Privacy Statement

This website privacy statement delineates how the Eswatini Data Protection Authority collects, stores, and utilizes personal data related to individuals, known as 'data subjects.' It encompasses personal data received by the EDPA when data subjects contact or provide information for purposes directly or indirectly related to Data Protection. Additionally, the privacy statement informs individuals about the expected use of their personal information when interacting with the EDPA or utilizing its services.

Why is personal data collected?

  1. The data processed by the EDPA is collected from various sources, including but not limited to:
  2. Registering as a data controller or data processor under the Data Protection Act 2022
  3. Filing a complaint
  4. Reporting a data breach
  5. Notifying the EDPA on personal information transfer
  6. Utilizing the "Contact Us" form
  7. Any other interactions, including those on social media platforms

What Data Do We Collect, Process, and How?

  1. The EDPA does not automatically collect personal data when visitors access its website unless voluntarily provided. By submitting personal data through the website, individuals grant permission for specific purposes, as outlined in the privacy statement. The EDPA collects data such as:
  2. Name (last name and first name)
  3. Email address
  4. Phone number
  5. Country
  6. Information related to processing personal data activities
  7. Organization information (name, phone number, website, email, incorporation certificate)

How Do We Protect and Safeguard Your Information?

All collected personal data is internally processed by designated staff members and stored on servers compliant with National Cyber Security Agency rules and standards, ensuring alignment with the Data Protection Act.

Disclosure to Third Parties

  1. Personal information held by the EDPA is kept confidential, except in situations such as:
  2. Where sharing is necessary for EDPA functions
  3. Cross-border processing or cooperation with other supervisory authorities
  4. Legal proceedings
  5. Service providers or suppliers to the EDPA.

How Long Does EDPA Retain Personal Data?

The retention period aligns with data protection legislation requirements and the purpose for which data is collected. For complaints, personal data is retained as long as necessary for handling the complaint and subsequent required actions. The retention period applied by the ODPC to personal data which is processes are also in certain circumstances, based on legal and regulatory requirements to retain information for a specified period and on the relevant limitation periods for taking legal action.

Rights of the Data Subject

Data subjects have the right to inquire about the information held by the EDPA, correct inaccuracies, and withdraw consent. They can also request a copy of their information and ask the EDPA to temporarily halt data use if misuse is suspected. The data subject has the right to ask EDPA to stop using any of the personal data for a period of time if believed that EDPA is not using the information properly. If you make a request, we have one month to respond to you, if you would like to exercise these rights, please contact us at our email address:

Customer complaints

Concerns related to personal data processing can be addressed by contacting or filling out a general inquiry on the contact us page.

Website Privacy Policy Updates

The EDPA regularly reviews and updates its website privacy policy. Any changes will be reflected in the version number and the effective date of the policy.

              Privacy Statement               Copyright   ©   All rights reserved | Designed & Developed by ESCCOM IT