Supplier Privacy Notice

SUPPLIER PRIVACY NOTICE

 

INTRODUCTION

At Letshego Africa Holdings Limited (hereafter referred to as “LAHL”, “Letshego”, “we”, “us”, “our”), we value your privacy and are committed to protecting the personal data of all individuals we engage with, including individual contractors and representatives of our suppliers. This Supplier Privacy Notice explains how we process your personal data as per the Botswana Data Protection Act 2024 (hereafter referred to as the “DPA”).

WHAT PERSONAL DATA DO WE COLLECT & PROCESS

 We may collect and process the following categories of personal data in relation to your contractors, directors and other data subjects during contracting with Letshego:

 

Identification and Contact Details: Name, Position, Business Email, Contact Telephone Number, address, Nationality, National Identity Information, Passport information, Residential Address, Postal Address, VAT Registration Number, TAX number,

Educational and professional background: CV, Educational Qualifications, References, Employment History, Training achievement, Performance Record and details, Talent Classification

Personal Financial Information: Bank Name, Bank Branch, Bank Account Number, Branch Code, Bank Reference Letter

Other Information: Resolution specifying who is authorized to act on behalf of the company, Partnership Agreement, professional certifications, company registration details, Listing of Ultimate Beneficial Owners (Full Names, Residential Address, Date of Birth, Nationality Percentage of ownership (%), Listing of Prominent Influential Persons. Audited Annual Financial Statements, Blank and Crossed Out Company Letterhead, AML/ABC/Code of Conduct Policy, Other client’s or Letters of Reference From Two Clients,

HOW DO WE COLLECT YOUR PERSONAL DATA

We may collect your personal data in the following ways:

  • Directly from you, for example during the contracting process when you provide or offer to provide services to us.
  • Indirectly from our subsidiary companies
  • From publicly available sources such as your website or any other source containing your personal data e.g CIPA Website

WHY DO WE PROCESS YOUR PERSONAL DATA

 We process your personal data for the following purposes:

 

Onboarding you as our supplier: To verify the identity and legitimacy of suppliers and their responsibilities. To collect necessary details for due diligence and compliance checks. To maintain up to date supplier database.

Communication: To manage communication and feedback between Letshego and yourself.

Due Diligence: To ensure onboarded suppliers are compliant in terms of Letshego’s Compliance requirements.

Issuing payments: To process supplier invoices and payments. To verify bank accounts details and payment authorizations.

Comply with Regulatory Requirements: To comply with regulatory requirements imposed on Letshego, we process your personal data in accordance with applicable data protection and financial regulations in the jurisdictions where we operate.

For record keeping: For record keeping purposes in alignment with legal and business requirements.

LEGAL BASIS FOR PROCESSING PERSONAL DATA

We rely on various legal bases for processing your personal data, including:

Performance of a Contract: Processing of your personal data is necessary for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Legal Obligation: Processing your personal data where it is necessary to comply with our legal obligations. This includes obligations under Procurement, Taxation and Financial Intelligence Act and any other statutory requirements applicable to Letshego.

Consent: Processing is based on your explicit consent in writing, which you can withdraw at any time.

Legitimate interest: Processing your personal data where it is necessary for purposes that form part of our legitimate interests or those of a third party. We will only rely on this basis where such interests are not overridden by your rights and freedoms, particularly your right to privacy.

HOW LONG DO WE RETAIN YOUR DATA

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Your Personal data will be retained as per Letshego’s Internal Data Retention schedule, once the retention period has elapsed and there is no longer a lawful basis for retaining your data, Letshego will ensure that the data is securely deleted.

WHO DO WE SHARE YOUR DATA WITH

Your personal data may be shared with the below:

 

Internal teams: Such as Finance, IT, Compliance and any other support service within Letshego Group and its subsidiaries.

Third-party providers: Third party service providers we work with such as External auditors, banks and tax authorities.

Legal or Regulatory Bodies: Where required by law, we will share personal information with our regulators, governmental, law enforcement authorities and with courts, in order to comply with our regulatory and legal obligations. In the event of a corporate restructuring, merger, or acquisition, your personal data may be transferred to a new entity as part of the transaction.

 

All third-party providers are contractually bound to protect your data and use it only for the purposes specified in this notice.

CROSS-BORDER TRANSFER OF PERSONAL DATA

Your personal data may be transferred to and processed in other countries outside Botswana. We prioritise countries recognised as having data protection standards equivalent to those in Botswana.

 

If we transfer your personal data to other countries, we will ensure that this is done in compliance with the Data Protection Act and there are appropriate safeguards in place concerning the protection of your data, such as by using appropriate contractual data processing agreements.

 

Letshego may rely on permitted derogations for the transfer, such as your explicit consent, the necessity of the transfer for the performance of your contract and Letshego’s legitimate interests.

HOW DO WE PROTECT YOUR DATA

We prioritize the security of your personal data and have implemented robust Information Technology and Security policies to ensure the confidentiality, integrity, and availability of all physical and electronic information assets, including personal data.

 

We maintain procedures to promptly address any suspected data security breach and provide regular training and awareness programs to all Letshego employees who have access to your personal data.

AUTOMATED DECISION MAKING/PROFILING

Letshego does not make decisions about you solely through automated processes such as artificial intelligence models and Computer systems Algorithms,—that may produce legal or similarly significant effects. All processing of your personal data will always involve some level of human intervention.

YOUR DATA PROTECTION RIGHTS

As a supplier, you have certain rights concerning your personal data:

 

Right to be informed: You have the right to be informed of any personal data that we hold about you and how we are processing your personal data.

Right of Access: You have the right to receive confirmation from us on whether we hold personal data about you and to receive a copy of your personal data.

Right to Erasure: In certain circumstances, you may request deletion of your personal data.

Right to Rectification: You have the right to request rectification of any inaccurate or incomplete personal data we hold about you.

Right to object: You have the right to object to the processing of your personal data for direct marketing purposes.

Right to Portability: You many request a copy of your personal data in a structured, machine-readable format and request that it be transferred to another controller.

Right to withdraw Consent: Where processing is based on consent you have the right to modify or withdraw your consent at any point.

Right to lodge a complaint: You also have the right to lodge a complaint with the Information and Data Protection Commission. We encourage you to contact us first so we can resolve your concerns directly.

 

These rights are not absolute and are subject to conditions or limitations as specified in applicable law. We will process your request in accordance with the Botswana Data Protection Act. To protect your privacy and security, we will take steps to verify your identity before complying with the request.

CONTACT US

If you have questions about this Data Privacy notice, how Letshego processes your personal data or you wish to exercise your rights, please contact the Group Data Protection Officer at:

 

Data Controller: Letshego Africa Holdings Limited

Physical Location: Tower C, Zambezi Towers; Plot 54352, Central Business District, Gaborone, Botswana;

Postal Address: P.O. Box 381 Gaborone

Email address: group.dataprotection@letshego.com

Telephone Number: 3643300

UPDATES

We may update this notice from time to time to reflect changes in how we process personal data, including any amendments to the Botswana Data Protection Act or applicable laws and regulations. The latest version will always be available on our website.