Privacy Policy

Organisation: Women Unlimited (Non-Profit) Registered Address: Plot 173, Tsekwane Street, Opposite Real Image Internet, P.O. Box 3882, Mbabane, Eswatini Data Officer: Fezile Maseko Contact: Email: info@womenunlimited.africa Telephone: (268) 76025807 Website: www.womenunlimited.africa Version: 1.0    Effective Date: 2025    Review Date: Annually or upon legislative change Governing Law: Eswatini Data Protection Act, 2022 (Act No. 5 […]

Organisation:

Women Unlimited (Non-Profit)

Registered Address:

Plot 173, Tsekwane Street, Opposite Real Image Internet, P.O. Box 3882, Mbabane, Eswatini

Data Officer:

Fezile Maseko

Contact:

Email: info@womenunlimited.africa
Telephone: (268) 76025807
Website: www.womenunlimited.africa

Version: 1.0    Effective Date: 2025    Review Date: Annually or upon legislative change
Governing Law: Eswatini Data Protection Act, 2022 (Act No. 5 of 2022)

1. Introduction and Purpose

Women Unlimited is a registered non-profit organisation based in Mbabane, Eswatini, dedicated to promoting the rights, safety, and well-being of women. Our work involves supporting survivors of gender-based violence (GBV), facilitating access to medical care, legal assistance, psychosocial support, and liaising with law enforcement, healthcare providers, legal professionals, and other partner organisations.

This Privacy Policy explains how Women Unlimited collects, uses, stores, shares, and protects personal information in compliance with the Eswatini Data Protection Act, 2022 (Act No. 5 of 2022) and the right to privacy enshrined in Article 14 of the Constitution of the Kingdom of Eswatini, 2005.

We are committed to handling all personal data — especially sensitive data relating to GBV, health, and legal proceedings — with the highest degree of confidentiality, care, and respect for the dignity of every person we serve.

This policy applies to:

  • Survivors and victims who contact us or are referred to us for support
  • Individuals who complete any of our online or physical intake or referral forms
  • Visitors to our website (www.womenunlimited.africa)
  • Donors, volunteers, staff, and partner organisations

2. Who We Are — Data Controller

Women Unlimited is the Data Controller for all personal information processed in connection with our programmes and services. Our designated Data Officer is responsible for overseeing compliance with the Data Protection Act, 2022.

Data Officer: Fezile Maseko
Contact: info@womenunlimited.africa | (268) 76025807

If you have any questions, concerns, or wish to exercise your rights under this policy, please contact the Data Officer using the details above.

3. What Personal Information We Collect

We collect only the personal information that is necessary for the specific purpose for which it is collected (the principle of data minimisation). Depending on how you interact with us, we may collect:

3.1 General Contact & Identity Information

  • Full name (or preferred name / alias where anonymity is requested)
  • Contact details: telephone number, physical address, email address
  • Age, date of birth, and gender
  • Nationality and residency status

3.2 Sensitive / Special Category Information

Because of the nature of our work, we may need to collect and process special categories of sensitive personal information, including:

  • Details of incidents of gender-based violence, sexual violence, or domestic abuse
  • Physical and mental health information, including injuries, diagnoses, treatment, and medical history
  • Information relating to legal proceedings, criminal complaints, or court orders
  • Information about children in your household or under your care (subject to additional protections — see Section 10)
  • Immigration or refugee status where relevant to safety planning
  • Information about perpetrators provided for the purposes of safety assessments and referrals

We collect this sensitive information only where it is strictly necessary to provide the support or referral service you have requested or consented to, or where we have a legal obligation to do so (for example, mandatory reporting requirements).

3.3 Information Collected Through Our Online Forms & Website

When you use our online intake, referral, or contact forms, we collect the information you choose to provide. Our website may also automatically collect:

  • IP address and device type
  • Browser type and operating system
  • Pages visited and time spent on the site (via cookies — see Section 12)

4. How and Why We Use Your Information

We use personal information only for specific, explicit, and legitimate purposes as required by the Data Protection Act, 2022. The purposes for which we process personal information include:

  • Case Management: To assess your needs, open a support file, and coordinate the services you require.
  • Referral Services: To make safe and appropriate referrals to medical providers, legal aid, law enforcement (SWAPOL), the Department of Social Welfare, shelter facilities, and other partner organisations, where you have consented or where referral is required by law.
  • Safety Planning: To assess risk and develop a personalised safety plan where appropriate.
  • Medical Coordination: To communicate with healthcare providers regarding your treatment, with your knowledge and consent.
  • Legal Support: To assist with or coordinate access to legal representation, police reports, or protection orders.
  • Organisational Reporting: To produce anonymised statistical reports for donors, government bodies, and partners. No individual is identifiable in these reports.
  • Service Improvement: To evaluate and improve the quality of our programmes.
  • Compliance: To meet our legal obligations under Eswatini law.

