Privacy Policy

1. Introduction

TWOFOUR DIMEWELL LIMITED ("we", "our", or "us") operates the DimeWell loan processing platform ("the Platform"). We are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform. It also describes your rights regarding your personal data under the Data Protection Act of Zambia and other applicable laws.

This policy applies to all users of the Platform, including loan applicants, registered users, and visitors to our public website at dimewell.com.

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

• Identity Information: Full name, National Registration Card (NRC) number, date of birth, and gender.
• Contact Information: Phone number, email address, and residential address.
• Employment Information: Employer name, department, payroll number, job title, employment start date, and gross/net salary as shown on your payslip.
• Financial Information: Bank account details, mobile money wallet number, bank statements (for private sector applicants), and credit history.
• Supporting Documents: Payslips, employment letters, NRC copies, school invoices, medical quotations, equipment quotations, institution offer letters, proof of property ownership, and bank statements.
• Communication Data: Messages sent through our contact form, emails, and phone communications with our support team.

2.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system, and screen resolution.
• Usage Data: Pages visited, time spent on pages, links clicked, form interactions, and application progress.
• Session Data: Login timestamps, session duration, and authentication events.

2.3 Information from Third Parties

• Employer Verification: Information confirmed by your employer during the verification process.
• Credit Reference: Where available, information from credit data sharing bureaus in Zambia.

3. How We Use Your Information

We use your personal information for the following purposes:

• Account Creation & Management: To register you on the Platform, verify your identity, and manage your user account.
• Loan Processing: To assess your eligibility, verify your employment, calculate affordability, process your application, and make lending decisions.
• Disbursement: To transfer approved loan funds to your designated bank account or mobile money wallet.
• Repayment Management: To generate repayment schedules, track payments, manage arrears, and issue statements.
• Communication: To send you application status updates, document requests, approval/rejection notifications, repayment reminders, and account-related messages via SMS and email.
• Customer Support: To respond to your inquiries, complaints, and support requests.
• Legal & Regulatory Compliance: To comply with Bank of Zambia requirements, anti-money laundering regulations, and other applicable laws.
• Platform Improvement: To analyse usage patterns, improve our services, and enhance user experience.
• Security & Fraud Prevention: To detect, prevent, and investigate fraudulent activity, unauthorised access, and misuse of the Platform.
• Audit & Record-Keeping: To maintain accurate records of all platform activity for compliance and operational purposes.

We process your personal information based on one or more of the following legal grounds: your consent (given at registration), the performance of a contract (processing your loan application), legal obligations (regulatory compliance), and our legitimate interests (fraud prevention, platform security, and service improvement).

4. Data Storage & Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

• Encryption: All documents uploaded to the Platform are encrypted at rest using AES-256 encryption on secure cloud storage (AWS S3). Data in transit is protected by HTTPS/TLS encryption.
• Access Controls: Role-based access controls ensure that only authorised personnel can view your information. Document access is logged in our audit trail — we record who viewed what document and when.
• Secure Infrastructure: Our platform is hosted on Amazon Web Services (AWS) with industry-standard physical and network security controls.
• Authentication: Multi-factor authentication (OTP via SMS) is required for account registration and sensitive actions. Strong password policies are enforced.
• Session Security: Sessions automatically expire after 30 minutes of inactivity. CSRF tokens protect against cross-site request forgery attacks.
• Regular Monitoring: We monitor the Platform for security incidents and maintain an audit log of all significant actions.
• Data Backups: Daily encrypted database backups are stored securely and retained for 30 days.

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we commit to notifying you promptly in the event of a data breach that affects your personal information, in accordance with applicable law.

5. Data Sharing

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We may share your information only in the following circumstances:

• With Your Employer: To verify your employment status and facilitate salary deduction arrangements for loan repayment. We share only the minimum information necessary — your name, loan reference, and repayment instruction.
• With Financial Institutions: To process bank transfers for loan disbursement. We share only your name, bank account number, and disbursement amount.
• With Mobile Money Providers: To process mobile money disbursements through MTN and Airtel. We share only your name, phone number, and disbursement amount.
• With Regulatory Authorities: To comply with legal obligations, including Bank of Zambia reporting requirements, anti-money laundering regulations, and lawful requests from law enforcement.
• With Service Providers: We engage trusted third-party service providers for:
  • Cloud hosting (AWS)
  • SMS delivery (Africa's Talking)
  • Email delivery (AWS SES / Gmail SMTP)
  These providers are contractually bound to protect your data and use it only for the specific services we engage them to perform.
• With Credit Data Bureaus: In the future, where available, we may share repayment data with Zambia's Credit Data Sharing Bureau in accordance with applicable regulations.
• With Your Consent: We may share your information for other purposes with your explicit consent.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by law.

• Loan Records: Retained for a minimum of 7 years from the date of loan closure, in compliance with Bank of Zambia guidelines for non-bank financial services.
• Account Information: Retained for the duration of your account being active, plus 7 years after account closure if loan records exist.
• Documents: Uploaded documents are retained for the same period as the associated loan records.
• Audit Logs: Retained for a minimum of 7 years for compliance purposes.
• Inactive Accounts: If your account remains inactive (no login, no application) for a period of 5 years and no active loans exist, we may delete your personal information, subject to regulatory retention requirements.

When personal information is no longer required, we securely delete or anonymise it in accordance with our data disposal procedures.

7. Your Rights

Under the Data Protection Act of Zambia and our commitment to transparency, you have the following rights regarding your personal information:

• Right of Access: You may request a copy of the personal information we hold about you. We will provide this within a reasonable timeframe, subject to identity verification.
• Right to Rectification: You may request correction of inaccurate or incomplete personal information. You can update your profile information directly through your dashboard.
• Right to Erasure: You may request deletion of your personal information, subject to legal and regulatory retention requirements (e.g., active loan records must be retained). We will process your request within the bounds of applicable law.
• Right to Restrict Processing: You may request that we limit the processing of your personal information in certain circumstances.
• Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format.
• Right to Object: You may object to the processing of your personal information for direct marketing purposes. We do not currently engage in direct marketing to third parties.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to Complain: If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in Zambia.

To exercise any of these rights, please contact us using the details in Section 10. We will respond to your request within 30 calendar days. We may need to verify your identity before processing your request.

8. Cookies

The DimeWell Platform uses cookies and similar technologies to enhance your experience, analyse usage, and maintain security.

• Essential Cookies: Required for the Platform to function. These include session cookies for authentication, CSRF protection tokens, and security-related cookies. The Platform cannot operate without these.
• Functional Cookies: Remember your preferences, such as language settings and form progress. These improve your user experience.
• Analytics Cookies: Help us understand how users interact with the Platform so we can improve it. These cookies collect anonymous usage data.

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. However, disabling essential cookies may prevent the Platform from functioning correctly.

We do not use cookies for third-party advertising or tracking across other websites.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make changes, we will:

• Update the "Last updated" date at the top of this page.
• Post the revised policy on our Platform.
• Notify registered users of material changes via email or through a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes take effect constitutes your acceptance of the revised policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We take all privacy concerns seriously and will respond to your inquiry as promptly as possible, typically within 1–2 business days for general queries and within 30 calendar days for formal data subject requests.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in the Republic of Zambia.