Last updated 16, December, 2021
LEOLEO AFRIKA (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application (the “Application”). Please read this Privacy Policy carefully. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS THE APPLICATION.
We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Application after the date such revised Privacy Policy is posted.
This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, including any in-game virtual items, which may also collect and use data about you. We are not responsible for any of the data collected by any such third party.
We may collect information about you in a variety of ways. The information we may collect via the Application depends on the content and materials you use, and includes:
Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to participate in various activities related to the Application, such as chat, posting messages in comment sections or in our forums, liking posts, sending feedback, and responding to surveys. If you choose to share data about yourself via your profile, online chat, or other interactive areas of the Application, please be advised that all data you disclose in these areas is public and your data will be accessible to anyone who accesses the Application.
Information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, including liking, re-blogging, or replying to a post, as well as other interactions with the Application and other users via server log files.
Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, VODACOM TANZANIA, and you are encouraged to review their privacy policy and contact them directly for responses to your questions.
The Application may by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, checkins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.
User information from social networking sites, such as Facebook, instagram, twitter and linkedin, including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. This information may also include the contact information of anyone you invite to use and/or join the Application.
We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
We may request access or permission to certain features from your mobile device, including your mobile device’s location, camera and storage. If you wish to change our access or permissions, you may do so in your device’s settings.
Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.
We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Application permission to access this information.
Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to Increase the efficiency and operation of the Application.
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.
If you interact with other users of the Application, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.
When you post comments, contributions or other content to the Applications, your posts may be viewed by all users and may be publicly distributed outside the Application in perpetuity
We may use third-party advertising companies to serve ads when you visit the Application. These companies may use information about your visits to the Application and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.
We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
We may share your information with our business partners to offer you certain products, services or promotions.
The Application may display a third-party-hosted “offer wall.” Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for acceptance and completion of an advertisement offer. Such an offer wall may appear in the Application and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will leave the Application. A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account.
If you connect to the Application through a social network, your contacts on the social network will see your name, profile photo, and descriptions of your activity.
We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.
If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.
We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Application to help customize the Application and improve your experience. When you access the Application, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Application. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.
Additionally, we may use third-party software to serve ads on the Application, implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us. For more information about opting-out of interest-based ads, visit the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.
We may also partner with selected third-party vendors, such as Google Analytics to allow tracking technologies and remarketing services on the Application through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Application, determine the popularity of certain content, and better understand online activity. By accessing the Application, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.
The Application may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Application, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Application.
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information
We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.
Most web browsers and some mobile operating systems and our mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
You may at any time review or change the information in your account or terminate your account by Contacting us using the contact information provided below Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.
If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by Contacting us using the contact information provided below. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
The law, permits our users who are Tanzania residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. If you are under 18 years of age, reside in Tanzania, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.
The right to privacy has been recognised in Tanzania ever since the introduction of the Bill of Rights into the Constitution of the United Republic of Tanzania, 1977 (the Constitution) in 1984. Article 16 of the Constitution calls for the enactment of law that stipulates how privacy rights may be protected, pursued or interfered with by the government.
The importance of the subject of privacy and data protection has gained unprecedented attention in recent years, requiring better and more elaborate rules of protection. Individuals are sometimes exposed to possible abuse and even to harmful consequences as a result of the developments in information and communication technology (ICT) and the role it plays in the collection of personal information, and the tendency of companies and business enterprises to collect and use personal information in making business decisions. It is therefore not surprising that many countries in the west enacted comprehensive legislation on data protection some time ago. Europe in particular, through the recently passed General Data Protection Regulation, 2016, is heading towards the harmonisation of data protection laws in order to have consistency within the region.
In East Africa, countries have only just awoken to that need and are heading in the same direction.
Uganda and Kenya already have draft Bills on privacy and data protection. Tanzania does not yet have a specific law, and there are reports that the Government is drafting a Bill to be tabled before the Parliament for discussion, but it is not yet clear when it will be published. As such, the existing privacy and data protection requirements in Tanzania are to be found to varying degrees in various pieces of legislation in different sectors. This includes those relating to privileged information obtained through relationships such as doctor-patient, banker-customer, electronic service licensee-customer, and employer-employee interaction.
The bulk of the existing regulations on privacy and data protection are found in the banking, electronic and telecommunications sectors. The focus of this article is on data protection requirements in electronics and telecommunications. Regulations in the banking sector are dealt with in a separate article.
In the information age in which we live, ICT increasingly drives and influences the socio-economic and political aspects of life. The Tanzanian ICT Policy of 2016 recognises ICT as the bedrock of national economic development and the country’s efforts to become a middle-income country by 2025.
