PRIVACY NOTICE – CIMAS HEALTH SYNC APP 

EFFECTIVE DATE: DECEMBER 1, 2025 

INTRODUCTION 

Welcome to the Cimas Health Sync App, a service provided by the Cimas Health Group. This privacy notice explains how we collect, use, and share your personal and health information when you use our mobile application. We are committed to protecting your privacy and ensuring the security of your sensitive data. 

ABOUT THIS PRIVACY NOTICE 

This notice applies to your use of the Cimas Health Sync App. By using the App, you consent to the processing of your information as described in this notice. We may update this policy from time to time, and your continued use of the App after any changes constitutes acceptance of the new terms. 

WHO WE ARE 

Data Controller:   Cimas Health Group (Private) Limited 

Address:  East Block, Borrowdale Office Park, Borrowdale Road, Borrowdale, Harare, Zimbabwe 

Email:  connect@cimas.co.zw 

Data Protection Officer: Anesu R Maruta – Ndlovu – amaruta@cimas.co.zw  

WHAT PERSONAL INFORMATION WE COLLECT 

• In general, we collect information that you provide directly to us, information generated through your use of the App, and, in some cases, information from third parties, such as your healthcare providers. 

Information you provide:  

• Identification and Registration Information 
• Cimas membership number,  
• Full name,  
• Phone number,  
• Email address – used to create and verify your account. 
• Health Information 
• Information related to your health and wellness, including data from linked health platforms, to help you track your progress. 
• Any information you provide when submitting claims, requesting authorisations, or engaging with customer support. This is best described as user content, 

Information collected automatically 

• We collect information about your device, such as the model, operating system, and how and when you use the app. This is used to improve performance, troubleshoot issues, and enhance your user experience. 
• With your consent, we may collect your location to help you find nearby Cimas network practitioners, such as doctors, dentists, and pediatricians. 

HOW WE USE YOUR PERSONAL INFORMATION 

• We use your information to provide a service and improve the Cimas Health Sync App. Furthermore, to comply with our legal obligations. 

In providing services we, 

• Verify your identity for secure access to your account. 
• Allow you to view your membership status, benefits, and authorizations. 
• Enable the submission and tracking of claims. 
• Provide virtual medical aid assistance and connect you to Cimas resources. 

To improve the App we, 

• Analyze usage patterns to enhance app functionality and user experience. 
• Monitor app performance and troubleshoot technical issues. 

To communicate with you we will, 

• Send you notifications related to your claims, appointments, and policy. 
• Respond to your inquiries and support requests. 

To ensure compliance and security we, 

• Comply with regulatory requirements under the Cyber and Data Protection Act. In addition, we have compliance and reporting through breach notification, registration and licensing, ensuring consent and transparency, and audits and transparency.  
• Implement technical security measures as more specifically detailed in item 9 below. 
• Implement organizational security measures as we carry out staff training, record keeping and are accountable in terms of data protection  

HOW WE SHARE YOUR INFORMATION 

We do not sell your personal or health information but may share it with healthcare providers and Cimas partners for processing claims, obtaining authorization for treatment, and coordinating care amongst other things. Aggregated, non-personally identifiable data may be shared for analytics and service improvement. We may also disclose information to comply with legal obligations or to protect our rights. A Data processing agreement will be concluded to safeguard this information transfer. 

YOUR RIGHTS AND CHOICES 

Under Zimbabwe’s Cyber and Data Protection Act, you have rights including the right to be informed, access, rectification of false information, objection to processing, and the right to erasure. You can request data deletion by emailing connect@cimas.co.zw and copying the DPO. 

DATA RETENTION AND DELETION 

We retain data as long as needed to provide services, fulfill purposes in this notice, or meet legal obligations, such as fraud prevention or legal compliance. 

DATA SECURITY 

We employ technical and organizational measures to protect your data, including secure storage, password encryption, access controls, and requiring users to keep login credentials secure. In case of a data breach, we will notify POTRAZ within 24 hours. 

CHILDREN’S PRIVACY 

The App is not for children under 18 without parental consent, as required by the Cyber and Data Protection Act for processing a child’s data. 

CONTACT US 

For questions or privacy concerns, contact our Data Protection Officer or support team via email at connect@cimas.co.zw, phone at 0867450, or postal address at Cimas Health Group, East block, Borrowdale Office Park, Borrowdale, Harare, Zimbabwe.