Explore the SADC-DFRC eLearning platform
Learn MorePrivacy Policy
THIS SOUTHERN AFRICAN DEVELOPMENT COMMUNITY DEVELOPMENT FINANCE RESOURCE CENTRE PRIVACY POLICY (PRIVACY POLICY) APPLIES TO HOW WE COLLECT, USE, AND PROCESS YOUR PERSONAL INFORMATION AND, IN SOME INSTANCES, SPECIAL PERSONAL INFORMATION. THIS PRIVACY POLICY APPLIES TO ALL USERS ACROSS THE SADC REGION AND INTERNATIONALLY. PLEASE READ THIS PRIVACY POLICY CAREFULLY.
All provisions of this Privacy Policy are important, but please pay special attention to parts in bold writing. These parts contain information about provisions that have special consequences for you. Where necessary, explanatory notes are provided in boxes to aid understanding. Such explanations are aids only and do not limit the meaning or application of the provisions.
Scope of the Privacy Policy
Scope of Application
What is Personal Information?
Special Personal Information
When Will We Process Your Special Personal Information?
How We Collect Your Personal Information
How We Use Your Personal Information
Compulsory Personal Information
Sharing of Your Personal Information
International Data Transfers
Storage and Security
Cookies and Tracking Technologies
Third-Party Analytics and Services
Retention of Personal Information
Your Rights
Artificial Intelligence and Automated Decision-Making
Children’s Privacy
Direct Marketing
Third-Party Links
Data Protection Compliance
Changes to This Privacy Policy
Contact Information and Complaints
The Southern African Development Community Development Finance Resource Centre (SADC-DFRC; or we or us or & our) is a regional institution established to build capacity in development finance across the Southern African Development Community region and beyond. Our principal office is located at Plot 54352 West Avenue, Zambezi Towers, Tower A, 7th Floor South Wing, Gaborone, Botswana.
SADC-DFRC is a responsible party (or data controller, in some jurisdictions) in respect of your Personal Information (as defined in clause 3.1 below), and Special Personal Information (as defined in clause 4.1 below). This means that SADC-DFRC determines the purpose of and means for processing your Personal Information.
SADC-DFRC is committed to protecting and respecting your privacy in accordance with the highest international standards. We strive to ensure that our use of your Personal Information is lawful, reasonable, and relevant to our institutional activities, with the ultimate goal of improving our services, educational offerings, and your experience.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Policy. You may contact our Data Protection Officer at info@sadc-dfrc.org to discuss this Privacy Policy or your rights under data protection legislation that is applicable to you.
This Privacy Policy describes how we will treat your Personal Information, whether provided by you to us, or collected by us through other means when you engage with us, in your ordinary use of our services, platforms, online learning centre, chatbot, website at https://sadc-dfrc.org, and other digital technologies (collectively, the Platform).
This Privacy Policy must be read together with SADC-DFRC Terms of Use and any other documents or agreements between SADC-DFRC and you (the Agreements) that describe the manner in which we, in specific circumstances, collect or process Personal Information about you. In the event of any conflict, ambiguity or inconsistency between this Privacy Policy and other documents, the documents shall be construed in the following order of priority: (i) this Privacy Policy; (ii) the Platform Terms of Use; and (iii) the Agreements.
As a regional institution serving the SADC community and international stakeholders, SADC-DFRC processes Personal Information of data subjects located in multiple countries including all SADC member states (Angola, Botswana, Comoros, Democratic Republic of Congo, Eswatini, Lesotho, Madagascar, Malawi, Mauritius, Mozambique, Namibia, Seychelles, South Africa, Tanzania, Zambia, and Zimbabwe) and other jurisdictions globally.
This Privacy Policy is designed to comply with:
The Data Protection Act, 18 of 2024 of Botswana (the primary governing law);
The Protection of Personal Information Act (POPIA) of South Africa;
Data protection laws of other SADC member states where applicable;
The European Union’s General Data Protection Regulation (GDPR) where we process data of EU residents;
Other applicable international data protection standards and frameworks.
Where there are conflicting requirements between different jurisdictions’ data protection laws, we will apply the standard that provides the greatest protection to your Personal Information or, where legally required, comply with the specific requirements of your jurisdiction of residence.
We may collect, receive, record, organize, store, update, change, retrieve, process, use, and share your Personal Information in the ways set out in this Privacy Policy. When we do one or more of these actions with your Personal Information, we are Processing your Personal Information.
By using our Platform or engaging with our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you are concerned about any aspect of this Privacy Policy as it relates to your Personal Information, please do not continue to engage with us, use our Platform, or our services.
