Your privacy matters to us. This policy explains how we collect, use, and protect your personal information.
This Privacy Policy is drafted in compliance with the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe, the Statutory Instrument 155 of 2024 (Cyber and Data Protection (Licensing of Data Controllers and Appointment of Data Protection Officers) Regulations), and the Constitution of Zimbabwe, Article 57 (Right to Privacy). ToraShaout (Pvt) Ltd is registered as a Data Controller with the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ).
Welcome to ToraShaout. We are a celebrity video marketplace platform that connects fans with their favourite celebrities through personalised video content. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform, mobile applications, and related services.
ToraShaout (Pvt) Ltd ("ToraShaout", "we", "us", "our"), a subsidiary of StatoTech, is the Data Controller responsible for your personal information. We are committed to protecting your privacy and ensuring that your personal data is processed in accordance with Zimbabwean law and international best practices.
| Data Controller | ToraShaout (Pvt) Ltd |
| Parent Company | StatoTech |
| Registered Address | 7514 Kuwadzana3, Harare, Zimbabwe |
| info@torashout.com | |
| Data Protection Officer | To Be Appointed |
| DPO Email | dpo@torashout.com |
| POTRAZ Registration No. | To Be Assigned |
As defined under the Cyber and Data Protection Act [Chapter 12:07]:
In accordance with the principle of data minimisation, we only collect personal information that is adequate, relevant, and necessary for our stated purposes.
We may process the following categories of sensitive personal information with your explicit consent:
Under the Cyber and Data Protection Act, we process your personal information based on the following lawful grounds:
| Legal Basis | Purpose Examples |
|---|---|
| Consent | Marketing communications, non-essential cookies, processing of sensitive data |
| Contractual Necessity | Account creation, providing our services, processing transactions |
| Legal Obligation | Tax records, responding to lawful government requests, fraud prevention |
| Legitimate Interests | Platform security, analytics, fraud detection, service improvement |
In compliance with the principle of purpose limitation, we collect personal information for specific, explicit, and legitimate purposes:
Under Section 14 of the Cyber and Data Protection Act, you have the following rights regarding your personal information:
You have the right to know how your personal information is collected, used, and shared.
You may request a copy of the personal information we hold about you.
You may request correction of inaccurate or incomplete personal information.
You may request deletion of your personal information in certain circumstances.
You may object to processing of your personal information, including for direct marketing.
You may request that we limit how we use your personal information.
You may request to receive your personal information in a structured, commonly used format.
Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact our Data Protection Officer. We will respond to your request within 30 days of receipt. There is no fee for exercising your rights, except where requests are manifestly unfounded or excessive.
ToraShaout takes the protection of children's personal information seriously, in compliance with the special provisions for children under the Cyber and Data Protection Act:
We may share your personal information with the following categories of recipients:
Third-party service providers who assist us in operating our platform, including payment processors, cloud hosting providers, analytics services, and customer support tools. All service providers are contractually bound to protect your data and process it only on our instructions.
We may disclose personal information when required by law, court order, or government request, including to POTRAZ and other regulatory authorities.
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred. We will notify you of any such change and your choices regarding your information.
We may share your information with third parties when you have given explicit consent to do so.
In accordance with Sections 28-29 of the Cyber and Data Protection Act, we ensure adequate protection when transferring personal information outside Zimbabwe:
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration:
In the event of a personal data breach, we will comply with the notification requirements under SI 155 of 2024:
| Notification | Timeframe | Details |
|---|---|---|
| POTRAZ | Within 24 hours | We will report the breach to the Data Protection Authority (POTRAZ) within 24 hours of becoming aware of it. |
| Affected Data Subjects | Within 72 hours | If the breach poses a high risk to your rights and freedoms, we will notify you within 72 hours with details of the breach and steps you can take. |
Where we use automated processing to make decisions that significantly affect your rights, we will:
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the principle of storage limitation:
| Data Category | Retention Period |
|---|---|
| Account Information | Duration of account + 2 years after closure |
| Transaction Records | 7 years (legal/tax requirements) |
| Customer Support Communications | 3 years from resolution |
| Marketing Preferences | Until consent withdrawn |
| Video Content (Celebrities) | Duration of agreement + 1 year |
| Analytics Data | 2 years (anonymised thereafter) |
| Security Logs | 1 year |
After the retention period expires, we will securely delete or anonymise your personal information unless retention is required by law.
We use cookies and similar technologies to enhance your experience. For detailed information, please refer to our separate Cookie Policy. You may manage your cookie preferences through your browser settings or our cookie consent tool.
We will only send you marketing communications with your explicit opt-in consent. You have the right to object to direct marketing at any time by:
Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
Your continued use of our platform after such changes constitutes acceptance of the updated policy.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
Block A, Emerald Business Park
30 The Chase (West), Emerald Hill, Harare
Phone: +263 (4) 333311
Website: www.potraz.gov.zw
We encourage you to contact us first so we can try to resolve your concerns directly.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
ToraShaout (Pvt) Ltd
By using ToraShaout, you acknowledge that you have read, understood, and agree to this Privacy Policy.
Document Version: 1.0 | Effective: 17 January 2026