1. Introduction
Healthguard International Limited is committed to protecting the privacy and personal data of its clients, employees, and partners. This policy outlines how we collect, use, store, and protect personal data in accordance with: • The Data Protection Act 2017 of the Republic of Mauritius. • The EU General Data Protection Regulation (GDPR), • The Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe, regulated by POTRAZ,

2. Data Collection and Use

We collect personal data only for specific, explicit, and legitimate purposes. This may include: • Identification and contact details • Health and medical information • Employment and financial records • Communication and correspondence Data is processed lawfully, fairly, and transparently, and only to the extent necessary for the intended purpose.

3. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds: • Consent of the data subject • Performance of a contract • Compliance with legal obligations• Protection of vital interests • Legitimate interests pursued by Healthguard International Limited

4. Data Subject Rights

Individuals have the right to: • Access their personal data • Request correction or deletion • Object to processing • Withdraw consent at any time • Lodge complaints with relevant supervisory authorities

5. Data Sharing and Transfers

We do not share personal data with third parties unless: • Required by law • Necessary for service delivery under contractual obligations • Consent has been obtained Cross-border data transfers are conducted in compliance with GDPR adequacy decisions and local laws, ensuring appropriate safeguards are in place.

6. Data Security

We implement technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. These include: • Encryption and secure storage • Access controls • Regular audits and staff training

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

8. Contact Information

For questions or concerns regarding this policy or your personal data, please contact: Anesu Maruta Compliance and Data Protection Officer Cimas Health Group (Private) Limited c/o Healthguard International Limited Second Floor, The Axis, 26 Bank Street, Cybercity, Ebene, 72201, Mauritius Email: amaruta@cimas.co.zw Phone: +263 8677 400 500 ext: 2330