Zimbabwe International Trade Fair Company is committed to safeguarding your privacy and ensuring the security of your personal data. This policy outlines our practices regarding the collection, use, and disclosure of your information, and defines your rights as a data subject. The Zimbabwe International Trade Fair Company acts as the primary Data Controller.

1. Collection of Personal Information

We collect information directly from you through your interactions with our exhibitions, conferences, and digital platforms. This includes, but is not limited to:

• Identity and Contact Data: Full name, nationality, passport/ID details, email address, phone number, and social media handles.
• Authentication Data: Usernames, passwords, and related security authentication data.
• Financial Data: Credit/debit card details (processed securely via PCI-compliant third-party providers).
• Preferences and Interactions: Communication preferences, event networking choices, feedback, and customer support inquiries.
• Technical Data: Information regarding device interaction, collected via cookies and server logs to optimize service delivery.

2. Use of Personal Information

We process personal data under the following legal frameworks:

• Contractual Obligation: To fulfill transactions or provide requested services.
• Legal Compliance: To comply with applicable statutory or regulatory requirements.
• Consent: Where you have granted explicit permission for specific processing activities.
• Legitimate Interests: To maintain system security, prevent fraud, and for our legitimate interests in operating, improving, and securing our events and platforms (where such interests are not overridden by your rights).

3. Information Sharing and Disclosure

We do not sell your personal data. Disclosure to third parties occurs only under the following circumstances:

• Service Providers: We engage trusted partners and service providers (IT, payment processing, venue management) under strict confidentiality agreements.
• Consent-Based Sharing: Data may be shared with sponsors, partners or exhibitors to provide relevant industry information, only where you have provided prior, explicit opt-in consent at the point of registration.
• Exhibitor Interactions: If you permit an exhibitor to scan your badge, you are explicitly authorizing the transfer of your contact details to that third party. Exhibitors are contractually required to use such data solely for follow-up communications related to their participation at ZITF events and may not share, sell or use it for unrelated marketing purposes. ZITF assumes no liability for an exhibitor’s independent processing of data following a badge scan.

4. Data Security Measures

We implement appropriate technical and organizational security measures including encryption of data in transit and at rest, role-based access controls, and regular security reviews. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected data subjects without undue delay, in accordance with the Zimbabwe Data Protection Act 2021.

5. Data Retention

Personal data is retained only for as long as necessary for the stated purpose or as required by law. As a guide:

• Registration Data: Retained for up to 3 years post-event.
• Financial Records: Retained for 7 years in compliance with applicable tax law.
• Security Data: CCTV and surveillance recordings are retained for 30 days unless required for an active investigation.
• Marketing Data: Retained until consent is withdrawn.

Upon expiry, data is securely deleted or anonymised.

6. Subject Rights

Under the Zimbabwe Data Protection Act 2021, you have the right to:

• Access: Access your personal data and obtain a copy.
• Rectification: Rectify inaccurate or incomplete data.
• Erasure: Request erasure of your data where there is no lawful basis for continued processing.
• Restriction: Restrict processing pending a dispute or objection.
• Objection: Object to processing based on legitimate interests.
• Portability: Receive your data in a portable, machine-readable format.
• Withdrawal: Withdraw consent at any time without detriment, where processing is consent-based.

You also have the right to lodge a complaint with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ). To exercise any of the above rights, please contact our Data Privacy Officer at privacy@zitf.co.zw. We will respond within 30 days of receiving a valid request.

7. Policy Amendments

The Zimbabwe International Trade Fair Company reserves the right to update this policy. Significant changes will be communicated via our official channels.

Where we rely on consent as the legal basis for processing, we will obtain your explicit, informed, and affirmative consent at the point of registration or data collection. This policy is provided for transparency and does not, on its own, constitute consent. Where processing is based on legitimate interests or legal obligation, consent is not required but you retain the right to object as outlined in Section 6. This policy is governed by the laws of Zimbabwe, including the Data Protection Act 2021.