Essential Resources for Community Empowerment
Privacy Policy
1. Data Controller
Mosaico Euroafricano Public Company Limited by Guarantee
Reg. under CIPA: UINBW00001929808
Registered Office Address: Plot 70 Bosele Ward, Ghanzi, Botswana (Effective from 18 December 2002)
Principal place of business: Farm 67nk, Ghanzi, Botswana (Effective from 18 December 2002)
Postal address: P O Box 110, Ghanzi, Botswana
Company Secretary: P O Box 848, Ghanzi, Botswana (Effective from 18 December 2002)
Telephone: +267 72 311 179
Email: info@claerio.org
Website: https://www.claerio.org
Mosaico Euroafricano Public Company Limited by Guarantee is the data controller for personal data collected and processed through this website and related online services, in line with the Botswana Data Protection Act (the “DPA”) and, where applicable, the EU General Data Protection Regulation (GDPR).
Where required by the DPA, the Organisation may appoint a Data Protection Officer (DPO) or data protection representative and notify the Information and Data Protection Commission (IDPC). Any updates will be published on this page.
2. Types of Personal Data Processed
We may process the following categories of personal data:
- Browsing data: IP address, date and time of access, pages visited, browser and device information, referring page (referrer), and general location derived from IP.
- Cookies and similar technologies: As described in our Cookie Policy (for analytics, preferences, and security).
- Data you provide voluntarily: Name, surname, email address, phone number, organisation, and the content of messages sent via our contact forms, email, or other communication channels (including self-hosted CiviCRM and Odoo systems).
- Donation and payment data: Donation amount, purpose (causale), bank details (FNB Ghanzi branch), payment reference, and tax information needed to issue a receipt or meet legal obligations.
- Special categories of data (sensitive data): Any information on, for example, religious or philosophical beliefs, health or other sensitive aspects that you may voluntarily include in your messages. Such data will only be processed when strictly necessary for the requested service and on the basis of your explicit consent, in line with the DPA and GDPR rules on sensitive data.
3. Purposes, Legal Bases, and Retention Periods
| Purpose | Legal basis (DPA / GDPR) | Retention criterion |
|---|---|---|
| 3.1 Responding to information and contact requests | Necessity for pre‑contractual steps or our legitimate interest in responding to queries (Art. 6(1)(b) and (f) GDPR; general principles of lawfulness and fairness under DPA) | 12 months from closure of the request |
| 3.2 Managing donations, issuing receipts, and fulfilling accounting or legal obligations | Legal obligation under applicable tax and non‑profit laws (Art. 6(1)(c) GDPR; DPA obligations) | 10 years (civil and tax law) |
| 3.3 Sending newsletters, project updates, and informational/promotional material | Your consent (Art. 6(1)(a) GDPR; DPA consent provisions) | Until consent is withdrawn or 24 months from last active interaction (e.g. opening an email, clicking a link) |
| 3.4 Producing aggregated, anonymised statistics on website traffic (e.g. page views, countries) | Our legitimate interest in improving our services and communication (Art. 6(1)(f) GDPR; DPA principles of accountability and improvement) | 24 months (with IP addresses anonymised where possible) |
| 3.5 Ensuring website security, preventing abuse and fraud, and protecting our systems | Our legitimate interest in protecting the website, users, and our operations (Art. 6(1)(f) GDPR; DPA integrity and confidentiality requirements) | 6 months in security logs, unless logs must be kept longer for investigations or legal claims |
4. Methods of Processing
Personal data is processed mostly by electronic and telematic means (self-hosted CiviCRM and Odoo on Namecheap Linux server) and, where necessary, on paper.
We apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality as required by the DPA and GDPR.
Technical and organisational measures include, for example, HTTPS/TLS encryption via Namecheap hosting, regular backups, restricted and role‑based access to self-hosted systems, two‑factor authentication for administrators where available, and staff awareness on data protection.
5. Data Recipients
Personal data may be shared with:
- Website hosting provider: Namecheap (servers managed by us for self-hosted CiviCRM and Odoo on Linux server).
- Payment service provider: First National Bank (FNB) Ghanzi branch, for processing donations and payments.
- Email and newsletter providers (if used, e.g. EU‑based mailing services) for sending communications and managing mailing lists.
- Accounting and tax consultants supporting us in our legal and administrative obligations.
- Public authorities and regulators (including the Information and Data Protection Commission and tax authorities) where required by law or in response to a valid legal request.
These recipients act as data processors under written agreements or as independent controllers, depending on their role and applicable law.
6. International Data Transfers
Some of our service providers may be located outside Botswana or the European Economic Area (EEA), for example Namecheap hosting infrastructure or other international services.
Where such transfers occur, we will ensure that appropriate safeguards are in place, such as:
- Adequacy decisions (where available).
- Standard Contractual Clauses or similar contractual safeguards approved by relevant authorities.
- Other safeguards recognised by the DPA and GDPR.
Where required under the DPA, a copy of personal data may be retained in Botswana during the processing period.
7. Your Rights
Under the Botswana Data Protection Act and, where applicable, the GDPR, you have the right to:
- Right to be informed: To receive clear information about how we process your data.
- Right of access: To obtain confirmation whether we process your personal data and, if so, access to that data.
- Right to rectification: To request correction of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): To request deletion of your personal data in certain circumstances.
- Right to restrict processing: To request that we limit processing in specific cases.
- Right to data portability: To receive your personal data in a structured, commonly used, machine‑readable format, and to transmit it to another controller where technically feasible.
- Right to object: To object to certain types of processing, including direct marketing.
- Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you.
Where processing is based on consent, you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
You can exercise your rights or ask questions by contacting:
Email: info@claerio.org
Telephone: +267 72 311 179
Postal mail: P O Box 110, Ghanzi, Botswana
If you believe your rights have been infringed, you also have the right to lodge a complaint with the Information and Data Protection Commission (IDPC) in Botswana, or, where applicable, with a competent EU supervisory authority.
8. Mandatory or Optional Data
Where certain fields are marked as “required” in our forms (CiviCRM, Odoo, or contact forms), providing that information is necessary for us to respond to your request, process your donation, or provide the requested service.
If you do not provide the required data, we may not be able to respond or complete the requested activity.
9. Automated Decision‑Making
We do not use automated decision‑making, including profiling, that produces legal effects or significantly affects you in a similar way as described in the DPA and Article 22 GDPR.
10. Updates to This Notice
We may update this Privacy Policy from time to time to reflect changes in our activities, legal requirements, or technical measures.
The latest version will always be available on this page, indicating the date of the most recent revision.
Last revision date: 15 February 2026