Privacy Policy

⦁ Contract Performance

⦁ Providing and maintaining our CRM and marketing automation platform.

⦁ Processing your subscription payments and transactions.

⦁ Creating and managing your user account.

⦁ Delivering customer support and resolving technical issues.

⦁ Legal Obligations

⦁ Complying with Zimbabwe tax and accounting laws.

⦁ Meeting POTRAZ reporting requirements.

⦁ Conducting anti-money laundering (AML) checks.

⦁ Notifying authorities of data breaches where required.

⦁ Legitimate Interests

⦁ Improving our platform functionality and user experience.

⦁ Detecting and preventing fraud and security incidents.

⦁ Analyzing business performance and usage trends.

⦁ Sending administrative notices and service updates.

⦁ Direct marketing to existing customers (subject to opt-out rights).

⦁ Consent

⦁ Sending marketing communications to non-customers.

⦁ Using non-essential cookies and tracking technologies.

⦁ Enabling third-party integrations (e.g., connecting your Google or Meta accounts).

⦁ Processing special category data if explicitly collected.

⦁ Payment Processing (Secure)

⦁ Validating payment methods with issuing banks.

⦁ Authorizing and settling recurring subscription charges.

⦁ Managing refunds, disputes, and chargebacks.

⦁ Verifying PCI-DSS compliance and preventing fraudulent transactions.

⦁ Reconciling financial records for tax purposes.

⦁ COOKIES AND TRACKING TECHNOLOGIES

⦁ Overview

Circuit Strategies uses cookies, web beacons, pixels, and similar technologies to secure our website, analyze performance, and deliver personalized marketing. This section provides a summary; for comprehensive details, please refer to our Cookie Policy.

⦁ Types of Cookies We Use

⦁ Strictly Necessary Cookies: Essential for website operation, secure login, and PCI-DSS compliant payment processing.

⦁ Performance Cookies: Help us understand how you use our site (e.g., Google Analytics).

⦁ Functionality Cookies: Remember your preferences (e.g., language, CRM settings).

⦁ Targeting/Marketing Cookies: Track your activity to show relevant ads (e.g., Facebook Pixel, Google Ads).

⦁ Payment Processing Cookies

Our payment partners, Stripe and Paynow, place cookies to:

⦁ Detect and prevent fraud during checkout.

⦁ Securely transmit payment tokens.

⦁ Ensure compliance with PCI-DSS standards.

⦁ Your Cookie Choices

You have full control over your cookie preferences. You can manage them via:

⦁ Our Cookie Consent Banner upon your first visit.

⦁ The Cookie Preference Center linked in the footer.

⦁ Your browser settings (detailed instructions available in our ⦁ Cookie Policy).

⦁ HOW WE SHARE YOUR INFORMATION

⦁ Service Providers and Processors

We share data with trusted third-party processors who assist in delivering our services. All providers are vetted for security compliance.

Payment Processors:

⦁ Stripe, Inc. (International Payments) -

View Stripe Privacy Policy

⦁ Paynow (Zimswitch) (Zimbabwe Payments)

View Paynow Privacy Policy

⦁ Card Networks (Visa, Mastercard) for transaction authorization.

Cloud & Infrastructure:

⦁ Cloud hosting providers (e.g., AWS, Google Cloud).

⦁ Content Delivery Networks (CDNs) for performance.

Communication Platforms:

⦁ WhatsApp Business API (Meta).

⦁ SMS Gateway Providers.

⦁ Email Service Providers (e.g., SendGrid, Mailgun).

Analytics & Marketing:

⦁ Google Analytics and Google Ads.

⦁ Meta (Facebook) Business Tools.

⦁ Legal Requirements

We may disclose your information if required by law, such as to comply with a subpoena, POTRAZ directive, tax authority request, or court order, or to protect the rights, property, or safety of Circuit Strategies, our users, or others.

⦁ Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified via email or a prominent notice on our website.

⦁ We Do NOT Sell Your Data

Circuit Strategies does not sell, rent, or trade your personal information to third parties for their marketing purposes.

⦁ INTERNATIONAL DATA TRANSFERS

⦁ Zimbabwe Law Requirements

In compliance with the Cyber and Data Protection Act, we notify POTRAZ before transferring personal data outside Zimbabwe. We ensure that any destination country provides an adequate level of data protection or that appropriate safeguards are in place.

⦁ GDPR Compliance (EU Data Subjects)

For data transfers outside the European Economic Area (EEA), we rely on:

⦁ Standard Contractual Clauses (SCCs) approved by the European Commission.

⦁ Adequacy Decisions where applicable.

⦁ Binding Corporate Rules for internal transfers.

⦁ DATA SECURITY AND PCI-DSS COMPLIANCE

⦁ Security Commitment

We implement robust technical, physical, and organizational security measures to protect your data from unauthorized access, loss, or misuse.

⦁ PCI-DSS Level 1 Compliance

As a service provider handling payment processes, we strictly adhere to the Payment Card Industry Data Security Standard (PCI-DSS) Level 1 requirements:

⦁ Encryption: Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

⦁ Tokenization: We replace sensitive card numbers with unique tokens. Only our PCI-certified processors hold the actual card data.

⦁ No Sensitive Data Storage: We never store CVV/CVC codes, PINs, or full magnetic stripe data.

⦁ Vulnerability Management: We conduct quarterly vulnerability scans via an Approved Scanning Vendor (ASV) and annual on-site audits by a Qualified Security Assessor (QSA).

⦁ Network Security: Payment environments are segmented from other networks, protected by enterprise-grade firewalls and intrusion detection systems.

