DATA PROTECTION
GDPR & Data Protection
Our Commitment to Data Protection
Instant Payments Namibia (IPN) is committed to protecting the privacy and security of personal data in accordance with international data protection standards, including principles aligned with the General Data Protection Regulation (GDPR) and applicable Namibian data protection laws.
As a critical payment infrastructure provider, we recognize the importance of handling personal data responsibly and transparently. This page outlines our approach to data protection and your rights regarding your personal information.
1. Data Protection Principles
We adhere to the following data protection principles:
Lawfulness & Fairness
We process personal data lawfully, fairly, and in a transparent manner
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes only
Data Minimization
We collect only data that is adequate, relevant, and necessary
Accuracy
Personal data is kept accurate and up to date
Storage Limitation
Data is retained only as long as necessary
Integrity & Confidentiality
Data is processed securely with appropriate protection
2. Your Data Protection Rights
Under data protection law, you have the following rights:
Right of Access
You have the right to request copies of your personal data. We may charge a reasonable fee for multiple copies or excessive requests.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, such as when:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Note: This right may be limited by legal obligations to retain certain financial and transaction records.
Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain situations.
Right to Data Portability
You have the right to request transfer of your personal data to another organization or directly to you in a structured, commonly used format.
Right to Object
You have the right to object to processing of your personal data in certain circumstances, including for direct marketing purposes.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.
3. Legal Basis for Processing
We process personal data based on one or more of the following legal grounds:
- Consent: You have given explicit consent for processing for specific purposes
- Contract: Processing is necessary to perform a contract with you or take pre-contractual steps
- Legal Obligation: Processing is necessary to comply with legal or regulatory requirements
- Legitimate Interests: Processing is necessary for our legitimate interests or those of third parties (except where overridden by your rights)
- Public Interest: Processing is necessary for the performance of tasks carried out in the public interest or in exercise of official authority
4. International Data Transfers
When we transfer personal data outside Namibia, we ensure appropriate safeguards are in place:
- Transfer to countries with adequate data protection as determined by relevant authorities
- Use of standard contractual clauses approved by data protection authorities
- Implementation of binding corporate rules for intra-group transfers
- Obtaining your explicit consent for specific transfers
5. Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security assessments and penetration testing
- Data backup and disaster recovery procedures
- Employee training on data protection and security
- Incident response and breach notification procedures
6. Data Breach Notification
In the event of a data breach that is likely to result in high risk to your rights and freedoms:
- We will notify the relevant supervisory authority without undue delay (within 72 hours where feasible)
- We will notify affected individuals without undue delay
- Notifications will include the nature of the breach, likely consequences, and measures taken
- We will document all data breaches and our response
7. Data Protection Officer
IPN has designated a Data Protection Officer (DPO) responsible for:
- Monitoring compliance with data protection laws
- Advising on data protection impact assessments
- Cooperating with supervisory authorities
- Acting as a contact point for data subjects and authorities
You can contact our DPO at: dpo@ipn.com.na
8. How to Exercise Your Rights
To exercise any of your data protection rights:
- Submit a request via email to dpo@ipn.com.na
- Provide sufficient information to verify your identity
- Clearly state which right you wish to exercise
- Include any relevant details to help us respond to your request
We will respond to your request without undue delay and within one month. This period may be extended by two months for complex requests.
9. Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:
- IPN's Data Protection Officer (contact details above)
- The relevant data protection supervisory authority in Namibia
- The Bank of Namibia (as our regulatory authority)
We encourage you to contact us first so we can address your concerns directly.
10. Contact Us
For questions about data protection or to exercise your rights:
Data Protection Officer
Instant Payments Namibia (IPN)
71 Robert Mugabe Ave, Windhoek, Namibia
DPO Email: dpo@ipn.com.na
Privacy Email: privacy@ipn.com.na
Phone: +264 61 283 5111