We may, where permitted or required to do so by applicable law, process your Personal Information without your knowledge or consent if sufficient legal grounds are present, and we will do so in accordance with this Privacy Policy and applicable law.
This Privacy Policy applies to the processing by us or on our behalf of Personal Information relating to you, being a user who accesses and/or uses our Platform or services, including learners, course participants, research collaborators, partner institutions, service providers, employees, prospective employees, consultants, contractors, visitors, and other data subjects that engage with us, regardless of your geographic location.
This Privacy Policy applies regardless of the device which you use to access our Platform (Access Device), including desktop computers, laptop computers, mobile devices, tablets, and any other internet-enabled devices.
This Privacy Policy does not apply to the processing of Personal Information by other third parties relating to or by means of other parties’ websites, products, or services, such as websites linked to, from, or advertised on the Platform, even where we provide those links.
Personal Information refers to information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person (legal entity). This includes any information that can directly or indirectly identify you. Personal Information does not include information that has been anonymized or de-identified such that it cannot identify a specific person.
The Personal Information we collect about you may differ based on your engagement with us, your location, and the services you receive from or provide to SADC-DFRC. We may process the following categories of Personal Information:
Identity Information: full name, username or similar identifier, title, occupation, nationality, country of residence, educational background, professional qualifications, date of birth, gender, identity documents (passport, national ID, driver’s license), photographs, identity number, registration number, tax identification number, and academic credentials;
Contact Information: physical addresses, mailing addresses, email addresses, telephone numbers, mobile numbers, institutional affiliations, organization name and address;
Financial Information: bank account details, payment card information, payment history, scholarship or grant details, financial statements, tax information, billing information;
Transaction Information: details about payments made to or received from you, course enrollment records, certification purchases, event registrations, dates and amounts of transactions;
Technical Information: internet protocol (IP) address, login credentials, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers (including unique device IDs, advertising IDs), MAC addresses, cookie identifiers, and other technology data from your Access Device;
Usage Information: information about your access to and use of the Platform and services, including: course viewing history and progress, learning activity and engagement metrics, assessment scores and performance data, chatbot conversation logs and interaction patterns, online learning centre navigation patterns, content accessed and downloaded, time spent on specific pages and modules, search queries, forum and discussion participation, resource downloads, video watch time, click-stream data, referral sources, and features used;
Learning Data: course enrollments, module completion status, quiz and assessment results, certificates and credentials earned, learning preferences and goals, areas of professional interest, participation in webinars and workshops, attendance records, research contributions, academic performance metrics, peer interaction data;
Communication Data: chatbot conversation logs and queries, email correspondence and attachments, forum posts and comments, messages sent through the Platform, survey responses, feedback submissions, support ticket information, call recordings (where permitted and disclosed), live chat transcripts;
Location Information: geographical location information derived from your Access Device (usually based on GPS coordinates or IP address geolocation), country and city of access, timezone;
Marketing and Communications Preferences: your preferences regarding receiving marketing and promotional information from us, newsletter subscriptions, event registration preferences, communication channel preferences (email, SMS, phone), language preferences, areas of interest;
Professional Information: employment history, current employer and job title, professional certifications and licenses, areas of expertise, publications and research work, professional network connections made through our Platform;
Accessibility Information: disability status, accessibility requirements, assistive technology needs, accommodation requests for courses or events.
SADC-DFRC may also process, collect, store, and/or use aggregated data, which may include historical or statistical data (Aggregated Data) for any lawful purpose, including for research, analytics, reporting, and institutional improvement. Aggregated Data may be derived from your Personal Information but is not considered Personal Information when it does not directly or indirectly identify you. However, if we combine or connect Aggregated Data with your Personal Information in a manner that can identify you, we will treat the combined data as Personal Information in accordance with this Privacy Policy.
We hereby notify you that, in certain circumstances, by engaging with SADC-DFRC, we may collect certain Special Personal Information about you. Special Personal Information (also known as sensitive personal data in some jurisdictions) refers to particularly sensitive categories of personal data including: religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions or persuasion, health information, sex life or sexual orientation, biometric information (such as fingerprints or facial recognition data), genetic information, or information about criminal convictions, offences, or alleged offences.
The processing of Special Personal Information requires higher levels of protection and additional legal justification. SADC-DFRC has implemented appropriate policies, safeguards, and security measures, which we are required by law to maintain, to protect Special Personal Information.
