Privacy Notice

Uganda Electricity Transmission Company Limited (UETCL) respects the privacy of all individuals whose personal data it processes in the execution of its statutory mandate

This Privacy Policy applies to UETCL’s websites, digital platforms, systems, and services that reference or link to this Policy.

This Policy explains how UETCL collects, processes, stores, protects, and discloses personal data in accordance with:

  1. Data Protection and Privacy Act, 2019(Cap 97) and its Regulations, 2021
  2. ISO/IEC 27001:2022(where applicable)
  3. International data protection and privacy principles.

This Policy describes:

  1. How We Collect and Use Personal Data
  2. Cookies and Similar Technologies
  3. How We Disclose Personal Data
  4. How to Access and Control Your Personal Data
  5. How We Protect Personal Data
  6. How We Process Children’s Personal Data
  7. Third-Party Service Providers
  8. International Transfer of Personal Data
  9. Updates to this Policy

This Privacy Policy applies to:

  1. All departments and operational units of UETCL
  2. All employees, consultants, contractors, and governance members
  3. All service providers, partners, suppliers, and third parties processing personal data on behalf of UETCL
  4. All systems, websites, platforms, and services operated by UETCL.

The Policy applies to all personal data held by UETCL relating to identifiable individuals, meaning any information relating to an identified or identifiable natural person (data subject).

This Privacy Policy:

Implements internationally accepted privacy principles

  1. Aligns with the Data Protection and Privacy Act, Cap 97
  2. Supports UETCL’s Data Protection and Privacy Policy and Procedures Manual

Where national legislation imposes stricter requirements, the provisions of the national law shall prevail.

Each department of UETCL is responsible for ensuring compliance with this Policy and applicable data protection laws.

Term Meaning
Personal Data Any information relating to an identified or identifiable natural person.
Data Subject An individual whose personal data is processed.
Data Controller UETCL – the entity that determines the purposes and means of processing personal data.
Data Processor A person or organization that processes personal data on behalf of UETCL.
Data Protection Officer (DPO) The Head of ICT, appointed to oversee data protection compliance.
Cookies Small text files stored on a user’s device when visiting a website.
User Any individual accessing UETCL websites, services, or platforms.

Depending on the services provided by UETCL, we may collect the following categories of personal and technical data.

4.1. Employee and Contractor Information
  1. Full Name
  2. National Identification Number
  3. Employee/Contractor ID
  4. Contact details (email, phone, address)
  5. Bank account details (for payroll and compensation)
  6. Employment history and qualifications
  7. Health and safety data (where required by law)
4.2. Stakeholder and Project‑Affected Person (PAP) Information
  1. Full Name
  2. National Identification Number
  3. Contact details
  4. Land ownership and wayleave information
  5. Bank account or mobile money details (for compensation)
4.3. Technical and system data

When interacting with UETCL digital platforms we may collect:

  1. Internet Protocol (IP) Address
  2. Browser Type and Version
  3. Operating System and Device Information
  4. Website activity logs
4.4. Operational and regulatory data
  1. Procurement and contract documentation
  2. Regulatory compliance reports
  3. Communications submitted to UETCL
5.1. Collection methods:
  1. Directly from individuals (forms, applications, correspondence)
  2. Automatically through website technologies (cookies)
  3. Through regulatory submissions and contractual agreements
5.2. Purposes of processing:
  1. Transmission grid operation and maintenance
  2. Wayleave acquisition and land compensation
  3. Human resource management
  4. Procurement and contract administration
  5. Regulatory compliance, audits, and reporting
  6. Responding to inquiries and requests
  7. Improving UETCL services and digital platforms

UETCL processes personal data based on the following lawful bases under the Data Protection and Privacy Act, Cap 97:

  1. Performance of a statutory or public function (e.g., grid operation, wayleave acquisition)
  2. Compliance with a legal obligation (e.g., tax, labour laws)
  3. Performance of a contract (e.g., employment, procurement)
  4. Consent of the data subject (where no other basis applies)
  5. Protection of vital interests
  6. Legitimate interests pursued by UETCL that do not override individual rights

UETCL websites may use cookies to:

  1. Maintain session security
  2. Improve website performance
  3. Remember user preferences
  4. Analyse website usage

Users may configure their browsers to refuse or delete cookies, although some website functionality may be affected.

