Generation Health Medical Fund (“the Fund”) is committed to safeguarding the privacy of its members and ensuring the security of personal information in compliance with the Cyber and Data Protection Act [Chapter 12:07]. This Privacy Policy outlines how the Fund collects, uses, shares, and protects your personal data, and your rights in relation to that information.

1. Information We Collect

The Fund may collect the following categories of personal information:

  • Personal Identifiers: Name, national ID number, Passport number, date of birth.
  • Contact Information: Address, phone number, email.
  • Health Information: Medical history, treatment records, current condition.
  • Financial Information: Banking details.
  • Digital Data: IP address, browser type, cookies, usage patterns on our website or mobile apps.
2. How and Where We Collect Information

Information may be collected through:

  • Membership application forms (online or physical).
  • Claims submissions and medical service interactions.
  • Website and mobile app usage.
  • Direct communication (calls, emails, surveys).
  • Third-party service providers and healthcare partners.
3. How We Use Your Information

Your data is used for:

  • Administering member benefits and claims.
  • Communicating updates and health-related information.
  • Ensuring compliance with legal and regulatory obligations.
  • Improving service delivery and user experience.
  • Fraud detection and prevention.
4. Lawful Basis for Processing

We process your personal data based on:

  • Consent: For marketing and optional services.
  • Contractual Necessity: To deliver member services.
  • Legal Obligation: Compliance with statutory requirements.
  • Legitimate Interest: Operational efficiency and fraud prevention.
5. Sharing Information with Third Parties

We may share your data with:

  • Accredited healthcare providers and administrators.
  • Regulatory authorities and auditors.
  • IT and data processing service providers.
  • Legal and professional advisors.

All third parties are bound by confidentiality and data protection agreements that meet the standards of the Cyber and Data Protection Act.

6. Data Retention

Retention periods for members’ personal data vary per category as follows:

Data Category

Retention Period

Personal Identifiers

Duration of membership + 7 years post-termination

Health Records

As required by medical and legal standards

Financial Information

Minimum of 7 years for audit and compliance

Digital Data (Cookies)

Up to 2 years or as per browser settings
7. Security Measures

We employ robust security protocols to protect members’ personal information, including:

  • End-to-end encryption.
  • Secure servers and restricted access controls.
  • Regular cybersecurity audits and threat monitoring.
  • Staff training on data protection and privacy.
8. Use of Cookies

The Fund uses cookies and other tracking technologies on its digital platforms. Cookies help us to:

  • Track website usage and improve functionality.
  • Personalize user experience.
  • Maintain secure sessions during login.

Members can manage cookie preferences via their browser settings.

9. International Data Transfers

Where data is transferred outside Zimbabwe, we ensure the following is in place:

  • Use of standard contractual clauses.
  • Transfers only to jurisdictions with adequate data protection laws.
  • Secure intra-group data sharing agreements.
10. Your Rights

Under the Cyber and Data Protection Act, you have the right to:

  • Access and request copies of your data.
  • Correct inaccurate or incomplete information.
  • Request deletion (subject to legal retention limits).
  • Object to certain types of processing.
  • Withdraw consent at any time.
  • Lodge complaints with the Data Protection Authority.
  • Be informed about automated decision-making.
11. Privacy Policy Updates

The Fund may update this policy periodically to reflect changes in its practices or regulatory requirements. The latest version will always be available on our website.

12. Contact Us

For inquiries, complaints, or to exercise your rights, please contact:

Data Protection Officer
Generation Health Medical Fund
25 Sydney Malunga (formerly Argyle) Road
Avondale, Harare, Zimbabwe
Tel: (+263) 242 250 627 / (+263) 242 250 680
Email: andaramira@genhealth.co.zw ; aremwa@genhealth.co.zw