We will generally not process Special Personal Information about you unless it is necessary for establishing, exercising, or defending a right or obligation in law, where we have obtained your explicit consent, where the information has been deliberately made public by you, or where processing is required by law. The specific situations in which we may process your Special Personal Information include:
Racial and ethnic information may be processed through security systems, CCTV cameras, and access control mechanisms installed at SADC-DFRC facilities for safety, security, and monitoring purposes;
As part of recruitment, hiring, and employment processes, we may process information relating to criminal background checks, credit history verification, and employment eligibility, where permitted by applicable law;
We may process information pertaining to political affiliations or positions as part of know-your-client (KYC) processes, customer due diligence (CDD) checks, and compliance with anti-money laundering regulations;
We may process health-related information as part of screening processes when accessing our facilities to comply with public health regulations and protocols (including but not limited to pandemic-related health screening requirements);
We may process information indicating religious beliefs (for example, when you register for events organized by SADC-DFRC and provide dietary requirements or preferences that may indicate religious practices);
We may process accessibility requirements, disability information, and health conditions to provide appropriate accommodations, modifications, or support for courses, events, Platform access, and facility access;
We may process biometric information for secure access control to facilities, systems, or platforms where such technology is implemented and where permitted by law with appropriate consent;
We may process Special Personal Information that you have voluntarily and publicly disclosed, such as in forum discussions, public profiles, or published content.
Where we process Special Personal Information based on your consent, you have the right to withdraw that consent at any time, though this will not affect the lawfulness of processing conducted prior to withdrawal.
We collect your Personal Information through the following means:
through direct or active interactions with you;
through automated or passive interactions with you via cookies and similar technologies;
from third parties and publicly available sources;
through our technologies including our online learning centre, chatbot, and other digital platforms and tools;
through security systems, CCTV cameras, and access control systems.
We may require or request that you submit certain Personal Information to:
create a user account and access the Platform;
enroll in courses, training programs, and learning initiatives;
subscribe to our publications, newsletters, research bulletins, or email alerts;
register for and attend webinars, workshops, conferences, seminars, or other events;
apply for employment opportunities, internships, fellowships, or consultant positions;
contact our staff, faculty members, or technical support team;
gain access to our physical facilities;
establish partnerships, collaborations, memoranda of understanding, or contractual agreements;
apply for scholarships, bursaries, grants, or financial assistance programs;
participate in research studies, surveys, or feedback initiatives;
process payments for services, courses, or events;
verify your identity and credentials;
enable us to fulfill statutory, regulatory, or contractual obligations.
We also collect Personal Information directly from you when you communicate with us through various channels, including: email correspondence; telephone calls; feedback forms and surveys; online contact forms; application forms (including course enrollment forms, client onboarding forms, KYC forms, CDD forms, vendor registration forms, employment applications); registration for and attendance at events; provision of business cards; participation in site comments, forums, or discussion boards; chatbot interactions; support tickets and help requests; and any other direct communication methods.
If you contact us, we reserve the right to retain a record of that correspondence, including any Personal Information contained therein, in accordance with our Record Retention Policy and applicable data protection legislation.
We passively collect certain Personal Information from your Access Device when you access and navigate the Platform through various technological applications and automated means, including but not limited to:
Server Logs: We use server logs to collect and maintain log information about Platform access, including IP addresses, timestamps, pages accessed, errors encountered, and referral sources;
Cookies and Similar Technologies: We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies. These technologies enable our systems to recognize your device, remember your preferences, enhance security, improve functionality, and provide a personalized experience. For detailed information about our use of cookies, please see Section 12 (Cookies and Tracking Technologies);
Analytics Tools: We use analytics platforms and tools to collect information about Platform usage patterns, user behavior, performance metrics, and demographic information. For detailed information about third-party analytics services we use, please see Section 13 (Third-Party Analytics and Services);
Learning Management System Tracking: Our online learning centre automatically tracks and records your learning progress, course completion rates, assessment performance, time spent on modules and lessons, resource downloads, video viewing statistics, engagement metrics, and interaction patterns;
Chatbot Interaction Logging: When you interact with our AI-powered chatbot, we automatically collect conversation data, including your queries, the chatbot’s responses, interaction timestamps, conversation duration, topics discussed, and interaction patterns. This data is analyzed using artificial intelligence and machine learning technologies to improve service quality, accuracy, and user experience;
Session Recording and Heat Mapping: We may use session recording and heat mapping technologies (such as those provided by Microsoft Clarity and similar tools) to understand how users interact with our Platform, including mouse movements, clicks, scrolling behavior, and navigation patterns. This helps us identify usability issues and improve user experience;
Device Fingerprinting: We may collect information about your device configuration, including screen resolution, installed fonts, browser plugins, and other technical characteristics, to enhance security and prevent fraud.
