Privacy Notice

GenAI Disclaimer

The Truthive Platform, including its quiz function and all other current or future features, uses generative artificial intelligence (AI) and large language models to provide responses, summaries, insights, and other content.

While we strive for accuracy and reliability, AI-generated content may sometimes include inaccuracies, omissions, outdated information, or errors. The content on this platform should not be considered professional advice (including legal, medical, historical, or other expert guidance) and should not be relied upon as your sole source of information.

The Truthive Platform is intended solely for research, educational, and academic purposes. It is not politically aligned and is not designed for advocacy, campaigning, or any other purpose beyond those stated. The information provided is intended to support scholarly inquiry, historical documentation, and public understanding, and should be used within that context only.

We strongly encourage users to verify any information obtained through the Truthive Platform with additional reputable sources before making decisions or taking action.

By using the Truthive Platform, you acknowledge and agree that:

1. No Warranties – The TechVillage Trust, its partners, and funders provide this platform and its content “as is” and “as available”, without any warranties or guarantees of accuracy, completeness, or fitness for any purpose.
   
2. Limitation of Liability – To the fullest extent permitted by law, the TechVillage Trust, its partners, and funders will not be held liable for any loss, damage, harm, or injury of any kind,  whether direct, indirect, incidental, or consequential, arising from or related to your use of the platform or reliance on any content generated by it.
   
3. User Responsibility – You are solely responsible for how you use or interpret the content provided by the platform. This includes any actions you take or decisions you make based on information generated here.
   
4. Third-Party Content – The platform may display or process content from third-party sources (including public platforms like YouTube). We do not endorse or guarantee the accuracy of such content and disclaim any responsibility for it.
   

Your continued use of the Truthive Platform constitutes your acceptance of this disclaimer. If you do not agree with these terms, please do not use the platform.

---

Truthive Privacy Notice

Effective Date: 14 August  2025 

1. Introduction and Scope

The Truthive Platform (“Truthive”, “we”, “our”, “us”) is operated by The TechVillage Trust (operating as The TechVillage Innovation Centre), the Data Controller for the purposes of the Cyber and Data Protection Act [Chapter 12:07] (CDPA) of Zimbabwe.

This Privacy Notice explains how we collect, use, store, share, and protect your personal information when you interact with our digital platforms, participate in our projects, or engage with us in person.

We are committed to protecting your privacy and processing your personal data in a lawful, fair, and transparent manner, in line with the CDPA. This policy applies to all processing of personal data wholly or partly by automated means within Zimbabwe, and in certain circumstances, to processing by controllers outside Zimbabwe where the means of processing are located in Zimbabwe.

2. Who We Are

In simple terms: We are The TechVillage Trust, running the Truthive Platform. We decide why and how your information is used. We have a Data Protection Officer (Takunda Chingonzo) whose job is to make sure we follow the law and to help you with any privacy questions or requests.

Data Controller:
The TechVillage Trust (The TechVillage Innovation Centre)
Office 910 9th Floor Fidelity Life Towers, Bulawayo, Zimbabwe.
Tel: +263 776 708 781
Email: projects@techvillage.org.zw
Licensed by POTRAZ (the designated Data Protection Authority.)

Data Protection Officer (DPO):
Takunda Chingonzo of Assegai Analytics (Pvt) Ltd
Email: dpo@assegai.africa
Tel: +263 719 719 210

The DPO ensures compliance with the CDPA, responds to data subject requests, and liaises with POTRAZ.

3. What Personal Data We Collect

In simple terms: We collect information that can identify you, like your name, contact details, stories, videos, or photos. Sometimes this information is very sensitive (like your ethnicity or political views). We will only use this if you agree. We get this information directly from you, from partner organisations, or from public sources like YouTube.

Personal data means any information relating to an identifiable person. We may collect:

• Name, contact details, and demographic information.
  
• Ethnic origin, political opinions, or religious beliefs (only with explicit consent).
  
• Historical testimonies, oral histories, and related records.
  
• Employment or organisational details (for partners, staff, or volunteers).
  
• Audio, photographs, or video recordings (including biometric identifiers where consent is given).
  
• Correspondence with us.
  

Sensitive data includes racial or ethnic origin, political opinions, religious beliefs, health information, and biometric identifiers. These are only processed with explicit consent.

Data subjects include survivors, witnesses, partner organisation representatives, employees, researchers, and members of the public who engage with the platform.

