Privacy Policy

Introduction

At Centac Systems Limited (operating as Centro Access), we take your privacy seriously. This Privacy Notice explains what personal data we collect when you use our website, platform, or mobile apps (together, the "Services"), how we handle and protect that data, and the choices you have regarding its use. "You" refers to any user of our Services. Unless otherwise noted, terms used here have the same meanings as in our Terms of Service.

"Personal Data" (also referred to as "Personal Information") means any data that identifies, relates to, describes, or can reasonably be linked to an individual or household—either directly or indirectly.

This Privacy Notice does not apply to any personal data we process solely on behalf of our customers when we act as a Data Processor under applicable data protection laws. That data is handled based on the agreements we have in place with our customers, typically outlined in a Data Processing Addendum (DPA). If you have questions about how your data is handled in that context, please contact the organization that manages your account. For details, see Section 10.

1. Data Collection & Processing

For the purposes of this Privacy Policy, we define two categories of users:

• "Prospects" refers to individuals who visit our website, attend our events, or engage with our marketing content—such as advertisements, emails, or other communications—prior to becoming users of our Services.
• "User" refers to any individual who accesses or uses the Platform and/or App under a Customer account. This includes Account Owners, Administrators, Employees, service providers, and independent contractors acting on behalf of a Customer.

Depending on how you use our Services, we may collect various types of Personal Data. We, along with our trusted third-party contractors and service providers, use this information for different business and operational purposes described below. Providing your Personal Data is voluntary, and you are under no legal obligation to share it with us. However, please note that without certain information, we might be unable to offer the full functionality of our Services or ensure the best possible user experience. If you choose not to provide your Personal Data or do not want it processed by us, we kindly ask that you refrain from using or interacting with our Site, Platform, or App. You also have the right to submit requests regarding your data rights as detailed in Section 9. Centro Access does not collect, use, or disclose sensitive Personal Data.

1.1 Prospects Data Collection

When you interact with our services as a prospect, we may collect the following information:

• Contact Information: When you (1) request information through our Site, (2) complete online forms, (3) participate in our events, (4) reach out via a referral link, or (5) contact us for any other reason, we may collect the information you provide—such as your name, email address, and any other details submitted through the Site, online advertisements, emails, or other communications.
• Communications Data: When you interact with us—whether through phone calls, virtual meetings, or instant messaging—we may collect Personal Data such as your name, email address, phone number, job title, company name, and any other information you share during these communications. This may also include written correspondence, screen recordings, screenshots, and other related data that could be automatically recorded, tracked, transcribed, and analyzed to help us improve our services.
• Automatically Collected Data: When you visit our Site, we automatically gather information about your device, such as your operating system, browser type, and internet service provider (ISP). We may also collect Personal Data like your IP address, session recordings, browsing activity on our Site—including the pages you visit, how often, and when—as well as referring and exit pages (the sites you came from and went to). Additionally, we track which ads or emails you interacted with and other details about your viewing history. For more information on how we use cookies and similar technologies, please see the “Cookies and Similar Technologies” section below.
• Data from Third Parties: We may obtain Personal Data about you from trusted third-party sources, such as partners, service providers, or publicly available databases, to enhance and support our Services.

1.2 Users Data Collection

When you use our Services as a registered user, we collect:

• Registration Data: To access and use our Services, Account Owners and Administrators are required to register and provide certain Personal Data, including their full name, email address, and phone number. Administrators and Employees may also be asked to provide additional details—such as job title, profile photo, or other relevant information—based on the requirements set by their Account Owner or Administrator.
• Registration Data: If you are an Account Owner or Administrator, you are required to register in order to access and use our Services. As part of the registration process, you must provide certain Personal Data, including your full name, email address, and phone number. Additionally, Administrators and Employees may be asked to provide further details—such as job title, profile picture, or other information—based on the requirements set by the Account Owner or Administrator
• Communications Data: We collect Personal Data from your interactions with us—such as support requests, messaging, event participation, surveys, and feedback. This may include recordings, screenshots, and written communications. If you are referred by a User, we may also collect their contact details.
• Automatically Collected Data: We automatically collect technical and usage information about your device and interactions with our Services—such as IP address, session activity, cookies, and device details—to monitor usage, improve performance, detect fraud, and maintain stability. See the Cookies and Similar Technologies section for more.
• Data from Third Parties: We may receive your Personal Data from third-party services (e.g., analytics, advertising, or integration tools) based on their settings and your permissions. Review their privacy policies to understand what data may be shared.
• Uploaded Materials: Any personal data you upload (like text, documents, or images) is handled by CentroAccess as a data processor. The Customer linked to your account decides how this data is used and the legal basis for processing it.
• Geo-location: When using certain features in our App, you may be asked to share your device’s precise GPS location (e.g., latitude and longitude). This data may be used—for example—to verify your location when clocking in or out. Whether this information is collected depends entirely on your Account Owner or Administrator, and CentroAccess acts solely as a data processor. If you prefer not to share your precise location, you can usually disable it in your device’s privacy settings or App permissions. However, turning it off may affect the functionality of some App features. CentroAccess does not use geo-location data for its own purposes; the Customer linked to your account determines how it is used and the legal basis for doing so. See Section 10 for more details.

