Privacy Policy

Effective Date: 6th November 2025

This Privacy Policy explains how Admissions.UG collects, uses, discloses and protects personal data of parents/guardians and applicants in accordance with Uganda's Data Protection and Privacy Act, 2019 (the "DPPA").

For the purposes of the DPPA, Admissions.UG acts as a data controller for your account and platform data and as a data processor on behalf of schools for applicant data the school instructs us to process. Where a school determines the purposes and means of processing, the school is a data controller.

1. Information We Collect

When you use Admissions.UG as a parent or applicant, we collect:

  • Personal Information: Name, email address, phone number, physical address
  • Student Information: Student name, date of birth, previous schools, academic records
  • Application Data: Schools applied to, application status, admission decisions
  • Payment Information: Transaction details (we currently only support Mobile Money payments)
  • Usage Data: How you interact with our platform

We only collect data that is adequate, relevant and not excessive for the purposes explained below (data minimisation) as specifically configured by the target school.

2. How We Use Your Information

We use your information to:

  • Process and submit school applications
  • Facilitate communication with schools
  • Process payments for application fees
  • Send notifications about application status
  • Provide customer support
  • Improve our services

We will not use your personal data for purposes that are incompatible with these specified purposes without notifying you and, where required, obtaining your consent.

3. Lawful Basis & Consent

We process personal data only where we have a lawful basis under the DPPA, including: (a) your consent (e.g., creating an account, submitting an application); (b) performance of a contract with you; (c) compliance with a legal obligation (e.g., financial record-keeping); and (d) our legitimate interests in operating and securing the platform, provided these do not override your rights and freedoms.

Where we rely on consent, you may withdraw it at any time via your account settings or by contacting us. Withdrawal will not affect prior lawful processing but may limit available services (e.g., inability to submit applications).

4. Information Sharing

We share your information with:

  • Schools: Only with schools you apply to
  • Payment Processors: To process application fees
  • Service Providers: Who help us operate the platform
  • Legal Requirements: When required by law

We do not and will never sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Secure authentication systems
  • Regular security audits
  • Limited access to personal information

Access is role-based and logged; security controls are reviewed periodically and updated as necessary.

6. Data Breach Notification

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Personal Data Protection Office (PDPO) and, where required, affected individuals as soon as reasonably practicable, including details of the breach and steps taken to mitigate harm.

7. Your Rights

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your account
  • Opt-out of marketing communications
  • Export your data

You also have the right to object to processing for direct marketing, to prevent processing likely to cause unwarranted damage or distress, and to obtain human review of any automated decision that significantly affects you.

To exercise your rights, contact our Data Protection Officer (details below). We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the PDPO (National Information Technology Authority�Uganda).

8. Children's Privacy

Our services are intended for use by parents and guardians. We do not knowingly collect information directly from children under 18 without parental consent.

Where applicant data relates to a child, the parent/guardian must provide consent. We may implement reasonable age/authority checks (e.g., confirmation prompts or document requests) to verify parental authority.

9. Data Retention

We retain your information for:

  • Active applications: Until the admission process is complete
  • Account information: As long as your account is active
  • Legal compliance: As required by law

Application records are generally retained for 5 years after the relevant admission cycle; financial records for 10 years to meet legal obligations. When retention periods expire and there is no further legal or business need, we will securely delete or anonymise data so it cannot reasonably be re-associated with you. Where deletion must be delayed due to legal holds, we will isolate the data from routine use.

10. Cookies and Tracking

We use cookies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze platform usage
  • Improve user experience

You can manage cookies via your browser settings. Essential cookies are required for core functionality (e.g., authentication) and cannot be disabled on the service.

11. International Data Transfers

If personal data is transferred, stored or accessed outside Uganda (for example, within cloud service provider infrastructure), we will ensure adequate safeguards consistent with the DPPA, such as processing in jurisdictions with comparable protection or obtaining your explicit consent.

12. Automated Decision-Making

We do not engage in automated decision-making (including profiling) that produces legal or similarly significant effects about you without appropriate safeguards. If we introduce such features, we will notify you and provide mechanisms to obtain human review and to contest decisions.

13. Updates to Privacy Policy

We may update this policy periodically. We will notify you of significant changes via email or platform notification.

