info@aja.co.bw
AJA House, Unit 2

Follow us:
 
(+267) 316 3125

HomePrivacy Notice

(1) About us
  • 1.1. Akheel Jinabhai & Associates (in association with McKee Commercial Law) is a full-service law firm based in Gaborone Botswana.
  • 1.2. Our legal services cover a wide range of disciplines and are provided to a client base, that includes international mining houses, large local corporations, foreign investors, regional & local governments, parastatals, and most of the property developers in Botswana.
  • 1.3. As a firm, we pride ourselves on our ability to evolve to meet the challenges of doing business in a complex and constantly changing commercial world and strive to be at the cutting edge of legal developments both internationally and locally.
  • 1.4. Culturally we are an extremely diverse firm with a strong bias toward the empowerment of women.
  • 1.5. The Firm is obligated to comply with the Data Protection Act No. 18 of 2024. The Data Protection Act requires the Firm to inform its clients as to how their personal data is processed.
  • 1.6. The Firm guarantees its commitment to protecting its clients and employees’ privacy and ensuring that their personal data is used appropriately, transparently, securely and under applicable laws.
(2) Your privacy is important to us
  • 2.1. We protect your information and always aim to be clear and open about what we do with your personal data. We undertake to process your information lawfully and in a manner that does not infringe your privacy. Your personal data will only be processed for reasons set out herein. We follow general principles in accordance with applicable privacy laws.
  • 2.2. We understand that your privacy is important to you, and we value your trust. That’s why we do everything we can to keep your information safe.
  • 2.3. This Policy explains how we collect, use and safeguard the personal data you give us. For the purposes of this Policy, “process” means how we collect, use, store, make available, destroy, update, disclose, or otherwise deal with your personal data. As a general rule, we will only process your personal data if this is required when offering or delivering a product or service to you.
  • 2.4. We may combine your personal data and use the combined personal data for any of the purposes stated in this Policy.
  • 2.5. In terms of applicable privacy laws, this Policy may also apply to personal data processed by third parties (such as authorised agents and contractors) appointed by or acting on our behalf.
  • 2.6. You should read this Policy carefully and reach out to us if you require any clarity.
  • 2.7. NOTE: The processing of your personal data may be conducted outside the borders of Botswana. This Policy will apply to the processing of personal data by us in any country. Your personal data will be processed according to the requirements and safeguards of applicable privacy law or privacy rules that bind us. We will ensure that a copy of your personal data remains in Botswana when transferring personal data as well as ensure that the country we transfer personal data to has adequate laws in place to protect and safeguard your personal data.
  • 2.8. We update our privacy Policy regularly and as and when there are changes and amendments to the legislation. We will notify all our clients of any change to this Policy.
  • 2.9. Please note that we may not be able to continue a relationship with a client or provide client’s with certain products or services if they do not agree to the changes.
(3) DEFINITION OF TERMS
  • 3.1. “Act” means the Data Protection Act No.18 of 2024 or the DPA;
  • 3.2. “Child” means any natural person under the age of 18 (eighteen) years;
  • 3.3. “Cookies” a cookie is a small piece of data sent from our website to your computer or device or internet browser where it is saved.
  • 3.4. “Commission” means the Information and Data Protection Commission of Botswana
  • 3.5. “Commissioner” means the Commissioner of the Commission;
  • 3.6. “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal DATA under the control of or in the possession of the Firm;
  • 3.7. “Data Controller” means a public or private body or any other person which alone or in conjunction with others, determines the purpose of and means for Processing Personal Data;
  • 3.8. “Data Processor” means a person or entity who Processes Personal Data for a Data Controller in terms of a contract or mandate, without coming under the direct authority of that Data Controller;
  • 3.9. “Data Subject” means the individual / natural person who is the subject of personal data;
  • 3.10. “Direct Marketing” means to approach a person, by electronic communication, telephone communication, face to face, marketing material, social media, websites, applications (web based and/or mobile) and/or the internet, for the purpose of promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject;
