Privacy Policy

Assegai Analytics Privacy Policy

Effective Date: 8 September 2025

1. Introduction and Scope

Assegai Analytics (Pvt) Ltd (“Assegai Analytics”, “we”, “our”, “us”) is a licensed Data Controller under the Cyber and Data Protection Act [Chapter 12:07] (CDPA) of Zimbabwe and its implementing regulations.

This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our services, platforms, and personnel. We are committed to handling all personal data lawfully, fairly, and transparently in line with the CDPA, Statutory Instrument 155 of 2024, and best international practices.

This Policy applies to all personal data processing carried out by Assegai Analytics in Zimbabwe and, where applicable, to processing outside Zimbabwe involving Zimbabwean data subjects.

2. Who We Are

Data Controller:
Assegai Analytics (Pvt) Ltd
Office: Harare, Zimbabwe
Email: info@assegai.africa
Tel: +263 719 719 210

Licensed by POTRAZ (the designated Data Protection Authority).

Data Protection Officer (DPO):
Takunda Chingonzo (Certified Data Protection Officer, MSc-IE, MBA)
Email: dpo@assegai.africa
Tel: +263 719 719 210

Our DPO ensures compliance with the CDPA, responds to data subject rights, and liaises with POTRAZ.

3. What Personal Data We Collect

We collect only the information necessary for service delivery, regulatory compliance, and business operations. This may include:

  • Identity and contact data: Name, email, phone, address, job title, employer.
  • Business information: Organisation details, contracts, records of processing activities.
  • Technical data: System logs, IP addresses, device/browser type (when you use our digital platforms).
  • Financial data: Payment records for service contracts.
  • Special category data (with consent or legal requirement): Health, ethnicity, political or religious beliefs, biometric identifiers.

We collect personal data directly from you, through our platforms, via client engagements, or from public records.

4. How and Why We Process Your Data

We use personal data only where there is a valid legal basis under the CDPA. This includes:

  • Service delivery: To provide data protection, analytics, and compliance services.
  • Legal and regulatory compliance: To meet obligations under CDPA, including licensing and reporting.
  • Contracts: To manage client agreements and service delivery.
  • Consent: For optional services or sensitive data processing.
  • Legitimate interest: For security, business operations, and research, balanced against your rights.

We do not make decisions based solely on automated processing that have legal or significant effects on individuals.

5. Children’s Data

We do not knowingly process data of children under 18 without parental/guardian consent. Where processing children’s information is necessary, we comply with Regulation 10(5) of S.I. 155 of 2024, ensuring consent verification and data protection by design.

6. How We Share Your Data

We share data only when necessary and with safeguards:

  • With regulators (e.g., POTRAZ) as required by law.
  • With service partners under written agreements ensuring CDPA compliance.
  • For cross-border transfers: Personal data is generally stored in Zimbabwe. Where transfer abroad is necessary, we comply with CDPA safeguards, including Data Transfer Impact Assessments and contractual protections.

7. How We Protect Your Data

We use technical and organisational measures to protect personal data:

  • Encryption, firewalls, access controls, and monitoring.
  • Secure storage and backups.
  • Regular compliance audits and staff training.
  • Incident response and breach management procedures.

8. Your Data Protection Rights

Under the CDPA, you have the right to:

  • Be informed about how we process your data.
  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion (erasure) of your data.
  • Restrict or object to processing.
  • Withdraw consent at any time (without affecting prior lawful use).

To exercise these rights, contact our DPO at dpo@assegai.africa.

9. Data Breaches

In line with Section 17 of S.I. 155 of 2024, if we detect a personal data breach:

  • We notify POTRAZ within 24 hours.
  • We inform affected individuals within 72 hours where there is a high risk of harm.
  • We investigate, mitigate, and document all breaches.

10. Data Retention

We keep personal data only as long as necessary for the purposes collected, contractual obligations, or legal compliance.

  • Service-related data is retained for up to 5 years after contract termination.
  • Regulatory records are kept as legally required.
  • Anonymised or aggregated data may be retained for research and analytics.

11. Contact Us

For privacy concerns or to exercise your rights:
Takunda Chingonzo – Data Protection Officer
Email: dpo@assegai.africa
Tel: +263 719 719 210

For complaints:
Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ)
Email: dataprotectionunit@dpa.zw | regulator@potraz.zw
Tel: +263 242 333032/46/48

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, regulation, or business practice. Updates will be published on our website, and we encourage you to review them periodically.

Scroll to Top