Botswana Trade Commission

Botswana Trade Commission

Botswana Trade Commission

Privacy Notice

Botswana Trade Commission (BOTC) Data Privacy Commitment

important to us. We are committed to safeguarding personal data and being transparent about how we collect, use, share, store and protect it.

This privacy notice explains how we collect, use, store, disclose, share, or protect your personal data. The notice also explains the purpose as well as legal basis for processing your personal data and rights available to data subjects

This Notice applies whenever BOTC collects personal data through an approved BOTC channel, system, form, portal, process or any other engagement.

Collection Point

Examples

Website and digital channels

Website visits, contact forms, enquiries, cookies, analytics where used, downloads and online communications.

Online Permit Management System (OPMS) and related service platforms

Account registration, permit/license/rebate applications, supporting documents, payment references, application status updates, audit logs and integrations.

Recruitment and job applications

Vacancy applications submitted directly to BOTC or through third-party recruitment platforms

Contractor/vendor/procurement processes

Supplier registration, tenders, quotations, contracts, due diligence, invoices, payments and access to BOTC systems or facilities.

Events, workshops, surveys and consultations

Registration, attendance, photographs, audio/video recordings, feedback, survey responses and stakeholder engagement records.

Data subject requests, complaints and future collection points

Rights requests, complaints, DPO communications and any approved new BOTC system, form, application, portal or integration.

The personal data collected depends on the service or process being used. BOTC collects personal data that is necessary, relevant and limited to the stated purpose.

Collection PointPersonal Data ExamplesPurposeLegal Basis
Website, enquiries and digital channelsName, contact details, organisation, message content, IP address, device/browser information, cookies and session data.Respond to enquiries, operate and secure digital channels, manage stakeholder communication and improve services.Legitimate interests; performance of public/statutory function where applicable; consent for optional cookies or communications.
OPMS service usersNames, Omang/passport number, contact details, company information, application records, supporting documents, payment references, billing details (card details), payment confirmations, transaction status, audit logs and user activity records.Register users, receive and assess applications, verify information, process payments, issue decisions, maintain audit records and secure OPMS.Performance of BOTC statutory/public function; compliance with legal obligations; legitimate interests in security, auditability and fraud prevention.
Job applicantsNames, Omang/passport number, contact details, CV, qualifications, work history, certificates, references, interview notes, assessment records and recruitment platform logs.Administer recruitment, assess suitability, communicate with applicants and support hiring decisions.Legitimate interests in recruitment; steps prior to entering into an employment relationship where applicable; compliance with legal obligations; consent where required for specific assessments.
Contractors, vendors and suppliersRepresentative details, company registration, tax/VAT information, contracts, invoices, bank details, declarations, access logs and due diligence records.Manage procurement, contracts, payments, supplier due diligence, service delivery, security and compliance.Performance of contract; compliance with legal obligations; legitimate interests in governance, security and risk management.
Events, surveys and public engagementsRegistration details, attendance records, photographs, audio/video recordings, feedback, survey responses and relevant metadata.Manage events, document engagements, issue communications, analyse feedback and improve BOTC services.Legitimate interests; performance of public/statutory function; consent or opt-out where appropriate.

BOTC does not intentionally collect sensitive personal data unless it is necessary, lawful and proportionate for a specific purpose. Where sensitive personal data is required, BOTC will identify the lawful basis, limit collection to what is necessary and apply appropriate safeguards. Data subjects should not submit unnecessary sensitive personal data unless specifically requested for a lawful purpose.

 

How We Collect Personal Data

  • Directly from you when you complete forms, use OPMS, submit applications, send enquiries, attend events, apply for vacancies, register as a vendor, complete surveys, communicate with BOTC or interact or engage with BOTC in any form.
  • From your organisation, employer, principal, agent, authorized representative, referee or nominating body where they submit information on your behalf or identify you as a contact person or representative.
  • From third-party platforms and service providers, including recruitment platforms, payment providers, cloud hosting providers, email/SMS service providers, identity/company verification sources and ICT support providers.
  • From government or regulatory sources where necessary for identity, company, customs, licensing, compliance, verification or statutory/public function purposes.
  • Automatically through technical means such as cookies, logs, IP addresses, timestamps, session information, audit trails, security monitoring and platform usage records.

BOTC only shares personal data where necessary and lawful. Recipients may include authorised BOTC staff, Board of Directors, Board Committee members who require access for official duties; government agencies, regulators, customs/tax authorities, courts, law enforcement or oversight bodies where required by law; and third-party service providers such as hosting providers, payment providers, recruitment platforms, ICT support providers, email/SMS providers, auditors and professional advisers.

 

For OPMS, recipients may include BURS, PayGate, Hostinger, Omang verification, CIPA or other approved integration partners where applicable as well professional advisors (i.e. Lawyers, and auditors). For recruitment, recipients may include referees, Agencies recognized in terms of the Employment Act, assessment providers, background screening providers and hiring panel members and professional advisors. For contractors and vendors, recipients may include financial institutions, payment processors, auditors, insurers, legal advisors, tax authorities, regulators and ICT/security providers.

 

BOTC requires third parties processing personal data on its behalf to apply appropriate confidentiality, security, incident notification, retention, return/deletion and data protection obligations.

BOTC personal data may be processed, hosted, accessed, supported, backed up or transferred outside Botswana where this is necessary for cloud hosting, ICT support, payment processing, recruitment platforms, email/SMS services, system integrations, professional services, disaster recovery or other lawful business/public function purposes.

