+263-77-223-6460

Privacy Policy

Effective Date: 12 September 2025
Last Updated: 12 September 2025

1. Introduction

 

ACR Solutions (“we,” “our,” or “us”) respects your privacy and is committed to protecting the personal data of our clients, employees, and all individuals who interact with us. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with Zimbabwe’s Cyber and Data Protection Act 12:07.

 

2. Scope of this Policy

 

This Privacy Policy applies to:

          • All personal data collected, processed, and stored by ACR Solutions through our website, mobile applications, services, and any other interactions with you.
          • Data collected from clients, employees, suppliers, contractors, and other relevant parties.

By using our services or providing your personal data, you agree to the terms of this Privacy Policy.

 

3. Legal Basis for Processing Personal Data

 

We process your personal data in compliance with the Cyber and Data Protection Act, 12:07, based on the following lawful grounds:

          • Consent: Where you have explicitly granted permission for us to process your data.
          • Contractual Necessity: To fulfil our contractual obligations with you.
          • Legal Obligations: To comply with applicable laws and regulations.
          • Legitimate Interests: For purposes such as enhancing user experience, fraud prevention, and business operations, provided these interests do not override your rights.
 

4. Personal Data We Collect

 

We may collect the following types of personal data depending on your interaction with us:

 

4.1. Data You Provide Directly

 
          • Name, address, email, and phone number.
          • National Identity Number, Passport Number, or other government-issued ID.
          • Payment details (e.g., bank account or credit card information).
          • Client Case details
          • Other Client Confidential Information
          • Employment details (for employees or job applicants).
 

4.2. Data We Collect Automatically

 
          • IP addresses and device identifiers.
          • Browser type and operating system.
          • Cookies and similar tracking technologies (see Section 10 for details).
 

4.3. Special Categories of Data

 

We may process sensitive personal data (e.g., Financial, biometric data) only with your explicit consent or as required by law.

 

5. How We Use Your Personal Data

 

We process your personal data for the following purposes:

          1. Service Delivery: To provide and manage the services you request.
          2. Communication: To send updates, newsletters, or respond to inquiries.
          3. Compliance: To fulfil legal obligations, including fraud detection and prevention.
          4. Employment Purposes: For recruitment, payroll, and human resource management. 

 

6. Data Sharing and Disclosure

 

We may share your personal data with third parties only under the following circumstances.

 

6.1. With Your Consent

 

We will share data with third parties if you have explicitly authorized us to do so.

 

6.2. Legal and Regulatory Obligations

 

We may disclose personal data to comply with legal requirements, court orders, or government requests.

 

6.3. Service Providers

 

We may share data with trusted third-party service providers who assist us in delivering our services, such as payment processors, IT providers, and marketing agencies.

 

6.4. Business Transfers

 

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.

 

7. Data Transfers

 

If we transfer your personal data outside Zimbabwe:

          • We ensure that the recipient country provides adequate data protection standards.
          • We implement safeguards such as data transfer agreements or seek your explicit consent.
 

8. Data Retention

 

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or to comply with legal obligations. Retention periods may vary depending on:

          • Legal and regulatory requirements.
          • Contractual obligations.
          • Your specific consent or instructions.

When your data is no longer required, we will securely delete or anonymize it.

 

9. Your Rights

 

Under the Cyber and Data Protection Act, 12:07, you have the following rights:

          1. Access: Request a copy of your personal data.
          2. Correction: Rectify any inaccuracies in your data.
          3. Erasure: Request deletion of your data, subject to legal and contractual obligations.
          4. Objection: Object to the processing of your data for specific purposes.
          5. Portability: Request a copy of your data in a structured, machine-readable format.
          6. Withdraw Consent: Revoke your consent for data processing at any time.

To exercise your rights, contact us using the information in Section 13.

 

10. Cookies and Tracking Technologies

 

We use cookies to improve your experience on our website. These cookies may include:

          • Essential Cookies: Required for the site to function.
          • Performance Cookies: Track website usage and improve functionality.
          • Targeting Cookies: Deliver tailored advertisements.

You can manage your cookie preferences through your browser settings.

 

11. Data Security

 

We are committed to protecting your data. Measures we use include:

          • Encryption of sensitive data.
          • Access controls to prevent unauthorized access.
          • Regular security audits and employee training.

While we take reasonable steps to secure your data, no system is completely secure.

 

12. Data Breach Notification Procedures

 

We take data breaches seriously and have established procedures to respond promptly and effectively. In the event of a data breach involving your personal data:

 

12.1. Notification to the Data Protection Authority

 

We will notify the relevant regulatory authority (e.g., the Cybersecurity and Data Protection Authority) within 24 hours of becoming aware of a breach, as required by the Cyber and Data Protection Act, 12:07.

 

12.2. Notification to Affected Individuals

 

If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. This notification will include:

            • A description of the nature of the breach.
            • The categories and approximate number of affected individuals and data records.
            • Contact details for the individual or team handling the incident.
            • Recommendations for you to mitigate potential risks (e.g., password changes).
 

