This Privacy Policy explains how Gempay collects, uses, stores, and protects your personal data when you use our international money-remittance services.

We process your data for

• KYC & identity verification
• Anti-money laundering (AML) and anti-fraud monitoring
• Enabling transfers and payments
• Compliance with regulators
• Service Delivery; To operate the Gempay App, process transactions, and provide customer support.
• Marketing: To send you updates or promotions, with your consent, using Marketing and Communications Data.
• Improvement: To analyze Usage and Feedback Data to enhance app features.
• Security and verification: To protect your account using Security and Device Data, and to verify user identities, especially for influencers claiming verified status.

We may share your personal data with the following third parties

• Internal third parties; other companies in the affiliated to the Gempay Group and other associated companies acting as processors who provide IT and system administration services and undertake leadership reporting.
• External third parties; Your Appstore Provider and mobile network operator to allow you to install the App.
• Service providers acting as processors based in the UK, Uganda and other jurisdictions who provide IT and system administration services, hosting services, user authentication and validation, marketing support for webinars and other events.
• Our professional advisors acting as controllers based in Uganda and the UK including lawyers, auditors, insurers, consultants and who provide legal, accounting, insurance, and consultancy services.
• Your service providers that you have appointed and we need to contact to fulfill your requests, such as your banking or payment card provider to process your payments for the Services or your web hosting company if we need to access your website to provide the Services.
• Marketing and promotional partners and co-operatives acting as processors or joint controllers with whom we share data to enhance our offerings and identify potential influencers.
• Third party partners where you have subscribed to receive marketing from or with them.
• Specific third parties listed in the table [Purposes for which we will use your personal data] above.
• Third parties, to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties based in the UK , Uganda or relevant jurisdiction where we are under a legal obligation to do so, where it is necessary to protect our interests, or where it is necessary for the legitimate interest of third parties who are investigating or preventing crime.

• Banks and mobile money operators
• Fraud-prevention agencies
• Identity verification partners
• Technology hosting providers
• Regulators and law enforcement
• International payment partners
• Third-party processors acting on our behalf

Gempay never sells your personal data.

Because Gempay provides global remittance, your data may be transferred to other jurisdictions.

• We ensure appropriate safeguards such as encryption, secure APIs and compliance with Ugandan data protection laws
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
• Where we use certain service providers located outside Uganda, we use specific contracts approved which give personal data the same protection it has in Uganda.

Please contact data privacy manager using the contact details below if you want further information on the specific mechanism used by us when transferring your personal data out of Uganda.

You have the following rights under data protection laws in relation to your personal data.

You can exercise any of these rights by contacting us at nobert@tekjuice.co.ug

Requests may be refused where prohibited by AML/KYC law.

For regulatory reasons, Gempay retains transaction and identity data for at least 6 years, even if your account is deleted.

All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology.

Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorized use or alteration. We limit access to your personal data to only those who have a genuine business need to access it. We will process it only for the purpose it was collected and in accordance with this Privacy Policy. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.

We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.

We use

• Data encryption
• Secure cloud storage
• Transaction monitoring
• Device-risk analysis
• Firewalls
• 2 Factor authentication

See the Gempay Cookie Policy for details.

We have appointed a data privacy manager. If you have any questions about this privacy notice or our data protection practices, please contact the data privacy manager in one of the following ways: