The Mobile App collects the following categories of personal data for lawful and limited purposes as defined in this Policy:

Personal Identification Information – Collected during registration and authentication processes:

Full name
Member ID or employee number
National ID or passport number
Mobile phone number
Date of birth
Email address (where provided)
Pension and Financial Information – Collected to facilitate pension estimates and benefit insights:

Pensionable salary
Length of pensionable service (years of service)
Retirement type and options selected
Pension and gratuity calculation results
Device and Technical Information – Collected automatically via integrated tools such as Firebase Analytics and Crashlytics:

Device model and operating system version
App version and feature usage logs
Crash and error reports
Device language and time zone settings
Notification token (for push messages)
Location and Access Logs – Collected to enhance system security and traceability:

IP address of the accessing device
Timestamps of login, activity, and logout events

Personal data is collected and processed for the following lawful and specified purposes:

The PSPF Mobile App integrates certain third-party services for performance monitoring, messaging, and technical diagnostics. Specifically, the App makes use of Google Firebase, which provides the following functionalities:

• Firebase Analytics- which collects anonymized usage statistics to help the Fund understand how users interact with the App and identify areas for improvement.
• Firebase Crashlytics– this automatically reports system errors, crashes, and stability issues to facilitate timely resolution and application reliability.
• Firebase Cloud Messaging (FCM)- this enables the delivery of secure, real-time push notifications to App users, including benefit updates, reminders, and service alerts.

While Firebase may process technical and aggregated data for these purposes, no personally identifiable data is shared with Google unless explicitly configured to do so. Firebase services are governed by Google’s Firebase Privacy and Security Policy, and the Fund has implemented appropriate configurations to ensure compliance with the Data Protection Act, 2022.

All personal data processed through the Fund’s Mobile App is stored and protected as follows:

• All personally identifiable information (PII) is stored exclusively within the Kingdom of Eswatini on secure infrastructure either hosted or directly managed by PSPF.
• Data is encrypted in transit using industry-standard HTTPS/TLS protocols to ensure confidentiality and integrity during communication.
• Regular backups are performed in line with the Fund’s Information Security Policy to safeguard against data loss and ensure business continuity.
• Firebase-related data may be processed on Google Cloud servers, but it is anonymized and not linked to any personal identifiers.

All processing and storage practices comply with the Data Protection Act, 2022 and PSPF’s internal governance policies.

• The Fund does not sell, rent, or otherwise commercially exploit personal data collected through the Mobile App.
• Personal data may be disclosed only in the following circumstances and to the listed recipients, strictly for lawful and operational purposes:
• For internal use by relevant departments within the Fund and solely for the delivery of pension-related services and support.
• Government authorities, regulators, or law enforcement bodies, where such disclosure is required under applicable laws or pursuant to a court order.
• Technical service providers or third-party vendors engaged by the Fund to support or maintain the App, provided such vendors are subject to binding confidentiality and data protection agreements.
• Legal representatives only upon the written consent or instruction of the subject of the data. The Fund may share relevant personal data with duly authorized legal representatives.

All data sharing is governed by the principles of necessity, proportionality, and legal compliance as required under the Data Protection Act, 2022.

• PSPF implements robust technical and organizational measures to safeguard personal data processed through the Mobile App. These measures include:
• While no system can guarantee absolute protection, the Fund adheres to industry best practices to minimize the risk of unauthorized access, data loss, or breaches.

• In accordance with the Data Protection Act, 2022, data subjects have the following rights:
• Right to access- to request a copy of personal data held by the Fund.
• Right to Rectification– to request correction of inaccurate or incomplete information.
• Right to Erasure– to request deletion of personal data or account information, subject to PSPF’s data retention obligations.
• Right to Restrict Processing– to request temporary suspension of data processing under specific conditions.
• Right to Object– to withdraw consent for specific processing activities, including the receipt of notifications.
• Right to Lodge a Complaint– to file a complaint with the Fund or escalate to the Eswatini Communications Commission (ESCCOM), the designated supervisory authority.
• Requests can be submitted by email to: privacy@pspf.co.sz or by calling (+268) 2406 4000.

The Mobile App is not intended for use by individuals under the age of 18. The Fund does not knowingly collect, store, or process personal data of minors. If it is discovered or suspected that personal data of a child has been submitted through the App, PSPF should be contacted promptly to ensure the secure deletion of such data in accordance with the Data Protection Act, 2022.

• This Privacy Policy may be updated from time to time to reflect changes in legal requirements, operational needs, or technical enhancements.
• Any revisions will be communicated within the App and on the Fund’s official website.

Continued use of the App following such updates constitutes acceptance of the revised terms. Users are encouraged to read this policy periodically to remain informed about how their personal data is handled.

• For any questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact:

  Public Service Pensions Fund (PSPF)
  Ingcamu Building, Mhlambanyatsi Road
  P.O. Box 4469, Mbabane, Eswatini