Quickfive | Private Policy

Privacy Policy

Introduction

Quickfive Retail Stores Limited (“Quickfive”) acknowledges and supports consumer rights and the right to privacy. Accordingly, our customers’ privacy and trust are extremely important to us. We will ensure that personal information (“information”) is collected and handled fairly, transparently and lawfully in alignment with the Data Protection Act, 2021 (“DPA”).

It is important that you read this Policy carefully before submitting any information to Quickfive. By submitting any information to Quickfive, you provide consent to the processing of your personal information as set out in this Policy.

The provisions of this Policy are subject to mandatory provisions of applicable laws.

Please do not submit any information to Quickfive if you do not agree to any of the provisions of this Policy. If you do not consent to the provisions of this Policy, or parts of the Policy, Quickfive may not be able to provide certain products and services to you.

We respect privacy, we promise:

To implement reasonable computer (logical), physical and procedural (process) safeguards to protect the security and confidentiality of the information we collect.
To limit the information collected to the minimum required to provide a better service or product, or meet our other goals.
To permit only properly trained and registered data controllers and processors to access information.
Not to disclose your information to external parties unless we are required or permitted by law to do so.

Purpose

Quickfive offers a wide range of products and services, including, but not limited to, in-store services, digital offerings, a loyalty programme, and additional services. This Policy explains how we use the information we collect from you when you use our products or services. Furthermore, by using our products or services or providing information to us, you agree to the information being processed as set out in this Policy. This Policy also:

Outlines the types of information we collect.
Explains how and why we collect and use your information.
Explains whom we share your information with.
Explains the rights and choices you have when it comes to your information; and
Explains how to contact us or the relevant authorities.

Some parts of our business might need to collect and use personal information to provide you with a product or service. In most cases, that part of our business will refer to this Policy. The Quickfive website or mobile app may include links to websites operated by other entities that have their own privacy policies. Please ensure you read their terms and conditions and privacy policies carefully before sharing any personal information on other websites, as we do not accept any responsibility or liability for other organisations. We provide these links simply for your convenience. We have no control over, do not review, and are not responsible for third-party sites, their content, or any goods or services offered through these sites.

Scope

In this Statement, “Quickfive”, “us”, “our” or “we” refers to Quickfive Retail Stores Limited that operates in the Republic of Zambia.

Legislation and Regulations

This Statement is subject to the laws of the Republic of Zambia, in particular the Data Protection Act, 2021 and the Competition and Consumer Protection Act, 2010 (“CCPA”), as well as other relevant data protection legislation. Any dispute arising will, to the extent permitted by law, first be attempted to be settled internally and if this is not possible, be referred to arbitration in Lusaka at a venue to be determined by us.

Roles and Responsibilities

Based on the Data Protection Act, the following role players are relevant to this Policy:

a. Data Protection Commission of Zambia (DPC)

The authority responsible for ensuring the protection of personal data and promoting the rights of individuals in Zambia through;

Data Protection Enforcement: To ensure the effective enforcement of data protection laws in Zambia, safeguarding the privacy rights of individuals

Compliance Oversight: To monitor and regulate organisations’ compliance with data protection regulations, and promote responsible data handling practices.
Public Education: To educate individuals and organisations about data protection rights and responsibilities, fostering a culture of privacy awareness.
Data Security: To promote the adoption of robust data security measures to prevent data breaches and cyberattacks.
International Cooperation: To collaborate with international data protection authorities to facilitate cross-border data transfers and ensure global data protection standards are upheld.

In the context of this Policy, the Office of the Data Protection Commissioner is tasked with regulating and enforcing the Data Protection Act fairly, transparently and lawfully.

b. Data Controller

This is Quickfive, the registered entity with the Data Protection Commission of Zambia, in line with the Data Protection Act. We, the Data Controller, are responsible for requesting or collecting, collating, processing, storing, and using personal data from or in respect of a data subject. In line with the DPA, we determine the purpose of and means for processing personal information, are responsible for protecting (safeguarding) the information of the data subject, and are also responsible for ensuring that anyone delegated to handle data complies with the Act.

c. Data Processor

An individual or entity registered with the Data Protection Commission of Zambia, in line with the Data Protection Act and has been delegated to process data for and on behalf of and under the instruction of Quickfive. The Data Processor may process (collect, receive, record, collate, store, anonymise, retrieve, alter, use, distribute, erase or delete) information for Quickfive in terms of a contractual agreement or mandate on behalf of Quickfive.

In the context of this Policy, this refers to either a Quickfive staff member or an outsourced individual or entity.

d. Data Subject

Any natural or juristic person who is identifiable through an identifier such as a name, an ID number, location data, or via factors specific to the person's physical, physiological, genetic, mental, economic, cultural or social identity.

In the context of this Policy, this is the person (“consumer or customer”) whose information is being processed by Quickfive.

