consented)
  • To comply with our legal and regulatory obligations under Botswana law
  • To analyse how our website is used and improve our digital presence
  • To protect our legitimate business interests and assert or defend legal claims

We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you without your knowledge and ability to seek human review.

7. Who We Share Your Data With

We share personal data only where necessary and with appropriate safeguards in place. Categories of recipients include:

  • Technology service providers: cloud hosting, website analytics, email delivery, and project management tools used in our operations (e.g. Vercel, Google Analytics, email platforms)
  • Payment processors: where financial transactions are necessary, through PCI-DSS compliant providers
  • Professional advisers: accountants, legal advisers, and auditors under confidentiality obligations
  • Regulatory authorities: where disclosure is required by law, court order, or a regulatory body in Botswana
  • Authorised collaborators: where we engage vetted subcontractors to assist with service delivery, subject to confidentiality agreements and data processing obligations

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

8. Cross-Border Transfers

Some of our technology service providers are based outside Botswana. Where we transfer personal data internationally (including to cloud infrastructure providers), we do so in accordance with section 34 of the DPA, which requires that:

  • The receiving country provides an adequate level of data protection, or
  • We have implemented appropriate safeguards (such as contractual clauses equivalent to standard data protection terms) to protect your personal data

You may request details of the specific safeguards applied to any international transfer by contacting us at info@dantech.co.bw.

9. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by Botswana law. Our general retention guidelines are:

  • Enquiry data (non-converted): 12 months from the date of last contact
  • Client data (active engagements): for the duration of the engagement and 5 years thereafter, to satisfy potential legal claims and statutory requirements
  • Financial and tax records: 7 years as required under Botswana tax legislation
  • Website analytics data: 26 months in aggregated form; raw logs deleted within 12 months
  • Marketing consent records: until consent is withdrawn, plus 1 year as evidence of compliance

When data is no longer required, it is securely deleted or anonymised in accordance with industry best practices.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device that help us understand how our site is used and improve your experience.

  • Strictly necessary cookies: required for the site to function. No consent required under the DPA.
  • Analytics cookies: help us understand visitor behaviour (e.g. pages visited, session duration). We obtain your consent before deploying these.
  • Marketing cookies: not currently used. If introduced in future, consent will be obtained in advance.

You may withdraw cookie consent or manage your preferences at any time through your browser settings or our cookie preference tool. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

11. Your Rights Under the DPA

The Botswana Data Protection Act, 2018 grants data subjects the following rights. We will respond to all valid requests within 21 days of receipt, or notify you if an extension is required.

Right of Access (s.30 DPA)

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Submit a written Subject Access Request to info@dantech.co.bw
Right to Rectification (s.31 DPA)

You have the right to request correction of any personal data we hold that is inaccurate or incomplete.

Contact us at info@dantech.co.bw with the correction required
Right to Erasure (s.32 DPA)

In certain circumstances, you have the right to request deletion of your personal data — for example, where the data is no longer necessary for the purpose it was collected, or where you withdraw consent.

Submit a written erasure request to info@dantech.co.bw
Right to Restriction (s.33 DPA)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while a dispute about accuracy is resolved.

Contact us at info@dantech.co.bw
Right to Object (s.35 DPA)

You have the right to object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.

Submit a written objection to info@dantech.co.bw
Right to Data Portability

Where processing is based on your consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format.

Contact us at info@dantech.co.bw
Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Email info@dantech.co.bw or use the unsubscribe link in any marketing communication
Identity verification: To protect your data, we may require proof of identity before processing rights requests. We will not use identity documents for any purpose other than verification.

12. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or disclosure. Our security practices include:

  • Encryption of data in transit (TLS/HTTPS) and at rest where applicable
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Use of reputable, security-certified cloud infrastructure providers
  • Regular review of our security practices informed by our InfoSec background (ISO 27001 framework principles, MDE, SIEM)
  • Staff awareness of data protection obligations

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the Information and Data Protection Commission (IDPC) within 72 hours and, where required, notify affected data subjects without undue delay, in accordance with section 42 of the DPA.

13. Children's Privacy

Our services are directed at businesses and professionals, not children. We do not knowingly collect personal data from individuals under the age of 18. If you believe a child has provided us with personal data, please contact us immediately and we will delete that data.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. Material changes will be communicated by updating the "Last Reviewed" date at the top of this page and, where appropriate, by direct notification to affected individuals.

We encourage you to review this policy periodically. Continued use of our website or services after a policy update constitutes your acknowledgement of the updated policy.

15. Contact & Complaints

For any questions about this policy or to exercise your rights, please contact our data protection point of contact:

Dantech Enterprises — Data Protection
Email: info@dantech.co.bw
Address: Gaborone, Botswana
Response time: Within 21 days of receipt

If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information and Data Protection Commission (IDPC), the statutory supervisory authority established under the Botswana DPA:

Information and Data Protection Commission (IDPC)
Website: https://idpc.gov.bw
Gaborone, Botswana

This Privacy Policy was prepared with reference to the Botswana Data Protection Act, 2018 (Act No. 32 of 2018) and is intended to satisfy the transparency and information obligations imposed on data controllers under that Act.