UETCL may disclose personal data:

  1. To government ministries, departments, and agencies (e.g., Ministry of Energy, ERA)
  2. To regulators (e.g., Electricity Regulatory Authority, PDPO)
  3. To courts or law enforcement agencies where required by law
  4. To authorised service providers and contractors under Data Processing Agreements (DPAs)
  5. During lawful regulatory investigations

All disclosures are conducted in compliance with the Data Protection and Privacy Act, Cap 97.

Individuals have the right to:

  1. Be informed about the processing of their personal data
  2. Access their personal data
  3. Request correction of inaccurate or incomplete data
  4. Request erasure (right to be forgotten) where applicable
  5. Restrict processing in certain circumstances
  6. Object to processing (e.g., for direct marketing or based on public interest)
  7. Data portability
  8. Protection against automated decision‑making

Requests may be submitted to the Data Protection Officer at dpo@uetcl.com or using the prescribed UETCL Data Protection and Privacy Policy and Procedures manual forms (DPP‑01, DPP‑02, DPP‑03).

UETCL protects personal data using administrative, technical, and physical safeguards, including:

  1. Encryption (at rest and in transit)
  2. Role‑based access controls
  3. Multi‑factor authentication (MFA)
  4. Network security monitoring
  5. Staff privacy and security training
  6. Secure data storage and processing environments

These controls align with the UETCL Data Protection and Privacy Policy and Procedures Manual and, where applicable, ISO/IEC 27001 principles.

UETCL maintains an incident response process for handling personal data breaches.

In the event of a breach, UETCL will:

  1. Investigate and assess the breach (within 24 hours of discovery)
  2. Contain and mitigate risks
  3. Notify the Personal Data Protection Office (PDPO) within 72 hours
  4. Notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms
  5. Document the breach in a Breach Register

Personal data will only be retained for as long as necessary to:

  1. Fulfil operational and regulatory requirements
  2. Comply with legal obligations
  3. Support audits and investigations

Specific retention periods are defined in the UETCL Records and Document Management Policy. Data will be securely destroyed (cross‑cut shredding for paper, certified erasure for electronic) upon expiry of the retention period.

UETCL’s services are primarily intended for adults. Where personal data relating to minors is processed (e.g., in the context of employee dependants or internship applications), consent must be obtained from a parent or legal guardian.

UETCL may engage third‑party data processors (e.g., valuers, IT service providers). All such processors must sign a Data Processing Agreement (DPA) that imposes the same data protection obligations as this Policy and the law.

UETCL shall not transfer personal data outside Uganda unless:

  1. The recipient country has adequate data protection laws as determined by the Authority, or
  2. Appropriate safeguards (e.g., standard contractual clauses) are in place, or
  3. The data subject has provided explicit consent.

The DPO maintains a record of all international data transfers.

UETCL may update this Privacy Policy periodically to reflect legal, regulatory, or operational changes. Updated versions will be published on UETCL’s official website and internal platforms.

This Privacy Policy shall be reviewed:

  1. Annually
  2. After significant regulatory or operational changes
  3. After a major personal data breach

The review will be led by the Data Protection Officer in consultation with the Governance, Ethics, and Compliance and ICT departments.

For any questions, requests, or complaints regarding this Privacy Policy or the handling of your personal data, please contact:

Data Protection Officer (DPO)
Uganda Electricity Transmission Company Limited
Plot No. 10, Hannington Road, Kampala, Uganda
Email: dpo@uetcl.com
Telephone: +256 417 802 000

About UETCL

Learn More

UETCL Operational Licences

Learn More

Understand Uganda’s Grid
Map Vision 2040

About the Grid Map 2040

UETCL

About UETCL

Operational Licences

Careers

Projects

Privacy Notice

Services

Power Purchases and Sales

Optic Fiber

Njeru Training School

Quick Links

Bids & Tenders

News & Updates

Strategic Plans

Careers

Get Intouch

Tel: +256-417 802 000
Tel: +256-314 802 000
Email: transco@uetcl.com
Plot No.10, Hannington Rd,
P.O Box 7625,
Kampala, Uganda

Copyright © 2026 | Uganda Electricity Transmission Company Limited