Cyber & Data Protection Act Policy

Cuzzie Care Systems — Cyber & Data Protection Act [Chapter 12:07]

Introduction & Our Commitment

At Cuzzie Care Systems, we operate under the S.I.M.P.L.E. values. "Championing Ethical Data Practices" is a core business objective. This policy explains how we handle personal information in strict accordance with the Cyber and Data Protection Act (Chapter 12:07).

Information We Collect & Legal Basis

Under Section 11 of the Act, we only process data where we have a lawful basis:

  • Direct Information: Name, phone (+263 77 178 2296), and address (1137 Northwood, Chivhu) for service delivery.
  • Log & Technical Data: IP addresses and browser statistics to optimize our "Simplified IT Solutions."
  • Purpose Limitation: We only use data for the specific purpose it was collected. If the purpose changes, we will seek fresh consent.

Data Processor vs. Data Controller Roles

As a Data Controller: We manage our direct client and visitor info.

As a Data Processor: For our software development or network maintenance clients, we process data solely on their behalf under a strict Section 17 Data Processing Agreement (DPA).

Your Rights as a Data Subject

In accordance with Part II of the Act, you have the rights to:

  • Access & Portability: Request your data in a structured, commonly used format.
  • Rectification & Erasure: Correct or delete data no longer needed.
  • Withdraw Consent: You may withdraw your consent at any time without penalty.
  • Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing.

Security Measures (Technical & Organizational)

Network: Managed via secured MikroTik firewalls and encrypted Starlink gateways.

Encryption: AES-256 for data at rest; TLS for data in transit.

We conduct regular Data Protection Impact Assessments (DPIAs) on all new software projects to identify and mitigate risks early.

Data Transfers & Third Parties

We do not sell your data. We only share data with third-party service providers who are contractually bound to the same protection standards. Any cross-border transfer is strictly managed under Section 28 of the Act.

Breach Notification Protocol

In the event of a security breach, we notify:

  • POTRAZ: Within 24 hours of discovery.
  • The Data Subject: Within 72 hours if the breach poses a high risk to your rights and freedoms.

Contact Our Data Protection Officer (DPO)

Cuthbert Mugwenhi

Email: admin@cuzziecaresystems.com

Address: 1137 Northwood, Chivhu, Zimbabwe

Phone: +263 77 178 2296

Data Protection Authority: POTRAZ (Postal and Telecommunications Regulatory Authority of Zimbabwe)

This policy is provided for transparency and compliance purposes and aligns with the Cyber and Data Protection Act (Chapter 12:07).