2. How We Use Your Data

2.1 Prospects and Users Personal Data

Centro Access processes personal data from both prospects and users for various legitimate business purposes, with appropriate lawful bases for each type of processing:

2.2 Users Personal Data

For users specifically, Centro Access processes additional types of personal data for enhanced service delivery and operational purposes:

3. Communications with You

We communicate with you through various channels including email, phone, SMS, in-app notifications, and other communication methods as appropriate.

3.1 Service Communications

We send you important service-related messages such as:

• Account registration confirmations and welcome messages
• Password reset instructions and security alerts
• System maintenance notifications and service updates
• Billing statements and payment confirmations
• Other administrative notices

Certain essential communications cannot be opted out of as they are necessary for the proper functioning of our Services and your account security.

3.2 Promotional Communications

If you are a Prospect, Account Owner, or Administrator, we may use your Personal Data to inform you about products and services that we believe may interest you. We may contact you via email or other communication channels you have approved. We respect your communication preferences and want to ensure you have control over how you receive promotional messages:

• We keep promotional communications reasonable in frequency and relevant to your interests
• You can unsubscribe from email marketing by clicking "unsubscribe" links in any email or contacting support@centroaccess.com
• You can manage browser cookie settings to control online advertising preferences

4. Data Location

Centro Access is headquartered in Uganda, with operations supported by service providers located in the European Economic Area ("EEA"), the US, Israel, South Africa and other jurisdictions. These service providers may process and store Personal Data on our behalf. We transfer Personal Data internationally to enable the purposes described in this Privacy Notice.

We require all third parties outside your jurisdiction to adhere to strict written agreements that guarantee the same level of privacy and data protection as outlined here.

Please contact us at dpo@centroaccess.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of your country.

5. Data Disclosure

We disclose your Personal Data to other entities as follows:

5.1 Customers and Other Users

If you are a User, we may share your Personal Data with the Customer associated with your account (or anyone authorized by them, such as an Account Owner or Administrator), acting as a "data processor." This includes Personal Data related to your use of the Platform or App, such as chats, IP address, or geo-location data collected on behalf of our Customers. Additionally, other Users within the same account may have access to some of your Personal Data depending on the account settings, which can be managed by you or your Account Owner/Administrator.

5.2 Affiliates

We may share your information, including Personal Data, with our affiliates and subsidiaries, whether currently existing or established in the future.

5.3 Service Providers and Subcontractors

We may share your information, including Personal Data, with our trusted service providers and subcontractors who are bound by confidentiality agreements. They use this information solely on our behalf to:

• Assist us in delivering our Services to you
• Help us understand how you use our Services
• Improve, optimize, and send promotional communications as described in Section 3.2
• Deliver advertisements, identify audiences, and conduct ad measurement
• Provide IT and system administration, data backup, security, storage, data analysis, data enrichment, and payment processing services

These providers and subcontractors may employ artificial intelligence and related technologies when necessary to perform their services, always under the terms of our agreements with them.

5.4 Service Integrations

Customers may connect third-party services to enhance or integrate with our platform. These third-party providers may access or share relevant data from your account, including Personal Data, based on the integration's purpose. Your data processing by these providers is governed by agreements between you or the Customer and the third party. Use of third-party services is at your own risk and subject to their terms and privacy policies. For example, using our "AI Generated Courses" feature is also subject to Google's Privacy Policy.

5.5 Change of Control and Business Transactions

If CentroAccess or any of its subsidiaries or affiliates undergo a change in control, ownership, merger, acquisition, or sale of assets, your Personal Data may be shared with or transferred to the involved parties. We may disclose Personal Data during negotiations or as part of such corporate transactions. Additionally, Personal Data may be disclosed in cases of insolvency, bankruptcy, or receivership. We may also share your Personal Data when necessary to protect our legitimate business interests, including ensuring the security and integrity of our products and services.

5.6 Disclosure to Law Enforcement

We may share your Personal Data with third parties if: (1) we genuinely believe it is necessary to protect the rights, property, or safety of ourselves or others, including enforcing these Terms and this Privacy Notice; (2) we are required to do so by law, regulation, subpoena, court order, or other legal processes; or (3) it is needed to comply with any legal or regulatory obligations.

