Privacy Notice for Radical Cloud Solutions (RCS)
Version 01:2025 (Global Coverage & Multijurisdictional Compliance)
Effective Date: October 2025
This Privacy Notice outlines how Radical Cloud Solutions (“we,” “us,” or “our”) collects, uses, processes, and protects your personal information. We strive to maintain global standards in data protection, drawing from principles generally recognized in the European Union’s General Data Protection Regulation (GDPR) and ensuring compliance with specific regional laws, including the Zimbabwe Cyber and Data Protection Act [Chapter 12:07] (CDPA), the South African Protection of Personal Information Act 4 of 2013 (POPIA), the Zambian Data Protection Act No. 3 of 2021, and data protection requirements applicable in Mauritius.
1. Who We Are and What We Do
Radical Cloud Solutions (RCS) is a Cloud Solutions Provider that aims to increase your brand’s visibility online and assist you in utilizing cloud technology. Our services include Cloud Solutions (including but not limited to Microsoft & Google), Digital Marketing, Hosting & Email, Website Services, App & Systems Development, and Cybersecurity, Backup & Compliance. We act as the data controller in respect of the personal data we collect.
2. What is Personal Data/Information?
Personal Data is generally defined as any information relating to an identified or identifiable living individual (a natural person).
This definition is broad and includes, but is not limited to: a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. For the purpose of the Zimbabwe CDPA, this also includes race, religious or political beliefs, age, sexual orientation, healthcare, financial, criminal, or employment history, and opinions expressed about you. Reference to personal data in this notice shall include reference to sensitive personal data where applicable.
3. How We Collect Your Personal Data
We collect data directly from you or indirectly through your use of our services:
1. Directly Provided Data: You directly provide us with most of the data we collect when you register or place an order for products or services, voluntarily complete a customer survey or provide feedback, or communicate with us.
2. Indirectly Collected Data: We automatically collect data when you use or view our website via your browser's cookies. This includes Technical Data (e.g., location data, Internet Protocol address, cookie information, device information, operating system, browser type).
3. Third-Party Sources: We may receive data indirectly from other sources, such as credit reference agencies to prevent fraudulent purchases, or from third parties if we perform due diligence (e.g., credit agencies, debt collectors, etc.).
4. What Personal Information Do We Collect?
We may collect the following categories of personal information:
• Personal Identifiers & Contact Details: Name, surname, address, phone numbers, email address, ID number, and similar particulars.
• Technical & Usage Data: IP address, browser type, device information, operating system, log data (such as time zone settings, language preferences), usage patterns, cookie information, and the pages requested.
• Financial data: Payment details, which may be securely processed via third-party payment gateways.
• Demographic Data: Age, gender, physical address, marital status, or family status.
• Professional Information: The name of your company or the company you work for, and its website.
• Feedback and Preferences: Your preferences, feedback, opinions, or communications you provide to us.
5. Purposes and Lawful Bases for Processing
We process your personal information only for adequate and relevant purposes. We must have a lawful basis for all processing activities.
Purpose of Processing | Lawful Basis (POPIA/CDPA/DPA/GDPR Principles) |
Service Provision & Fulfillment (e.g., Cloud solutions, Hosting, App Development, Digital Marketing) | Processing is necessary for the performance of a contract with you. |
Account Management & Transactions (Processing orders, handling enquiries) | Necessary for the performance of a contract or to perform administrative tasks for our legitimate business interests. |
Security & Fraud Prevention (Protecting data integrity and business continuity) | Necessary for the legitimate interest in ensuring system security and preventing fraud. |
Marketing & Promotion (Sending special offers, newsletters, or increasing brand awareness through ads) | Based on your consent, or where applicable, our legitimate interest in marketing products/services that we think you might like. |
Legal Compliance (Record-keeping, auditing, responding to authorities) | Necessary for compliance with a legal obligation imposed by or allowing us to process Personal Information. |
Improvement & Analysis (Monitoring business, analyzing statistics, testing systems) | Necessary for our legitimate interests (e.g., developing new and existing functionality, security, and products). |
6. Sharing Your Personal Information
We may share your information with third parties where necessary for service provision, legal compliance, or legitimate business interests:
1. Our Group and Personnel: Employees, authorized personnel, affiliates, and related companies to the extent necessary to provide the services.
