Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information when you use our SaaS, cybersecurity, and data analytics services.

Last Updated: November 2025

1. Information We Collect

We collect information that you provide directly to us when you contact us via our website, communicate with us, or use our services. This may include:

  • Personal Identifiers: Your name, email address, phone number, and company name.
  • Project Information: Details about your SaaS project requirements, cybersecurity needs, or data analytics goals.
  • Communications: Records of your correspondence with us regarding our services.
  • Technical Data: Information about your interaction with our website, such as your IP address, browser type, pages visited, and visit timestamps.
  • Service Data: Information related to your use of our SaaS platforms, cybersecurity tools, or analytics services.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain our SaaS, cybersecurity, and data analytics services
  • To respond to your inquiries and provide customer support
  • To send you important updates related to our services
  • To analyze how our website and services are used to improve user experience
  • To monitor and protect the security of our platforms and services
  • To comply with legal obligations and regulatory requirements
  • To develop new services and improve existing ones

3. Legal Basis for Processing

We process your personal information on the following legal bases, aligning with international standards:

3.1 Consent

When you have given clear consent for specific purposes, such as receiving marketing communications or newsletters.

3.2 Contractual Necessity

To fulfill our contractual obligations to you or to take steps at your request before entering into a service contract.

3.3 Legitimate Interests

For our legitimate business interests, such as improving our services, ensuring platform security, and preventing fraud.

3.4 Legal Obligation

Where processing is necessary for us to comply with Zimbabwean law or international regulations.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your data in the following limited circumstances:

4.1 Service Providers

With trusted third-party vendors who assist us in operating our platforms and providing our services. These partners are contractually bound to protect your data and may only use it for specified purposes.

4.2 Legal Requirements

If required to do so by law or in response to valid legal process from Zimbabwean authorities or international legal bodies where applicable.

4.3 Business Transfers

In connection with a merger, acquisition, or sale of all or a portion of our assets, with appropriate confidentiality protections.

4.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

5. International Data Transfers

As a consulting firm with a global outlook, your information may be processed outside of Zimbabwe, including in countries that may not have data protection laws equivalent to those in your jurisdiction. When we transfer data internationally, we implement appropriate safeguards including standard contractual clauses and encryption to ensure its protection in accordance with this Privacy Policy and applicable law.

6. Data Security

We implement reasonable administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, loss, misuse, or alteration. These measures include:

  • Encryption of sensitive data in transit and at rest
  • Strict access controls and authentication mechanisms
  • Regular security audits and penetration testing
  • Secure data storage practices compliant with industry standards
  • Employee training on data protection and privacy

Security Commitment: As cybersecurity experts specializing in penetration testing, we apply industry-best security practices to protect all client data in our care. Our security protocols are regularly tested and updated to address emerging threats.

7. Your Data Protection Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of Access: To request a copy of the personal information we hold about you
  • Right to Rectification: To correct inaccurate or incomplete information
  • Right to Erasure: To request the deletion of your personal information under certain conditions
  • Right to Restrict Processing: To request that we temporarily or permanently stop processing all or some of your personal data
  • Right to Object: To object to our processing of your personal data for direct marketing or other purposes
  • Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format
  • Right to Withdraw Consent: To withdraw your consent at any time where we rely on consent to process your personal data

To exercise any of these rights, please contact us using the details at the end of this policy. We will respond to legitimate requests within 30 days.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users, which helps us provide a better experience and understand how our website is used. We use cookies for:

  • Essential website functionality
  • Performance monitoring and analytics
  • Personalization of your experience
  • Security purposes

You can set your browser to refuse all or some browser cookies, but this may impair the website's functionality. For more information about our use of cookies, please contact us.

9. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements. Our standard retention periods are:

  • Client Data: 5 years after the completion of services or termination of contract
  • Prospective Client Data: 2 years from last contact
  • Website Analytics Data: 26 months
  • Legal and Compliance Records: As required by Zimbabwean law (typically 5-7 years)

After these periods, we will securely delete or anonymize your data.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information from our systems.

11. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically to stay informed about how we are protecting your information.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Ziso Consulting
Data Protection Officer
Harare, Zimbabwe
Phone: +263 771 585 532
Email: admin@zisoconsulting.co.zw
WhatsApp: +263 771 585 532

We will respond to all legitimate requests within 30 days. If you are not satisfied with our response, you have the right to make a complaint to the relevant data protection authority in your jurisdiction.

GDPR Compliant Practices
Zimbabwe Data Protection
Industry Security Standards

Questions About Your Privacy?

If you have any questions about our Privacy Policy or how we handle your data, please don't hesitate to contact our Data Protection Officer.

Contact Our Team