This Privacy Policy applies exclusively to the Fund’s Mobile App and governs the collection, use, disclosure, retention, and protection of personal data obtained through the App. It applies to all individuals who access or use the App, including the Fund’s members, dependents, and their authorized representatives. This Policy does not apply to any data processed through other PSPF platforms, websites, or third-party applications unless expressly stated. By using the App, you agree to the data practices described in this Policy.

The Fund is the Data Controller responsible for the processing of personal data. For any privacy-related queries, the following contact details are available:

Contact Information:

PSPF Headquarters
7^th Floor,
Ingcamu Building,
Mbabane, Eswatini
Email: info@pspf.co.sz
Telephone: (+268) 2406 4000

The Mobile App collects the following categories of personal data for lawful and limited purposes as defined in this Policy:

Personal Identification Information – Collected during registration and authentication processes:

• Full name
• Member ID or employee number
• National ID or passport number
• Mobile phone number
• Date of birth
• Email address (where provided)

Pension and Financial Information – Collected to facilitate pension estimates and benefit insights:

• Pensionable salary
• Length of pensionable service (years of service)
• Retirement type and options selected
• Pension and gratuity calculation results

Device and Technical Information – Collected automatically via integrated tools such as Firebase Analytics and Crashlytics:

• Device model and operating system version
• App version and feature usage logs
• Crash and error reports
• Device language and time zone settings
• Notification token (for push messages)

Location and Access Logs – Collected to enhance system security and traceability:

• IP address of the accessing device
• Timestamps of login, activity, and logout events

Personal data is collected through the following mechanisms:

• When the data subject provides information directly when registering or logging into the App, and when completing forms or submitting details for pension-related calculations.
• Additional data is collected through engagement with various in-app features, including calculators, settings, and help tools.

Technical and usage data is collected automatically through integrated third-party services, including:

• Firebase Analytics.
• Firebase Crashlytics
• Firebase Cloud Messaging

Collection of data is limited to what is necessary to fulfil the specified purposes outlined in this Policy and is processed in accordance with the Data Protection Act, 2022.

Personal data is collected and processed for the following lawful and specified purposes:

The PSPF Mobile App integrates certain third-party services for performance monitoring, messaging, and technical diagnostics. Specifically, the App makes use of Google Firebase, which provides the following functionalities:

• Firebase Analytics- which collects anonymized usage statistics to help the Fund understand how users interact with the App and identify areas for improvement.
• Firebase Crashlytics– this automatically reports system errors, crashes, and stability issues to facilitate timely resolution and application reliability.
• Firebase Cloud Messaging (FCM)- this enables the delivery of secure, real-time push notifications to App users, including benefit updates, reminders, and service alerts.

While Firebase may process technical and aggregated data for these purposes, no personally identifiable data is shared with Google unless explicitly configured to do so. Firebase services are governed by Google’s Firebase Privacy and Security Policy, and the Fund has implemented appropriate configurations to ensure compliance with the Data Protection Act, 2022.

All personal data processed through the Fund’s Mobile App is stored and protected as follows:

• All personally identifiable information (PII) is stored exclusively within the Kingdom of Eswatini on secure infrastructure either hosted or directly managed by PSPF.
• Data is encrypted in transit using industry-standard HTTPS/TLS protocols to ensure confidentiality and integrity during communication.
• Regular backups are performed in line with the Fund’s Information Security Policy to safeguard against data loss and ensure business continuity.
• Firebase-related data may be processed on Google Cloud servers, but it is anonymized and not linked to any personal identifiers.

All processing and storage practices comply with the Data Protection Act, 2022 and PSPF’s internal governance policies.

• The Fund does not sell, rent, or otherwise commercially exploit personal data collected through the Mobile App.
• Personal data may be disclosed only in the following circumstances and to the listed recipients, strictly for lawful and operational purposes:
• For internal use by relevant departments within the Fund and solely for the delivery of pension-related services and support.
• Government authorities, regulators, or law enforcement bodies, where such disclosure is required under applicable laws or pursuant to a court order.
• Technical service providers or third-party vendors engaged by the Fund to support or maintain the App, provided such vendors are subject to binding confidentiality and data protection agreements.
• Legal representatives only upon the written consent or instruction of the subject of the data. The Fund may share relevant personal data with duly authorized legal representatives.

All data sharing is governed by the principles of necessity, proportionality, and legal compliance as required under the Data Protection Act, 2022.

• Personal data is retained only for as long as necessary to fulfill the specific purposes for which it was collected, or as required by applicable legal, regulatory, or audit obligations.
• Typical data retention periods are as follows:
• User account data– retained until the account is formally deactivated or for up to seven (7) years following a period of inactivity, in line with PSPF record management policies.
• Pension calculation inputs– retained for a period of up to twelve (12) months to allow members to review or repeat calculations, after which the data is deleted or anonymized.

Analytics and crash logs- technical data collected via Firebase (such as usage metrics and error reports) is retained for up to one hundred eighty (180) days, in accordance with Firebase’s standard data retention settings.

• PSPF implements robust technical and organizational measures to safeguard personal data processed through the Mobile App. These measures include:
• Encryption of data both at rest and in transit.
• Access controls and role-based permissions.
• Regular system audits and periodic penetration testing.
• One-Time Password (OTP) authentication for sensitive transactions.
• While no system can guarantee absolute protection, the Fund adheres to industry best practices to minimize the risk of unauthorized access, data loss, or breaches.

• In accordance with the Data Protection Act, 2022, data subjects have the following rights:
• Right to access- to request a copy of personal data held by the Fund.
• Right to Rectification– to request correction of inaccurate or incomplete information.
• Right to Erasure– to request deletion of personal data or account information, subject to PSPF’s data retention obligations.
• Right to Restrict Processing– to request temporary suspension of data processing under specific conditions.
• Right to Object– to withdraw consent for specific processing activities, including the receipt of notifications.
• Right to Lodge a Complaint– to file a complaint with the Fund or escalate to the Eswatini Communications Commission (ESCCOM), the designated supervisory authority.
• Requests can be submitted by email to: privacy@pspf.co.sz or by calling (+268) 2406 4000.

The Mobile App is not intended for use by individuals under the age of 18. The Fund does not knowingly collect, store, or process personal data of minors. If it is discovered or suspected that personal data of a child has been submitted through the App, PSPF should be contacted promptly to ensure the secure deletion of such data in accordance with the Data Protection Act, 2022.

• This Privacy Policy may be updated from time to time to reflect changes in legal requirements, operational needs, or technical enhancements.
• Any revisions will be communicated within the App and on the Fund’s official website.

Continued use of the App following such updates constitutes acceptance of the revised terms. Users are encouraged to read this policy periodically to remain informed about how their personal data is handled.

For any questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact:

Public Service Pensions Fund (PSPF)
Ingcamu Building, Mhlambanyatsi Road
P.O. Box 4469, Mbabane, Eswatini