You may disable or restrict certain automated collection technologies by configuring your browser or device settings. However, please note that disabling cookies or other tracking technologies may affect the functionality of the Platform, and you may not be able to access all features or enjoy the full user experience. For information on managing cookies, see Section 12.
SADC-DFRC may receive Personal Information and Special Personal Information about you from various third-party sources, including:
Educational institutions, universities, and training partners;
SADC member state governments and regional organizations;
Development finance institutions and partner organizations;
Recruitment agencies and professional networks;
Background verification and screening service providers;
Payment processors and financial institutions;
Technology service providers, including Verbosec (our designated technology partner);
Publicly available sources, including: professional networking platforms (such as LinkedIn); academic publication databases; institutional websites; government registries and public records; professional directories; conference attendance lists; media and news publications; social media platforms (to the extent information is publicly available).
We will only collect Personal Information from third parties where we have a legal basis to do so and where the third party is authorized to share such information with us.
SADC-DFRC collects Personal Information and Special Personal Information through security systems deployed at our facilities, including:
CCTV cameras and video surveillance systems installed at SADC-DFRC premises for safety, security, and monitoring purposes;
Access control systems, visitor management systems, and building entry systems;
Biometric access systems (where implemented and with appropriate consent);
Security badge and credential systems.
Signage indicating the presence of CCTV and security systems is displayed at our facilities. Recorded footage is retained in accordance with our security policies and applicable legal requirements.
We process your Personal Information for the following purposes, based on various legal grounds including: performance of a contract with you; compliance with legal obligations; our legitimate interests; your consent; and the performance of tasks carried out in the public interest:
To provide access to courses, training programs, webinars, workshops, seminars, and other learning opportunities;
To track, monitor, and record your learning progress, course participation, and completion status;
To assess your performance, grade assignments and assessments, and maintain academic records;
To issue certificates, credentials, badges, and diplomas upon course or program completion;
To provide personalized learning experiences, adaptive learning paths, and customized content recommendations based on your interests, progress, and performance;
To facilitate peer interactions, collaborative learning, discussion forums, and networking opportunities;
To provide academic support, tutoring, mentorship, and guidance.
To create, manage, and maintain user accounts and profiles;
To authenticate users, verify identities, and maintain Platform security;
To operate, maintain, administer, secure, and continuously improve the Platform, including the online learning centre, chatbot, website, and all associated systems;
To provide technical support, customer service, and troubleshooting assistance;
To process enrollments, registrations, and applications;
To manage access permissions, user roles, and authorization levels;
To develop, test, and deploy new features, functionalities, and services.
To operate our AI-powered chatbot and respond to your queries, questions, and requests;
To provide personalized assistance, recommendations, and information based on your interactions and preferences;
To train, improve, and optimize chatbot functionality, accuracy, and response quality through machine learning and artificial intelligence;
To analyze conversation patterns, identify common queries, and enhance automated support capabilities;
To route complex queries to appropriate human support staff when necessary.
To conduct research on development finance capacity building, educational effectiveness, and learning outcomes;
To analyze learning outcomes, course effectiveness, engagement metrics, and program performance;
To compile statistical information, analytics, reports, and dashboards for institutional decision-making;
To identify trends, patterns, gaps, and opportunities in development finance education;
To evaluate and improve the quality, relevance, and impact of our educational content, courses, and programs;
To understand user behavior, preferences, and needs to enhance Platform design and user experience;
To develop new educational content, curricula, and programs based on identified needs and demands;
To measure and report on our institutional impact, reach, and effectiveness to stakeholders and funders.
To communicate with you regarding your account, enrollments, courses, and services;
To send course-related notifications, reminders, updates, and announcements;
To provide updates about programs, services, events, and institutional developments;
To distribute newsletters, research publications, policy briefs, and thought leadership content;
To invite you to webinars, workshops, conferences, seminars, and other events;
To send surveys, feedback requests, and evaluation forms;
To respond to your inquiries, comments, questions, and support requests;
To maintain records of our communications and interactions with you.
To process payments, fees, and financial transactions for courses, certifications, events, and services;
To issue invoices, receipts, and financial documentation;
To process refunds, adjustments, and billing inquiries;
To administer scholarships, grants, bursaries, and financial assistance programs;
To manage vendor payments and supplier relationships;
To detect and prevent payment fraud and financial crimes.