12.3. Mitigation and Remediation

 

We will take immediate steps to contain the breach, investigate its root cause, and implement corrective actions to prevent future occurrences.

 

12.4. Record-Keeping

 

We will document all breaches, including the facts, effects, and remedial actions taken, even if notification to the regulatory authority or individuals is not required.

 

13. Changes to this Privacy Policy

 

We may update this Privacy Policy from time to time. Changes will be communicated via our website or other appropriate channels. The “Last Updated” date at the top of this document reflects the most recent changes.

 

14. Contact Information

 

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our Data Protection Officer:

Chenai Makoko – Data Protection Officer

Email: cmakoko@acr4solutions.com 

Phone: +263777489701

You may also lodge complaints with POTRAZ which is the designated Data Protection Authority of Zimbabwe if you believe we have violated your rights.

 

15. Acknowledgment and Agreement

 

By using our services or providing us with your personal data, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Tapiwa Chizana
Tapiwa is a qualified Chartered Accountant with over 25 years professional experience at Deloitte. He was previously Managing Partner of Deloitte Bulawayo, and served as a partner for 16 years, delivering Consulting, Audit, M&A engagements, as well as Corporate Rescue appointments. Tapiwa is a former President of the Institute of Chartered Accountants of Zimbabwe (ICAZ). He is also a past vice president of the Insolvency & Restructuring Association of Zimbabwe. Tapiwa is passionate about Business Turnaround Management and helping clients innovate and modernise through adopting cloud-based technologies, artificial Intelligence and holistic digital transformation. His capabilities also include IFRS advisory and Environmental Sustainability and Governance, and he participated in Deloitte Africa and Global forums exploring the implementation of ESG in Africa. He is also on the PAAB panel supporting the Adoption and Implementation of Sustainability Standards in Zimbabwe.
Bothwell Nyajeka
Bothwell is an experienced professional and business executive with key strengths in formulating strategy execution within a dynamic economic environment. He helps businesses strengthen their processes and systems to enable effective business administration and financial management. He completed his training as a Chartered Accountant with KPMG and has worked in senior roles in both the private and public sectors. His work experience, having assumed the roles of CFO and CEO, enables him to effectively Coach business executives and future leaders. He also sits on the Boards of Directors of various companies in Southern Africa, including Zimbabwe, Botswana, South Africa and Uganda. Bothwell is a past President of the Institute of Chartered Accountants (Zimbabwe). Through the Institute of Chartered Accountants (Zimbabwe) (ICAZ), Bothwell is leading a project to professionalise the Public Sector Accountants in Zimbabwe.
Thandi Nyoni
Thandi has over 20 years’ experience as a finance and governance professional; with a focus on corporate governance, operations, and finance. She is a qualified Chartered Accountant, having qualified with Ernst & Young; and is also qualified as a Chartered Governance Professional (Chartered Secretary- UK.) Thandi is also a full member of the Chartered Institute for Securities and Investments (UK). Her experience includes supporting and providing guidance to entities in various jurisdictions on regulatory compliance, and also execution of in-country and cross border corporate restructuring transactions. She also focuses on the effectiveness of company boards and the effectiveness of internal audit functions. Thandi has in-depth knowledge of international trusts and corporate structures.
Tendai Mabikacheche
Tendai is a Sustainable Finance Advisor with global experience including 10 years from Deloitte UK and Deloitte Africa. She has recently completed a sustainable finance advisory role for the UK government department BEIS in London. She completed her Masters in Biodiversity and Conservation, after obtaining an Honours Bachelors degree in Applied Environmental Science. She holds a wise set of Skills and knowledge in sustainable finance namely impact investing, impact analysis, climate strategy and risks to mention a few. Tendai advises organisations seeking to raise capital (Climate finance) and supports them strategically on their journey pursuant to that.
Diana Runyemba
Diana graduated from Rhodes University with a Bachelor of Laws Honours Degree. She has experience in retail trade and has an appreciation of the dynamics in family businesses and how the next generation can be integrated. Diana is an advocate for the rights of women and children within the context of Estate planning and the establishment of family Trusts. This positions her to be a well-rounded family business advisor in a manner that considers the entire family’s welfare. She lives by the mantra, “What counts in life is not the mere fact that we have lived. It is what difference we have made to the lives of others” Nelson Mandela.
Mpi Ndebele
Mpi is a strategic and transformational leader who thrives on developing innovative solutions for African businesses and effecting digital transformation. He has a Bachelors in Electronic Engineering (Cum Laude) and has experience in Systems Analysis and Development. Mpi is passionate about technological solutions that maximise effectiveness, efficiency, excellence, and user satisfaction. His focus is to help businesses and organisations maximise their efforts through unlocking unique identity and value, effective strategic planning, establishing a strengths-based culture and developing digital solutions that address the organisation’s pain points.