Download app
This policy explains how TecHaven collects, uses, stores, and protects your personal data when you use our digital marketplace, escrow system, delivery network, and related services. We are committed to keeping your data safe and being transparent about how we use it.
This policy governs how TecHaven collects, processes, stores, transfers, and disposes of personal data and proprietary information. It applies to all data processed by TecHaven in the course of operating its digital marketplace, escrow system, delivery network, and associated services.
This policy applies to all directors, employees, contractors, foot agents, technology partners, and third-party service providers who handle TecHaven data in any form.
TecHaven complies with all applicable laws and regulations governing data protection and electronic commerce. The primary legal instruments governing our data practices are set out below.
| Statute / Regulation | Relevance to TecHaven |
|---|---|
| Data Protection Act, 2024 (Malawi) | The primary data protection legislation in Malawi. Establishes rights of data subjects and obligations of data controllers and processors. Mandates lawful bases for processing, consent requirements, data subject rights, and breach notification. TecHaven is a data controller under this Act. |
| Electronic Transactions and Cyber Security Act, 2016 (Act No. 33 of 2016) | Governs electronic commerce, digital signatures, electronic records, and cybercrime. Sections 55–75 create criminal offences for unauthorised access, data interception, and destruction of electronic information. Requires platforms to maintain security of electronic transactions. |
| Communications Act, 2016 (Act No. 35 of 2016) | Regulates electronic communications services. Requires service providers to protect the privacy of communications and notify subscribers of security breaches affecting their personal data. |
| Consumer Protection Act, 2003 (Malawi) | Requires businesses to handle consumer information responsibly and to protect consumers from unfair practices including misuse of personal data in commercial transactions. |
| Financial Crimes Act, 2017 | Requires secure retention of KYC and financial records. Data security measures must protect the confidentiality of AML-related records and STR filings. |
| GDPR (EU) — Extra-territorial applicability | Where TecHaven processes data of persons located in the European Union (e.g. diaspora buyers), the General Data Protection Regulation may apply. TecHaven implements GDPR-compliant standards as a baseline to ensure international readiness. |
TecHaven processes the following categories of data, classified by sensitivity level. Each classification carries specific handling requirements.
| Classification | Examples | Handling Requirement |
|---|---|---|
| Highly Confidential | NID copies, TIN, KYC documents, escrow transaction records, STR filings, passwords | Encrypted at rest and in transit. Access limited to Compliance and Finance. Never shared externally without legal basis. |
| Confidential | Seller contact details, buyer addresses, order history, platform analytics, internal reports | Encrypted in transit. Role-based access control. Not shared without a data sharing agreement. |
| Internal | Internal communications, HR records, operational processes, pricing strategies | Accessible to authorised staff only. Not for external distribution. |
| Public | Product listings, marketing content, public website content | Freely shareable. No special controls required. |
Pursuant to the Data Protection Act, 2024, TecHaven processes personal data on the following lawful bases:
Processing necessary to fulfil purchase orders, escrow transactions, and delivery services contracted between TecHaven and its users.
Processing required by the Financial Crimes Act (KYC/AML records), tax law (TIN records), and court orders.
Platform fraud prevention, transaction monitoring, and business analytics where not overridden by user rights.
Processing for marketing communications, profiling, and non-essential cookies — subject to explicit opt-in consent.
Under the Data Protection Act, 2024, users of TecHaven have the following rights regarding their personal data:
Request a copy of personal data held by TecHaven.
Request correction of inaccurate or incomplete data.
Request deletion of personal data, subject to overriding legal retention obligations.
Object to certain types of processing of your personal data.
Receive your personal data in a structured, commonly used, machine-readable format.
Object to processing based on legitimate interests or for direct marketing purposes.
In the event of a personal data breach, TecHaven shall take the following steps:
TecHaven may share personal data with third parties only where one or more of the following conditions are met:
Where TecHaven transfers personal data outside Malawi (e.g., to cloud service providers or international payment processors), it shall ensure that:
Personal data shall be retained only for as long as necessary for the purpose for which it was collected, or as required by law.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| KYC documents and transaction records | Minimum 5 years | Financial Crimes Act, 2017 |
| Tax and financial records | Minimum 7 years | Taxation Act, Malawi |
| Customer order history and communications | 3 years from last transaction | Contractual / Legitimate Interest |
| Marketing consent records | Duration of consent + 1 year | Data Protection Act, 2024 |
Upon expiry of retention periods, data shall be securely deleted or anonymised. Physical documents shall be shredded. Electronic records shall be overwritten or cryptographically erased.
TecHaven has appointed a Data Protection Officer (DPO) responsible for:
TecHaven uses cookies and similar tracking technologies on our website and mobile application to improve your experience and deliver our services securely and efficiently.
| Cookie Type | Purpose | Legal Basis |
|---|---|---|
| Strictly Necessary | Enable core platform functionality, security, and your login session | Contract / Legitimate Interest (cannot be disabled) |
| Functional | Remember your preferences, language, and settings between visits | Consent |
| Analytics | Understand how users interact with our platform so we can improve it | Consent |
| Marketing | Deliver personalised advertisements and measure campaign effectiveness | Consent |
You may manage your cookie preferences at any time via our Cookie Settings. Withdrawing consent for non-essential cookies will not affect your ability to use the core platform.
TecHaven may use automated systems to support the following activities:
No decision that produces a significant legal or similarly significant effect on you will be made solely by automated means without the possibility of human review. Where such automated decisions occur, you have the right to request that a member of staff reviews the outcome. To exercise this right, contact our Data Protection Officer.
TecHaven's platform is intended for users aged 18 years and above. We do not knowingly collect or process personal data from children under the age of 18.
If you believe that a child under 18 has provided us with personal data without verifiable parental or guardian consent, please contact our Data Protection Officer immediately. We will promptly investigate and, where confirmed, delete any such data.
Parents and guardians who become aware that their child has submitted personal data to TecHaven without consent should contact us at support@techavenmw.com.
This policy shall be reviewed annually or upon any material change in applicable data protection law or TecHaven's data processing activities. When we make significant changes, we will:
Your continued use of TecHaven's services after the effective date of a revised policy constitutes acceptance of the updated terms, except where fresh consent is legally required.
This policy was last reviewed on [REVIEW DATE — 12 months from effective date].
If you have any questions about this policy, wish to exercise your data subject rights, or need to report a data protection concern, please reach out through the following channels:
Techaven
Reg. No. BRNKGS4J55
Falls Estate, Lilongwe, Malawi
You also have the right to lodge a complaint with the relevant Data Protection Authority in Malawi if you believe your personal data has been processed unlawfully or without a valid legal basis.
Approved by: Chifundo Chiwaya, TecHaven
Document Type: Compliance Policy | Version: 1.0 | Company: Techaven, Reg. No. BRNKGS4J55