  • 3.11. “Employees” means any employee of the Firm;
  • 3.12. “Personal Data” has the meaning ascribed thereto under the Botswana Data Protection Act and means any information relating to an identified or identifiable natural person, which natural person can be identified directly or indirectly;
  • 3.13. “Policy” means this Data Protection and Privacy Policy;
  • 3.14. “Processing” means any operation or set of operations which includes, collection, recording, consulting, structuring, organizing, storage, adaptation or alteration, retrieval, use, transfer, sharing, disclosure by dissemination, erasure, deletion or destruction of personal data and has the meaning ascribed thereto under the Botswana Data Protection Act of 2024;
  • 3.15. “Special Personal Data” means Personal Data concerning a Data Subject’s National Identification Number, information related to children, religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, biometric information or criminal behaviour;
  • 3.16. “Third Party” means any independent contractor, agent, consultant, sub-contractor or other representative of the Firm.
(4) WHAT INFORMATION DO WE COLLECT AND HOW?
  • 4.1. The Firm collects and processes personal data received from its employees and clients.
  • 4.2. The Firm collects Personal Data directly from Data Subjects, unless an exception is applicable (such as, for example, where the Data Subject has made the Personal Data public or the Personal Data is contained in or derived from a public record).
  • 4.3. The Firm will always collect Personal Data in a fair, lawful and reasonable manner to ensure that it protects the Data Subject’s privacy and will Process the Personal Data based on legitimate grounds in a manner that does not adversely affect the Data Subject in question.
  • 4.4. Website usage information may be collected using “cookies” which allows the Firm to collect standard internet visitor usage information.
  • 4.5. Personal Information will only be used for the purpose for which it was collected and as agreed. This may include:
    • 4.5.1. Providing services to stakeholders and carrying out the transactions requested;
    • 4.5.2. To provide legal services and respond to inquiries
    • 4.5.3. To improve our website and services
    • 4.5.4. For sharing with other third parties, where necessary including government offices;
    • 4.5.5. Confirming, verifying and updating clients’ details;
    • 4.5.6. For audit and record-keeping purposes;
    • 4.5.7. In connection with legal proceedings;
    • 4.5.8. Providing communication in respect of the Firm and regulatory matters that may affect stakeholders;
    • 4.5.9. In connection with employment and contractual obligations; and
    • 4.5.10. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law.
  • 4.6. Personal data may only be processed if certain conditions, listed below, are met along with supporting information for the processing of personal information:
    • 4.6.1. Consent of the Data Subject (or a competent person, where the Data Subject is a Child) is obtained;
    • 4.6.2. Processing is necessary to carry out the actions for conclusion of a contract to which a Data Subject is party;
    • 4.6.3. Processing complies with an obligation imposed by law on the Firm;
    • 4.6.4. Processing protects a legitimate interest of the Data Subject; and/or
    • 4.6.5. Processing is necessary for pursuing the legitimate interests of the Firm or of a third party to whom the information is supplied.
  • 4.7. The Firm will make the manner and reason for which the Personal Data will be Processed clear to the Data Subject.
  • 4.8. Where the Firm is relying on a Data Subject’s consent as the legal basis for Processing Personal Information, the Data Subject may withdraw his/her/its consent or may object to the Firm’s Processing of the Personal Information at any time. However, this will not affect the lawfulness of any Processing carried out prior to the withdrawal of consent or any Processing justified by any other legal ground provided under the Data Protection Act.
  • 4.9. If the consent is withdrawn or if there is otherwise a justified objection against the use or the Processing of such Personal Data, the Firm will ensure that the Personal Information is no longer Processed.
(5) PROCESSING OF SENSITIVE PERSONAL DATA?
  • 5.1. The Firm acknowledges that it will generally not process sensitive personal data unless:
    • 5.1.1. Processing is carried out in accordance with the Data Subject’s consent;
    • 5.1.2. Processing is necessary for the establishment, exercise or defense of a right or obligation in law;
    • 5.1.3. Processing is for historical, statistical or research purposes, subject to stipulated safeguards; or
    • 5.1.4. Information has deliberately been made public by the Data Subject.
(6) Minors' Data

