Minerva Risk Advisors
COE Mobile App Privacy
Policy
Minerva Risk Advisors COE Mobile App Privacy Policy.
Minerva is committed to protecting your privacy. This commitment reflects the value we place on earning and keeping the trust of our employees, customers, clients, business partners, and anyone who shares their personal information with us directly or indirectly.
What Does This Privacy Notice Do?
This Privacy Notice explains Minerva’s information processing practices as a Data Controller and/or Data Processor, as defined in the Cyber and Data Protection Act [Chapter 12:07] and its Regulations. It applies to any personal information you provide to Minerva through our
mobile app for Certificate of Existence (COE) verification, as well as information we collect from other sources, unless a more specific privacy statement is provided at the time of data collection.
1. Who is responsible for your information?
“Minerva” refers to Minerva Risk Advisors and its affiliated companies (including Minerva Benefits Consulting), also collectively referred to as “we,” “us,” or “our.” We collect your personal information and are responsible for its processing as a Data Controller. When we
provide services to our clients as a Data Processor, we handle your personal information in line with our legal obligations and contractual commitments.
2. How do we collect your information and what information do we collect?
We collect personal information for pensioner verification using face recognition and liveness checks to generate and manage a digital Certificate of Existence (COE). Here’s how we gather information:
a. How We Collect Information:
i. Information you provide to us
We gather information directly from you when you:
- Register on the mobile app
- Contact us with a complaint or query
- Engage with us through our contact information
- Use other channels as necessary
You need to provide personal information we reasonably require to fulfil our obligations
concerning the services we offer, including legal and regulatory needs. Where you provide us
with personal information about third-party individuals (e.g., your spouse or dependents),
explicit consent may be required.
ii. Information We Collect Automatically:
We automatically collect certain types of information when you use our app or interact with us via email.
iii. Information we collect from clients or third parties
In providing services to our clients, we may collect personal information such as your name, contact details, date of birth, and sensitive data (like health information or biometric inputs) strictly relevant to our services, to fulfil contractual obligations or after obtaining your explicit written consent.
b. The Information We Collect May Include:
- Basic Personal Details: Name, address, contact details, date of birth, age
- Identification Data: National Identification Number, facial photos, document images
- Demographic Info: Gender, marital status
- Financial Data: Bank account details
- Biometric Data: Facial feature embeddings, liveness/anti-spoofing signals
- Account Data: User identifiers, pension fund association, consent records
- Device/App Data: Device model, OS version, app version, IP addresses, timestamps
- Operational Data: Verification outcomes, COE issuance details, audit and security logs
3. How We Use Your Data
We use your personal information for the following purposes:
- Verification: Confirm evidence of continued existence for pensioners
- Service Improvement: Maintain and enhance our processes
- Identity Verification: Match live captures against references and assess liveness
- COE Issuance: Create and manage a digital certificate upon successful verification
- Security: Prevent fraud and detect spoofing attempts
- Compliance: Maintain logs required for regulatory oversight
- Support: Monitor service health and diagnose issues
On-Device Behaviour:
- Captures images via the camera for verification
- Stores minimal session data and consent locally; biometric images are not permanently
stored - Works with limited connectivity by caching non-biometric data temporarily
Backend Processing:
- Utilizes HTTPS for secure data transmission
- Performs face detection/recognition and liveness checks
- Persists necessary verification artifacts and logs
- Returns verification results to the app and updates COE status
4. Do we collect information from children?
This policy applies to a mobile application not designed for minors. Access is exclusively for enrolled pensioners and approved beneficiaries.
5. How long do we retain your personal information?
- Verification Images and Biometric Data: Retained as long as necessary for verification and audit default retention is 180 days.
- COE Records and Audit Logs: Retained according to legal and regulatory requirements.
- Deletion: Upon retention expiry or verified request, related data will be deleted.
How long we retain your information depends on the purpose for which it was obtained and its nature. We will keep your information for the period necessary to fulfil the purposes described in this policy unless a longer retention period is permitted. Your information will be securely
destroyed when it is no longer required.
6. Sharing Your Information
We may share your personal information with the following categories of recipients:
- Service Providers: Third-party vendors to whom we outsource processing, including
auditors. - AWS: For secure storage, including verification photos and related assets, with strict
access controls and encryption. - Affiliates: Companies related by common ownership or control.
- Law Enforcement: When legally required or as mandated by legal processes.
7. Security of Your Personal Information
We protect your information using industry standard security measures. Data is encrypted both when it’s sent and while it’s stored. Access to personal data is restricted to authorized personnel and systems only, and we apply least privilege access controls. Authentication is enforced, logs are kept to detect suspicious activity, and we have incident response procedures to investigate and report any data breaches as required by law. If you need more technical details for regulatory or contractual reasons, please contact us.
8.
a) Transborder Data Transfers
Some of our service providers may be located outside Zimbabwe such as AWS and your data may be transferred/processed internationally. Any transfer of data across the Zimbabwean borders is done in accordance with the Cyber and Data Protection Act and the Regulations.
b) Data Sharing – No sale of personal or biometric data. Shared only with authorized pension funds/regulators under contract or as required by law. Service providers process data under strict agreements and cannot use it for their own purposes.
9. Your Privacy Rights
You have rights regarding your information, including:
- Right to Access: Request information we hold about you.
- Right to Correction: Update any inaccuracies.
- Right to be Deletion: Request deletion of your data if no longer necessary.
- Right to Object: Challenge processing of your personal information.
- Right to be informed: Know how we use your personal information.
When you exercise these rights, we may need to ask you for additional information to confirm your identity, before disclosing information to you or responding to your request. You can exercise your rights by contacting us.
10. Automated Decisions
Where a decision is taken solely by automated means involving the use of your personal information, you have the right to challenge the decision and ask us to reconsider the matter, with human intervention. If you wish to exercise this right, you should contact us.
11. Accountability
We maintain internal policies and logs to demonstrate compliance with data protection obligations. This includes conducting regular audits and risk assessments to ensure ongoing adherence to the policy.
For any questions or concerns regarding this Privacy Policy, please contact us at the contacts below:
12. Contact Us
If you have any questions, would like further information about our privacy, would like to withdraw consent or would like to make a complaint about the handling of your personal information, please contact us at:
Attention: The Data Protection Officer
Address: Minerva House
Block 2 Kenilworth Gardens 1
Kenilworth Road
Newlands,
Harare
Email: dpo@minerva.co.zw
Telephone: +263(242)776900-1 / 779962-70
13. Changes to this Notice
We may update this Notice from time to time. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Notice so that you will be aware of our privacy practices.
This Notice was last updated on 1 March 2026