Policy on Privacy and Data Security: Mandate for Legal Compliance and Fiduciary Responsibility under Zimbabwean Jurisdiction

Effective Date: 25 October 2025

This Policy on Privacy and Data Security delineates, in exhaustive detail, the methodological apparatus by which Polymath Solutions Private Business Corporation, acting under the commercial designation Mazano Web Platform (hereinafter referred to as ‘The Corporation’), executes the mandatory protocols for the collection, custodianship, utilisation, and disclosure of data pertaining to contracted entities and individual data subjects (hereinafter, the ‘User’). The scope of this instrument encompasses all operations associated with The Corporation’s foundational hosting, technical care, and digital growth-focused marketing services.

The operational mandate of The Corporation within the Republic of Zimbabwe necessitates strict adherence to the ethical and lawful processing of personal data. Meticulous data protection is construed not merely as a legislative compliance exigency, but as an indispensable constituent element of the fiduciary relationship established with every contracted business entity. It is stipulated that The Corporation functions as the Data Controller in relation to client and billing PII, and as a Data Processor in the execution of technical services concerning data subjects whose information is resident upon the client’s hosted digital assets. This policy is unequivocally governed by, and subject to the stipulations of, the Cyber and Data Protection Act (Chapter 12:07) of Zimbabwe (DPA). Further detailed information regarding national data protection legislation and associated regulatory guidance may be procured via the official governmental entity, the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ): https://www.potraz.gov.zw.

For access to the comprehensive corporate privacy policy pertaining to the entirety of Polymath Solutions Private Business Corporation’s operational scope, reference should be made to the master document accessible at: https://polymathsolutions.co.zw/privacy-policy/.

1. Procurement and Categorisation of Information

The collection of data is necessitated by the requirement to sustain, enhance, and administer the service provision continuum and to facilitate the appropriate management of client accounts and transaction processing.

A. Personal Identification Information (PII)

PII may be procured from Data Subjects through various established channels, including, but not limited to, interactions with The Corporation’s digital presence, formal service registration procedures, order placement, and participation in specific corporate activities, features, or resources made available by the platform.

• Data Subjects (Contracted Entities): Comprehensive appellation of the individual, the legally registered appellation of the enterprise (where applicable), the physical situs of operations, electronic mail designators, telephonic contact numbers, and all prerequisite details essential for the effectuation of payment processing protocols.
• Data Subjects (Website Users): Internet Protocol (IP) address, identification of the utilised browser and operating system, and temporally assigned metrics concerning digital visitation patterns (data procured through automatic mechanisms).

B. Technical and Financial Information

Upon the execution of a service contract by a client, the prerequisite technical and financial datasets are compiled.

• Technical Data: Designations of domain names, credentials pertaining to the hosting environment, temporary access credentials (where granted explicitly for maintenance or support operations), and data concerning technical configuration specifications.
• Financial Data: Documentation concerning transactional history, specifications of service subscription, and payment instrument details (the processing of which is managed exclusively through secured third-party gateways; the retention of complete credit card data is strictly prohibited by The Corporation).

2. Purposed Utilisation of Procured Information

The Corporation compiles and applies data subjects’ information toward the achievement of the following enumerated objectives:

• Operational Sustainment and Service Execution: The compiled information is instrumental in the effective management of contracted hosting provisions, technical care regimes, and the overall maintenance of service subscriptions.
• Facilitation of Financial Transactions: Information is deployed for the processing of financial remittances pertaining to services rendered, inclusive of the issuance of requisite invoices and transactional confirmations.
• Augmentation of Client Support Efficacy: The availability of information enables the more expeditious and proficient addressing of service requests and subsequent support requirements.
• Customisation of User Experience: Information may be aggregated for statistical analysis to attain a comprehensive understanding of the collective behaviour exhibited by Users in their interaction with the services and digital resources provided by the platform.
• Dissemination of Scheduled Correspondence: The provided electronic mail designator may be utilised for the transmission of informational updates pertinent to service orders. Furthermore, this channel may be employed for the submission of responses to enquiries, solicitations, and other forms of formal communication.

3. Mandatory Protocols for Data Protection

The Corporation mandates the implementation of rigorous practices for data collection, archival, and processing, alongside advanced security architectures, to mitigate the risk of unauthorised access, data integrity compromise (alteration), disclosure, or destruction concerning personal information, credentials, transactional data, and digital assets resident on the platform.

