Privacy Policy
Zimbabwean Regulatory Compliance Addendum
Cyber and Data Protection Act [Chapter 12:07]1. Data Protection Authority
This policy is governed by the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe. We recognize POTRAZ as the designated Data Protection Authority.
Any concerns regarding our data handling practices that are not resolved through our internal support can be escalated to POTRAZ.
2. Appointment of Data Protection Officer (DPO)
In accordance with Statutory Instrument 155 of 2024, we have appointed a Data Protection Officer to oversee our privacy strategy and ensure compliance with Zimbabwean law.
3. Mandatory Breach Notification
Under Zimbabwean law, we are committed to high standards of transparency in the event of a security incident:
To POTRAZ
We will notify the Data Protection Authority within 24 hours of becoming aware of any data breach.
To You
If a breach is likely to result in high risk to your rights and freedoms, we will notify you within 72 hours of discovery.
4. Cross-Border Data Transfers
As a software company, we may use global cloud infrastructure. However, per Sections 28 and 29 of the Act, we will not transfer your personal information outside Zimbabwe unless:
- The recipient country provides an adequate level of protection equivalent to Zimbabwean law.
- You have given your explicit consent after being informed of the risks.
- The transfer is necessary for performance of a contract between you and Deeplab Systems.
5. Processing of Sensitive Information
We do not process "sensitive data" (including health, biometric, or ethnic data) without your prior written consent, unless specifically authorized by law.
6. Right to Object to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing (for example: automated credit scoring or recruitment algorithms) if it produces legal effects or significantly affects you.