REACH ZAMBIA DIGITAL LIMITED: PRIVACY POLICY

Effective Date : 21ST July, 2025

1. INTRODUCTION

Reach Zambia Digital Limited ("we," "us," "our," or the "Company") is committed to protecting the privacy and security of your personal data in accordance with the Data Protection Act, 2021 of the Republic of Zambia. This Privacy Policy explains how we collect, use, process, store, and protect your personal data when you use our services, products, or interact with us.

By using our services or providing us with your personal data, you acknowledge that you have read and understood this Privacy Policy.

2. DATA CONTROLLER INFORMATION

Company Name : Reach Zambia Digital Limited
Registration Number : 120180005926
Physical Address : Plot No. 11058 Haile Selassie Avenue, Longacres, First Floor, Zimbabwe House, Lusaka, Zambia 

Email : hello@reachzambiadigital.com
Phone : +260966559677
Data Protection Officer : Chileshe Mwamba Wagner

3. TYPES OF PERSONAL DATA WE COLLECT

3.1 Personal Data

We may collect and process the following categories of personal data:

  • Identity Data: Name, identification number, date of birth, gender
  • Contact Data: Physical address, email address, telephone numbers
  • Financial Data: Bank account details, payment card details, transaction history
  • Technical Data: IP address, browser type, device information, login data
  • Usage Data: Information about how you use our services
  • Location Data: GPS data or other location information
  • Communication Data: Records of our communications with you


 

3.2 Sensitive Personal Data

We may collect the following sensitive personal data only with your explicit consent or where permitted by law:

  • Race or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data or biometric data
  • Health information
  • Data concerning sex life or sexual orientation

3.3 Children's Personal Data

We do not knowingly collect personal data from children under 18 years of age without consent from their parent, legal guardian, or person exercising parental responsibility. We implement age verification mechanisms where appropriate.

4. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through:

  • Direct interactions: When you fill in forms, correspond with us, or provide information voluntarily
  • Automated technologies: Cookies, server logs, and similar technologies when you use our website
  • Third parties: Business partners, service providers, or public sources (where legally permitted)

In accordance with Section 16 of the Data Protection Act, we primarily collect personal data directly from you unless otherwise permitted by law.

5. LEGAL BASIS AND PURPOSE OF PROCESSING

We process your personal data based on the following legal grounds:

5.1 Consent

Where you have given clear, freely given, specific, informed, and unambiguous consent.

5.2 Contract Performance

Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

5.3 Legal Obligations

Where we need to comply with legal or regulatory obligations.

5.4 Legitimate Interests

Where necessary for our legitimate interests or those of a third party, except where overridden by your fundamental rights and freedoms.

5.5 Vital Interests

Where necessary to protect your vital interests or those of another person.

5.6 Public Interest

Where necessary for the performance of a task carried out in the public interest.

6. PURPOSES OF PROCESSING

We process your personal data for the following purposes:

  • Providing our products and services
  • Managing your account and relationship with us
  • Processing payments and preventing fraud
  • Communicating with you about our services
  • Marketing and advertising (with your consent)
  • Complying with legal and regulatory requirements
  • Improving our services and developing new ones
  • Protecting our legal rights and interests

7. YOUR RIGHTS AS A DATA SUBJECT

Under the Data Protection Act, 2021, you have the following rights:

7.1 Right of Access (Section 58)

You have the right to obtain confirmation of whether we process your personal data and access to such data.

7.2 Right to Rectification (Section 59)

You have the right to have inaccurate personal data corrected and incomplete data completed.

7.3 Right to Erasure (Section 60)

You have the right to have your personal data erased in certain circumstances, including when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal ground for processing
  • The data has been unlawfully processed

7.4 Right to Object (Section 61)

You have the right to object to processing of your personal data, particularly for direct marketing purposes.

7.5 Right to Restriction (Section 63)

You have the right to restrict processing of your personal data in certain circumstances.

7.6 Right to Data Portability (Section 65)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

7.7 Rights Related to Automated Decision-Making (Section 62)

You have the right not to be subject to decisions based solely on automated processing, including profiling.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided in Section 13.

8. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal requirements. In accordance with Section 51 of the Act, we will keep personal data for the specific purpose for which it was collected and for at least one year thereafter, unless a different retention period is prescribed by law.

Our retention periods are determined based on:

  • The purpose for which the data was collected
  • Legal and regulatory requirements
  • Limitation periods for legal claims
  • Our legitimate business needs

9. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of personal data
  • Pseudonymization where appropriate
  • Regular security assessments and audits
  • Access controls and authentication procedures
  • Staff training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

10. DATA SHARING AND DISCLOSURE

We may share your personal data with:

  • Service providers: Who process data on our behalf under strict contractual terms
  • Legal authorities: When required by law or court order
  • Business partners: With your consent or where necessary for service delivery
  • Professional advisors: Such as lawyers, auditors, and insurers

We do not sell your personal data to third parties. All data processors we engage are required to comply with the Data Protection Act and maintain appropriate security measures.

11. CROSS-BORDER DATA TRANSFERS

In accordance with Sections 70 and 71 of the Data Protection Act:

  • We process and store personal data on servers located within the Republic of Zambia
  • Sensitive personal data is always processed and stored within Zambia
  • Other personal data may only be transferred outside Zambia where: 
    • You have given explicit consent
    • The transfer is subject to approved standard contracts
    • The transfer is approved by the Data Protection Commissioner
    • It is necessary for emergency health services
    • The receiving country ensures adequate data protection

12. BREACH NOTIFICATION

In the event of a personal data breach, we will:

  • Notify the Data Protection Commissioner within 24 hours
  • Notify affected data subjects as soon as practicable
  • Take immediate steps to mitigate any harm
  • Document the breach and our response

13. CONTACT INFORMATION

For any questions about this Privacy Policy or to exercise your rights, please contact:

Data Protection Officer
Chileshe Mwamba Wagner
hello@reachzambiadigital.com
(+260)966559677
Plot No. 11058 Haile Selassie Avenue, Longacres, First Floor, Zimbabwe House, Lusaka, Zambia

Complaints

If you are not satisfied with our response, you have the right to lodge a complaint with:

Office of the Data Protection Commissioner

Ministry of Technology and Science 

info@dataproctection.gov.zm 

enquiries@dataprotection.gov.zm 

(+260)750799801
 

You also have the right to appeal to the High Court within 30 days of the Data Protection Commissioner's decision.

14. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to:

  • Ensure our website functions properly
  • Analyze website usage and improve our services
  • Remember your preferences
  • Provide targeted advertising (with your consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our services.

15. MARKETING COMMUNICATIONS

We will only send you marketing communications with your explicit consent. You have the right to withdraw your consent and opt-out of marketing communications at any time by:

  • Clicking the "unsubscribe" link in our emails
  • Contacting our Data Protection Officer
  • Updating your preferences in your account settings

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Displaying a notice on our platform

The "Last Updated" date at the top of this policy indicates when it was last revised.

17. GOVERNING LAW

This Privacy Policy is governed by the laws of the Republic of Zambia, particularly the Data Protection Act, 2021.

 

 

ACKNOWLEDGMENT

By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Version: [1.0]
Document ID: [1hSiQX_cinDzy-s9mMQXtkevG8Xsd3K2W]