CDIPP Privacy Notice

This Privacy Notice explains how CDIPP (the platform) collects, uses, shares and protects personal data. It applies across the four legal regimes CDIPP operates under, identified by the Customer organisation’s dataJurisdiction:

• ZW CDPA — Zimbabwe Cyber and Data Protection Act [Chapter 11:22] (regulator: POTRAZ).
• EU GDPR — General Data Protection Regulation (regulator: ICO, CNIL, BfDI, etc., per member state).
• SA POPIA — Protection of Personal Information Act (regulator: Information Regulator).
• ZM DPA — Zambia Data Protection Act (regulator: Data Protection Commissioner).

1. Data we process

Identity (name, email, phone, national ID hash), org-affiliation and role, authentication artefacts, device fingerprint and IP, geolocation when actively used for verify/scan, transactional records (registrations, attestations, scans, payments) and audit metadata.

CDIPP applies data minimisation — only fields required for the specific feature or regulatory submission are collected.

2. Lawful bases by feature

Authentication, role-based access and audit logging are processed under LEGITIMATE INTEREST. Sector regulator submissions (ZIMRA, MCAZ, DVS, AGRITEX, etc.) are processed under LEGAL OBLIGATION. Optional commercial modules (analytics, benchmarking, consumer scan history, marketing) are processed under CONSENT with a per-module opt-in inside Privacy Hub.

3. PII storage

Personal data is stored exclusively off-chain in PostgreSQL with KMS-managed per-record salts. Hyperledger Fabric only ever holds salted hashes of consent / acknowledgement / DSR events. Erasure destroys both the row and its KMS salt — the on-chain hash becomes permanently untraceable to a human identity without code changes.

4. Three-tier consent model

• Tier 1 — Platform staff: employment-contract basis. No click-consent. Informational acknowledgement on first login.
• Tier 2 — Org-affiliated users: the org’s representative signs an Org DPA at registration. Individual employees receive an informational notice on first login (no blocking consent).
• Tier 3 — Self-registered individuals: direct, explicit click-consent at registration. Withdrawable at any time via Privacy Hub.

5. Your rights

Subject-access (export), rectification, restriction and erasure requests are exercisable through Privacy Hub in the dashboard, or by writing to CDIPP’s Data Protection Officer at the contact details published in the platform footer. Erasure may be deferred only when statutory retention obligations apply, in which case CDIPP’s DPO and SUPER_ADMIN must co-approve via the “Statutory Erasure Co-Approval” queue.

6. Sharing & transfers

CDIPP shares data only with:

• The user’s own organisation (where applicable).
• Sector regulators in the user’s jurisdiction, under LEGAL OBLIGATION.
• Sub-processors under written contract with equivalent confidentiality and security obligations (full list in the dashboard’s Sub-processors page).

International transfers rely on the transfer mechanism approved by the user’s home regulator (SCCs, Adequacy Decision or equivalent).

7. Security & breach notification

CDIPP’s Sovereign OS Threat Engine subscribes to the audit Kafka topic, enforces anomaly rules (data exfiltration, lateral movement, credential stuffing) and on detection locks the offending token, opens a breach incident and dispatches a Preliminary Incident Report to the relevant regulator within the jurisdiction’s SLA.

8. Contact

Data Protection Officer: see Settings → Privacy → Contact DPO in the dashboard for the DPO email and ticket portal.