Privacy Policy
Effective Date: 10 November 2025
The Upper Room of Prayer ("we," "us," or "our") is committed to protecting your personal information and your right to privacy. This policy outlines our practices in compliance with the Data Protection Act No. 5 of 2022 of the Kingdom of Eswatini.
1. Data Controller & Contact
Data Controller: The Upper Room of Prayer Consultancy Office
Physical Address: Office #10, Eagles House Building, Mbabane, Kingdom of Eswatini
Email: admin@prophetpromiseupperroom.org
Telephone: (+268) 7659 1921
For any privacy concerns, please contact the Data Controller directly via the details above.
2. Information We Collect
We collect two main categories of personal information:
2.1 Personal Data
- Identification/Contact Data: Name, email address, and phone number (collected for appointments, inquiries, and partner communication).
- Transactional Data: Subscription start date, and payment history (we do not capture card details).
- Technical Data: IP address, browser type, device type, and usage data (collected via website analytics to improve service).
2.2 Sensitive Personal Data (Special Personal Information)
Due to the nature of our prophetic ministry and counselling services, we may collect and process information that is considered sensitive under the Eswatini Act. This data is collected strictly with your explicit consent.
- Counselling/Prophetic Data: Subject and summary of the appointment request, details discussed during consultation, or urgency level (which may imply a health/well-being or spiritual status).
- Religious/Belief Data: Information relating to your religious beliefs, which may be inferred from your engagement with our ministry, training, or partner subscriptions.
3. Legal Basis for Processing
We process your data based on the following lawful grounds, as defined in the Eswatini Data Protection Act (2022):
| Activity | Purpose of Processing | Legal Basis |
|---|---|---|
| Appointment Scheduling | To confirm, manage, and execute the service you requested. | Contractual Necessity (to perform a contract/service) |
| Partner Subscriptions | To process payments, manage your account, and provide partner benefits. | Contractual Necessity |
| Prophetic/Counselling Details | To prepare for and deliver tailored spiritual and consultancy services. | Explicit Consent (required for Sensitive Personal Data) |
| General Inquiries/Marketing | To respond to queries and send ministry updates (if subscribed). | Legitimate Interest or Consent |
4. Your Data Protection Rights
Under the Eswatini Data Protection Act, you have the following rights:
- The Right to Access: You have the right to request copies of your personal data.
- The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- The Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data, under certain conditions.
- The Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
- The Right to Withdraw Consent: Where the legal basis for processing is your explicit consent (especially for Sensitive Data), you have the right to withdraw that consent at any time.
- The Right to Lodge a Complaint: You have the right to complain to the Eswatini Data Protection Authority (EDPA/ESCCOM).
5. Data Security, Retention, and Transfer
5.1 Security
We have implemented technical and organizational measures to secure your personal information from accidental loss and unauthorized access, use, alteration, and disclosure. All communication is secured via SSL/TLS encryption.
5.2 Data Retention
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by law (e.g., for financial records related to partner subscriptions).
5.3 International Data Transfers
Your data may be stored on servers outside of Eswatini (e.g., for web hosting or cloud email services). We ensure that any such transfer is made only to countries that provide an adequate level of protection or where we have put in place adequate safeguards, as required by the Eswatini Data Protection Act (2022).