I. INTRODUCTION

  • Companhia do Pipeline Moçambique-Zimbabwe, Limitada (CPMZ) is fully committed to protecting your privacy and your personal data;
  • We have a legal duty to protect the personal data we process, whether it belongs to users of our website, employees, service providers, suppliers and clients, and this duty is a priority for us in the pursuit of our business activity. We comply and ensure compliance with the terms of the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data where appropriate or applicable.
  • If you have any queries, comments or suggestions about our Privacy Policy, please contact us using the contact details given in section 13 of this policy.

II . GENERAL PRINCIPLES OF OUR PRIVACY POLICY

In your relationship with us, whether you are accessing our corporate websites, providing us your personal data or interacting with us in a way that we can collect it, we make it clear that you are accepting our Privacy Policy, which is based on the principles listed below:

  • “Only authorised persons use authorised data for authorised purposes”;
  • “We understand that the security of your data is a priority and we review security periodically in line with technological advances”;
  • “We know that personal data does not belong to us but to the data subjects”;
  • “We foster good practices in privacy, data protection and IT security, which we review continually because we understand that this is an ongoing improvement process where it is always possible to do more and better”.

III. CONCEPTS AND INFORMATION FOR DATA SUBJECTS

1. What is personal data?

For the purposes of this Policy, we follow the definition adopted in Article 1 of the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014, in conjunction with Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – any information relating to an identified or identifiable natural person by which this person can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

2. How does CPMZ collect your personal data?

a) In the course of our business activity, we collect and process your personal data in different ways, including by telephone, in writing and through social media.

b) We only collect the data that is strictly necessary for the provision of our services and the provision of services to our clients, creating communities, different kinds of studies connected with our business and, among others, sharing important news with influencers, bloggers, opinion makers and journalists.

c) CPMZ and its clients may use automated means to collect information about you, the devices you use and your interaction with our websites and those we create and develop for our clients. These automated means include tracking technologies such as cookies and web server logs, which may collect information such as: IP address, device used, operating system, domain, website address and the address of the web page that brought you to our website. We may also collect information about your location (including, for example, your postal code and geolocation) and use this information to personalise websites or communication in general with news and/or advertising content based on location and adapted to your individual characteristics and interests. These services of CPMZ and/or its clients may track your online activities and collect information that will be used to present content to you on our websites, client websites and other forms of communication.

d) For the purposes of optimising navigation and personalising the services we provide, CPMZ may also link collected personal data with other information and use third-party analytics that make it possible to monitor your interaction with our websites and with the content provided.

e) We may use computer profiling techniques. Profiling is defined in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as automated processing of data to evaluate certain personal aspects relating to a data subject to analyse or predict aspects such as personal preferences, interests and behaviour. This automated processing enables us to personalise what we offer you. CPMZ guarantees at all times your right to object to the use of your data for profiling using the contacts listed below.

3. What personal data does CPMZ collect?

a) In order to provide our services, we collect the following data:

  • Identification details;
  • Addresses;
  • Contact details
  • Curriculum Vitae;
  • Data that enables profiling;
  • Billing data;
  • IP addresses, operating system, device used, language and other information (described above) collected by cookies.

b) The personal data we collect is processed by computer and stored in databases in strict compliance with the current legislation on data protection and information security.

c) We will only process your personal data for a specific and legitimate purpose or purposes which is determined at the time of collection. This data will not subsequently be processed in a manner incompatible with these purposes, except for the purposes of public interest archives, scientific or historical research or for statistical purposes. In such cases, under the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014, this incompatibility does not arise.

d) CPMZ respects the basic principles governing the processing of personal data under Article 13 of the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014. If we collect and process special categories of personal data (“sensitive data”), this will only be done line with the exceptions established in Article 14(2) of the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014.

e) Where this data is collected from the data subject and the special categories of data (“sensitive data”) are processed on the basis of your consent, we will inform you of the right to withdraw your consent, as established in paragraph 2(d) above, but without affecting the lawfulness of the processing carried out on the basis of the consent given previously.

4. Why does CPMZ process your personal data?

4.1. We process your personal data for the following purposes:

a) to be able to provide consultancy services to our clients;

b) to provide the information you request;

c) to send newsletters, flyers, product information;

d) to confirm or follow up on an order that has been entrusted to us;

e) to monitor, fulfil or evaluate:

I. the terms and conditions of the websites;

II. the submission of complaints;

III. the security of the websites;

IV. To optimise the visit and the navigability and customisation of the websites.

f) to manage and carry out the contractual relationship, such as:

i. to provide contracted services;

ii. for the purpose of billing and collecting for the services provided;

iii. to communicate changes in the terms and conditions for providing the contracted services;

iv. to conduct surveys.

g) to comply with legal obligations to which we are subject;

h) to send personalised promotional materials or special offers on our behalf or on behalf of our group companies and partners, including by means that enable messages to be received without any intervention on your part;

i) in recruitment processes for which you have applied;

j) for the purpose of adapting the services we provide to the needs and interests of our clients.

4.2. Depending on the circumstances, your personal data may be processed on any of the legal grounds below:

  1. entry into or performance of a contract or for pre-contractual measures at the request of the data subject;
  2. compliance with the legal obligations to which we are subject;
  3. our legitimate interests;
  4. consent given by the data subject, where consent is the basis for lawful processing;
  5. the protection of vital interests of the data subject.

