What should Data Subjects know about Privacy Policies?
Privacy policies seek to provide answers to Data Subjects on these key questions.
- Why is your data used?
- What data is collected?
- How is your data collected?
- How is your data stored and for how long?
- How will your data be used in marketing?
- What are my data protection rights?
- How are cookies used?
- How do you contact the data controller in the case of a data query?
Are Privacy Policies required for Data Controllers in Rwanda?
Privacy Policies are not stated as a mandatory requirement for data controllers processing personal data of individuals residing in Rwanda, however they are observed as an appropriate technical and organizational measure in fair, lawful and transparent processing.
Within article 37 of Rwanda’s law on personal data protection and privacy, (Principles relating to processing of personal data), it is stated that personal data must be processed lawfully, fairly and in a transparent manner.
Additionally, within article 38, (Duties of the Data Controller and the Data Processor), the law states that appropriate technical and organizational measures must be put in place to comply with the principles of processing personal data.
How do privacy policies help protect my privacy?
Empowering citizens with agency over their personal data, is one of the main objectives of Rwanda’s personal data protection and privacy law, as privacy is guaranteed when data subjects are aware and have given consent to how their data is being used.
Achieving this depends on the active participation of Data Subjects through best practices such as reading privacy policies, so that Data Subjects are fully aware of the methods of processing, and the rights they can exercise in managing personal data.
For any further information, please contact the Data Protection & Privacy Office through toll-free number 9080, or through email at email@example.com.