Zefix (“Zefix”, “the Company”, “we”, “us”, or “our”) recognizes that the protection of personal data is a fundamental aspect of maintaining customer trust and operating responsibly within the digital commerce environment of the Republic of Ghana. This Privacy Policy explains in detail how we collect, process, store, disclose, and protect personal information in the course of operating our ecommerce platform for the sale of automotive spare parts and related products.

This Policy is issued in compliance with the Data Protection Act, 2012 (Act 843) of Ghana and is intended to provide transparent information regarding the lawful handling of personal data. By accessing the Zefix website or purchasing Products from us, you acknowledge that you have read and understood this Privacy Policy and agree to the manner in which your personal information may be processed as described herein.

---

Zefix is the Data Controller for purposes of personal data collected through its website and related services. As Data Controller, the Company determines the purposes and means by which personal data is processed. Zefix operates as a locally incorporated entity within Ghana and conducts all ecommerce sales from locally held inventory.

For any inquiries relating to personal data or data protection matters, customers may contact Zefix using the official contact information published on the website. Where required by law, Zefix shall maintain registration with the Ghana Data Protection Commission.

---

In the course of conducting its ecommerce operations, Zefix may collect personal data directly from customers when they create an account, place an order, contact customer support, or otherwise interact with the Platform.

Such personal data may include identifying information such as the customer’s full name, telephone number, email address, billing address, and delivery address. Transactional data, including order history, purchase amounts, payment confirmations, and Mobile Money transaction reference numbers, may also be collected in order to properly process and document commercial transactions.

Given the nature of automotive spare parts retail, customers may also voluntarily provide vehicle-related information such as make, model, engine specification, year of manufacture, or VIN (Vehicle Identification Number). Where such information can be linked to an identifiable individual, it may constitute personal data under applicable law and shall therefore be processed with appropriate safeguards.

In addition, technical data may be collected automatically when customers access the Platform. This may include IP addresses, browser type, device identifiers, and usage patterns. Such information is collected primarily to ensure website functionality, enhance user experience, prevent fraud, and maintain system security.

---

Zefix processes personal data strictly for legitimate and lawful purposes connected to the operation of its business. The primary purposes for which personal data is processed include the fulfillment of customer orders, confirmation and validation of payments, coordination of deliveries, management of returns and warranties, and provision of customer service support.

Processing may also be necessary to comply with legal obligations imposed under Ghanaian tax, accounting, and consumer protection laws. In certain circumstances, personal data may be processed to detect and prevent fraudulent transactions, including suspicious Mobile Money activity or attempted payment reversals.

The lawful bases upon which processing is conducted include performance of a contract, compliance with legal obligations, legitimate business interests in operating a secure and efficient ecommerce platform, and, where applicable, the customer’s explicit consent, particularly in relation to marketing communications.

Where processing is based on consent, the customer retains the right to withdraw such consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

---

As Zefix operates within the Ghanaian market and accepts Mobile Money payments, certain transaction-related information must necessarily be processed. Zefix does not store full Mobile Money credentials or sensitive authentication details. Instead, the Company records only payment confirmation references, transaction timestamps, and status confirmations necessary to validate and document the transaction.

Mobile Money services are provided through licensed telecommunications operators and payment intermediaries, which operate as independent Data Controllers or Processors under their respective privacy frameworks. While Zefix implements appropriate safeguards when integrating such services, the handling of payment credentials by telecom operators is governed by their own regulatory obligations.

---

Zefix may share personal data with carefully selected third parties where such disclosure is necessary for the performance of contractual obligations or compliance with legal requirements.

This may include logistics and courier companies responsible for delivering Products within Ghana, payment service providers facilitating Mobile Money or bank transfers, information technology service providers responsible for hosting and maintaining the Platform, and professional advisers such as legal or accounting consultants where required.

All third-party service providers engaged by Zefix are required to implement appropriate technical and organizational safeguards to protect personal data and to process such data only in accordance with documented instructions.

Zefix does not sell, rent, or trade personal data to unrelated third parties for independent commercial purposes.

---

Where elements of the Platform are hosted on servers located outside Ghana, or where third-party service providers operate internationally, personal data may be transferred beyond Ghana’s territorial boundaries. In such cases, Zefix shall take reasonable steps to ensure that appropriate safeguards are in place to protect personal data in accordance with the Data Protection Act, 2012.

---

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including the completion of commercial transactions, management of warranties, resolution of disputes, and compliance with statutory recordkeeping obligations.

Financial and transactional records may be retained in accordance with applicable tax and accounting regulations. Once personal data is no longer required for lawful purposes, it shall be securely deleted or anonymized.

---

Zefix implements reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. Such measures include restricted access controls within the Company, secure hosting environments, encrypted communication channels for payment confirmations, and routine monitoring for cybersecurity threats.

While Zefix endeavors to maintain high security standards, no digital system can guarantee absolute protection. Customers are therefore encouraged to safeguard their account credentials and to notify Zefix immediately in the event of suspected unauthorized access.

---

Under the Data Protection Act, 2012 (Act 843), individuals whose personal data is processed by Zefix are entitled to certain rights. These include the right to request access to personal data held about them, the right to request correction of inaccurate information, the right to object to certain forms of processing where legally permissible, and the right to request deletion of personal data in circumstances where retention is no longer justified.

Requests to exercise these rights must be submitted through the official contact channels provided by Zefix. The Company shall respond within the timeframe prescribed by law and may require reasonable identity verification before releasing or amending personal data.

---

The Zefix Platform may utilize cookies and similar tracking technologies to enhance functionality, analyze website performance, detect fraudulent behavior, and improve user experience. Cookies may also support marketing and remarketing activities where permitted by law and subject to user consent.

Customers may configure their browser settings to decline cookies; however, certain features of the Platform may not function optimally if cookies are disabled.

---

The Platform is intended for use by individuals who are at least eighteen (18) years of age. Zefix does not knowingly collect personal data from minors. Should such information be inadvertently collected, it shall be promptly deleted upon verification.

---

Zefix reserves the right to update or amend this Privacy Policy to reflect changes in legal requirements, business operations, or technological practices. The revised version shall be published on the Platform with an updated effective date. Continued use of the Platform following such publication constitutes acceptance of the updated Policy.

---

Any questions, concerns, or complaints regarding this Privacy Policy or the processing of personal data may be directed to Zefix using the official contact details published on the Platform.