Personal Data Protection · Tanzania
Privacy Policy
This policy explains how IsherIQ collects, uses, stores, and protects personal data in line with the Personal Data Protection Act, 2022 (Act No. 11 of 2022) and regulations issued by the Personal Data Protection Commission (PDPC).
Data controller
IsherIQ (“we”, “us”, “our”) is the data controller for personal data described in this policy.
Email: info@isheriq.tech · Website: www.isheriq.tech
For data protection enquiries, contact us using the details above. Where required, we will designate a Data Protection Officer and publish their contact details.
1. Scope
This policy applies to personal data we collect when you:
- visit our website or use our online services;
- request a quote, proposal, or support;
- enter into a contract for technology, hosting, software, or related services;
- communicate with us by email, phone, or other channels; and
- interact with us as a client, supplier, or business contact.
It does not apply to third-party websites or services linked from our site, which have their own privacy practices.
2. Principles we follow
Under Section 5 of the Personal Data Protection Act, we process personal data in a manner that is:
- Lawful, fair, and transparent — we tell you what we collect and why;
- Purpose-limited — we collect data for specified, legitimate purposes;
- Adequate and relevant — we do not collect more than we need;
- Accurate — we take reasonable steps to keep data up to date;
- Secure — we apply appropriate technical and organisational safeguards; and
- Retention-limited — we keep data only as long as necessary for the stated purpose or as required by law.
3. Categories of personal data
Depending on your relationship with us, we may process:
- Identity & contact data — name, company, email, phone, postal address;
- Account & billing data — invoicing details, payment references, TIN/VRN where provided;
- Technical data — IP address, browser type, device identifiers, logs from our systems;
- Communications — emails, tickets, meeting notes, and support history;
- Contract & project data — statements of work, credentials (handled securely), configurations; and
- Sensitive personal data — only where necessary and with prior written consent or another lawful basis under the Act (e.g. Section 30).
4. How we collect data
We collect personal data:
- Directly from you — forms, contracts, email, phone, and in-person meetings;
- Automatically — cookies and similar technologies on our website (see Section 11);
- From third parties — only where permitted, such as publicly available business information or referrals you authorise.
When we collect data, we aim to inform you of the purpose, lawful basis, and intended recipients, as required under the Personal Data Protection (Collection and Processing) Regulations, 2023.
5. Purposes and lawful bases
We use personal data to:
- provide and manage our services (contract performance);
- respond to enquiries and provide customer support (legitimate interests / pre-contract steps);
- issue invoices, process payments, and meet tax obligations (legal obligation / contract);
- improve our website, security, and service quality (legitimate interests);
- send service-related notices (contract / legitimate interests); and
- send marketing communications only where you have given consent, which you may withdraw at any time.
6. Sharing and recipients
We may share personal data with:
- hosting, cloud, and infrastructure providers acting on our instructions;
- professional advisers (lawyers, accountants) under confidentiality;
- payment processors and banks for billing; and
- public authorities where required by Tanzanian law.
We require processors to protect data and process it only for agreed purposes. We do not sell personal data.
7. Cross-border transfers
Personal data shall not be transferred outside Tanzania except in compliance with the Act (Part V). Where transfer is necessary (e.g. international cloud services), we implement appropriate safeguards such as contractual clauses, adequacy assessments, or PDPC-approved mechanisms.
8. Retention
We retain personal data only for as long as needed for the purposes collected, including:
- active contracts and a reasonable period thereafter;
- legal, tax, and regulatory retention periods; and
- dispute resolution and enforcement of our rights.
When retention ends, we delete or anonymise data securely.
9. Security
We implement appropriate technical and organisational measures — including access controls, encryption where appropriate, secure hosting, and staff awareness — to protect personal data against unauthorised access, loss, or misuse.
10. Your rights as a data subject
Under the Act, you may have the right to:
- be informed about processing of your personal data;
- access personal data we hold about you;
- request correction of inaccurate data;
- request deletion or restriction in certain circumstances;
- withdraw consent at any time, without explanation or charge, where processing is based on consent;
- object to certain processing based on legitimate interests; and
- lodge a complaint with the Personal Data Protection Commission (PDPC).
To exercise your rights, email info@isheriq.tech. We will respond within timelines set by law.
11. Cookies
Our website may use essential cookies for security and functionality, and optional analytics cookies where enabled. You can control cookies through your browser settings. Non-essential cookies will not be used without your consent where required.
12. Children and incapacitated persons
Our services are directed at businesses. Where processing relates to a minor or person unable to consent, consent must be obtained from a parent, guardian, or legal representative as provided in Section 30(4) of the Act.
13. Changes to this policy
We may update this policy to reflect legal or operational changes. The “Last updated” date at the top will change accordingly. Material changes will be communicated where appropriate.
14. Complaints to PDPC
If you believe your data protection rights have been violated, you may contact us first. You also have the right to lodge a complaint with the:
Personal Data Protection Commission (PDPC)
United Republic of Tanzania
Website: www.pdpc.go.tz