Information Collection

To register or make use of Quickfive programs and services, such as our Mbasela Rewards loyalty program, online shopping, etc., you are required to provide us with your personal information, including but not limited to your name, surname, contact information, and other personal details.

You may provide personal information to us either directly or indirectly (through a person acting on your behalf), by completing an application form for our products and services or requesting further information about our products and services, whether in writing, through our website, over the telephone or any other means.

We only collect information that is reasonably necessary for our business functions and activities and related purposes. The type of information we collect and hold will depend on the purpose for which it is collected and used. Where possible, we will inform you what information you are required to provide to us and what information is optional. The information we process is typically to provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for, to manage and improve our day-to-day operations, to manage and improve our loyalty program, website and mobile platforms with the aim of improving your customer experience.

You agree to give accurate and current information about yourself to Quickfive and to maintain and update such information when necessary. To improve the accuracy of our data and get to know our customers better, we may also collect your personal information from a person acting on your behalf, any regulator, or other third party that may hold such information.

Services in Collaboration with Business Partners

Quickfive has various partnerships, and we also provide a range of goods and services. To deliver these goods and services, varying levels of information are required to be processed, including information obtained from or shared with relevant external business partners (local and/or abroad) to verify against, or facilitate the goods or services offered by the business partner. By agreeing to the Quickfive or business partner’s terms and conditions, you allow us to share relevant information to facilitate the product or service being rendered to you.

Note that, for some of our products, we may require you to provide additional information directly to a business partner of ours. In such instances, Quickfive processes this information on the business partner’s behalf, and as such, the relevant business partner remains responsible for protecting this information, not Quickfive. When signing up with one of our business partners, it is important for you to recognise that you are establishing a direct, binding relationship with such a partner under their terms & conditions and related privacy policies and that they would be the responsible party under the DPA.

Persons under 18 years

Quickfive will not knowingly collect any information of persons (minors) under the age of 18 years. Our website, mobile app, products, and services are all directed to people who are 18 years old and above.

If you are under the age of 18 years, you must not provide any information to Quickfive without the consent of your parent or guardian. If you become aware that a “child” has provided their personal information without parental consent, please get in touch with us immediately. If we become aware that a child has provided us with personal information without parental consent, we will take steps to remove the data and cancel the child's account.

Your Account

When signing up for certain Quickfive services, such as the Mbasela Rewards program or online shopping, you are required to create a user account. You agree that you will provide accurate information to us and keep it updated, and that you will not create a false identity or an account for anyone other than yourself. It is your responsibility to safeguard your account details, such as username and password. This includes using a strong password and not intentionally or unintentionally divulging it to anyone else. In the event of someone else using your username and password to make changes to your account or transact on your behalf, you will be held responsible for the changes and the outcome thereof.

If you suspect misuse or compromise, please report it to our Customer Care Line on 0963 417083 or via our website ‘contact us’ form as soon as possible.

A cookie is a piece of information that is deposited in your computer’s hard drive by your web browser when you use our computer server. Most web browsers accept cookies automatically, but you can alter your settings to prevent automatic acceptance. This information might be about you, your preferences or your device and is mainly used to make the site functions as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience. If you choose not to accept cookies, this may disable some features of our website. Our website also uses push notifications. For further information, please see our Cookies Policy.

Embedded Scripts

An embedded script is a piece of programming code designed to collect information about your interactions with the Quickfive website or mobile app. The code is temporarily downloaded to your device from our web server or a third-party service provider, remains active only while you are connected to our website, and is deactivated or deleted thereafter.

Mobile Device Identifiers

Certain mobile service providers uniquely identify mobile devices. Quickfive or our third-party service providers may receive such device information if you access our website or mobile app through your mobile device when allowing cookies or push notifications. For further information, please see our Mobile Application Policy and Cookies Policy.

Closed-Circuit Television (CCTV)

Closed-Circuit Television (CCTV) images are processed, monitored, and recorded for the purposes of crime prevention and detection, as well as public safety, in our stores. For further information, please see our CCTV Policy.

Cross-border Data Transfer

Quickfive may need to transfer a data subject's information to service providers in countries outside Zambia, and these countries may not have data protection laws that are similar to those of Zambia. Where this is done, Quickfive do so under applicable laws.

Purpose and Use of Information

Quickfive uses your information for the purposes for which it was collected or agreed with you to facilitate the provision of our products and services to you, and for purposes which are within reasonable expectations and are permitted by law.

Examples of information collected from you or other sources and processed by Quickfive are detailed below (which is not an exhaustive list) and linked to the purpose thereof.

Unique Identifiers, ID Number or Date of Birth

We collect unique identifiers, such as your name, surname, ID number, or date of birth, to identify you in our database. This allows us to validate your identity when you update your profile details or resolve queries related to your Mbasela Rewards card, transactions, or points. We also use this to inform segmentation analytics, providing benefits such as targeted birthday, pensioner, or other life stage-relevant offers.

