Legal

Privacy Policy

How Ten Alliance collects, uses, protects, and manages your personal data — in plain language.

Effective Date: 1 January 2025
Last Updated: 1 January 2025
POPIA & GDPR Aligned

1 Overview

Ten Alliance (Private) Limited ("Ten Alliance", "we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Loan Management System platform and website.

This Policy applies to all users of the Ten Alliance platform, including institution administrators, loan officers, borrowers whose data is entered into the system, and visitors to our website.

Your privacy matters. Ten Alliance was built with data security as a foundational principle. We do not sell your personal information to third parties, and we only collect data that is necessary to deliver and improve our services.

By using the Ten Alliance platform or website, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our services and contact us at privacy@tenalliance.co.zw.

2 Data We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information provided by your institution.

2.1 Information You Provide

  • Account registration details: name, email address, job title, phone number
  • Institution details: company name, registration number, branch information
  • Demo request and contact form submissions
  • Support tickets and communications with our team
  • Billing and payment information (processed securely via payment providers)

2.2 Borrower Data (Entered by Institutions)

Institutions using Ten Alliance enter borrower data into the platform on behalf of their clients. This may include:

  • Full name, national ID number, date of birth
  • Contact details: address, phone number, email
  • Employment and income information
  • Loan history, repayment records, collateral details
  • Documents and identification uploads

Important: Institutions are responsible as data controllers for the borrower data they enter. Ten Alliance acts as a data processor. Institutions must ensure they have the appropriate consent and legal basis to enter third-party personal data into the platform.

2.3 Automatically Collected Data

  • IP address, browser type, and device information
  • Pages visited, time spent, and navigation patterns
  • Login timestamps and session duration
  • Error logs and system performance data

3 How We Use Your Data

PurposeLegal Basis
Providing and operating the Ten Alliance platformContract performance
User authentication and account securityContract performance / Legitimate interest
Processing demo requests and sales enquiriesConsent / Legitimate interest
Sending system notifications and updatesContract performance
Providing customer supportContract performance / Legitimate interest
Improving platform features and performanceLegitimate interest
Regulatory compliance and audit requirementsLegal obligation
Marketing communications (opt-in only)Consent

We will never use your data for purposes incompatible with those listed above without obtaining your prior consent.

4 Data Sharing

Ten Alliance does not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

4.1 Service Providers

We engage trusted third-party vendors who assist in operating our platform, including cloud hosting providers, SMS/email gateway providers, and payment processors. All vendors are bound by data processing agreements and may not use your data for their own purposes.

4.2 Legal Requirements

We may disclose your information where required by law, regulation, or court order — including disclosure to your country's central bank, financial regulatory authority, or other competent authorities where legally mandated.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified of any such change and your rights will be protected.

5 Data Storage & Security

All data is stored on secure cloud infrastructure with the following protections in place:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit for all data transfers
  • Role-based access control — staff can only access data their role requires
  • Regular automated backups with point-in-time recovery
  • Intrusion detection and continuous security monitoring
  • Penetration testing conducted periodically by independent security professionals

Data residency: Ten Alliance stores data on servers within or near the region of operation. Cross-border data transfers, where they occur, are governed by appropriate safeguards and data transfer agreements.

6 Cookies & Tracking

Our website uses cookies and similar tracking technologies to improve your browsing experience and collect analytics. Types of cookies we use:

  • Essential cookies: Required for the website and platform to function correctly. Cannot be disabled.
  • Analytics cookies: Help us understand how visitors use the site (e.g., Google Analytics 4). You may opt out via your browser settings.
  • Functional cookies: Remember your preferences and settings across sessions.
  • Marketing cookies: Only placed with your explicit consent.

You may manage or disable cookies through your browser settings at any time. Note that disabling essential cookies may impact platform functionality.

7 Your Rights

Under applicable data protection laws (including Zimbabwe's Cyber and Data Protection Act and GDPR where applicable), you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Restriction: Request that we restrict processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent at any time where processing is consent-based

To exercise any of these rights, contact us at privacy@tenalliance.co.zw. We will respond within 30 days.

8 Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

Data TypeRetention Period
Account and user dataDuration of subscription + 3 years
Loan and financial records7 years (regulatory requirement)
Support communications3 years from last contact
Website analytics data26 months
Marketing consent recordsUntil consent is withdrawn + 1 year

After the applicable retention period, data is securely deleted or anonymised.

9 Children's Privacy

The Ten Alliance platform is intended for use by financial institutions and their authorised staff. It is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor's data has been entered without appropriate consent, please contact us immediately.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and by displaying a prominent notice on the platform. The date at the top of this page reflects the most recent update. Continued use of the platform after any changes constitutes your acceptance of the updated policy.

11 Contact Us

For any privacy-related queries, data requests, or concerns, please contact our Data Protection Officer:

Ten Alliance (Private) Limited
Data Protection Officer
Harare, Zimbabwe
Email: privacy@tenalliance.co.zw
Phone: +263 [TBD]