To comply with legal and regulatory obligations under Botswana’s Data Protection Act, 18 of 2024, and other applicable laws and regulations across SADC member states and other relevant jurisdictions;
To conduct identity verification, KYC (Know Your Customer), and CDD (Customer Due Diligence) processes as required by applicable anti-money laundering and counter-terrorism financing regulations;
To screen individuals against sanctions lists and watchlists as required by law;
To comply with tax reporting obligations and maintain tax records;
To respond to lawful requests from courts, law enforcement agencies, regulatory authorities, and government bodies;
To maintain records as required by law, including financial records, employment records, and institutional records;
To comply with health and safety regulations, including visitor screening and facility access protocols.
To conduct recruitment, hiring, and onboarding processes for employees, consultants, interns, and fellows;
To manage employment relationships, including payroll, benefits, performance management, and professional development;
To conduct background checks, reference checks, and credential verification where permitted by law;
To maintain employee records and personnel files;
To provide workplace accommodations and support;
To manage vendor, supplier, and contractor relationships.
To protect the security, integrity, availability, and confidentiality of our Platform, systems, data, and networks;
To detect, prevent, investigate, and respond to fraud, security breaches, cyber attacks, unauthorized access, and other security incidents;
To ensure the physical security and safety of our facilities, personnel, and visitors;
To monitor and prevent abuse, misuse, or unauthorized use of the Platform and services;
To enforce our Terms of Use, policies, and agreements;
To establish, exercise, and defend legal rights and claims;
To conduct internal audits, risk assessments, and compliance reviews.
To facilitate and manage partnerships with educational institutions, development finance institutions, SADC member states, regional organizations, and other stakeholders;
To coordinate regional capacity-building initiatives and collaborative programs;
To manage collaborative research projects, joint programs, and institutional partnerships;
To share information with partner institutions for the purpose of delivering joint educational programs and issuing co-branded credentials;
To report to funders, donors, and stakeholders on institutional activities and outcomes.
SADC-DFRC will obtain your permission before collecting or using your Personal Information and/or Special Personal Information for any purpose not specified in this Privacy Policy, where such consent is required by applicable law.
Certain Personal Information is compulsory for you to engage with SADC-DFRC and use our Platform and services. The following information is generally required:
Your full name and surname;
Your contact details (email address and/or telephone number);
For course enrollment: educational background, qualifications, and professional information;
For account creation: username and password;
Country of residence and nationality (for regional reporting and program eligibility).
Depending on the nature of your engagement with us, your location, and applicable regulatory requirements, additional types of Personal Information may be necessary, including:
Financial information (bank account details, payment information) for processing transactions;
Tax identification numbers and related tax information for compliance purposes;
Identification documents (passport, national ID) for identity verification;
Professional credentials and qualifications for course enrollment eligibility;
Institutional affiliation and organizational details for partnership arrangements;
Information necessary for compliance with applicable anti-money laundering, counter-terrorism financing, sanctions screening, and other regulatory obligations.
All other Personal Information beyond the compulsory categories is optional. However, please note the following consequences:
If you do not provide compulsory Personal Information, you will not be able to:
Create an account or access the Platform;
Enroll in courses, programs, or training opportunities;
Receive certificates, credentials, or diplomas;
Participate in events, webinars, or workshops;
Use the chatbot, online learning centre, or other Platform features;
Engage fully with our services and offerings;
Enter into partnerships or contractual arrangements with SADC-DFRC.
If you do not provide optional Personal Information, you may:
Not receive personalized learning recommendations and customized content;
Experience limited functionality or reduced quality of services;
Not be able to access certain features or advanced Platform capabilities;
Not receive targeted communications about relevant opportunities and events;
Not qualify for certain programs, scholarships, or opportunities that require additional information.
We will not intentionally sell, rent, or disclose your Personal Information for commercial gain. However, we may share your Personal Information with third parties as described in this section, where we have your permission, where permitted or required by applicable law, or where necessary for the purposes set out in this Privacy Policy.
You agree and give permission for us to share your Personal Information in the following circumstances:
Verbosec – Designated Technology Partner: We share Personal Information with Verbosec, our designated technology partner, who provides hosting services, cloud infrastructure, IT systems management, software development, platform maintenance, technical support, and related technology services. Verbosec has agreed to be bound by applicable data protection legislation and maintains appropriate technical and organizational security measures. Data processed by Verbosec is hosted and stored in Botswana.
Other Technology Service Providers: We may share Personal Information with other technology service providers, including: cloud storage providers; learning management system vendors; chatbot platform providers; email service providers; payment processors; customer relationship management (CRM) systems; data backup and disaster recovery services; cybersecurity service providers; software-as-a-service (SaaS) providers. All such providers are contractually bound to protect your Personal Information and use it only for the specific purposes for which it was shared.
