Personal Data Protection Policy
Coolsands Tanzania Ltd
1. Purpose
This policy outlines how COOLSANDS TANZANIA LTD collects, processes, stores, and protects personal data in compliance with the Tanzania Personal Data Protection Act, 2023 (PDPA) and related regulations. It ensures that all personal data is processed lawfully, fairly, and transparently.
2. Scope
This policy applies to all employees, consultants, vendors, and third parties handling personal data on behalf of COOLSANDS TANZANIA LTD. It covers all operations within Tanzania and any cross-border transfers of personal data.
3. Legal Basis
This policy is guided by the Personal Data Protection Act, Cap 44, and applies to data controllers and data processors as defined under the PDPA.
4. Key Definitions
- Personal Data: Any information that can identify a natural person.
- Sensitive Personal Data: Includes data relating to race, health, political opinions, religion, sexual orientation, etc.
- Data Subject: The individual to whom the personal data relates.
- Data Controller / Processor: An entity determining or processing personal data purposes.
- PDPC: The Personal Data Protection Commission of Tanzania.
5. Data Protection Principles
COOLSANDS TANZANIA LTD commits to comply with the following PDPA principles:
- Lawfulness and Fairness – Personal data shall be processed lawfully and fairly.
- Purpose Limitation – Data shall be collected for specific, legitimate purposes and not further processed incompatibly.
- Data Minimization – Only necessary data shall be collected and processed.
- Accuracy – Personal data shall be accurate and kept up to date.
- Storage Limitation – Data shall be retained only as long as necessary.
- Security and Confidentiality – Appropriate safeguards shall protect data from loss, alteration, or unauthorized access.
- Accountability – The organization shall be responsible for demonstrating compliance with PDPA.
6. Data Collection and Use
Personal data will be collected only:
- For specific and lawful purposes tied to business needs.
- With informed consent, where required.
- In a transparent manner – data subjects shall be notified of their rights and purposes for processing.
7. Rights of Data Subjects
Under the PDPA, data subjects have the right to:
- Access their personal data.
- Request correction or deletion of inaccurate data.
- Object to processing or direct marketing.
- Request restriction of processing or data portability.
- Lodge complaints with the Personal Data Protection Commission
(PDPC).
8. Data Security Measures
COOLSANDS TANZANIA LTD implements appropriate technical and organizational measures to protect data, including:
- Encryption and password protection.
- Access control and staff authentication.
- Secure disposal of physical and electronic records.
- Regular risk assessments and security audits.
- CCTV No data will be collected or stored as they are preventative and not for data collection
9. Data Retention and Disposal
Personal data shall be retained only for as long as necessary to fulfil its purpose or as required by law. Upon expiry, data shall be securely deleted or anonymized.
10. Cross-Border Data Transfers
Personal data may only be transferred outside Tanzania when:
- The receiving state ensures adequate data protection measures, or
- Explicit consent is obtained from the data subject, under PDPA Sections 31-32.
11. Roles and Responsibilities
- Data Protection Officer (DPO): Oversees compliance, handles data subject requests, and liaises with the PDPC.
- All Employees: Must follow this policy when handling personal data.
- Management: Ensures staff training and allocation of necessary resources.
12. Breach Management
Any personal data breach must be reported immediately to the DPО. The DPO will notify the PDPC and affected individuals within the period set by the PDPA regulations.
13. Policy Review
This policy shall be reviewed annually or upon significant changes in data protection law. AS AND WHEN NECESSARY.