5.7 Feedback and Recommendations

If you submit a public review or feedback, we may, with your permission and at our discretion, store and display it publicly on our Site and Services. Should you want your review removed, please contact us at support@centroaccess.com. Additionally, if you send invitations to others to use our Services through email or messages, we may, with your permission, use the contact details you provide to send these invitations on your behalf, which may include your name and email address.

6. Cookies and Similar Technologies

We and our service providers use cookies, pixels, tags, and similar technologies to operate and monitor our Site and Services effectively. These tools help ensure functionality, analyze performance and marketing efforts, and tailor your experience. Some may temporarily be stored on your device and may collect certain personal data, such as your IP address, where applicable.

7. Opt-Out of Sale/Sharing

Under certain data protection laws, our use of cookies, pixels, and similar technologies — as well as our sharing of identifiers with select service providers — may be considered a "sale" or "sharing" of Personal Information. These practices are carried out in line with the business and commercial purposes described in Section 2 above.

8. Data Security

We implement and maintain appropriate technical and organizational safeguards designed to protect your Personal Data from unauthorized access, disclosure, destruction, or loss. These measures include industry-standard physical, electronic, and procedural protections such as secure servers, encryption protocols, and regular system backups to support data integrity and business continuity.

We also maintain internal security policies, routinely review our security practices, and ensure that our personnel are subject to strict confidentiality obligations.

Security also depends on your own practices. Please ensure that you use strong passwords, protect your login credentials, and secure the devices you use to access our Services.

9. Data Subject Rights

Subject to applicable data protection laws—including but not limited to the Uganda Data Protection and Privacy Act (2019), Kenya Data Protection Act (2019), South Africa Protection of Personal Information Act (POPIA), and Nigeria Data Protection Act (2023), as well as the EU General Data Protection Regulation (GDPR), UK GDPR, Swiss Federal Data Protection Act, and the California Consumer Privacy Act (CCPA)—you may have specific rights regarding your Personal Data.

These rights may include the ability to:

• Access your Personal Data and understand how it is collected and used
• Request correction or deletion of your Personal Data
• Restrict or object to certain processing activities
• Receive your Personal Data in a portable format
• Opt out of the sale or sharing of your Personal Data (where applicable)
• Receive equal service and pricing, even when exercising your privacy rights

To exercise these rights, please contact us at dpo@centroaccess.com. You may also appoint a representative to submit a request on your behalf by providing valid written authorization or a power of attorney.

10. Data Controller/Processor

10.1 Data Protection Roles

Many data protection laws—such as the Uganda Data Protection and Privacy Act, Kenya Data Protection Act, South Africa's POPIA, Nigeria Data Protection Act, GDPR, and CCPA—differentiate between two main roles:

• The Data Controller (or "Business" under the CCPA), who determines the purposes and means of processing personal data
• The Data Processor (or "Service Provider" under the CCPA), who processes data on behalf of the controller

10.2 CentroAccess as Data Controller

We act as a Data Controller for:

• The Personal Data of our Prospective Customers
• Registration, Payment, Communication, and Automatically Collected Data from Account Owners and Administrators (as described in Section 1)

10.3 CentroAccess as Data Processor

We act as a Data Processor for:

• Materials uploaded by Users
• Personnel Registration Data
• Geo-location Data submitted by our Customers and their Users

11. Data Retention

Data Retention Summary:

• We retain your Personal Data as long as needed to provide services, meet legal or contractual obligations, or protect against legal claims, in line with our retention policy.
• In some cases, we may keep your data longer (e.g., for legal, tax, or audit reasons, or potential litigation).
• As a data processor, we retain data only as instructed by our Customers (e.g., archived employee data remains until the Customer deletes it).
• For questions about retention, contact: dpo@centroaccess.com.

12. Additional Notices

12.1 Children

We do not knowingly collect Personal Data from individuals under the age of eighteen. If you become aware that a child under eighteen has provided us with Personal Data without appropriate parental or guardian consent, please contact us immediately.

12.2 Updates to this Privacy Notice

We may revise this Privacy Notice from time to time to reflect changes in legal requirements or how we operate. Updated versions will be posted on this page. Please review it periodically to stay informed. If we make significant changes, we will notify you through our website, Services, or by email.

12.3 Contact and Questions

If you have any questions or concerns about this Privacy Notice or wish to exercise your data rights, please contact us at: dpo@centroaccess.com

12.4 Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee compliance with privacy and data protection laws. You may contact our DPO at: dpo@centroaccess.com