← Back to Legal Hub

Privacy & Data Protection Policy

Part II of the Mentora Tanzania Legal Framework

Effective Date: 1 January 2026 · © 2026 Mentora Tanzania — A solution by Evolucion Technologies Company Limited

7. Principles of Data Processing

The Company processes Personal Data under the following principles:

  • Lawfulness and fairness — Data is processed on a valid legal basis and in a manner fair to the data subject.
  • Transparency — Data subjects are informed about how their data is collected and used.
  • Purpose limitation — Data is collected for specified, explicit, and legitimate purposes only.
  • Data minimization — Only data that is necessary for the stated purpose is collected.
  • Accuracy — Reasonable steps are taken to ensure data is accurate and up to date.
  • Storage limitation — Data is retained only for as long as necessary for the stated purpose.
  • Integrity and confidentiality — Appropriate security measures protect data against unauthorized access or loss.
  • Accountability — The Company takes responsibility for compliance and can demonstrate it.

8. Categories of Data Processed

The Company may process the following categories of data:

A. Identity Data

Names, institutional affiliations, contact information.

B. Educational Data

Academic progress, assignments, assessments, engagement metrics.

C. Technical Data

IP addresses, device identifiers, session logs.

D. Communication Data

Support tickets, emails, system notifications.

E. Payment Data

Billing information and transaction records (excluding full card details).

9. Children's Data Safeguards

Where data of minors is processed:

  • Processing occurs under institutional authority or verified parental consent
  • No commercial profiling of minors is conducted
  • No advertising targeting of minors
  • Strict access controls are applied to minors' data
  • Enhanced monitoring and audit logs are maintained

The Company adheres strictly to the Children's Act and applicable educational regulations.

10. Security Measures

The Company implements the following security measures:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Role-based access control (RBAC)
  • Multi-factor authentication for administrative access
  • Secure cloud infrastructure with redundancy
  • Regular vulnerability assessments and penetration testing
  • Comprehensive audit trails
  • Staff confidentiality agreements and data protection training
  • Incident response protocols with defined escalation paths

11. Data Retention

Data shall be retained only for:

  • Duration of institutional engagement plus any statutory retention period
  • Statutory compliance obligations as required by Tanzanian law
  • Legitimate archival academic purposes where authorized

Upon termination, data shall be securely deleted or anonymized unless otherwise required by law.

12. Contact Us

If you have questions about this policy, contact our Data Protection Officer at: mentoratanzania@gmail.com.