The Firm will only process Personal Data concerning a Child where it has obtained the consent of the parent or guardian of that Child or where it is permitted to do so in accordance with applicable laws.

(7) WHO DO WE SHARE THIS INFORMATION WITH?
  • 7.1. The Firm may disclose a stakeholder’s personal data to any of its third-party service providers who have agreements in place to ensure compliance with confidentiality and privacy conditions.
  • 7.2. The Firm may also share personal data with and obtain information about stakeholders from third parties for the reasons already discussed above.
  • 7.3. The Firm may also disclose a client’s information where it has a duty or a right to disclose in terms of applicable legislation, the law, or where it may be deemed necessary to protect its rights.
(8) SENDING INFORMATION ABROAD
  • 8.1. Sometimes we may send your information abroad, including to service providers or third parties who store data or operate outside of Botswana.
  • 8.2. We will only transfer your personal data abroad to third parties, in one or more of the following circumstances:
    • 8.2.1. After we have made sure there are arrangements in place to adequately protect your personal data under the foreign country’s laws or in terms of an agreement with the third party.
    • 8.2.2. Where the transfer of your personal data is necessary for us to conclude, or perform, under a contract with you or a contract with a third party that is in your interest.
    • 8.2.3. Where you have consented to the transfer of your information; and/or
    • 8.2.4. Where it is not reasonably practical for us to obtain your consent, but the transfer is for your benefit.
    • 8.2.5. We will ensure that the party processing your personal data in another country agrees to apply the same level of protection of applicable laws or privacy rules that bind the Firm, or if the other country’s laws provide better protection, the other country’s laws would be agreed to and applied.
(9) OTHER RIGHTS YOU HAVE
  • 9.1. Stakeholders have the right to access the personal data the Firm holds about them;
  • 9.2. Stakeholders also have the right to ask the Firm and its Data Processors to update, correct or delete their personal data on reasonable grounds;
  • 9.3. Once a stakeholder objects to the processing of their personal information, the Firm or its Data Processors may no longer process said personal information; and
  • 9.4. The Firm and its Data Processors will take all reasonable steps to confirm stakeholders’ identity before providing details of their personal data or making changes to their personal data.
  • 9.5. If an individual contacts the Firm requesting this information, this is called a subject access request.
  • 9.6. Subject access requests from individuals should be made by email, addressed to the data controller at tshegofatso@aja.co.bw.
(10) MAKING A PRIVACY COMPLAINT
  • 10.1. Our staff are trained to keep your information safe and secure. We will only keep your information for as long as:
    • 10.1.1. We require the information to fulfil the lawful purposes related to our function, or to achieve the purposes as set out in this policy.
    • 10.1.2. The law requires us to keep the information.
    • 10.1.3. We are required to keep the information in terms of our agreement with you.
    • 10.1.4. You have consented to us keeping the information.
    • 10.1.5. We require the information for statistical or research purposes.
    • 10.1.6. An industry code of conduct requires us to retain the information.
    • 10.1.7. We are required to keep it to achieve the purposes listed in this policy.
    • 10.1.8. We require it for lawful business purposes.
  • 10.2. Here are some of the things we do to protect data:
    • Staff training: We continuously train our staff on how to keep data safe and secure.
    • Secure handling and storage: When we send information outside, or use third parties that handle or store data, we make arrangements to protect your information via Data Transfer Agreements.
    • Data Pseudonymization: When you log in to our websites or apps, we encrypt data sent from your computer to our systems so that no one else can access it. We have firewalls, intrusion detection and virus scanning tools to stop viruses and unauthorised people accessing our systems. When we send your electronic data to other organisations, we use secure networks or encryption.
    • System security: We use passwords and/or smartcards to stop unauthorised people gaining access to your data.
    • Building security: We use a mix of alarms, cameras, guards and other controls including biometrics for access control in our buildings to prevent unauthorised access to our premises and consequently to protect data.
    • Destroying or deidentifying data when no longer required: We keep personal data only for as long as we need it – such as, for business or legal reasons. When information is no longer needed, we take reasonable steps to destroy or deidentify it.
(11) ACCESSING, UPDATING AND CORRECTING YOUR INFORMATION

Please contact us if you wish to view your information. To access more detailed information, you may need to fill out a request form. If your information isn’t correct or requires updating, let us know as soon as possible.

(12) CAN YOU SEE WHAT INFORMATION WE HAVE?
  • 12.1. You have the right to request access to the personal data that we hold about you. This includes requesting:
    • 12.1.1. Confirmation that we hold your personal information, or
    • 12.1.2. Requesting a copy or description of the record containing your personal information, such as your transaction history or credit information;
    • 12.1.3. The identity or categories of third parties who have had access to your personal data.
  • 12.2. We will attend to requests for access to personal information within a reasonable time. We may require you to pay a reasonable administration fee to receive copies or descriptions of records, or information about third parties and you will be informed of the fee before attending to your request. Please note that before we can release any information, we will need to carry out identity verification processes.
  • 12.3. Please note that the law may limit your right to access information.
  • 12.4. You can submit an access request by attending at our offices, going online or contacting us via any of our official channels.
  • 12.5. We try to make your information available within 30 days of you asking for it. Before releasing the information, we will need to confirm your identity.
(13) CAN WE REFUSE YOU ACCESS TO YOUR INFORMATION?

In some cases, we can refuse access, or we’ll only let you access certain information. For example, we might not let you access information that is commercially sensitive. If so, we will contact you to let you know why. You have the option to query this decision.