In its ICT Policy of 2003, and more recently in the ICT Policy of 2016, Tanzania recognised the need for a legal and regulatory framework that would allow it to harness ICT’s development potential while limiting the risks that come with it. Most of the rules on privacy and data protection in Tanzania are to be found in the ICT sector because of the risk of information theft or abuse when individuals share personal information on the internet and various communication devices and applications. In this context, the main laws providing protection are the Electronic and Postal Communications Act and its supporting regulations, the Cybercrimes Act and the Electronic Transactions Act.
The Electronic and Postal Communications Act (EPOCA) governs all electronic and postal communications and telecommunications in Tanzania, and is administered by the Tanzania Communications and Regulatory Authority (TCRA). Various supporting regulations have been made, including the Electronic and Postal Communication (Consumer Protection) Regulations, GN. No. 427 of 2018, the Electronic and Postal Communications (Investigation) Regulations, 2017 and the Electronic and Postal Communications (Computer Emergency Response Team) Regulations, 2018.
EPOCA and its supporting regulations apply predominantly to licencees such as telecommunication companies, internet service providers and other entities which interact and deal with such companies.
The Act defines electronic communication as radio communication or, the communication of information in the form of speech or other sound, data, text or images, by means of guided and unguided electromagnetic energy. Section 98 of EPOCA imposes the duty of confidentiality of information upon licensees, and section 99 of the Act prohibits disclosure of information without authorisation. A licensee is any person who has obtained a Network Facilities Licence, Network Services Licence, Application Services Licence or Content Services Licence under EPOCA.
Regulation 6(1) of the Consumer Protection Regulations provides that a licensee may collect and maintain consumers’ or subscribers’ information where it is reasonably required for business purposes.
Rule 4 of the Electronic and Postal Communications (Investigation) Regulations, 2017 guard against the violation of any person’s entitlement to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications. Furthermore, under Rule 6(1), no person shall intercept, attempt to intercept, authorise or instruct any other person to intercept or attempt to intercept any communication at any place in the United Republic except as warranted under the Regulations.
Any contravention of this rule is an offence punishable by a fine of not less than five million Tanzanian Shillings or imprisonment for a term of not less than one year or to both fine and imprisonment.
Despite the prohibitions under sections 98 and 99 of EPOCA, data collection has in certain instances not only been allowed but required under the law as a matter of a regulatory compliance. Pursuant to section 84 of EPOCA, the regulator, the TCRA, is required to establish and maintain a Central Equipment Identification Register (CEIR) with information on all devices that licensees use in their networks. Licensees must supply every subscriber number and its unique International Mobile Equipment Identity (IMEI) code. In parallel with that, the operator is obliged to maintain a sub-register of all the information submitted to the CEIR and to maintain subscribers’ information, which must be submitted to TCRA once every month.
This means that for the users of SIM cards to be allowed to connect to telecommunications networks, they are required by law to register with the operator their full details, names, residence, occupation or business, verified by producing an identify card or, in the case of companies, business registration documents.
In dealing with consumers, information must be fairly and lawfully collected and processed, according to Regulation 6 of the Consumer Protection Regulations. Consumer information must be processed for identified purposes; it must be accurate; it must be processed in accordance with the consumer’s other rights; it must be protected against improper or accidental disclosure; and it must not be transferable except with the permission of the individual who supplied the information or as permitted under any law.
For the purposes of the Computer Emergency Response Team Regulations, the TCRA has developed what is called a Computer Emergency Response Team (CERT). The CERT’s role is to protect people against abuse and other risks related to ICT by responding to computer emergencies and dealing with security risks. These regulations require internet service providers, telecommunications operators and other service providers to provide a secure environment against information security threats. The term ‘information security’ means the administrative and technical measures taken to ensure that data is only accessible by those who are entitled to use it.
The Cybercrimes Act, 2015 is a penal statute intended to deter or discourage privacy and data protection abuses and violations. Being a penal statute, the application of the Cybercrimes Act is not restricted as long as the offences were committed within the United Republic of Tanzania, including on vessels or aircrafts registered in Tanzania. The Act would also apply to Tanzanian nationals residing abroad if the act committed is an offence both in Tanzania and under the laws in the host country. Further, the Act applies to any person, regardless of nationality, if the abuse or violation (i) is committed using a computer system, device or data located within Tanzania; or (ii) directed against a computer system, device, data or person located in the Republic.
It is an offence to access or cause a computer system to be accessed without permission. Anyone who commits this offence will be liable to imprisonment for not less than a year or to a fine of not less than three million Tanzanian Shillings, or to both fine and imprisonment. It is an offence to intentionally and unlawfully remain in a computer system or to continue to use a computer system after the expiration of the time which one was allowed. Doing so is punishable by imprisonment of not less than one year or to a fine of not less than one million Tanzanian Shillings or to both.
Similarly, it is an offence to intercept personal communications and interfere with data by damaging, deleting, altering, obstructing and interrupting it. The penalty is a fine of not less than ten million Tanzanian Shillings, or three times the value of undue advantage received by the offender, whichever is greater, or to imprisonment for a term of not less than three years.