Material changes will take effect no sooner than 30 days after notice, unless a shorter period is required by law or necessary for security/legal compliance.

14. Contact Us

For privacy-related questions or concerns:

Email: privacy@admissions.ug
Phone: +256 (0) 39 3612767
Data Protection Officer: dpo@admissions.ug

You may also contact the Personal Data Protection Office (PDPO) of Uganda for guidance or complaints.

Admissions.UG is registered with, or will register with, the Data Protection Register maintained by the PDPO as required by law; the registration number will be published here once available.

Effective Date: 6th November 2025

This section describes how we process school and administrator data and how schools must handle applicant data obtained via the platform in line with the DPPA.

1. Information We Collect

When schools use Admissions.UG, we collect:

  • School Information: Name, registration details, contact information, location
  • Administrator Data: Names, emails, phone numbers of authorized users
  • Admission Criteria: Requirements, decisioning criteria, fees, available positions
  • Application Processing: Decisions, communications, statistics
  • Financial Data: Bank details for settlements, transaction records

We collect only what is necessary to provide and secure the service and to comply with legal obligations.

2. How We Use School Information

We use school information to:

  • Display school profiles to prospective applicants
  • Facilitate the application process
  • Process and settle application fees
  • Provide analytics and reporting
  • Ensure platform security and integrity
  • Comply with legal requirements

Processing may rely on contract performance, legal obligation, legitimate interests, or consent where applicable.

3. Data Sharing and Visibility

School information is shared as follows:

  • Public Profile: Basic school information visible to all users
  • Applicant Data: Only accessible to authorized school administrators
  • Financial Information: Kept strictly confidential
  • Aggregated Data: May be used for platform analytics

Where we use processors (e.g., cloud hosting, email, payments), we put in place adequate safeguards, including for any cross-border transfers.

4. School Responsibilities

Schools are responsible for:

  • Maintaining accuracy of published information
  • Protecting applicant data accessed through the platform
  • Managing user access for school administrators
  • Complying with data protection regulations
  • Reporting any data breaches immediately

Schools act as data controllers for applicant data they export or process for their own purposes and must: (a) provide appropriate privacy notices to applicants/guardians; (b) obtain and record parental/guardian consent where required; (c) respond to data subject requests (access, correction, deletion, objection, portability) within applicable timelines; and (d) ensure any processors they appoint meet DPPA standards.

5. Data Security Measures

We protect school data through:

  • Role-based access control
  • Encrypted data transmission
  • Secure cloud infrastructure
  • Regular security assessments
  • Audit logs of all activities

Schools must implement suitable organisational and technical measures within their premises and devices to protect exported applicant data.

6. Data Access and Control

Schools have the right to:

  • Access all data related to their institution
  • Export applicant data
  • Update school information at any time
  • Request removal from the platform
  • Manage administrator permissions

Where a school requests deletion of its account, we will deactivate access promptly and handle residual data according to the retention schedule and legal obligations.

7. Data Retention

School data is retained as follows:

  • Active account data: As long as the account is active
  • Application records: 5 years after admission cycle
  • Financial records: 10 years
  • Deleted accounts: 90 days recovery period

Upon expiry of retention periods, we will securely delete or anonymise data unless a longer period is required by law or necessary to establish, exercise or defend legal claims.

8. Compliance and Auditing

We ensure compliance through:

  • Regular compliance assessments
  • Third-party security audits
  • Adherence to Uganda's Data Protection Act
  • International data protection standards

We maintain records of processing activities and review policies and controls periodically.

9. Incident Response

In case of a data incident:

  • Immediate notification to affected schools
  • Investigation and remediation
  • Reporting to relevant authorities
  • Support for affected parties

Where a breach affects data subjects of a school, we will cooperate with the school to meet notification duties under the DPPA.

10. International Data Transfers & Automated Decisions

If any processing involves transfers outside Uganda, we will implement adequate safeguards consistent with the DPPA. We do not use automated decision-making that produces legal or similarly significant effects for applicants without appropriate safeguards and school oversight.

11. Contact Information

For privacy and data protection inquiries:

Email: privacy@admissions.ug
Phone: +256 (0) 39 3612767
Data Protection Officer: dpo@admissions.ug
Support Hours: Monday-Friday, 8:00 AM - 5:00 PM EAT

Schools may also contact the PDPO for guidance or complaints.