GRCPro
Solutions Platform Contact
Sign In

Legal

Privacy Policy

GRCPro (Private) Limited · Operating in Zimbabwe · Last updated 18 June 2026

Privacy Policy Terms of Service Security

This document is provided for general information purposes and does not constitute legal advice. If you require advice tailored to your organisation, please consult qualified legal counsel in Zimbabwe.

This Privacy Policy explains how GRCPro (Private) Limited ("GRCPro", "we", "us", or "our") processes personal information when you visit our website, register for an account, or use the GRCPro governance, risk, and compliance platform. We operate primarily in Zimbabwe and process data in line with the Cyber and Data Protection Act [Chapter 12:07], the Constitution of Zimbabwe (including the right to privacy), and other applicable Zimbabwean laws.

1. Who We Are

GRCPro is an enterprise governance, risk, and compliance (GRC) software platform. For the purposes of data protection law, we act as the data controller for personal information collected through our website and customer accounts, unless a separate data processing agreement states otherwise for a specific enterprise deployment.

  • Legal entity: GRCPro (Private) Limited
  • Registered office: Harare, Zimbabwe
  • Privacy contact: privacy@grcpro.net

2. Information We Collect

Depending on how you interact with GRCPro, we may collect:

  • Account information: name, work email address, job title, organisation name, telephone number, and authentication credentials.
  • Organisation and GRC data: risk registers, audit records, compliance artefacts, policies, incidents, and other information you or your organisation uploads or creates in the platform.
  • Technical data: IP address, browser type, device identifiers, log files, session data, and usage analytics necessary to operate and secure the service.
  • Communications: support requests, demo enquiries, and correspondence with our team.
  • Payment and billing data (where applicable): processed through our payment providers; we do not store full payment card numbers on our servers.

3. How We Use Your Information

We use personal information to:

  • Provide, maintain, and improve the GRCPro platform and related support services.
  • Create and manage user accounts, authenticate access, and enforce role-based permissions.
  • Send service notifications, security alerts, and administrative messages.
  • Respond to enquiries, demos, and customer support requests.
  • Monitor platform performance, detect fraud, and protect against unauthorised access.
  • Comply with legal obligations, regulatory requests, and lawful directions from competent authorities in Zimbabwe.
  • Send marketing communications where permitted by law and where you have opted in (you may opt out at any time).

4. Legal Basis for Processing

Under the Cyber and Data Protection Act and related Zimbabwean law, we rely on one or more of the following grounds, as applicable:

  • Contract: processing necessary to perform our agreement with you or your organisation.
  • Legitimate interests: securing our platform, preventing abuse, and improving our services, balanced against your rights.
  • Legal obligation: compliance with court orders, regulatory requirements, or applicable statutes.
  • Consent: where required for optional features, marketing, or non-essential cookies.

5. Sharing and Disclosure

We do not sell personal information. We may share data with:

  • Service providers (hosting, email, analytics, payment processing) bound by confidentiality and data protection obligations.
  • Your organisation administrators who manage users within a tenant account.
  • Professional advisers (legal, audit, insurance) under duty of confidentiality.
  • Regulators and authorities when required by Zimbabwean law or a valid legal process.
  • Successors in connection with a merger, acquisition, or asset transfer, subject to equivalent protections.

6. Cross-Border Transfers

Your data may be processed in Zimbabwe and, where necessary to deliver the service, in other countries with adequate safeguards. Where personal information is transferred outside Zimbabwe, we implement appropriate contractual, technical, and organisational measures consistent with the Cyber and Data Protection Act and guidance issued by the Data Protection Authority of Zimbabwe.

7. Data Retention

We retain personal information for as long as your account is active, as needed to provide the service, and as required by law (including tax, audit, and regulatory retention periods applicable in Zimbabwe). When data is no longer required, we securely delete or anonymise it in accordance with our retention schedule.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information. See our Security page for an overview of our controls. No method of transmission or storage is completely secure; please use strong passwords and report suspected incidents promptly.

9. Your Rights

Subject to applicable law, you may have the right to:

  • Request access to personal information we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion or restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with the Data Protection Authority of Zimbabwe.

To exercise your rights, contact privacy@grcpro.net. We may need to verify your identity and will respond within the timeframe required by law.

10. Cookies and Similar Technologies

We use cookies and similar technologies to maintain sessions, remember preferences (including theme settings), and analyse site usage. You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

11. Children

GRCPro is intended for business and professional use. We do not knowingly collect personal information from children under 18 without appropriate parental or guardian consent.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated date. Continued use of the service after changes take effect constitutes acceptance of the revised policy, unless otherwise required by law.

13. Contact Us

For privacy questions or requests:

  • Email: privacy@grcpro.net
  • General legal enquiries: legal@grcpro.net
  • Postal address: Harare, Zimbabwe
GRCPro

Enterprise governance, risk, and compliance platform serving organisations across Zimbabwe and Africa.

Product

  • Solutions
  • Platform
  • Start Free Trial

Company

  • Contact
  • Sign In

Legal

  • Privacy Policy
  • Terms of Service
  • Security
© 2026 GRCPro. All rights reserved. Registered in Zimbabwe. Back to home