We may share certain Personal Information with third-party analytics service providers to help us understand Platform usage, user behavior, and service performance. These providers include:
Google Analytics: for website and Platform analytics, including user demographics, behavior, traffic sources, and engagement metrics;
Microsoft Clarity: for session recording, heat mapping, user behavior analysis, and usability insights;
Other analytics providers as may be implemented from time to time for performance monitoring, error tracking, and service improvement.
For detailed information about these analytics services, please see Section 13 (Third-Party Analytics and Services).
SADC member states, government agencies, and regional organizations for coordination of capacity-building initiatives, reporting, and program delivery;
Partner universities, training institutions, and educational organizations for the purpose of delivering joint programs, co-branded courses, collaborative research, and issuing certificates or credentials;
Development finance institutions and partner organizations for program coordination and stakeholder engagement;
Accreditation bodies and professional associations for credential verification and quality assurance purposes.
Employees, consultants, contractors, and agents to the extent necessary for them to provide services to us, including: course facilitation and instruction; content development; technical support; research and analysis; administrative functions; event management; marketing and communications; professional services (legal, accounting, audit);
Background verification service providers for employment screening and due diligence;
Document storage and archiving service providers;
Printing, mailing, and distribution service providers.
Payment processors, payment gateways, and merchant service providers to process payments for courses, events, and services;
Banks and financial institutions for processing transactions, managing accounts, and complying with financial regulations;
Fraud detection and prevention service providers.
Governmental agencies, regulatory bodies, law enforcement authorities, courts, and other public authorities when required or permitted by law, including to:
Comply with legal obligations, court orders, subpoenas, or lawful requests;
Respond to claims or legal proceedings;
Protect and defend our rights, property, or safety, or that of our users, employees, or the public;
Detect, prevent, or investigate fraud, security breaches, technical issues, or illegal activities;
Enforce our Terms of Use, policies, and agreements;
Comply with tax, financial reporting, and regulatory obligations.
To monitor web traffic, conduct statistical analyses, measure interest in Platform areas, and perform research for product development and service improvement;
To create user profiles, compile usage statistics, analyze trends, and provide tailored content and recommendations;
To facilitate networking, collaboration, and peer-to-peer interactions among Platform users (with appropriate privacy controls).
In connection with any merger, acquisition, reorganization, restructuring, sale of assets, or transfer of operations, subject to the acquirer or successor entity agreeing to protect your Personal Information consistent with this Privacy Policy and applicable law;
To potential buyers, investors, or advisors in connection with such transactions (under appropriate confidentiality agreements).
We may share anonymized, de-identified, or aggregated data that does not identify you personally with:
Researchers, academic institutions, and policy makers for research and development purposes;
Funders, donors, and stakeholders for reporting and transparency;
The public through publications, reports, and presentations.
All third parties with whom we share Personal Information are required to: implement appropriate technical and organizational security measures; process Personal Information only for the specific purposes for which it was shared; comply with applicable data protection laws; maintain confidentiality; and return or delete Personal Information when no longer needed, unless retention is required by law.
We will obtain your explicit consent before sharing your Personal Information with third parties for purposes not specified in this Privacy Policy, where such consent is required by applicable law.
As a regional institution serving the Southern African Development Community and international stakeholders, SADC-DFRC regularly transfers Personal Information across international borders. Data subjects whose Personal Information we process are located in multiple jurisdictions, including all 16 SADC member states (Angola, Botswana, Comoros, Democratic Republic of Congo, Eswatini, Lesotho, Madagascar, Malawi, Mauritius, Mozambique, Namibia, Seychelles, South Africa, Tanzania, Zambia, and Zimbabwe) and other countries globally.
All Personal Information collected through our Platform is primarily hosted and stored on servers located in Botswana. Our designated technology partner, Verbosec, provides hosting infrastructure and services within Botswana, ensuring compliance with Botswana’s Data Protection Act, 18 of 2024.
When transferring Personal Information internationally, particularly to jurisdictions without data protection laws equivalent to Botswana’s Data Protection Act, we implement appropriate safeguards including: Standard Contractual Clauses (SCCs), Data Processing Agreements, adequacy determinations, technical and organizational measures, encryption, and access controls.
