Personal data protection

How Mekavo protects your data and upholds your rights under Law No. 058/2021 of 13 October 2021 of Rwanda.

Last updated: 7 April 2026

This page explains how USK DIGITAL LTD (trading as "Mekavo") complies with Law No. 058/2021 of 13 October 2021 relating to the protection of personal data and privacy in Rwanda. We also comply with the UK GDPR and the EU GDPR as a company registered in the United Kingdom.

For more details on the data we collect and how we use it, see our Privacy Policy.

1. Our commitment to data protection

Mekavo is committed to protecting the personal data of our users and their customers in Rwanda. We have implemented appropriate technical and organisational measures to ensure compliance with Law No. 058/2021, including:

  • Purpose limitation — data is processed for a legitimate purpose communicated to the data subject
  • Consent principle — processing is only carried out with the prior consent of the data subject
  • Data minimisation — only data necessary for the purpose is collected
  • Transparency — the data subject is informed of the existence and nature of the processing
  • Security — data is protected through encryption and access controls
  • Confidentiality — all persons involved in processing are bound by confidentiality obligations

2. Data Controller vs Data Processor

Understanding the roles is important under Law No. 058/2021:

Mekavo as Data Controller

We are the data controller for personal data we collect directly from you, such as:

  • Your account registration information
  • Payment and billing data
  • Support enquiries and communications
  • Website usage data and analytics

Mekavo as Data Processor

When you store your customers' data in Mekavo (names, phone numbers, vehicle data, job records), you are the data controller and Mekavo is the data processor. This means:

  • You decide what data to collect and how to use it
  • You are responsible for obtaining your customers' consent for processing their data
  • We process your customers' data only following your instructions

3. Purpose of data processing

We process personal data for the following purposes, in accordance with Law No. 058/2021:

  • Contractual performance: To provide the garage management service you have registered for
  • Legitimate interest: Platform improvement, security, fraud prevention
  • Consent: Marketing emails and non-essential cookies
  • Legal obligation: Tax compliance with RRA (Rwanda Revenue Authority), Rwandan regulatory requirements

4. Your rights as a data subject

Under Law No. 058/2021 of 13 October 2021, you have the following rights:

  • Right of access: Obtain confirmation of the processing of your data and receive a copy
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data when it is no longer necessary for the processing purpose
  • Right to object: Object to the processing of your data on legitimate grounds
  • Right to information: Be clearly informed about the processing of your data
  • Right to lodge a complaint: File a complaint with the NCSA (National Cyber Security Authority) in case of a breach of the law

5. How to exercise your rights

To exercise any of these rights:

  1. Send us an email at with the subject "Data Subject Request"
  2. Include your full name and the email address associated with your Mekavo account
  3. Specify which right you wish to exercise

We will verify your identity and respond within the timeframe provided by Law No. 058/2021. We will notify you if additional time is required.

There is no charge for exercising your rights.

6. Consent for data processing

In accordance with Law No. 058/2021, we require the prior, express and informed consent of the data subject for the processing of personal data. By registering with Mekavo, you consent to:

  • The storage and processing of your personal data for service delivery
  • The sending of service-related communications
  • The continuous improvement of the platform
  • Compliance with legal and tax obligations
  • If you use Mekavo to store your customers' data, you as the controller must obtain your customers' consent
  • To request a copy of our data processing policy, send an email to

You may withdraw your consent at any time by contacting us at .

7. International data transfers

Our main servers are located in the United Kingdom and the EEA. As a UK-registered company serving Rwanda, international data transfers are carried out in accordance with Law No. 058/2021. We ensure:

  • The destination country (United Kingdom) provides adequate levels of data protection under the UK GDPR
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Compliance declaration to the NCSA when required

8. Security incident response

In the event of a security incident affecting personal data:

  • We will notify the NCSA (National Cyber Security Authority) within the timeframes required by law
  • We will inform affected data subjects when the incident may pose a risk to their rights
  • We maintain an internal incident register documenting all events, their effects and the corrective measures taken

9. Data protection contact

For all data protection enquiries, contact us at:

Data Protection Team
USK DIGITAL LTD (trading as Mekavo)
76 Letchworth Rd, Leicester, LE3 6FH, United Kingdom

Email:

10. Complaints

If you believe we have not handled your data correctly, we encourage you to contact us first so we can resolve the issue.

If you are not satisfied with our response, you have the right to lodge a complaint with:

  • Rwanda: NCSA (National Cyber Security Authority) — responsible for data protection under Law No. 058/2021
  • United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk

We use cookies to keep you logged in and improve your experience. We don't use tracking or advertising cookies. Cookie Policy