Contact Information

To facilitate essential support, communications, as well as better customise our offering to you, including:
In support of facilitating required activities for services and programs you have chosen to participate in, i.e., OTPs, invoices, statements, deliveries, etc.;
Send information regarding services and programs via direct marketing, i.e. new benefits, clubs or partners, as well as inform you of promotions or deals;
Process the delivery or return of products from or to our stores;
Send or serve you targeted advertising across social media, other digital media platforms and physical post;
Contact you where you may have won a competition or a draw that you have entered;
Request your feedback and opinion in the form of surveys, opinion polls or focus groups, should you wish to participate.
Contact you regarding Customer Care feedback, customer complaints, or any other feedback you wish to provide, provided you have agreed to our contacting you.
Employment applications and related correspondence.

Any additional information relating to you that you provide to us directly through the website, mobile app, in-store or indirectly through use thereof, offline or online, through our representatives or otherwise.

About your Computer

Collect statistical data such as IP address, operating system and browser type, including browser actions and patterns, to present content most effectively.
Inform segmentation or analysis based on your transaction history for use by our internal commercial team and business partners to serve relevant content or offers.
- We may do this for the use and disclosure of the de-identified or pseudonymised information to determine preferences and shopping patterns.
- We may also disclose detailed information with our business partners to assist them in marketing products and services as governed by this Policy and the related service’s specific terms & conditions, as well as the business partner’s Privacy Policy, Notice or Policy.
Share information with third parties as an outsourced function, with the purpose of communicating to you and/or facilitating (operating) the subscribed service(s).

We may also use your information for the following reasons:

Complying with statutory and regulatory requirements in respect of the storage and maintenance of documents and information;
Providing customer service and assessing customer complaints;
Detecting and preventing fraud and money laundering in the interest of security and crime prevention.
Assisting in law enforcement, fraud investigations, anti-money laundering and counter-terrorist financing initiatives;
Providing you with the services, products or offerings you have requested, and notifying you about important changes to these services, products or offerings;
Managing your account or relationship and complying with your instructions or requests;
Operational, marketing, auditing, legal and record-keeping requirements;
Recording and/or monitoring your telephone calls and electronic communications to/with Quickfive in order to accurately carry out your instructions and requests, to use as evidence and in the interests of crime prevention;
Conducting market research and providing you with information about Quickfive’s products or services from time to time via email, telephone or other means (for example, events);
Where you have unsubscribed from certain direct marketing communications, ensuring that we do not send such direct marketing to you again;
Disclosing your personal information to third parties like manufacturers, promotion sponsors and Brand owners (in which case we will have agreements in place to secure the confidentiality of your personal information) for reasons set out in this Policy or where it is not unlawful to do so;
Monitoring, keeping record of and having access to all forms of correspondence or communications received by or sent from Quickfive or any of its employees, agents or contractors, including monitoring, recording and using as evidence all telephone communications between you and Quickfive;
Improving or evaluating the effectiveness of Quickfive’s business or products, services or offerings;
Conducting internal investigations; and
Prevention and control of any disease.

Direct Marketing and Opting Out

If you are an existing customer, we may communicate with you based on the preferences you selected regarding the products or services you have signed up for. This could include reaching out via telephone, email, WhatsApp (or other cross-platform messaging services), social media and other channels about products or services that may interest you. If you are not considered to be a customer, we will obtain your consent to opt-in to direct marketing.

You may opt out (free of charge) from receiving future promotional information or direct marketing from Quickfive by either unsubscribing to the specific communications you receive by email or WhatsApp (or other cross-platform messaging service) or by accessing the communication preferences portal or contacting the Customer Care Line on 0963 417083.

Retention and Destruction of Information

Information that Quickfive collects is kept in a form which permits your identification for no longer than is necessary to honour your choices, to fulfil the purposes for which it was collected and processed in each specific case, and in any case not longer than as specified by the relevant applicable laws, unless we have your consent to process it indefinitely.

Quickfive will retain your information after you have closed your account, where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our agreement, or fulfil your request to “unsubscribe” from further messages from us.

We may retain de-identified, anonymised or pseudonymised information after your account has been closed using techniques that do not permit your re-identification. If none of the aforementioned scenarios are required, Quickfive will permanently delete (electronic) and shred (paper) after the purpose of collecting the information has expired.

Information Preservation and Protection

Quickfive will take reasonable steps to protect the information we collect, hold, and process from misuse, loss, and unauthorised access, modification, or disclosure. We store information both at our premises and with the assistance of our service providers.

This is based on our information security principles. This sets out Quickfive’s objectives and general approach to information security, which aims to protect Quickfive’s business information and safeguard any personally identifiable information within our custody.