Google Analytics: Data transferred to United States (Google LLC) under standard contractual clauses
Microsoft Clarity: Data transferred to United States/EU (Microsoft Corporation) under standard contractual clauses
Cloud Services: May involve processing in multiple jurisdictions with appropriate safeguards
We store your Personal Information in the following locations:
SADC-DFRC Premises: Plot 54352 West Avenue, Zambezi Towers, Tower A, 7th Floor South Wing, Gaborone, Botswana – physical records in locked filing cabinets and secure storage areas
Verbosec Hosting Infrastructure (Botswana): Digital Personal Information is hosted on servers and cloud infrastructure provided by Verbosec, our designated technology partner. Verbosec’s data centers and hosting facilities are located in Botswana. Verbosec provides: secure server infrastructure, cloud storage and database services, platform hosting for website/learning centre/chatbot, backup and disaster recovery, network security and monitoring, and technical support.
Technical Security Measures:
Encryption in transit (TLS/SSL) and at rest
Multi-factor authentication and access controls
Firewalls and intrusion detection systems
Regular security monitoring and vulnerability scanning
Automated backups and disaster recovery
Logging and activity monitoring
Organizational Security Measures:
Staff training on data protection and security
Comprehensive security policies and procedures
Confidentiality agreements for all staff and contractors
Vendor security assessments
Physical security (access control, CCTV, visitor management)
Incident response procedures
In the event of a data breach, we will: conduct prompt investigation, contain the breach, assess risk to individuals, notify affected individuals without undue delay, notify BOCRA and relevant authorities within 72 hours where required, document the incident, and implement preventive measures.
Cookies are small text files placed on your device when you visit our Platform. Similar technologies include web beacons, local storage, session storage, and scripts. Cookies enable the Platform to recognize your device and store information about your preferences or past actions.
Strictly Necessary Cookies: Essential for Platform function (authentication, security, session management). Cannot be switched off.
Functional Cookies: Enable enhanced functionality (language preferences, display settings, learning progress tracking, chatbot preferences).
Performance and Analytics Cookies: Collect information about Platform usage to improve functionality. Include:
Google Analytics cookies: _ga, _gid, _gat
Microsoft Clarity cookies: _clck, _clsk, CLID, ANONCHK, MR, MUID, SM
Targeting and Advertising Cookies: Limited use for educational program promotion.
Cookie Table:
| Cookie Name | Provider | Type | Purpose |
|---|---|---|---|
| session_id | SADC-DFRC | Necessary | User session and authentication |
| csrf_token | SADC-DFRC | Necessary | Security protection |
| _ga | Analytics | Distinguishes users (2 years) | |
| _gid | Analytics | Distinguishes users (24 hours) | |
| _clck | Microsoft | Analytics | Clarity user ID (1 year) |
| _clsk | Microsoft | Analytics | Session tracking (1 day) |
| lang_pref | SADC-DFRC | Functional | Language preference |
| cookie_consent | SADC-DFRC | Necessary | Cookie consent preferences |
You can control cookies through:
Our cookie consent banner
Browser settings (Chrome: Settings > Privacy and Security; Firefox: Options > Privacy & Security; Safari: Preferences > Privacy; Edge: Settings > Cookies)
Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
Do Not Track (DNT) browser settings
Note: Disabling cookies may affect Platform functionality, prevent login, or limit personalized features.
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
Information Collected: Pages visited, time spent, click patterns, traffic sources, geographic location (country/region/city), device information, screen resolution, demographics, events/interactions, search queries, course data (anonymized)
Purpose: Understand usage patterns, optimize Platform, measure effectiveness, analyze demographics, generate reports
Data Processing: IP anonymization enabled, standard contractual clauses, Demographics and Interests Reports enabled, User-ID tracking for logged-in users
Data Retention: 26 months
Opt-Out: Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout)
Privacy Policy: https://policies.google.com/privacy
Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, United States
Information Collected: Session recordings (mouse movements, clicks, scrolling), heatmaps, device information, page URLs, click patterns, scroll depth, JavaScript errors, performance metrics, user frustration signals
Purpose: Understand user interactions, identify usability issues, optimize design, improve navigation, enhance UX
Privacy Protections: Data masking for sensitive fields (passwords, credit cards, PII), IP anonymization, encryption in transit and at rest, session sampling
Data Processing: Standard contractual clauses, servers in US/EU
Data Retention: 90 days
Opt-Out: Cookie consent banner, DNT browser settings
Privacy Policy: https://privacy.microsoft.com/privacystatement
We retain Personal Information for as long as you engage with us, access the Platform, or as required by law. Retention periods vary by data type:
Course and Credential Records: Retained indefinitely for academic integrity and credential verification
Financial Records: Retained per tax and accounting requirements (typically 7+ years)
Communication Records: Retained as needed for business purposes or legal obligations
Employment Records: Retained per employment law requirements
Security Footage: Retained per security policies (typically 30-90 days)
Analytics Data: Google Analytics (26 months), Microsoft Clarity (90 days)
We consider: nature and sensitivity of data, potential harm from unauthorized use, processing purposes, legal requirements, and our Record Retention Policy. You may request deletion of Personal Information where no legal obligation exists to retain it.
