The Imisepela Project hereinafter referred to as “TIP”, "Imisepela", "we", "us", or "our" is committed to protecting your privacy in accordance with Article 17 of the Constitution of Zambia (right to privacy), the Data Protection Act, 2021 (the "DPA"), the Access to Information Act, 2016, and other applicable Zambian laws. This privacy policy governs the collection, processing, storage, use, disclosure, and protection of personal data through our Imisepela Web Application ("the App"), podcast services, and related interactions. External links are not covered; we bear no responsibility for third-party privacy practices.
"Biometric Data" means personal data resulting from specific technical processing relating to the physical, physiological, or behavioural characteristics of a natural person, which allow or confirm unique identification, such as facial images, voiceprints from podcasts, or dactyloscopic data, as defined under section 2 of the DPA.
"Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by statement or clear affirmative action, signifying agreement to processing, per section 3 of the Data Protection Act of 2021. .
"Data" means information relating to an identified or identifiable natural person, including automated and manual records and Data as defined in Section 3 of the Data Protection Act of 2021.
"Data Subject" means an identified or identifiable natural person to whom personal data relates and as defined by Section 3 of the Data Protection Act of 2021.
"Data Protection Officer (DPO)" means the officer appointed under section 45 of the Data Protection Act whose duties are as prescribed by Law in Sub Section 1(a) and b.
"Explicit Consent" means clear, specific statement, required for special categories of data under sections 13 and 14 of the Data Protection Act.
"Personal Data" means any information relating to an identified or identifiable natural person, including name, ID number, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity, as per section 3 of the Data Protection Act.
"Processing" means any operation on personal data, including collection, recording, storage, adaptation, retrieval, use, disclosure, erasure, or destruction, whether automated or not and as provided for under Section 3..
"Records" means any documents in any format created or received in the course of activities and as envisaged by the various sources of law in Zambia.
"Supervisory Authority" means the Zambia Data Protection Authority established under Part III of the Data Protection Act of 2021.
"Imisepela" means The Imisepela Project, a charitable organisation registered under the Non-Governmental Organisations Act No. 16 of 2009. 1.12 App means the Imisepela Web Application and associated podcast/media services.
2.1 All processing is lawful envisaged in Part IV of the Data Protection Act which provides Principles and Rules relating to the processing of personal data, based on consent, contract necessity, legal obligation, vital interests, public task, or legitimate interests (balanced through law and economics assessment of privacy costs vs. cooperative benefits).
2.2 Scope includes personal data collected via the App, podcasts (e.g., voice recordings, opinions), forms, devices, and interactions.
3.1 We collect: name, address, phone, email, financial details, location, and identifiers.
3.2 Podcast/media-specific: voice data, audio recordings, images, and behavioural insights (e.g. participation patterns).
3.3 Special categories (e.g. biometric voice data) require explicit consent per sections 13 and 14 of Data Protection Act.
4.1 Collected: device model, OS, unique IDs, IP/MAC addresses, browser data, log data (e.g. timestamps, referral URLs), usage metrics (frequency, duration).
4.2 Podcast interactions: session recordings, download logs, geolocation from access points.
4.3 Minimized to necessity principle (section 15 which provides for justification and objection of consent).
5.1 Methods: direct input, automated tools (cookies, analytics), third-party integrations, podcast uploads/submissions.
5.2 No collection of data will be beyond fair, lawful, transparent purposes.
6.1 Service delivery (e.g., cooperative membership, podcast distribution).
6.2 Communication (updates, promotions, with opt-in).
6.3 Fraud prevention, analytics (aggregated, anonymized) to prevent fraud.
6.4 Legal compliance were provided for by the Data Protection Act or supporting legislation and guidelines.
6.5 No incompatible secondary uses without consent will be employed
7.1 Obtained through positive, free, specific, informed action (e.g., checkbox for podcasts).
7.2 Explicit for sensitive data; recorded and auditable.
7.3 Withdrawable anytime without detriment (section 14 of Data Protection Act); contact Data Protection Officer to strengthen safety.
7.4 Children as defined by the Constitution of Zambia require parental consent (section 17, Data Protection Act).
8.1 Contact: DPO, Plot No 40, Bwinjimfumu Road, Rhodes Park, Lusaka, Zambia; info@imisepela.com.
8.2 Oversees Data Protection Act compliance, rights exercises, breach reporting.
9.1 Measures: encryption, access controls, pseudonymization, regular audits (as per Data Protection Act).
9.2 Breach notification to Authority and data subjects within 72 hours if high risk (as per the Data Protection Act).
9.3 Retention: no longer than necessary; deletion/assessment per purpose (e.g., 7 years for financial records per statute).
10.1 Third parties: service providers (e.g., cloud hosts, podcast platforms) under DPA-compliant contracts.
10.2 Only with assurance of equivalent protections; no sales.
10.3 Legal disclosures: court orders, Authority requests, per Access to Information Act.
10.4 International transfers: adequacy decision or safeguards (as per, Data Protection Act).
11.1 Contact Data Protection Officer to exercise; verification required.
11.2 Free, subject to manifestly unfounded/excessive fee (section 32, DPA).
12.1 Confirm processing; provide copy, purposes, categories, recipients, sources, consequences (section 30, DPA).
13.1 Correct inaccurate/incomplete data without delay.
14.1 Delete if no longer necessary, consent withdrawn, unlawful processing, or legal obligation (as per, Data Protection Act).
15.1 Restrict pending verification; no further processing without consent.
16.1 Object to legitimate interests/direct marketing; we cease unless compelling grounds.
17.1 Receive structured, machine-readable copy for transfer (automated processing only, section 33, DPA).
18.1 Anytime; no effect on prior lawful processing.
19.1 Contact DPO first; escalation to Zambia Data Protection Authority (section 6, DPA).
19.2 Judicial remedies under Constitution and DPA.
20.1 Used for functionality/analytics; opt-out available.
20.2 Detailed policy via App settings.
21.1 Notify via App/email; continued use implies acceptance.
21.2 Current version at info@imisepela.com
22.1 Zambian law, subject to Lusaka courts.
22.2 DPA and Constitution prevail.