Data Sentinels (Pty) Ltd
Privacy Policy
We advise organisations on governing data and AI responsibly. This policy holds us to the same standard: it explains, in plain language, what personal data we collect through this website and our client work, why we collect it, and the rights you have over it.
Document
Version
Effective date
Owner
Next review
Website Privacy Policy
v5.0
5 July 2026
Data Sentinels (Pty) Ltd
July 2027
1. Who we are
Data Sentinels (Pty) Ltd (company registration [registration number]) is an AI governance and delivery consultancy registered in Botswana, with its registered office at 1149 Nkoyaphiri, Mogoditshane, Botswana, and an operating presence in Austin, Texas, United States.
​
For the purposes of applicable data protection law, including the Botswana Data Protection Act, 2024 and, where it applies, the EU General Data Protection Regulation (GDPR) and the UK GDPR, Data Sentinels is the data controller of the personal data described in this policy.
​
You can reach us on any privacy matter at info@data-sentinels.com.
3. Personal data we collect
Data you give us
-
Discovery call bookings and enquiries: your name, email address, organisation, role, and anything you choose to tell us about your situation.
-
Newsletter subscriptions: your email address.
-
Network and job applications: your name, contact details, professional history, and any documents you submit, such as a CV.
-
Correspondence: the contents of messages you send us.
​
Data collected automatically
-
Usage and device data: pages visited, approximate location derived from IP address, browser and device type, and how you arrived at the site. This is collected through cookies and similar technologies described in section 5.
​
We do not intentionally collect special categories of personal data (such as health, religious, or biometric data) through this website, and we ask that you do not submit such data through our forms.
2. Scope of this policy
This policy covers personal data we collect through:
​
-
this website, www.data-sentinels.com, including its forms and booking tools;
-
direct correspondence with us by email, phone, or messaging;
-
our newsletter and other communications you subscribe to; and
-
applications to join our delivery network or team.
​
Where we process personal data on behalf of a client during a consulting engagement, we do so as a processor under that client's instructions and the terms of our engagement agreement, and the client's own privacy notice applies to that data.
14. Contact and complaints
Data Sentinels (Pty) Ltd
1149 Nkoyaphiri, Mogoditshane, Botswana
Email: info@data-sentinels.com
We would welcome the chance to resolve any concern directly. You also have the right to lodge a complaint with a supervisory authority. In Botswana, that is the Information and Data Protection Commission. If you are in the European Economic Area or the United Kingdom, you may complain to the supervisory authority in your country of residence or work. Other authorities may apply depending on where you live.
4. Personal data we collect
We use personal data only for the purposes below, each supported by a lawful basis under applicable law.
Purpose | Data Used | Lawful Basis |
|---|---|---|
Establishing, exercising, or defending legal claims and meeting regulatory obligations | Any of the above, as relevant | Legal obligation; legitimate interest |
Responding to enquiries and holding discovery calls | Booking and enquiry details | Steps taken at your request before entering a contract; our legitimate interest in responding to people who contact us |
Delivering consulting engagements and administering client relationships | Contact and engagement details | Performance of a contract; legal obligations, such as accounting and tax records |
Sending our newsletter and content you have subscribed to | Email address | Your consent, which you may withdraw at any time using the unsubscribe link in any message or by contacting us |
Assessing applications to our delivery network or team | Application details and documents | Steps taken at your request before entering a contract; our legitimate interest in assessing candidates |
Operating, securing, and improving this website | Usage and device data | Our legitimate interest in running a secure, functional website; consent where required for non-essential cookies |
We do not sell personal data, and we do not use it for third-party advertising.
5. Cookies and analytics
This website is built on the Wix platform, which sets cookies that are essential for the site to function, such as security and session cookies. We also use analytics cookies, including tools deployed through Google Tag Manager, to understand how visitors use the site so we can improve it.
​
Where the law requires it, non-essential cookies are set only with your consent, which you can give or withdraw through the cookie banner or settings on this site. You can also control cookies through your browser settings, though blocking essential cookies may affect how the site works.
​
You can view the cookies in use and change your choices at any time through the cookie settings icon on this site.
13. Changes to this policy
We review this policy on a defined cycle and whenever our processing or the law changes. The version and effective date at the top of this page always reflect the current issue. If a change materially affects your rights, we will draw attention to it on this website or, where appropriate, contact you directly.
12. Automated decision-making
We do not make decisions about you based solely on automated processing, including profiling, that produce legal or similarly significant effects. If that ever changes, we will update this policy and put in place the safeguards the law requires before doing so.
11. Children
Our website and services are directed at organisations and professionals, not at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, contact us and we will delete it.
6. Who we share personal data with
We share personal data only where necessary, with:
-
Service providers who support our operations, including website hosting (Wix), productivity and email services (Google Workspace), and scheduling tools used to book calls. These providers act under agreements that restrict their use of your data to providing services to us.
-
Professional advisers, such as lawyers, accountants, and insurers, where needed.
-
Authorities and regulators, where the law requires disclosure or where disclosure is necessary to protect rights, safety, or property.
-
A successor organisation, if we undergo a merger, acquisition, or restructuring, in which case this policy will continue to apply to your data.
7. International transfers
We operate from Botswana and the United States and serve clients in several countries, so personal data may be transferred to, and stored in, countries other than your own, including by the service providers named in section 6.
​
Where personal data is transferred out of Botswana, the European Economic Area, or the United Kingdom, we take steps to ensure the transfer is lawful, relying on adequacy decisions where they exist and otherwise on appropriate safeguards such as approved contractual clauses, or on your explicit consent where the law permits. You can ask us for more information about the safeguards applied to a specific transfer using the contact details in section 14.
10. Your rights
Subject to the law that applies to you, you have the right to:
​
-
Access the personal data we hold about you and receive a copy;
-
Rectify data that is inaccurate or incomplete;
-
Erase your data in certain circumstances;
-
Restrict or object to processing, including objecting to processing based on legitimate interests;
-
Portability: receive data you provided to us in a structured, commonly used format;
-
Withdraw consent at any time, where processing is based on consent, without affecting processing that took place before withdrawal; and
-
Complain to a supervisory authority, as described in section 14.
​
To exercise any of these rights, contact us at info@data-sentinels.com. We will respond within the timeframe required by applicable law, and we may need to verify your identity before acting on a request.
9. How we protect personal data
We apply technical and organisational measures appropriate to the risk of the processing, including access controls, encryption in transit, and restriction of access to personal data to those who need it for their role. Our security and privacy practices are managed within the same governance discipline we advise our clients on, are documented, and are reviewed on a defined cycle.
​
If a personal data breach occurs that is likely to affect your rights, we will notify the relevant supervisory authority and, where required, you, within the timeframes the law sets.
8. How long we keep personal data
We keep personal data only as long as needed for the purposes described in this policy, and then delete or anonymise it. In general:
​
-
Enquiries that do not lead to an engagement are kept for 24 months after our last contact, so we can respond if you return to a conversation, and are then deleted.
-
Client engagement records are kept for the duration of the engagement and for at least seven years afterwards, in line with tax, accounting, and limitation requirements, or longer where a specific law requires it.
-
Newsletter data is kept until you unsubscribe, after which your address is removed from the mailing list.
-
Unsuccessful applications are kept for 12 months after the decision, unless you ask us to delete them sooner or agree to be considered for future roles.