 

Where personal data is transferred outside Botswana, BOTC will take reasonable steps to ensure that the transfer is documented and protected through appropriate safeguards, which may include contractual data protection obligations, access controls, encryption, confidentiality obligations, auditability, incident notification requirements, data return/deletion obligations and assessment of applicable legal transfer requirements. Where applicable, BOTC will assess whether a local copy of relevant personal data must be maintained in Botswana and how this will be achieved.

BOTC retains personal data only for as long as necessary to:

  • fulfil the purpose for which it was collected;
  • comply with legal, regulatory, audit, financial, employment, procurement and records management obligations;
  • resolve disputes, support investigations, enforce agreements, establish, exercise or defend legal claims.

 

Different retention periods may apply to OPMS applications, supporting documents, payment records, audit logs, backups, recruitment records, vendor records, Human Resource records, event records, survey responses and website logs. Once the applicable retention period has expired, and where there is no lawful basis for continued retention, BOTC will securely delete, archive, anonymise or dispose of the personal data in accordance with approved records management and ICT secure disposal procedures.

BOTC applies appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, misuse, unauthorized disclosure. Depending on the system or process, these measures may include:

 

  • role-based access control and least privilege access; authentication and password controls, including stronger controls for privileged users;
  • HTTPS/TLS encryption for data in transit and secure configuration where applicable; database, server, cloud, firewall and network security controls;
  • Pseudonymization and anonymisation of personal data where appropriate, particularly for reporting, testing, analytics, extracts or other uses where direct identification is not necessary;
  • audit logging and monitoring of user, administrator and system activity; backup, recovery and disaster recovery procedures;
  • vulnerability management, patching, malware/rootkit monitoring and application security testing where applicable;
  • segregation of duties, access reviews, secure deprovisioning, incident detection, escalation, investigation and breach management procedures; and
  • confidentiality and data protection obligations for BOTC staff, Board of Directors and Board Committee members, contractors and service providers.

 

Users should protect their credentials, avoid submitting unnecessary personal data and ensure that documents uploaded to BOTC systems are accurate, relevant and lawful to submit.

BOTC websites and digital platforms, including OPMS, may use cookies and similar technologies to enable secure sign-in, maintain sessions, store preferences, protect platforms, monitor performance, compile usage statistics and improve user experience. Strictly necessary cookies are required for the website or portal to function securely and correctly. Performance, functionality, analytics or targeting cookies, where used, should be optional unless they are strictly necessary.

BOTC systems may use automated workflow routing, validation rules, reference number generation, notifications, dashboards, reporting and audit logging to support administration and service delivery. BOTC does not intend to make decisions based solely on automated processing or profiling that produce legal or similarly significant effects without appropriate human review. If such processing is introduced in future, BOTC will assess the privacy impact, identify the lawful basis, provide appropriate notice and implement safeguards.

Subject to applicable law, the purpose of processing and any lawful limitations, you may have the right to:

  • request access to personal data held about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion or erasure of personal data where there is no lawful basis for continued retention;
  • request restriction of processing in specific circumstances;
  • object to certain processing activities where applicable;
  • request portability of personal data where applicable;
  • withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
  • not be subject to decisions based solely on automated processing where such decisions produce legal or similarly significant effects; and
  • lodge a complaint with the Information and Data Protection Commission where you believe your data protection rights have been infringed.

 

Some rights may be limited where BOTC is required to process or retain information for statutory, regulatory, audit, financial, employment, security, legal or public interest purposes. Where a limitation applies, BOTC will explain the reason where it is lawful and appropriate to do so.

   

Collection Point

Recommended Notice / Acknowledgement Wording

OPMS acknowledgement

I confirm that I have read and understood the BOTC Data Privacy Notice. I understand that BOTC will process my personal data to register, receive, assess, process, monitor and administer permit/license applications and related services in accordance with the stated legal basis.

Optional OPMS communications consent

I consent to receive optional OPMS service updates or communications that are not strictly required for my application. I understand that I may withdraw this consent at any time.

Recruitment redirection notice

You are about to leave the BOTC website and access a third-party recruitment platform. The platform will collect and process the personal data you submit for recruitment purposes. Please read the platform privacy notice before submitting your application. BOTC will receive and process applicant information where necessary to administer BOTC recruitment.

Survey notice short form

This survey is conducted by BOTC for the stated purpose. Please do not provide unnecessary personal data. Where the survey is anonymous, BOTC will avoid collecting names, work emails or other identifiers unless clearly disclosed.

Event photography notice

BOTC may take photographs, audio or video recordings at this event for documentation, reporting and communication purposes. Please inform event staff if you do not wish to be photographed or recorded where opt-out is available.

If BOTC intends to process personal data for a new purpose that is not compatible with the original purpose for which it was collected, BOTC will identify a valid legal basis and provide additional information or notice where required before such further processing takes place.

BOTC may update this Data Privacy Notice from time to time to reflect changes in law, regulatory requirements, systems, services, collection points, third-party providers, security controls, operational processes or data protection practices. The most current version should be made available through appropriate BOTC channels, including the BOTC website and, where relevant, OPMS or other portals.

 

 

 

Contact Item

Details

Data Controller

Botswana Trade Commission (BOTC)

Physical Address

Plot 55745, Block 8, Botswana Bureau of Standards Building

Telephone Number

+267 392 4580

Data Protection Officer

Data Protection Officer, Botswana Trade Commission

DPO Email Address

dpo@botc.org.bw

Regulator

Information and Data Protection Commission

 

If you are not satisfied with how we handle your data, we encourage you to first contact BOTC so that we can review and respond to your concern. You also have the right to lodge a complaint with the Information and Data Protection Commission where you believe your data protection rights have been infringed.