Privacy Policy

  1. Home
  2. Privacy Policy

Data Protection & Privacy Policy

Savelife Medical Aid is committed to protecting the personal data of our members, clients, staff, and stakeholders in line with the Cyber and Data Protection Act [Chapter 12:07] (CDPA) of Zimbabwe and applicable regulations. This policy outlines how we collect, use, disclose, store, and protect personal data.

Purpose

The purpose of this policy is to establish principles, responsibilities, and guidelines to ensure that personal data processed by Savelife is handled lawfully, fairly, and securely.

Scope

This policy applies to all personal data collected and processed by Savelife in the provision of medical insurance services to individuals, schools, corporations, employees, and third-party partners.

Principles of Data Protection

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

Lawful Basis for Processing

Savelife processes personal data on the following lawful basis:

  • Consent of the data subject
  • Performance of a contract (e.g., medical aid membership and claims)
  • Compliance with legal and regulatory obligations
  • Protection of the vital interests of members
  • Legitimate interests pursued by Savelife (such as fraud prevention and policy administration)
  • Public interest in the area of public health
  • Establishment, exercise, or defense of legal claims

Categories of Data Collected

  • Identification data (name, date of birth, ID number, contact details)
  • Employment and corporate details (employer, policy details, membership number)
  • Health-related data (medical history, diagnoses, treatment information, claims data)
  • Financial information (payment details, bank information)
  • Communication records (emails, call logs, correspondence)

Data Subject Rights

Under the CDPA, data subjects have the right to:

  • Access their personal data
  • Request correction or deletion of their data
  • Object to processing
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Data Protection Authority

Data Sharing and Disclosure

Personal data may be shared with:

  • Healthcare providers and facilities for treatment verification
  • Reinsurance companies for risk management
  • Regulatory authorities where legally required
  • IT service providers and processors under contractual agreements

Savelife ensures that all third parties implement adequate safeguards.

Data Retention

Personal data shall only be retained for as long as necessary to fulfil the purposes for which it was collected, including legal, contractual, and regulatory requirements.

Security Measures

Savelife employs appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. Measures include encryption, access controls, secure storage, and staff training.

Roles and Responsibilities

All Savelife staff must comply with this policy. The Data Protection Officer (DPO) is responsible for monitoring compliance, providing training, and acting as the main contact with the Data Protection Authority.

Data Breach Management

All breaches must be logged in the Breach Register. The Data Protection Officer (DPO) will notify the Data Protection Authority and affected individuals within 72 hours, as required by law.

Review and Updates

This policy will be reviewed annually or when necessary due to regulatory or operational changes.

Contact Us

If you have any questions about how we use your personal data or want to exercise your rights, please contact our Data Protection Officer:
Email: rchakanyuka@savelifemedicalaid.co.zw
Phone: +263778791092
Address: Savelife Medical Aid, 2 Dendy Young, Belvedere, Harare