Effective Date: 16 March 2026 · Compliant with the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe
At a Glance
We never sell your personal data to third parties.
Data is encrypted in transit using TLS/SSL and passwords are stored encrypted.
You have the right to access, correct, delete, or port your data at any time.
Compliant with Zimbabwe's Cyber and Data Protection Act [Chapter 12:07].
Contact us at privacy@koopaz.com for any data-related requests.
1. Introduction
Koopaz (Private) Limited ("Koopaz", "we", "us", or "our") operates an online marketplace at www.koopaz.com (the "Platform") that connects homeowners, office clients, and service providers across Zimbabwe.
We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have with respect to your data.
This Policy is designed to comply with Zimbabwe's Cyber and Data Protection Act [Chapter 12:07] ("CDPA") and any associated regulations. Please read this Policy carefully before using our Platform.
2. Information We Collect
2.1 Information You Provide Directly
We collect information you give us when you:
Register for an account: Full name, email address, phone number, password.
Complete a Service Provider profile: Business name, service categories, qualifications, certifications, profile photo, bank account or mobile money details.
Make a booking: Service address, nature of service required, scheduling preferences.
Process payments: Billing details, mobile money number, bank account information.
Contact us: Any information you provide in support queries or communications.
Submit reviews: Rating scores and written feedback.
2.2 Information Collected Automatically
When you use the Platform, we automatically collect:
Device Information: Device type, operating system, browser type and version.
Usage Data: Pages viewed, features used, time spent on Platform, clickstream data.
Location Data: Approximate or precise location (with your permission) to match you with local service providers.
Log Data: IP address, access times, referring URLs, error reports.
Cookies and Tracking: See Section 9 for our Cookie Policy.
2.3 Information from Third Parties
We may receive information about you from:
Social login providers (e.g., Google, Facebook) if you choose to sign in via these.
Payment processors confirming transaction status.
Background check providers for Service Provider verification (where applicable).
3. How We Use Your Information
Koopaz uses your personal data for the following purposes:
3.1 Service Delivery
To create and manage your account.
To facilitate bookings between Clients and Service Providers.
To process payments and issue receipts.
To provide customer support and resolve disputes.
3.2 Platform Improvement
To analyse usage patterns and improve the Platform's features and performance.
To develop new services and features based on user needs.
To conduct research, testing, and data analytics.
3.3 Communications
To send booking confirmations, reminders, and service updates.
To send promotional communications, where you have consented to receive them.
To notify you of changes to our Terms, policies, or services.
3.4 Safety and Security
To verify the identity and credentials of Service Providers.
To detect, investigate, and prevent fraudulent or illegal activity.
To enforce our Terms of Service and other policies.
3.5 Legal Compliance
To comply with applicable Zimbabwean laws and regulations.
To respond to lawful requests from government authorities.
4. Legal Basis for Processing
Under the Cyber and Data Protection Act, we process your personal data on the following bases:
Contractual Necessity: Processing required to deliver our services to you and fulfil our obligations under our Terms of Service.
Legitimate Interests: Processing that is in our or a third party's legitimate interest, such as improving Platform security or detecting fraud, where this does not override your rights.
Consent: Where you have given clear and informed consent, such as for marketing communications or location tracking.
Legal Obligation: Where processing is required to comply with a legal obligation under Zimbabwean law.
5. Information Sharing and Disclosure
We do not sell your personal data. We may share your information in the following circumstances:
5.1 With Other Users
When a Booking is made, relevant information is shared between the Client and the Service Provider to facilitate the service (e.g., name, contact details, service address).
5.2 With Service Providers and Partners
We may share your data with trusted third-party service providers who assist us in operating the Platform, including:
Cloud hosting and infrastructure providers.
Payment processing companies.
Communication and notification services (SMS, email).
Analytics and performance monitoring tools.
All third-party processors are contractually bound to protect your data and may only use it for the purposes specified by Koopaz.
5.3 Legal and Regulatory Disclosure
We may disclose your information where required by law, court order, or regulatory authority in Zimbabwe, or where we believe disclosure is necessary to protect the rights, property, or safety of Koopaz, our users, or the public.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. Data Retention
We retain your personal data for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
Account data is retained for the duration of your account and for up to five (5) years after account closure for legal and compliance purposes.
Transaction records are retained for a minimum of seven (7) years in compliance with Zimbabwean financial regulations.
Usage and analytics data may be retained in anonymised form indefinitely.
Communication records are retained for up to three (3) years.
When data is no longer required, it is securely deleted or anonymised.
7. Your Rights Under the CDPA
Under Zimbabwe's Cyber and Data Protection Act, you have the following rights with respect to your personal data:
Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete data.
Right to Erasure: You may request deletion of your data where there is no compelling reason for its continued processing.
Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
Right to Data Portability: You may request that we transfer your data to you or a third party in a structured, commonly used format.
Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at privacy@koopaz.com. We will respond to all requests within thirty (30) days.
8. Data Security
Koopaz implements appropriate technical and organisational security measures to protect your personal data from unauthorised access, loss, destruction, alteration, or disclosure. These measures include:
Encryption of sensitive data in transit using TLS/SSL protocols.
Encrypted storage of passwords and financial credentials.
Access controls restricting data access to authorised personnel only.
Regular security audits and vulnerability assessments.
Staff training on data protection and security practices.
While we take all reasonable steps to protect your data, no system is entirely secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant Zimbabwean authorities as required by the CDPA.
9. Cookies and Tracking Technologies
Koopaz uses cookies and similar tracking technologies to enhance your experience on the Platform.
9.1 Types of Cookies We Use
Essential Cookies: Required for the Platform to function. These cannot be disabled.
Performance Cookies: Help us understand how users interact with the Platform (e.g., Google Analytics).
Functional Cookies: Remember your preferences and personalise your experience.
Marketing Cookies: Used to deliver relevant advertising, only with your consent.
9.2 Managing Cookies
You can control or delete cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform.
10. Children's Privacy
The Koopaz Platform is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors.
11. Third-Party Links and Services
The Platform may contain links to third-party websites or integrated services. Koopaz is not responsible for the privacy practices of those third parties.
12. International Data Transfers
While Koopaz primarily operates within Zimbabwe, some of our third-party service providers may be based outside Zimbabwe. Where personal data is transferred internationally, we take steps to ensure that adequate protections are in place.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Platform at least fourteen (14) days before the changes take effect.
14. Complaints and Regulatory Authority
If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the relevant Zimbabwean data protection authority.
Data Protection Officer — Koopaz (Private) Limited Email: privacy@koopaz.com