We will never use your personal information for commercial purposes, marketing, or any purpose that has not been communicated to you.

5. Legal Basis for Processing

Under Section 9 of the Data Protection Act, 2022, processing of personal information is lawful where at least one of the following conditions is met. We rely on the following legal bases:

  • Consent (Section 9(2)(a)): Where you have given us explicit, informed, and freely given consent to process your information. You may withdraw your consent at any time (see Section 8).
  • Vital Interests (Section 9(2)(b)): Where processing is necessary to protect your life, physical integrity, or that of another person — particularly relevant in emergency GBV situations.
  • Legal Obligation (Section 9(2)(c)): Where we are required by law to process or disclose information, for example under mandatory reporting requirements related to child abuse.
  • Public Interest (Section 9(2)(e) / Section 30): Where processing is necessary for the performance of our public-interest charitable function, subject to appropriate safeguards.
  • Legitimate Interests: In limited circumstances, where our legitimate organisational interests are not overridden by your rights and interests.

For sensitive special category data (health, legal, GBV), we will always seek your explicit written or verbal consent unless an emergency, a child’s safety, or a legal obligation makes this impossible or inappropriate. In those cases, we will document our reasoning.

6. How We Share Your Information

Women Unlimited does not sell, rent, or trade personal information. We may share your information in the following circumstances only:

6.1 With Your Consent

We may share your information with partner organisations — including hospitals and clinics, legal aid providers, the police (SWAPOL), the Department of Social Welfare, shelter organisations, and counselling services — only where you have given us your informed consent to do so, or where sharing is necessary to provide the service you have requested.

6.2 Legal or Safety Obligation

We may disclose your information without consent where we are legally required to do so, or where there is an immediate and serious risk to your life or the life of another person (including a child). We will inform you of any such disclosure wherever it is safe and lawful to do so.

6.3 Mandatory Reporting — Child Protection

Where information we receive raises a concern about the safety or welfare of a child, we are obligated under the Children’s Protection and Welfare Act, 2012 to report this to the relevant authorities. We will handle such reports sensitively and, wherever possible, with the knowledge of the adult survivor involved.

6.4 Statistical and Research Reporting

We may share anonymised, non-identifiable data with donors, government ministries, research institutions, or the public for reporting and advocacy purposes. Individual identities are never disclosed in such reports.

6.5 Cross-Border Transfers

Where data is transferred to partner organisations or service providers outside Eswatini, we ensure compliance with Section 38 of the Data Protection Act, 2022, which requires that the recipient country provides an adequate level of data protection, or that appropriate contractual safeguards are in place. Transfers within the SADC region are subject to applicable SADC data protection standards.

7. Your Rights as a Data Subject

The Data Protection Act, 2022 grants you the following rights regarding your personal information. We are committed to upholding these rights:

  • Right of Access: You have the right to request confirmation of whether we hold personal information about you, and to receive a copy of that information free of charge.
  • Right to Rectification: You have the right to request correction of inaccurate, incomplete, or outdated personal information.
  • Right to Erasure: You have the right to request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, subject to our legal record-keeping obligations.
  • Right to Object: You have the right to object to the processing of your personal information in certain circumstances.
  • Right to Restrict Processing: You may ask us to limit how we use your information while a complaint or query is being resolved.
  • Right to Data Portability: You may request that your information be provided to you in a portable, readable format.
  • Right Against Automated Decisions: You have the right not to be subject to decisions made solely on the basis of automated processing where those decisions significantly affect you.

To exercise any of these rights, please contact our Data Officer at info@womenunlimited.africa. We will respond within a reasonable timeframe and in any event within 30 days. We will never penalise you for exercising your rights.

8. Consent and Your Right to Withdraw It

Where our processing of your information is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal.

To withdraw consent, please contact the Data Officer. Please be aware that withdrawal of consent may limit our ability to continue providing some services to you, and we will discuss this with you before any services are affected.

