Privacy Policy

1. Legal Basis for Processing

Nthabiseng processes personal data lawfully, fairly, and transparently based on one or more of the following grounds:

• •Consent of the data subject
• •Performance of a contract or service
• •Compliance with a legal or regulatory obligation
• •Legitimate business interests that do not override the rights of the data subject

2. Categories of Personal Data Collected

Depending on the service, we may collect:

General Information

• •Full name, contact details, date of birth
• •National ID, passport number, or registration numbers
• •Company or institutional details
• •Digital identifiers (IP address, system logs)

Human Resources & Verification Services

• •CVs, academic records, certificates
• •Employment history and references
• •Background verification data
• •Skills assessments and training records

Financial Integrity & Forensic Services

• •Financial records and transaction data
• •Audit reports and supporting documents
• •Evidence related to investigations or disputes

Insurance & Risk Services

• •Personal or business risk profiles
• •Insurance policy information
• •Claims-related documentation

We do not collect information that is excessive or unrelated to the service being provided.

3. Purpose of Processing

Personal data is processed strictly for:

• •Delivery of contracted services
• •Credential and record verification
• •Compliance audits and forensic analysis
• •Insurance placement, administration, and risk assessment
• •Regulatory reporting and governance
• •Communication, billing, and operational support

Data will not be used for unrelated purposes without lawful justification or consent.

4. Special Categories & Sensitive Data

Where services require processing sensitive or special personal data (including financial, employment, or identity records), Nthabiseng:

• •Applies enhanced security controls
• •Limits access to authorised professionals only
• •Processes such data strictly in line with legal requirements

5. Data Sharing & Disclosure

Information may be shared only:

• •With insurers, regulators, auditors, or partners directly involved in service delivery
• •With law enforcement or authorities where legally required
• •With third-party processors under strict confidentiality and data-processing agreements

Nthabiseng does not sell or trade personal data.

6. Data Storage, Retention & Security

• •Data is stored securely using administrative, technical, and physical safeguards
• •Access is role-restricted and monitored
• •Information is retained only for legally required or operational periods
• •Secure disposal methods are used once retention periods expire

7. Data Subject Rights (Zimbabwe Law)

Under Zimbabwe's Cyber and Data Protection Act, you have the right to:

• •Access your personal data
• •Request correction or updating of inaccurate data
• •Object to unlawful processing
• •Request deletion where legally permissible
• •Lodge a complaint with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ)

8. Cross-Border Data Transfers

Where data must be processed outside Zimbabwe, Nthabiseng ensures:

• •Adequate data protection safeguards
• •Compliance with Zimbabwean legal requirements
• •Contractual protections with foreign processors

9. Cookies & Digital Platforms

Our digital platforms may use cookies or system logs for security, analytics, and performance optimisation. These do not override user privacy rights.

10. Policy Updates

This Policy may be updated periodically to reflect legal or operational changes. Updated versions will be published on our website.

11. Contact – Data Protection