MVA FUND PRIVACY POLICY – WEBSITE PRIVACY POLICY

1.	DEFINITIONS AND ABBREVIATIONS	3
2.	INTRODUCTION AND SCOPE	3
3.	DATA CONTROLLER AND DPO CONTACT	4
4.	RESPONSIBILITIES	4
5.	PERSONAL DATA WE COLLECT THROUGH THE WEBSITE	4
5.1.	Information You Provide Voluntarily	4
5.2.	Automatically Collected Data (Technical Data)	5
6.	PURPOSE AND LEGAL BASIS FOR PROCESSING	5
7.	COOKIES AND WEBSITE ANALYTICS	5
8.	DATA SHARING AND THIRD PARTIES	6
9.	CROSS-BORDER DATA TRANSFERS	6
10.	DATA RETENTION	7
11.	DATA SECURITY	7
12.	YOUR RIGHTS UNDER THE DATA PROTECTION ACT	7
13.	COMPLAINTS	8
14.	UPDATES TO THIS POLICY	8
15.	ASSOCIATED DOCUMENTS	8
16.	REFERENCES	8

WEBSITE PRIVACY POLICY

Effective Date:

Last Updated:

1. DEFINITIONS AND ABBREVIATIONS

“Personal Data” – Any information relating to an identified or identifiable natural person in terms of section 2 of the Data Protection Act, 2024.

“Processing” – Any operation performed on personal data, including collection, storage, use, disclosure, or deletion, in terms of section 2 of the Data Protection Act, 2024.

“Data Subject” – The individual to whom the personal data relates.

“DPO” – Data Protection Officer.

“DPA” – Data Protection Act, 2024.

“Cookies” – Small text files stored on a user’s device to enhance website functionality and analytics.

2. INTRODUCTION AND SCOPE

The Motor Vehicle Accident Fund (“MVA Fund,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring that your personal data is handled in a lawful, secure, and transparent manner.

This Privacy Policy explains how we collect, use, store, and protect personal data obtained through the MVA Fund website only, including:

Online enquiry/contact forms
Online complaints or feedback forms
Online claim-related document downloads or submissions
Email communications initiated through the website
Cookies, analytics, and website security logs

This Policy does not apply to data collected physically at MVA Fund offices, CCTV monitoring, in-person claims processing, or employee records. Separate privacy notices will apply to physical premises, claim forms, and HR processing.

By accessing or using this website, you consent to the practices described in this policy.

3. DATA CONTROLLER AND DPO CONTACT

Data Controller: Motor Vehicle Accident Fund

Appointed Data Protection Officer (DPO): Botlhole Law Group

Primary Contact: Mr. Kgotso Botlhole

📧 kbotlhole@botlholelawgroup.co.bw

📞 +267 316 7668 or +267 75877438

4. RESPONSIBILITIES

Role	Responsibility
Data Protection Officer (DPO)	– Monitoring compliance with data protection laws; advising on data protection obligations – serving as the primary point of contact for data subjects and the Information and Data Protection Commission.
IT and Website Administrators	– Implementing and maintaining appropriate technical and organisational security measures to protect personal data collected through the website, including system security, access controls, and monitoring.

5. PERSONAL DATA WE COLLECT THROUGH THE WEBSITE

We collect the following categories of personal data when you use our website:

5.1. Information You Provide Voluntarily

Collected through forms or direct communication:

Full name
Email address
Phone number
Identity number (only if included in uploaded claim-related documents and when creating an online submission account)
Accident or claim reference numbers (if submitted online)
Any attachments you upload (e.g. claim forms, affidavits, medical letters)
Messages or enquiries you submit online

5.2. Automatically Collected Data (Technical Data)

When you browse our website:

IP address
Browser type and version
Device type and operating system
Date and time of visit
Pages viewed and time spent
Referring website (if applicable)
Cookies and analytics data (see Cookie Notice)