When you complete our intake or referral forms, you will be asked to confirm your understanding of and consent to this Privacy Policy and to the sharing of your information with specified partner organisations. Consent is always voluntary. You may choose which information to share and with whom.

9. How We Protect Your Information

We take the security of your personal information seriously. We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration, or disclosure. These measures include:

  • Physical security of paper records (locked storage, restricted access)
  • Password-protected and encrypted digital systems
  • Access controls — only staff with a legitimate need to know can access case records
  • Staff training on confidentiality and data protection
  • Secure disposal of records when no longer needed
  • Incident response procedures for data breaches

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Eswatini Data Protection Authority (EDPA) / Eswatini Communications Commission and, where required, we will notify you without undue delay, in accordance with the Data Protection Act, 2022.

10. Children’s Data

We recognise that children require enhanced protection. We do not knowingly collect personal information directly from children under the age of 18 via our website without parental or guardian consent. Where information about a child is provided by an adult survivor or caregiver in the context of a support case, that information is held with strict confidentiality and used solely for the protection and welfare of the child concerned.

Any concerns about the safety or welfare of a child disclosed to us will be handled in accordance with the Children’s Protection and Welfare Act, 2012 and our mandatory reporting obligations.

11. Retention of Personal Information

We retain personal information only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law. Our retention periods are guided by:

  • Legal and regulatory requirements (including any applicable limitation periods for legal claims)
  • The ongoing safety needs of the individual
  • Donor and organisational reporting requirements

When personal information is no longer required, it will be securely destroyed or anonymised. Case files involving active legal proceedings will be retained until those proceedings are concluded and any applicable appeal periods have expired.

12. Cookies and Website Data

Our website (www.womenunlimited.africa) may use cookies and similar technologies to improve your experience. Cookies are small data files stored on your device. We use:

  • Essential cookies: Necessary for the website to function correctly.
  • Analytics cookies: To understand how visitors use our website (anonymised data only). You may opt out of analytics cookies.

You can control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of parts of our website. For full details, please see our Cookie Policy.

We do not use your browsing data to identify you personally or to make decisions about you.

13. Online Forms and Sensitive Disclosures

If you use our online intake, referral, or contact forms to disclose sensitive information about yourself or a situation of GBV, please be aware of the following:

  • Your submission is transmitted securely using SSL/TLS encryption.
  • Information submitted through our forms is accessed only by authorised staff and the Data Officer.
  • If you are concerned about your safety or digital privacy, please consider using a private/incognito browser window, and delete your browser history after submitting. If you are at risk of surveillance by an abuser, please seek advice on digital safety before using online forms.
  • You may contact us by phone if you prefer not to submit information online.

14. Third-Party Links

Our website may contain links to third-party websites, including partner organisations and resources. We are not responsible for the privacy practices or content of those external sites. We encourage you to read their privacy policies before providing any personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the law, our services, or our data practices. Any significant changes will be communicated via our website and, where possible, directly to individuals whose data we hold. The current version of this policy will always be available at www.womenunlimited.africa.

This policy is reviewed at least annually, or more frequently if required by changes in legislation or our operations.

16. Complaints and Regulatory Authority

If you believe that we have not handled your personal information in accordance with this policy or the Data Protection Act, 2022, we ask that you first contact our Data Officer so that we can attempt to resolve your concern.

If you remain dissatisfied, you have the right to lodge a complaint with the Eswatini Data Protection Authority (EDPA):

Authority: Eswatini Data Protection Authority (EDPA) / Eswatini Communications Commission
Website: www.edpa.org.sz
Address: Mbabane, Eswatini

You also have the right to bring a civil claim for damages in the courts of Eswatini if your data protection rights have been violated.

17. Contact Us

For any questions about this Privacy Policy, to exercise your data subject rights, or to raise a concern, please contact:

Data Officer: Fezile Maseko
Organisation: Women Unlimited
Email: info@womenunlimited.africa
Phone: (268) 76025807
Post: P.O. Box 3882, Mbabane, Eswatini
Physical: Plot 173, Tsekwane Street, Opposite Real Image Internet, Mbabane

Women Unlimited — Unlimited Opportunities, Protected Rights
This document is governed by the Eswatini Data Protection Act, 2022 (Act No. 5 of 2022)

Loading...