Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

 

PRIVACY POLICY

 

1. Introduction: Our Commitment to Your Privacy

 

This Privacy Policy explains how POLYMATH SOLUTIONS PRIVATE BUSINESS CORPORATION (P.B.C) (“Polymath Solutions,” “we,” “us,” or “our”) collects, uses, and protects your personal data.

This policy applies to all our services, including our software platforms (KhamiPay, Moniker, Mazano), our corporate websites (e.g., polymathsolutions.co.zw), and all other products and communication channels we operate (collectively, the “Services”).

We are fully committed to complying with Zimbabwe’s Cyber and Data Protection Act [Chapter 12:07] (the “DPA”) and handling your data with the utmost care and transparency.

 

2. Our Role and Your Role: Data Processor vs. Data Controller

 

It is important to understand the different roles we play:

  • When you use our website or contact us directly: We are the Data Controller of your personal data.

  • When you are our corporate client (e.g., using KhamiPay for your payroll): Your organisation is the Data Controller, and Polymath Solutions acts strictly as the Data Processor. We only process your data (e.g., your employee information) based on your instructions and our service agreement.

 

3. The Legal Basis for Using Your Data

 

We only process your data when we have a lawful reason to do so under the DPA. These reasons include:

  • Contractual Necessity: We need to process your data to deliver the services you have contracted us for, such as setting up your account, providing support, and billing you.

  • Legal Obligation: We are required to process certain data to comply with Zimbabwean law, such as maintaining financial records for tax purposes or generating statutory reports for ZIMRA and NSSA through KhamiPay.

  • Legitimate Interest: We may process data for our legitimate business interests, such as securing our platforms, improving our services by analysing usage trends, and sending existing clients relevant information about similar services. We always balance this against your rights and freedoms.

  • Consent: For any other purpose, such as sending you marketing materials for unrelated services, we will ask for your clear and unambiguous consent. You have the right to withdraw this consent at any time.

 

4. The Data We Collect and Why

 

We adhere strictly to the principle of data minimisation, collecting only the data we need.

Category of Data Specific Data Points Collected Primary Purpose(s)
Identity & Contact1.  Data Name, Email Address, Phone Number, Physical Address, Job Title, Company Details. To provide our services, manage your account, offer support, and for billing.
Financial & Payroll Data Banking details, salary information, statutory numbers (e.g., NSSA, ZIMRA), payment history. (Primarily for KhamiPay, on behalf of our clients). To process payroll accurately and fulfill statutory obligations as instructed by our clients.
Technical Data IP address, browser type, operating system, device identifiers, timestamps. To ensure the security and stability of our platforms, prevent fraud, and diagnose technical issues.
Usage & Analytics Data How you interact with our services (clicks, session duration, features used). To improve our products, enhance the user experience, and guide our development roadmap.
Marketing Data Your preferences for receiving marketing, newsletter status, and engagement with our content. To send you relevant, consensual communications and measure the effectiveness of our campaigns.

 

5. Data Security: How We Protect Your Information

 

Protecting your data is a top priority. We implement robust technical and organisational security measures in line with the DPA.

  • Encryption: All data is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256) within our secure Google Cloud Platform infrastructure.

  • Access Control: Access to your data by Polymath personnel is strictly limited on a “need-to-know” basis and is governed by Role-Based Access Control (RBAC). All access events are logged and audited.

  • Secure Hosting: Our services are hosted on the Google Cloud Platform, which adheres to world-class security standards (e.g., SOC 2, ISO 27001).

  • Data Breach Protocol: In the unlikely event of a data breach, we have a formal Incident Response Plan. We will notify the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) and any affected clients or individuals without undue delay, as required by the DPA.

 

6. When We Share Your Data

 

We do not sell, rent, or trade your personal data. We only share it in the following limited and necessary circumstances:

  • Service Providers (Data Processors): We work with trusted third-party companies, such as our cloud hosting provider (Google Cloud) and payment processors, to deliver our services. These partners are bound by strict Data Processing Agreements that legally require them to protect your data.

  • Statutory Bodies: When using services like KhamiPay, we share necessary data with bodies like ZIMRA and NSSA as required by law and as instructed by you, our client.

  • Legal Obligation: We may disclose your data if required by a court order or other mandatory legal process from a competent Zimbabwean authority.

  • Business Transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, which will be bound to protect it under the terms of this policy.

 

7. International Data Transfers

 

Our hosting on the Google Cloud Platform may involve transferring and storing your data in servers outside of Zimbabwe. We ensure that such transfers are lawful under the DPA by relying on Google’s robust security and data protection frameworks, which provide an adequate level of protection for your data.

 

8. Your Data Protection Rights

 

Under the DPA, you have the following rights regarding your personal data:

  • The Right to Access: You can request a copy of the personal data we hold about you.

  • The Right to Rectification: You can ask us to correct any inaccurate or incomplete data.

  • The Right to Erasure (“Right to be Forgotten”): You can request that we delete your personal data where it is no longer necessary for the purpose it was collected, subject to our legal and contractual retention obligations (e.g., we cannot delete financial records before the statutory period expires).

  • The Right to Object: You can object to us processing your data for direct marketing purposes, and we will stop immediately. You can also object to processing based on our legitimate interests.

  • The Right to Lodge a Complaint: You have the right to file a complaint with the supervisory authority in Zimbabwe, which is POTRAZ.

To exercise any of these rights, please contact our Data Protection Officer using the details below. We may require proof of your identity to process your request securely.

 

9. Data Retention

 

We keep your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. For example, financial and contractual records are typically kept for 6-7 years as required by Zimbabwean law.

 

10. Changes to This Policy & Contact Details

 

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the “Effective Date” clearly marked. For any significant changes, we will notify you via email or an in-app notification.

Contact Us & Our Data Protection Officer (DPO)

For any questions, concerns, or to exercise your data rights, please contact our designated Data Protection Officer:

Data Protection Officer

Polymath Solutions Private Business Corporation

Registered Address: 22 Derwent Road, Avonlea, P.O. Marlborough, Harare, Zimbabwe

Email: privacy@polymathsolutions.co.zw

Phone: +263 71 267 6093

Top