• Security is ensured through multi-layered defence mechanisms, including data encryption methodologies, stateful firewalls, and intrinsically secured server environments.
• Client authentication parameters furnished for maintenance purposes are managed under strict, time-limited access protocols; immediate deletion or credential rotation is executed subsequent to the conclusion of the maintenance operation.

C. Data Retention Policies

Personal data shall not be retained for a duration exceeding that which is strictly necessary for the fulfilment of the purposes for which it was procured. The criteria governing the determination of retention periods are predicated upon statutory or legislative retention periods and ongoing contractual necessity.

4. Inalienable Rights of the Data Subject

Pursuant to the DPA, the Data Subject retains several rights concerning the personal data under The Corporation’s custodianship. Requests pertaining to the exercise of these rights must be formally submitted via the channels specified in Section 10.

• Right of Access: Entitlement to receive confirmation regarding whether personal data is being processed, and access to that data.
• Right of Rectification: The prerogative to require the correction of inaccurate or incomplete personal data.
• Right of Erasure (“Right to be Forgotten”): The prerogative to request the permanent deletion of personal data when its retention is no longer necessitated by legal or contractual obligations.
• Right to Object: The capacity to formally challenge the processing of personal data in certain prescribed circumstances.

5. Transmission and Conveyance of Personal Information

The conveyance of data subjects’ personal identification information to non-affiliated, external entities for the purposes of commercial trade or lease is not sanctioned by The Corporation. Aggregated demographic datasets, devoid of personal identification linkages, may be disseminated to contracted business partners, certified affiliates, and advertising entities for the achievement of the aforementioned purposes.

The employment of third-party service contractors may be necessitated for the execution of corporate operations, the administration of the digital platform, or the performance of activities incumbent upon The Corporation, such as the dispatch of electronic newsletters or the processing of financial settlements. The transmission of information to such third parties is restricted to these limited operational necessities, contingent upon the receipt of explicit User consent or when such disclosure is legally compelled.

C. Trans-border Conveyance of Data

The Corporation reserves the right to transfer data outside the territorial jurisdiction of Zimbabwe where necessary for operational execution. Such trans-border conveyance shall be predicated upon the implementation of mandatory security safeguards and, where necessary, regulatory approval, ensuring parity of protection as stipulated by the DPA.

6. Employment of Digital Tracking Methodologies (Cookies)

For the purposes of enhancing platform functionality and administering automatic data procurement, The Corporation employs digital tracking methodologies, principally Cookies and comparable technologies.

• Necessity: Essential cookies are deployed to sustain fundamental operational integrity and security.
• Functionality and Analysis: Supplementary cookies are utilised for performance analysis, usage pattern monitoring, and the optimisation of user interface experience.
• The Data Subject retains the capacity to regulate or prohibit the deployment of these digital methodologies via standard web browser configuration settings, although such prohibition may impact the full functionality of the platform.

7. External Digital Platforms

The possibility exists for the User to encounter promotional materials or other content upon the platform that contains linkages to the digital sites and services operated by suppliers, advertisers, sponsors, licensors, or other third-party entities. The Corporation does not exercise governance over the content or embedded links resident on these external platforms and explicitly disclaims responsibility for the operational protocols employed by any digital sites referenced herein.

8. Adherence to Legislative Requirements

Personal information shall be disclosed when such action is mandated by statute or judicial subpoena, or when such disclosure is adjudged to be necessary for compliance with legislative frameworks, the fulfilment of reasonable requests issued by law enforcement agencies, or the preservation of the security and operational integrity of the Service.

9. Assent to Policy Provisions

The utilisation of the Mazano Web Platform by a User constitutes an affirmation of assent to the provisions established within this policy. Non-acceptance of this policy necessitates the immediate cessation of Service utilisation. Continued utilisation of the Services subsequent to the publication of amendments to this policy shall be interpreted as the definitive acceptance of those modifications.

10. Formal Communication Channel

Enquiries concerning the provisions of this Policy on Privacy and Data Security, the operational methodologies of the digital platform, or transactional engagement with The Corporation should be directed to the following contact channels: