B
BMS
Get started
Legal

Data & privacy

Last updated: 21 June 2026

BMS protects your personal information and that of your clients and employees. This page explains how, and what your rights are in Namibia.

1. The legal position in Namibia

Namibia has not yet enacted a comprehensive data-protection statute. Your privacy is protected as a fundamental right under Article 13 of the Namibian Constitution, supported by sector-specific confidentiality rules (for example in banking and the professions). A Data Protection Bill has been in draft since 2021 but is not yet law.

Because the law is still developing, BMS does not wait for it. We apply recognised international data-protection standards (aligned with leading frameworks such as the GDPR) as our baseline, so your information is handled to a high standard today and we are ready for the Bill when it is enacted.

2. Who is responsible

When you use BMS to run your business, you decide what client and employee information to capture — you are its controller. BMS is your processor: we process that information only on your instructions, to deliver the service. Where we collect information directly to operate your BMS account, we are the controller.

3. How we handle your information

  • Minimal collection - we only collect what the service genuinely needs.
  • Clear purpose - used for the purposes set out in our Privacy Policy, not unrelated ones.
  • Accuracy - you can view and correct your information at any time.
  • Security - encryption in transit and at rest, role-based access, and audit logging.
  • Your control - you can export everything as CSV, or ask us to delete it.

4. Your rights

  • Ask what personal information we hold about you.
  • Have inaccurate information corrected, or ask for it to be deleted.
  • Opt out of direct marketing at any time.
  • Ask that significant decisions about you are reviewed by a person, not only automated.

5. Where your data is processed

Your information is stored on secure cloud infrastructure. Some third-party services (for example email delivery or payment processing) may process limited information outside Namibia. We only use providers that commit, by contract, to strong data-protection safeguards.

6. Service providers we rely on

We use the following categories of providers under agreements that bind them to protect your data:

  • Cloud hosting - secure managed infrastructure.
  • Payment processing - reputable, PCI-compliant providers.
  • Email and SMS delivery - for invoices, payslips and notifications.
  • Error monitoring - aggregated diagnostics, no personal business content.

7. Security

We use encryption in transit (HTTPS), encrypted backups, role-based access control, audit logging and regular reviews. Access to personal information inside BMS is strictly need-to-know.

8. If something goes wrong

If we become aware of a security incident affecting your personal information, we will notify you promptly with what we know and the steps we are taking — even though Namibian law does not yet mandate a specific breach-notification process.

9. Contact us

For any privacy query, access request or complaint: neville@bms-na.com.

See also: Privacy Policy · Terms of Service