2. Service Providers: Third-party service providers and sub-contractors (e.g., hosting providers, IT systems providers, payment processors, marketing platforms, software providers like Google Workspace or Acronis) who perform services on our behalf. We require these parties to secure your data and use it only as permitted.
3. Third-Party Controllers: External data controllers where necessary to deliver the Services, subject to appropriate safeguards.
4. Legal/Regulatory Authorities: Regulatory and tax authorities, or law enforcement agencies, when required by law or legal process (e.g., court order or subpoena).
5. Business Changes: If RCS is merged or acquired by another company, your information will be one of the transferred assets.
7. Transfer of Personal Information Outside Local Jurisdictions
We may need to transfer your personal data to locations outside Zimbabwe, Zambia, South Africa, or Mauritius for purposes such as hosting, backup, or service provision.
We will ensure that such transfers comply with applicable data protection laws and that your personal information is adequately protected. Where data is transferred outside regions requiring adequate protection, like POPIA), we will take reasonable measures to implement appropriate and suitable safeguards (such as contractual documentation) to afford your data a level of protection comparable to that under applicable local law.
8. Your Data Protection Rights
You are entitled to certain rights regarding your personal data. RCS is committed to ensuring you are fully aware of all your data protection rights, which include:
1. The Right to Access: You have the right to request a copy of the personal data we hold about you.
2. The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
3. The Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data under certain conditions (e.g., where we no longer need it or if you withdraw consent).
4. The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., where you contest the accuracy of the data).
5. The Right to Object to Processing: You have the right to object to our processing of your personal data, particularly for direct marketing purposes, including related profiling. If you object, we will stop using your information, except if the law allows its use.
6. The Right to Data Portability: You have the right, in certain circumstances (particularly related to EU/EEA derived data), to receive your personal data in a structured, commonly used, and machine-readable format, and to ask us to transfer this data to another organization or directly to you.
7. The Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw that consent at any time.
8. Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless there is a lawful basis for such processing.
We will respond to any request to exercise these rights in accordance with applicable law, generally within one month (30 days).
9. Cookies
Our website uses cookies, which are text files placed on your computer, to collect standard Internet log information and visitor behavior information.
• How We Use Cookies: We use cookies to keep you signed in, understand how you use our website, and improve your experience. This statistical data does not identify any individual.
• Types of Cookies: We use functionality cookies (to recognize you and remember your preferences, like language and location) and advertising cookies (to collect information about your visit to our website and display relevant advertisements).
• How to Manage Cookies: You can set your browser not to accept cookies, and you can remove existing cookies. However, some of our website features may not function as a result.
10. Data Security and Storage
We are committed to keeping personal data secure. We implement appropriate technical, administrative, physical, and organizational security measures to protect your personal information against unauthorized access, improper use, disclosure, unauthorized modification, and unlawful destruction or accidental loss.
Your personal information is contained behind secured networks and is only accessible by a limited number of authorized persons. Sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology.
In the event of a security breach, we will report it to the relevant regulatory authority and to the individuals or companies involved.
11. Data Retention
We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal and regulatory obligations.
The retention period is based on business needs and legal requirements. We may keep information indefinitely in a de-identified format for statistical purposes. We note that specific data retention notices may be issued to electronic communications service providers under Zambian law, though providers are generally not required to retain data solely as part of an internet connection record.
12. Contact Us and Lodging Complaints
If you have any queries or concerns about the processing of your information, or wish to exercise any of your rights, please do not hesitate to contact us.
Contact Details for Radical Cloud Solutions:
Email: dpo@radicalcloudsolutions.com
Physical Address: 7th Floor, Two Tribeca Tower, Tribeca Central, Trianon, 72261, Mauritius
If you believe we are using your information unlawfully or we have not addressed your concern in a satisfactory manner, you may contact the relevant supervisory authority in your jurisdiction:
• Zimbabwe (CDPA): POTRAZ.
• Zambia (DPA): Zambia Data Protection Authority
• South Africa (POPIA): The Information Regulator.
• Mauritius (DPA): The Data Protection Office of Mauritius.
13. Changes to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated notice on our website. The current version that applies at the time you use our website will regulate our relationship.