CDIPP Organisation Data Processing Agreement

This Organisation Data Processing Agreement (the “Org DPA”) is the agreement between the registering organisation (“Customer”) and the CDIPP platform operator (“CDIPP”) governing the processing of personal data submitted to or generated within CDIPP. By ticking the acceptance checkbox at registration, the registering admin confirms they are duly authorised to bind the Customer to these terms.

1. Roles and lawful basis

Org-level data (legal name, registration number, TIN, registered address, banking details, licence numbers): Customer authorises CDIPP to collect and process this data under CONSENT for commercial features and LEGAL OBLIGATION where the data must be transmitted to sector regulators.

Employee / member data: Customer is the data controller for its employees’ work-related data within CDIPP. Customer represents that it has informed those employees and obtained any employment-law-required consents. CDIPP acts as the data processor on the Customer’s behalf. Lawful basis for processing employee work data is LEGITIMATE INTEREST of the Customer.

2. Sub-processors

CDIPP engages sub-processors for hosting, payments, KYC verification, SMS delivery and email delivery. The current sub-processor list is published inside the platform under Settings → Privacy → Sub-processors. CDIPP will notify the Customer’s admin in-app of any material change at least 30 days before it takes effect.

3. Data subject rights (DSR)

CDIPP supports access, rectification, restriction and erasure requests via the Privacy Hub in the dashboard. Erasure is performed by cryptographic shredding (hard delete plus destruction of the per-record KMS salt) so that on-chain hashes referencing the record become permanently untraceable.

4. Security & breach notification

CDIPP maintains organisational and technical measures appropriate to the risk, including encryption in transit and at rest, role-based access control, anomaly-based threat detection, and a Sovereign-OS-backed breach engine. Breaches affecting Customer data will be notified within the SLA mandated by the Customer’s data jurisdiction (24 hours for ZW CDPA, 72 hours for EU GDPR, comparable windows for SA POPIA / ZM DPA).

5. International transfers

Where data is transferred outside the Customer’s home jurisdiction, CDIPP relies on the regulator-approved transfer mechanism for that jurisdiction (Standard Contractual Clauses, Adequacy Decision, or equivalent).

6. Withdrawal & termination

The Customer’s admin may withdraw the Org DPA via DELETE /privacy/consent/org-dpa. Withdrawal disables all commercial features for the org and severs downstream API webhooks. Statutory processing (regulator submissions) continues until the Customer terminates its contract and full erasure becomes legally permissible.

7. Audit anchor

Acceptance, version uplift and withdrawal events are recorded off-chain in the OrgDataProcessingAgreement table and anchored on Hyperledger Fabric as an immutable hash, making the record legally non-repudiable.