Because no data transmission over the internet is entirely secure, and no ICT system of physical or electronic security is completely impenetrable, we cannot guarantee the security of the information you send to us or the security of our servers or databases. That said, we do take every reasonable step within our control to protect your information and maintain its accuracy. The quality of information means that the data we use must be appropriate, complete, and reliable. The higher the data quality we maintain, the better service we can provide.

Information Disclosure

Notwithstanding anything to the contrary in this Policy, Quickfive reserve the right to disclose any information about you if we are required to do so by law, and if we believe that such action is necessary to: (a) fulfil a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our website, or other users; or (d) in an emergency to protect the health and safety of our website’s users or the general public.

Authorised Quickfive employees or processing parties will have access to some or all of your information. We may also disclose your information to business partners. Our information security principles and associated practices govern the sharing of such data.

We utilise service providers to deliver our services and maintain our systems, including, but not limited to, maintenance, security, analysis, audit, payments, customer service, marketing, and system development. These parties will have access to your information as reasonably necessary to perform these tasks on our behalf. Where we contract with service providers, and wherever possible, we impose contractual obligations on them to ensure that your information is handled and secured in accordance with the law and industry best practices.

Some of our service providers may be located in other countries that may not have the same levels of protection of information as Zambia. Wherever possible, we try only to use service providers that are located in countries with similar or more stringent levels of protection of information than in Zambia. Alternatively, we require that service providers in less stringently regulated countries undertake to protect the information of our customers to the same level that we do through contractual agreements.

Unless you have explicitly consented to this, we will never sell your personal information.

Your Right to Access Information

Depending on which product or service you (as the Data Subject) have signed up for, you can update some of your information via your setup account. Alternatively, your information can be updated via our Customer Care Line.

You have the right:

Free of charge, to confirm with us whether we hold any information about you
To request the record of information held by us
To request a description of the information held by us, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information
To update and correct any out-of-date or incorrect information we hold about you
Destroy or delete a record of information about you that we are no longer authorised to retain
Update your communication preferences and/or unsubscribe from communications we may send you.

Before we provide you with access to your information, we may require proof of identity. We may require up to 14 (fourteen) days to respond to any requests for information. We may refuse to disclose some information per the DPA.

If you require Quickfive to delete all the information that we have about you, please also contact our Customer Care Line. Please note that you will likely need to terminate all agreements with us, including but not limited to Mbasela Rewards membership and online or mobile app shopping, as we cannot maintain our relationship without some of your information. We may also refuse to delete some of your information if we are required by law to retain it or if we need it to protect our rights.

Information Breach Notification

A security compromise or information breach can be described as a threat to the Confidentiality, Integrity, Availability or Privacy of ICT systems or information. Such incidents are governed by the Quickfive Security Incident Response process, which allows us to deal with the compromise/breach and/or loss efficiently and effectively. One of the key pillars of this process is keeping all impacted stakeholders informed and updated.

When there are reasonable grounds to believe that your information has been accessed, altered, deleted, or acquired by an unauthorised person, we will notify the DPC and you, where your identity can be established. This notification will be carried out per the provisions of the DPA and as soon as reasonably possible after discovering the breach, taking into account the legitimate needs of law enforcement or any reasonably necessary measures to determine the extent of the breach and restore the integrity of our systems.

Amendment of this Policy

We may amend this Policy from time to time for any of the following reasons:

To provide for the introduction of new systems, methods of operation, services, products, property offerings or facilities;
To comply with changes to any legal or regulatory requirement;
To ensure that this Policy is more transparent and more favourable to you;
To rectify any mistake that may be discovered from time to time, or for any other reason which Quickfive, in its sole discretion, may deem reasonable or necessary.

Any such amendment will come into effect and become part of any agreement you have with Quickfive when the Policy is given to you of the change by publication on our website. It is your responsibility to check the website often.

If you believe we have used your information unlawfully, have questions about this Privacy Policy, or wish to exercise your rights regarding access to, correction, or deletion of your data, please get in touch with us directly to raise your complaints, concerns or queries via our Customer Care Line. We will guide you through the process and aim to resolve your query promptly and professionally through our internal subject matter experts.

Quickfive Data Protection Officer

Address: Regus Business Centre, 9th Floor, Sunshare Tower, Stand No.LN-15584, 1 Katima Mulilo Road, Lusaka, Zambia
Tel: +260 963 417083
Email: compliance@quickfive.co.zm

Data Protection Commissioner of Zambia

If you're dissatisfied with this process or our response, you can file a complaint with the Data Protection Commissioner of Zambia.

Office of the Data Protection Commissioner

Address: Maxwell House, Los Angeles Boulevard,
P.O. Box 50464, Lusaka, Zambia.
Email: info@dataprotection.gov.zm
Website: https://www.dataprotection.gov.zm/

Privacy Policy

Back