Legal

Privacy & Cookie Policy

Last updated: 1 June 2026

1. Who We Are

Zanzibar Women Football Club ("ZWFC", "we", "us") is a women's football club registered in Zanzibar, Tanzania. Our website is zwfc.tz. For any privacy-related queries, contact us at karibu@zwfc.tz or write to us at Maisara Sports Complex, Zanzibar, Tanzania.

2. Data We Collect

Information you provide directly:
  • Membership accounts: name, email, WhatsApp number, date of birth, city, country, password (hashed)
  • Donations and payments: name, email, phone, payment reference numbers
  • Contact and volunteer forms: name, email, phone, message content
  • Adopt a Player: sponsor name, email, messages to players
  • Mentorship waitlist: full profile including role, experience, motivations
  • Community session requests: organisation name, contact details, location
Information collected automatically:
  • IP address and browser type (server logs)
  • Session data (login status, portal access)
  • Google reCAPTCHA scores (spam prevention — no personal data stored)
  • Payment processing metadata via Pesapal and Oyaah Events

3. How We Use Your Data

  • To provide membership services — create and manage your member account, send your digital membership card, and communicate club updates
  • To process payments — donations, adoptions, memberships, and match tickets via Pesapal through Oyaah Events
  • To communicate with you — respond to enquiries, send confirmation emails, newsletters (if opted in), and important club notices
  • To improve our services — understand how the website is used and what programmes are most valuable
  • To prevent fraud and spam — using reCAPTCHA v3 and server-side rate limiting on all public forms
  • To meet legal obligations — financial record keeping, tax compliance under Tanzanian law

4. Legal Basis for Processing

We process your data under the following legal bases:

Contract — when you become a member or make a payment, we process your data to fulfil that agreement.

Legitimate interests — to operate our club, respond to enquiries, and prevent fraud.

Consent — for newsletters and marketing communications. You may withdraw consent at any time by contacting karibu@zwfc.tz.

Legal obligation — financial records required under Tanzanian tax law.

5. Data Sharing & Third Parties

We share data only where necessary:

Oyaah Events (oyaah.events) — our payment API provider, operated by Zanziholics Digital Agency. Processes payment initiation and routes transactions to Pesapal. Bound by data processing agreement.

Pesapal (pesapal.com) — our payment gateway for M-Pesa, Airtel Money, Visa and Mastercard transactions. Pesapal's own privacy policy applies to payment data.

Google reCAPTCHA — used on all public forms for spam prevention. Google's privacy policy applies.

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

6. Payment & Financial Data

All payment transactions are processed by Pesapal via Oyaah Events. ZWFC does not store full card numbers or mobile money PINs. We record:

  • Transaction reference numbers
  • Gross amount, fee breakdown (Pesapal 3.5%, platform fee 8%, VAT 15%), and net amount received by ZWFC
  • Donor/member name and email associated with the transaction
  • Payment status (pending, completed, failed)
Financial records are retained for a minimum of 7 years in compliance with Tanzanian tax law.

7. Data Retention

  • Member accounts — retained for the duration of membership plus 3 years after cancellation
  • Payment records — retained for 7 years (legal requirement)
  • Contact form messages — retained for 2 years
  • Volunteer applications — retained for 3 years
  • Server logs — retained for 90 days

8. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your data (subject to legal retention obligations)
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, email karibu@zwfc.tz. We will respond within 30 days.

9. Data Security

We implement the following security measures:

  • All passwords are hashed using bcrypt — we cannot see your password
  • All data transmission uses HTTPS/TLS encryption
  • Database access is restricted to authorised server processes only
  • Admin panel protected by password and IP-based login monitoring
  • reCAPTCHA v3 on all public forms
  • Regular server security updates via CloudZanzibar hosting

10. Cookies

We use the following cookies:

Cookie Type Purpose Duration
PHPSESSID Essential Maintains your login session for the member portal Session
_grecaptcha Security Google reCAPTCHA v3 spam prevention 6 months
rc::a Security Google reCAPTCHA persistent token Persistent

We do not use advertising cookies, tracking pixels, or social media cookies. We do not use Google Analytics.

11. Children's Privacy

ZWFC works with young people through our community football programme. We do not knowingly collect personal data from children under 16 without parental consent. Community session requests from schools are handled by the organising adult. If you believe we have inadvertently collected data from a child, please contact us immediately at karibu@zwfc.tz.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Significant changes will be communicated to members by email.

13. Contact & Complaints

For any privacy concerns or to exercise your rights:

Email: karibu@zwfc.tz
Post: Zanzibar Women Football Club, Maisara Sports Complex, Zanzibar, Tanzania
WhatsApp: +255 719 594 445

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in Tanzania.