4.3. If you wish to withdraw your consent, you can contact us at the following e-mail address info@cpmz.co.mz.

If you withdraw your consent, you will no longer receive communications from us.

5. Children’s data

a) We do not collect or intend to collect data about children, given the recipients of the services we provide;

b) As children must be accompanied in all aspects of their lives, including their digital lives, it will be up to the holders of parental responsibilities to request the elimination of any data. We will promptly accede to this request after verifying that this data has been collected, even if it has been unintentionally collected.

c) In the event that we collect data about children on a voluntary basis, we will take care to comply with the legislation in force on this matter, namely by obtaining prior parental consent.

6. For how long does CPMZ keep your personal data?

a) The period of time for which data is stored and kept varies according to the purpose for which the information is processed.

b) There are legal requirements that oblige us to keep the data for a minimum period of time and we will comply with these requirements.

c) If there is no required legal storage period, the data will only be stored and kept for the minimum period necessary for the purposes for which it was collected and its subsequent treatment, after which time it will be processed appropriately and will be destroyed or anonymised.

7. What are your rights as a data subject?

7.1. Under the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014, we assure you the exercise of your rights as a data subject, namely:

a) Right of access – you are entitled to ask us for information concerning whether or not your data is being processed, what data we process, and for what purposes, among others. If you wish, you may request a copy of the personal data being processed, and the provision of further copies may be subject to the payment of a reasonable fee for administrative costs. Where the request is in electronic form, unless you indicate otherwise, the information will be provided by us in a commonly used electronic format.

b) Right to rectification – you are entitled to have incorrect personal data about you rectified without undue delay and to have incomplete data completed.

c) Right to termination – also called the right to be forgotten – under certain circumstances, you may ask for your personal data to be deleted from our records, without undue delay, whenever any of the grounds established in the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014 apply.

d) Right to object – you are entitled to object, for reasons relating to your particular situation, to certain types of data processing as provided for in the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014. This includes processing for direct marketing purposes, in which case we will no longer process your data for that purpose.

e) Right to portability – you are entitled to transfer the personal data that we hold about you to another organisation or to receive it in a structured, commonly used machine readable format.

f) Right to limitation of processing – the right to limit processing of your personal data when, for example, you intend to contest the accuracy of your data for a period of time which enables us to verify its accuracy, when the processing is unlawful, or when you have exercised your right to object.

7.2. Please refer to section 13 of this Privacy Policy for information on how to exercise these rights.

7.3. After you e-mail us, we will send you the Data Subject Exercise Form, which you should complete and return to us.

7.4. Within the legal period of 30 (thirty) days, you will receive a reasoned communication from us.

8. What measures has CPMZ implemented to ensure the security of your personal data?

a) We have adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk which we periodically review and improve. These are aimed at guaranteeing the security and protection of your personal data in terms of availability, authenticity, integrity and confidentiality, as well as at preventing the loss, misuse, alteration, unauthorised processing of or access to your data, and any other form of unlawful processing.

b) In our “Information Security Policy”, we describe in detail our commitment to the security of your personal data, which involves a set of measures aimed at safeguarding and mitigating the risk of breach of this data.

9. Does CPMZ communicate your data to third parties?

9.1. In the course of our business activity, we may use subcontractors to process your data on our behalf, which means that these will have access to your data. When this happens, we take appropriate contractually established measures to ensure that these third parties, whether they are subcontractors, partners, or in a group relationship with us, provide sufficient and appropriate guarantees that they will implement technical and organisational measures and act only in accordance with our instructions.

9.2. We use subcontractors for the provision of the following services:

  • application development;
  • communications;
  • software and hardware;
  • domain services;
  • data recovery services;
  • digital marketing;
  • analytics;
  • VPS hosting;
  • financial and banking sector;
  • personalised distribution.

10. Does CPMZ transfer your personal data internationally?

a) We may need to transfer personal data to third countries or international organisations. In this case, we will comply stringently with the applicable legal provisions and determine the suitability of the country or organisation in question with regard to the requirements applicable to such transfers.

b) In particular, data transmission security issues will be safeguarded if third parties are bound by contract and respect the confidentiality of the received data and do not use it under any circumstances for purposes other than those for which it was transmitted or for their own benefit or that of a third party.

11. How does CPMZ use cookies on its corporate websites?

Please see our Cookie Policy (link) to find out more about cookies and how we use them on our corporate websites.

12. Contact person

a) If you have any doubts or questions about the way we collect and process personal data, please contact our Data Protection Officer:

Data Protection Officer contact details

E-mail: it.suporte@cpmz.co.mz

Address: Avenida Martires da Revolução, n° 1452, Bairro de Macuti, Cidade da Beira, Província de Sofala.

b) The mission of the Data Protection Officer is to ensure that any review or update of this policy is carried out in accordance with the requirements of the African Union Convention on Cybersecurity and Personal Data Protection of 27 June 2014 and to reply to data subjects’ requests regarding their rights whenever they wish to exercise the rights envisaged in section 7 of this Privacy Policy.

13. Review of our Privacy Policy

a) We reserve the right to change the content of this privacy policy without prior notice. However, we will post this information in a visible position on our corporate websites whenever this happens and these changes will become an integral part of the Privacy Policy.

b) After the information is published, you will be bound by the new terms when you browse our corporate websites and whenever you engage with us.