6. PURPOSE AND LEGAL BASIS FOR PROCESSING

Purpose of Processing	Legal Basis (Data Protection Act, 2024)
Responding to online enquiries/complaints	Legitimate interest of the MVA Fund
Submission of and Providing claim-related information or assistance	Legal obligation under the MVA Fund Act
Sending requested documents or follow-ups	Consent or legitimate interest
Website functionality and security monitoring	Legitimate interest & legal obligation
Website analytics and performance improvement	Consent (Cookies)
Preventing fraud, cybercrime, unauthorised access	Legal obligation & legitimate interest
Public engagement and/or road safety awareness campaigns	Legal Obligation & Legitimate interest

We do not sell, trade, or commercially exploit your personal data.

7. COOKIES AND WEBSITE ANALYTICS

The MVA Fund website uses cookies to enhance your browsing experience.

7.1. Types of Cookies Used

Type of Cookie	Purpose	Requires Consent
Strictly Necessary Cookies	Website security, page navigation, form submission	No
Functional Cookies	Remembering user preferences	Yes
Analytical/Performance Cookies	Website usage statistics via tools like Google Analytics	Yes
Third-Party Cookies	Embedded media/maps (if applicable)	Yes

You may manage or disable cookies in your browser settings. A separate Cookie Notice is provided on the website with a consent banner.

8. DATA SHARING AND THIRD PARTIES

We only share personal data collected via the website with:

Third Party	Purpose	Location
Website hosting and IT service provider	Maintaining and securing the website	Botswana / Cloud
Email service providers	Delivering communications	Botswana / Cloud
Botlhole Law Group (DPO)	Data protection compliance	Botswana

We do not publish website user data publicly. We do not share your data with advertisers or social media platforms.

9. CROSS-BORDER DATA TRANSFERS

If website hosting, backup, or analytics tools store data outside Botswana (e.g. cloud servers in South Africa or the EU):

Transfers will comply with the Data Protection Act, 2024.
Only to countries with adequate protection or under contractual safeguards
Users will be informed where applicable

10. DATA RETENTION

Data Type	Retention Period
Enquiry/Contact Form Submissions	12–24 months or until request is resolved
Uploaded Claim Forms/Documents	As required to respond, then securely deleted
Website security logs (IP, events)	6–12 months
Analytics Data	Anonymised or deleted after 14–24 months
Email communications	Up to 3 years for audit or legal compliance

11. DATA SECURITY

We protect website user data using:

SSL encryption (HTTPS)
Secure servers and firewalls
User access restrictions & authentication
Anti-virus, anti-malware, intrusion monitoring via SOC
Secure email and form submission systems

12. YOUR RIGHTS UNDER THE DATA PROTECTION ACT

As a data subject, you have the right to:

✔ Access your personal data
✔ Correct inaccurate or outdated information
✔ Request deletion where lawful
✔ Object to certain processing activities
✔ Withdraw consent for cookies/communications
✔ Lodge complaints with the Information and Data Protection Commission

To exercise your rights, contact the DPO at:

Botlhole Law Group
Primary Contact: Mr. Kgotso Botlhole
📧 kbotlhole@botlholelawgroup.co.bw
📞 +267 316 7668 or +267 75877438

13. COMPLAINTS

If you believe your data has been mishandled, you may contact:

MVA Fund Data Protection Officer
Or file a complaint with the Information and Data Protection Commission (IDPC) under the DPA

14. UPDATES TO THIS POLICY

This policy may be updated to reflect legal or operational changes. The updated version will be published on the website with a revised “Last Updated” date.

15. ASSOCIATED DOCUMENTS

This Policy should be read in conjunction with the following documents:

Website Cookie Policy
Privacy Notice
Records Retention and Disposal Policy
IT Policies

These documents collectively govern how personal data is processed, stored, and protected by the MVA Fund.

16. REFERENCES

This Policy is informed by and should be read together with the following:

Data Protection Act, 2024
MVA Fund Act and its regulations.