GDPR Compliance
Our commitment to protecting your personal data under the General Data Protection Regulation
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.
Enhanced Protection
Stronger data protection rights for individuals
Individual Rights
Greater control over personal data
Accountability
Stricter obligations for organizations
2. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
Right of Access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to the personal data.
Right to Rectification
You have the right to have inaccurate personal data corrected and incomplete personal data completed.
Right to Erasure
You have the right to have your personal data erased in certain circumstances (the "right to be forgotten").
Right to Restrict Processing
You have the right to restrict the processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
Right to Object
You have the right to object to the processing of your personal data in certain circumstances.
3. Our Data Processing Principles
We process personal data in accordance with the following GDPR principles:
Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner.
Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes.
Data Minimization
We collect only the personal data that is adequate, relevant, and necessary.
Accuracy
We keep personal data accurate and up to date.
Storage Limitation
We retain personal data only for as long as necessary.
Security
We implement appropriate technical and organizational measures to protect personal data.
4. Legal Basis for Processing
We process personal data based on the following legal grounds under GDPR:
| Processing Activity | Legal Basis | Description |
|---|---|---|
| Account Creation & Management | Contract | Necessary for the performance of our service agreement |
| Customer Support | Contract | Required to provide support services under our contract |
| Marketing Communications | Consent | Based on your explicit consent to receive marketing |
| Analytics & Improvement | Legitimate Interest | To improve our services and user experience |
| Legal Compliance | Legal Obligation | To comply with applicable laws and regulations |
| Security & Fraud Prevention | Legitimate Interest | To protect our services and users from fraud |
5. Data Protection Measures
We implement comprehensive technical and organizational measures to protect your personal data:
Technical Measures
- End-to-end encryption
- Secure data transmission (HTTPS/TLS)
- Regular security updates
- Access controls and authentication
- Data backup and recovery
- Intrusion detection systems
Organizational Measures
- Staff training on data protection
- Data protection policies and procedures
- Regular security audits
- Incident response procedures
- Data protection impact assessments
- Vendor security assessments
6. Data Transfers
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
Adequacy Decisions
Transfers to countries with adequate data protection
Standard Contractual Clauses
EU-approved contractual clauses for data transfers
Binding Corporate Rules
Internal data protection policies for international transfers
Explicit Consent
Your explicit consent for specific transfers
7. Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
Within 72 Hours:
- Notify the supervisory authority
- Assess the risk level
- Implement containment measures
Without Delay:
- Notify affected individuals
- Provide clear information
- Recommend protective actions
8. Exercising Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month of receipt.
How to Submit a Request
- Email: privacy@maxchurches.com
- Phone: +256-782804992
- Mail: 112327 Mackay Rd, Nateete, Kampala, Uganda
Required Information
- Your full name and contact details
- Proof of identity
- Specific details of your request
9. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant supervisory authority depends on your location:
EU Residents
Contact your local data protection authority
Non-EU Residents
Contact the authority in the EU country where you are located
10. Updates to This Policy
We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes and post the updated policy on our website.
This GDPR compliance statement was last updated on October 23, 2025