Under Botswana’s Data Protection Act, 18 of 2024, South Africa’s POPIA, EU GDPR (where applicable), and other data protection laws, you have the following rights:
Right of Access: Request what Personal Information we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion where no lawful basis for retention exists
Right to Object: Object to processing for legitimate interests
Right to Restriction: Request suspension of processing in limited circumstances
Right to Data Portability: Receive Personal Information in machine-readable format
Right to Withdraw Consent: Withdraw consent at any time (doesn’t affect prior processing)
Right to Lodge a Complaint: File complaint with BOCRA or other data protection authority
To exercise these rights, contact: privacy@sadc-dfrc.org
We may charge a reasonable fee for requests or refuse manifestly unfounded or excessive requests. We will respond within timeframes required by applicable law (typically 30 days).
SADC-DFRC uses AI and machine learning in:
Chatbot Services: AI-powered chatbot uses natural language processing for queries and assistance. Learns from interactions to improve accuracy.
Learning Recommendations: Algorithms analyze learning patterns for personalized course recommendations
Content Optimization: AI tools optimize educational content delivery based on engagement
Important: We do not use automated decision-making for decisions producing legal effects or similarly significant effects without human oversight. You have the right to request human review of automated decisions. All AI systems are designed with privacy-by-design principles and safeguards to prevent bias.
The Platform and services are primarily designed for adult learners and professionals. We do not knowingly collect Personal Information from children under 18 without parental/guardian consent or legal obligation.
We may process Personal Information of individuals under 18 in limited circumstances (youth development programs, educational initiatives) with appropriate consent from parent/guardian or competent person as required by law.
If we become aware we have collected Personal Information from a child without proper consent, we will promptly delete it.
For questions about children’s Personal Information processing, contact: privacy@sadc-dfrc.org
SADC-DFRC may process Personal Information for direct marketing via electronic communications. We only send marketing materials if you have specifically opted in or are an existing user, in accordance with applicable laws.
Marketing communications may include: course information, program announcements, event invitations, publications, research updates, development finance content.
Opt-out options:
Click unsubscribe link in emails
Adjust preferences in account settings
Contact privacy@sadc-dfrc.org
Opting out of marketing will not affect service-related communications necessary for Platform use.
This Privacy Policy does not apply to websites, applications, or services of third parties linked to or from our Platform, even if we provide those links.
We are not responsible for privacy practices of third-party websites or services. Read each third-party website’s privacy policy before providing Personal Information.
Our Platform may integrate with third-party services (payment processors, video conferencing, social media) to enhance functionality. Your use of such integrated services is subject to their privacy policies.
This Privacy Policy is designed to comply with:
Botswana’s Data Protection Act, 18 of 2024 (primary governing law)
South Africa’s Protection of Personal Information Act (POPIA)
Data protection laws of other SADC member states
EU General Data Protection Regulation (GDPR) where we process data of EU residents
Other applicable international data protection standards
If any provision conflicts with applicable law, that provision shall be interpreted to comply with such law. No provision limits or exempts us from liability where law does not allow such limitation, requires you to assume risk where law does not allow, or limits your rights under data protection legislation.
To the extent allowed by law, this Privacy Policy may be amended and updated from time to time without prior notice. When changes are made, we will post the revised policy on the Platform and update the effective date. We will take reasonably practicable steps to inform you of material changes, which may include email notification to registered users.
Your continued engagement with us or use of the Platform after changes are posted constitutes acceptance of the updated Privacy Policy. Please review this Privacy Policy periodically.
If you have questions about this Privacy Policy, wish to exercise your rights, or believe your privacy rights have been infringed, please contact our Data Protection Officer:
Data Protection Officer
SADC Development Finance Resource Centre
Plot 54352 West Avenue
Zambezi Towers, Tower A
7th Floor South Wing
Gaborone, Botswana
Email: privacy@sadc-dfrc.org
General Inquiries: info@sadc-dfrc.org
Website: https://sadc-dfrc.org
We are committed to resolving privacy concerns promptly. If you feel our resolution has been inadequate, you may lodge a complaint with:
Botswana Communications Regulatory Authority (BOCRA)
Website: https://www.bocra.org.bw
If you are located outside of Botswana, you may also contact the appropriate data protection regulator in your country of residence.
This Privacy Policy is effective as of February 1, 2026
Last Updated: February 1, 2026