Further, the Cybercrimes Act prohibits operators and other service providers from monitoring activities or data being transmitted in their systems. However, they are also shielded from being held liable for illegal activity that takes place within their networks or systems through the actions of third parties.
The Electronic Transactions Act gives legal recognition to the use of electronic transactions to do business. It has also allowed for the Government to interact with its citizens and to offer certain services by electronic means. Although there are no direct and comprehensive provisions on privacy and data protection, there are some provisions which are relevant. One is the requirement that suppliers of goods and services by electronic means must disclose all information pertaining to themselves and their businesses, and the goods or services they are offering. Before placing an order, the consumer must be allowed to review the transaction and have the discretion to withdraw from it. Further, suppliers are prohibited from interfering with an individual’s privacy. They are also prohibited from sending unsolicited commercial communications unless the consumer consents to this. As such, it is a requirement under this Act that the sender must from the outset disclose his identify and the purpose of the communication, and the consumer should be given the option to opt out of the communication. The consent requirement is deemed to have been met where the contact details of the addressee and other personal information were collected in the following settings:
by the originator of the message in the course of a sale or negotiations for a sale; when the originator only sends promotional messages relating to its similar products and services to the addressee; the originator offered the addressee the opportunity to opt-out and the addressee declined; and an opportunity to opt-out is provided by the originator to the addressee with every subsequent message.
Violation of these requirements is an offence punishable by a fine of not less than ten million Tanzanian Shillings or to imprisonment for not less than one year or to both fine and imprisonment.
The disclosure of data for the purposes of a criminal investigation or the prosecution of an offence is dealt with in Section 32 of the Cybercrimes Act. In such instances, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him or her to disclose it. It may happen, however, that there is resistance from the party holding data of evidential value. Similarly, it may be impossible to obtain the data without the use of force. In these circumstances, the law enforcement officer may apply to court for an order of disclosure or preservation.
Section 22 of the Cybercrimes Act makes it an offence to intentionally and unlawfully prevent the execution of an order under the Act, as well as to fail to comply with such an order. On conviction, the penalty is a fine of not less than three million Tanzanian Shillings or imprisonment for not less than one year, or both fine and imprisonment. This power was recently invoked against the directors of JamiiForums blog, an online forum where people engage in discussions on a wide variety of issues, including politics, while remaining anonymous. The JamiiForums directors were arrested and charged with an offence under section 22(2) for obstructing investigations after failing to comply with an order from a Zonal Crimes Officer to disclose information about offensive material used on the blog.
Then there are the interception provisions under the Postal and Electronic Communications (Investigation) Regulations. In terms of these Regulations, law enforcement officers have a mandate to obtain access to and intercept personal communication. Rule 5 of these Regulations provides that the interception may be done by the Director-General of Tanzanian Intelligence and Security Service, or the Director of Criminal Investigations, upon obtaining a warrant from the Inspector General of Police. This warrant will serve as a disclosure order against any person with access to encrypted or protected information.
Apart from these two officials, any other person is allowed to intercept communication under Rule 5 of the Investigation Regulations under the following circumstances: if the person is a party to the communications; has the consent of the person who is sending it; is the person to whom the communication is sent; is authorised by law; or is a bona fide interception of communications for purposes of provision, installation, maintenance or repair of the communications service.
The lack of a comprehensive statute has left many gaps in respect of privacy and data protection. For example, among the laws discussed in this article, there is no express provision on data ownership and whether individuals whose information has been released have any power over it once it is under the control of third parties. There is also no provision relating to whether data can be transferred to a destination outside Tanzania with or without consent of the subjects. Neither is it clear if an individual has the right to demand their personal information be deleted from the records of the parties who collected it, even if this was for legitimate reasons.
Then there is the fact that the legal provisions are embodied in separate instruments, resulting in discrepancies, especially in relation to punishments. Under the Cybercrimes Act, an offence of interception of a private communication is punishable by a fine of 10 million Tanzanian Shillings, or to imprisonment for a term of three years, while under the Investigation Regulations of 2017, the punishment for the same offence is a fine of 5 million Shillings, or imprisonment for one year. Under the Cybercrimes Act, an order of disclosure of information can be made by a police officer in charge of a police station, while under the Investigation Regulations of 2017, an order of disclosure of protected information must be made by the Inspector General of Police.
What is clear is that there is a need for a comprehensive statute on privacy and data protection. It is hoped that the Tanzanian Government can expedite the ongoing efforts at preparing the much-anticipated Bill on data privacy and protection.
If you have questions or comments about this Privacy Policy, please contact us at:
COMPANY : LEOLEO AFRICA
STREET : MWANJELWA COMPLEX MARKET, ROOM 392
MBEYA CITY, TANZANIA
MOBILE : +255778529045
EMAIL : sandctechnology22@gmail.com or info@sandc.co.tz