(14) UPDATING YOUR INFORMATION

It’s important that we have your correct contact details, such as your current home address, email address and phone number. You can check or update your information by logging in to our website/app or contacting us via any of our other channels.

(15) CAN WE CORRECT, DELETE OR UPDATE YOUR INFORMATION?
  • 15.1. You can ask us to correct, delete or update any information we have for you if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully or if we are no longer authorised to retain the information. You must submit your request to us in writing. We will take reasonable steps to determine if the personal information is correct and make any correction needed. It may take a reasonable time for the change to reflect on our systems. We may request documents from you to verify the change in personal information and we may require you to complete a form to assist you with your request. The relevant form (Form 2) is included as an annexure to this policy.
  • 15.2. Note that if the law requires us to retain the information you have requested us to delete, we may not be able to delete this information immediately. Note further that the deletion of certain personal data could result in the suspension or termination of your business relationship with the Firm.
(16) RIGHT TO OBJECTION
  • 16.1. You may object on reasonable grounds to the processing of your personal information where it is in your legitimate interest or in the legitimate interest of another party.
  • 16.2. You must inform us of your objection in the prescribed form. Prescribed Form 1 is included as an annexure to this Policy.
  • 16.3. We will not be able to give effect to your objection if:
    • The processing of your personal information was and is permitted by law,
    • You have provided consent to the processing and our processing was conducted in line with your consent; or
    • The processing is necessary to conclude or perform under a contract with you.
  • 16.4. We will also not be able to give effect to your objection if the objection is not based upon reasonable grounds and substantiated with appropriate evidence.
  • 16.5. We will provide you with feedback regarding your objections.
(17) RIGHT TO WITHDRAW CONSENT
  • 17.1. Where you have provided your consent for the processing of your personal information, you may withdraw your consent. If you withdraw your consent, we will explain the consequences of this to you, which may include that we may not be able to provide certain services to you. We will inform you if this is the case. We may proceed to process your personal information, even if you have withdrawn your consent, if the law permits or requires it. It may also take some time for the change to reflect on our systems. During this time, we may still process your personal information.
  • 17.2. You can give effect to this right by contacting us on +267 316 3125 or tshegofatso@aja.co.bw, alternatively, go to our website www.aja.co.bw for more information.
(18) MAKING A PRIVACY COMPLAINT

If you have a concern or complaint about your privacy, please let us know and we’ll do our best to address it. If you’re not satisfied with how we handled the issue, there are other courses of action available to you.

(19) HOW DO YOU MAKE A COMPLAINT?
  • 19.1. We do our best to get things right the first time. If, however, we don’t, we will do whatever we can to fix it. If you are concerned about your privacy, you have the right to lodge a complaint and we’ll do our best to address it.
  • 19.2. If you have a privacy-related concern or complaint, please first raise this with the Firm directly and we will do our best to resolve the issue speedily.
  • 19.3. To lodge a complaint, please contact our customer contact center via any of our channels. We will then investigate the issue and do our best to resolve your complaint immediately.
(20) COOKIES
  • 20.1. A cookie, in its basic form, is a short line of text that a website puts on your computer’s hard drive or device when you access that website. That way, when you return, that website knows you were there before and can automate some things for you.
  • 20.2. The purpose of a cookie is therefore to provide a reliable mechanism to “remember” customer behavior (keeping track of previous actions), e.g. remembering the contents of an online shopping cart, and actions the user performed whilst browsing when not signed up or logged into their online account.
  • 20.3. A cookie does not allow us to identify the individual unless they have used the same computer or device to login to one of our products like our web portal.
  • 20.4. By using our website or applications, customers agree that cookies may be forwarded from the relevant website or application to their computer or device. The cookie will enable us to know that you have visited a website or application before and will identify the customer. We may also use the cookie to prevent fraud.
(21) FORMS

The following forms are available to all data subjects at request;

  • 21.1. Form 1: Objection to the processing of personal information in terms of section 48 of the Data Protection Act, 2024
  • 21.2. Form 2: Request for correction or deletion of personal information or destroying or deletion of record of personal information in terms of section 44(1) of the Data Protection Act, 2024

CONTACT US

AJA House, Unit 2, Plot 54373, CBD, Gaborone
(+267) 316 3125
info@aja.co.bw

Follow us:

SERVICES

LINKS

(+267) 316 3125

Akheel Jinabhai & Associates has developed an excellent reputation for providing responsive, pragmatic, and cost-effective legal solutions to client undertaking business in Botswana.

© 2025 – All Rights Reserved
Akheel Jinabhai & Associates
Developed By: Weblogic