Collection methods: Directly from you, from partner organisations (with verified permissions), from public platforms such as YouTube, and via system interactions.

4. How and Why We Process Your Data

In simple terms: We use your information to record and share the history of Gukurahundi, to work with partners, and to run our project. We will only use your information if we have a good legal reason — like you giving consent, us having a contract with you, or needing to do it for public interest and history. We don’t make big decisions about you using computers alone.

We process your data for:

• Documenting and preserving historical records of Gukurahundi.
  
• Supporting truth-seeking, reconciliation, and transitional justice initiatives.
  
• Engaging with partners, stakeholders, and the public.
  
• Managing staff, volunteers, and partner relationships.
  
• Meeting legal and contractual obligations.
  

Lawful bases for processing:

• Consent – for most personal and sensitive data, with the right to withdraw at any time.
  
• Contract – to fulfil agreements with you or your organisation.
  
• Legal obligation – where required by law.
  
• Legitimate interest – for historical archiving and research, balanced against your rights.
  
• Public interest – for documenting historical atrocities.
  

We do not engage in solely automated decision-making with legal or significant effects on individuals.

5. Children’s Data

In simple terms: We try not to collect information from anyone under 18. If we have to, we’ll only do it with written permission from a parent or guardian, and we’ll explain everything clearly.

We do not knowingly collect personal data from individuals under 18. Where unavoidable (e.g., historical testimonies), we obtain written parental/guardian consent and verify legal guardianship. We use age-appropriate explanations and prioritise the best interests of the child.

6. How We Share Your Data

In simple terms: We only share your information when it’s necessary, for example, with trusted partners, regulators, or in research. Personal data stays in Zimbabwe. Information that is made anonymous can be stored outside Zimbabwe.

We may share data with:

• Partner organisations (with written agreements ensuring compliance).
  
• Regulators or legal authorities when required.
  
• Researchers or transitional justice partners (with anonymisation applied where necessary).
  

Cross-border transfers:

• Personal data is stored in Zimbabwe.
  
• Public or anonymised historical data may be stored or processed on servers outside Zimbabwe.
  
• Where personal data is transferred outside Zimbabwe, we comply with CDPA safeguards, including impact assessments and agreements ensuring adequate protection.
  

7. How We Protect Your Data

In simple terms: We use security tools and rules to keep your information safe, like passwords, encryption, and locked storage. We check our systems regularly to make sure your data is protected.

We use technical and organisational measures to ensure data security, including:

• Access controls and encryption.
  
• Secure storage facilities for digital records.
  
• Regular risk assessments and security audits.
  
• Data breach response procedures.
  

8. Your Data Protection Rights

In simple terms: You have rights over your data, including to see it, fix it, delete it, or stop us using it. You can also change your mind if you’ve given us consent before.You have the right to:

• Be informed about how your data is used.
  
• Access your personal data.
  
• Request correction of inaccurate data.
  
• Request deletion of your personal data.
  
• Object to processing.
  
• Withdraw consent at any time.
  

To exercise these rights, contact our DPO at dpo@assegai.africa or +263 719 719 210.

9. Data Breaches

In simple terms: If something happens that puts your personal information at risk, we will tell the authorities quickly and let you know if you might be affected.

In the event of a data breach, we will:

• Notify POTRAZ within 24 hours of awareness.
  
• Inform affected individuals within 72 hours if there is a real risk of harm.
  
• Investigate, document, and report the breach, including remedial actions.
  

10. Data Retention

In simple terms: We will only keep your personal information for up to five years after the project starts. If we keep information for history, we will remove anything that can identify you.

• Personal data will not be retained for more than 5 years from project inception or beyond the project lifespan.
  
• Historical archive materials will be anonymised for permanent preservation.
  

11. Contact Us

In simple terms: You can contact our Data Protection Officer if you have any questions or want to exercise your rights. You can also complain to POTRAZ if you are not happy with how we handle your information.

For privacy concerns:
Takunda Chingonzo – Data Protection Officer
Email: dpo@assegai.africa
Tel: +263 719 719 210

For complaints to the Authority:
Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ)
Email: dataprotectionunit@dpa.zw | regulator@potraz.zw
Tel: +263 242 333032/46/48

12. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in law, practice, or our operations. Updates will be posted on the Truthive Platform, and we encourage you to review them periodically.