Docsecure Eswatini Data Privacy Policy


This Privacy Policy explains how Docsecure Eswatini (Pty) Ltd (“Docsecure”, “we”, “our”, or “us”) collects, uses, stores, and protects personal information. We operate in two distinct roles under applicable data protection laws:


  • Data Controller - when we collect personal data directly (e.g., website inquiries, client registration).
  • Data Processor - when we handle data on behalf of our clients (e.g., document storage, scanning, shredding).


1. Information We Collect


As a Data Controller

We may collect personal information from you directly when you:

  • Visit our website or contact forms
  • Register for our services
  • Communicate with us via phone, email, or in person

Collected data may include names, email addresses, phone numbers, business information, and other contact details.


As a Data Processor

We process data solely as instructed by our clients, which may include:

  • Physical and digital document storage
  • Document scanning and indexing
  • Cloud storage and document access systems
  • Secure shredding and disposal


2. Data Use


When acting as a data controller, we use your personal information to:

  • Respond to inquiries and support requests
  • Provide services and manage client relationships
  • Improve website experience and services

When acting as a data processor, we do not use your data for our own purposes; we only process it as instructed by the client who is the data controller.



3. Legal Basis for Processing


We process personal data on the following legal bases:

  • Consent (e.g., contact form submissions)
  • Contractual necessity (e.g., service agreements)
  • Compliance with legal obligations
  • Legitimate interests, balanced with your rights and freedoms


4. Data Storage and Retention


Physical documents are stored in secure warehouses with restricted access. Digital documents are stored on AWS S3, Google Cloud. Data is retained based on legal requirements and contractual obligations. When no longer required, data is securely deleted or shredded.



5. Data Subject Rights


Depending on the nature of the data and our role, individuals may have the following rights:

  • Right to Access - Request information we hold about you
  • Right to Rectification - Request correction of inaccurate data
  • Right to Erasure - Request deletion under certain circumstances
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Right to Avoid Automated Decision-Making

If we are acting as a data controller, you may contact us directly to exercise these rights. If we are acting as a data processor, your request should be made to the relevant data controller (our client).



6. Security Measures


We implement industry-standard safeguards to protect your data:

  • AES-256 encryption for all digital data
  • Role-based access controls
  • Multi-factor authentication (MFA)
  • 24/7 surveillance and fire monitoring at warehouses
  • ISO 27001-compliant security audits
  • Ongoing employee training in data protection


7. Cookies and Tracking


When using our website or Docsecure cloud systems, we may use cookies to enhance your experience:

  • Essential cookies for login and security
  • Performance tracking for analytics
  • Security logging of IP addresses and login attempts


8. Updates to This Privacy Policy


This policy may be updated periodically to reflect legal or operational changes. Updates will be posted on our website with the revised effective date.



9. Contacts


If you have any questions or wish to exercise your rights, please contact Docsecure DPO:

Email: dpo@docsecuresd.com

Phone: (+268) 7829 5776

Office: Shop No. 5, Plot 769 1st Street, Matsapha, Eswatini