⦁ Access Control: Access to payment systems is restricted based on a strict need-to-know basis with multi-factor authentication (MFA).

⦁ Payment Security Partners

⦁ Stripe: A certified PCI Service Provider Level 1. ⦁ Learn more about Stripe Security.

⦁ Paynow: Complies with Zimbabwean and international payment security standards for secure local processing.

⦁ Your Responsibility

You are responsible for keeping your login credentials confidential. Use a strong, unique password and enable two-factor authentication (2FA) on your account. Never share your password or payment details via unsecured email.

⦁ DATA RETENTION

⦁ General Principles

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

⦁ Specific Retention Periods

⦁ Account Data: Retained for the duration of your active account. Inactive accounts are deleted after 2 years unless legal obligations apply.

⦁ Transaction Records: Retained for 7 years to comply with Zimbabwe tax and accounting laws.

⦁ Payment Tokens: Retained for the duration of your subscription plus 1 year to handle potential disputes.

⦁ Communication Logs (SMS/WhatsApp): Retained for 2 years.

⦁ Marketing Data: Retained until you withdraw consent (opt-out), plus a suppression list record.

⦁ Technical Logs: Server logs are retained for 90 days; security logs for 1 year.

⦁ YOUR RIGHTS

⦁ Rights Under Zimbabwe's Cyber and Data Protection Act

You have the following rights regarding your personal data:

⦁ Right to Access: Request a copy of the personal data we hold about you.

⦁ Right to Correction: Request correction of inaccurate or incomplete data.

⦁ Right to Erasure: Request deletion of your data (subject to legal retention requirements).

⦁ Right to Object: Object to processing based on legitimate interests or for direct marketing.

⦁ Right to Restriction: Request that we temporarily suspend processing of your data.

⦁ Right to Withdraw Consent: Withdraw consent at any time (does not affect prior lawful processing).

⦁ Right to Complain: Lodge a complaint with POTRAZ.

⦁ Rights Under GDPR (EU Users)

In addition to the above, EU data subjects have the right to data portability (receiving your data in a structured, machine-readable format) and the right to object to automated decision-making and profiling.

⦁ Exercising Your Rights

To exercise any of these rights, please contact our Data Protection Officer at

[email protected]. We will respond within 30 days as mandated by law.

⦁ Payment Data Limitations

Note: Due to PCI-DSS security rules and financial regulations, we cannot modify historical transaction records or provide full unmasked card numbers in response to access requests. We can provide transaction histories and tokenized references.

⦁ CHILDREN'S PRIVACY

Our services are intended for businesses and adults aged 18 and over. We do not knowingly collect personal data from children under 18. If we discover that we have inadvertently collected data from a child without verified parental consent, we will delete it immediately. If you believe a child has provided us with personal data, please contact us.

⦁ AI AND AUTOMATED DECISION-MAKING

Circuit Strategies utilizes Artificial Intelligence (AI) and Machine Learning (ML) to enhance our services. This includes:

⦁ Lead Scoring: Automated qualification of leads based on engagement.

⦁ Chatbots: AI-driven customer support and interaction.

⦁ Personalization: Tailoring content and marketing campaigns.

You have the right to be informed about the logic involved in automated decisions and to request human intervention if a decision has legal or significant effects on you.

⦁ DATA BREACH NOTIFICATION

⦁ Notification to POTRAZ

In accordance with the Cyber and Data Protection Act, we will notify POTRAZ within 24 hours of becoming aware of any data breach.

⦁ Notification to Data Subjects

If a breach poses a high risk to your rights and freedoms, we will notify you without undue delay (within 72 hours), detailing the nature of the breach, affected data, and protective measures taken.

⦁ Payment Data Breaches

In the event of a breach involving payment card data, we will strictly follow PCI-DSS incident response procedures, including immediate notification to Stripe/Paynow and the relevant card brands (Visa/Mastercard).

⦁ THIRD-PARTY LINKS AND SERVICES

Our website contains links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their policies:

⦁ Stripe Privacy Policy

⦁ Google Privacy Policy

⦁ Meta (Facebook) Privacy Policy

⦁ WhatsApp Privacy Policy

⦁ MARKETING COMMUNICATIONS

We send marketing communications based on your consent or our legitimate business interest. You may opt-out at any time by:

⦁ Clicking the "Unsubscribe" link in our emails.

⦁ Replying "STOP" to SMS messages.

⦁ Contacting us at ⦁ [email protected].

Note: You will continue to receive essential transactional emails (e.g., payment receipts, password resets) even if you unsubscribe from marketing.

⦁ CALIFORNIA PRIVACY RIGHTS

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information, including the right to know, delete, and opt-out of the sale of your personal information. To exercise these rights, please contact us.

⦁ CHANGES TO THIS PRIVACY POLICY

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified via email or a prominent notice on our website. The "Effective Date" at the top of this policy indicates when the latest changes took effect.

⦁ REGULATORY INFORMATION

⦁ Zimbabwe Authority: Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) - ⦁ www.potraz.gov.zw

⦁ Compliance Status:

⦁ Zimbabwe Cyber and Data Protection Act: Compliant

⦁ GDPR: Compliant

⦁ PCI-DSS: Level 1 Service Provider Certified

⦁ CONTACT US

If you have questions about this Privacy Policy, your personal data, or our payment security practices, please contact us:

⦁ General Privacy Inquiries: ⦁ [email protected]

⦁ Phone: +263 77 623 2333

Mailing Address: Circuit Strategies (Private) Limited, 38 Hiller Road, Harare, Zimbabwe©