ZIMRA PRIVACY NOTICE

1.     Introduction

The Zimbabwe Revenue Authority (ZIMRA) is a statutory body responsible for assessing and collecting revenue, facilitating trade and travel, advising Government on fiscal and economic matters and protecting civil society. In the execution of its mandate, ZIMRA acts as a Data Controller and is responsible for ensuring that personal information is processed lawfully, securely and only for legitimate purposes connected to its statutory functions.

ZIMRA is committed to protecting the privacy, confidentiality and security of personal information and processes such information transparently in accordance with the applicable Tax Acts, the Cyber and Data Protection Act [Chapter 12:07], and other relevant laws.

2.     Data Controller

ZIMRA is licensed as a Data Controller with the Data Protection Authority in terms of the Cyber and Data Protection Act.

3.     Data Protection Officer

ZIMRA has appointed Data Protection Officers responsible for overseeing compliance with data protection laws. All data protection enquiries, rights requests and complaints may be directed to the This email address is being protected from spambots. You need JavaScript enabled to view it..

4.     Scope of the Privacy Notice

This Notice applies to personal information processed by ZIMRA through its systems, digital platforms, website, physical records and operational activities. This includes information handled in the course of tax administration, customs clearance, compliance monitoring, enforcement activities, employment administration and service delivery.

This Privacy Notice applies to all individuals whose personal information is processed by ZIMRA, including taxpayers, traders, travellers, employees, service providers, agents, and other stakeholders.

What Personal Information Do We Collect?

ZIMRA may collect, receive or process the following categories of personal information, as necessary for the execution of its statutory and operational functions.

Not all categories of personal information will be collected or received about every individual.

  • Personal identification and contact information
  • Tax, customs and trade-related information relating to taxpayers, traders and their representatives
  • Financial records, payment details and transaction information
  • Employment, payroll and human resources information
  • Security-related information, including access credentials and system access logs
  • Information relating to the use of ZIMRA websites, electronic platforms and information systems
  • Background and criminal information such as background checks and criminal convictions.

5.     Purposes of Processing

Personal information is processed to enable ZIMRA to perform its statutory and operational functions, including:

  • Administration of tax and customs legislation
  • Processing of payments and revenue collection
  • Compliance monitoring, audits and investigations
  • Prevention and detection of fraud and unlawful activities
  • Provision of services to taxpayers and stakeholders
  • Fulfilment of legal and regulatory obligations
  • Fulfilment of International Treaties and Double taxation Agreements

6.     Lawful Basis for Processing

ZIMRA processes personal information primarily to fulfil its legal obligations and statutory mandate. Processing may also occur where necessary to perform contractual obligations, protect legitimate interests or where consent is required under applicable law.

Consent is not relied upon as the lawful basis where processing is mandated by legislation.

7.     Sharing of Personal Information

ZIMRA does not sell or commercially disclose personal information. Information may be shared only where required or permitted by law, including with government authorities, regulatory bodies or law enforcement agencies.

Personal information may also be accessed by authorized service providers acting on behalf of ZIMRA under strict confidentiality and security obligations.

8.     Cross Border Transfers

Where personal information is transferred outside Zimbabwe, ZIMRA ensures that appropriate safeguards are in place and that such transfers comply with applicable legal and regulatory requirements.

9.     Protection of Personal Information

ZIMRA maintains appropriate administrative, technical and organisational controls to safeguard personal information against unauthorized access, disclosure, alteration or loss. Access to personal information is restricted to authorized personnel only.

10.  Data Retention

Personal information is retained in accordance with legal, regulatory, and operational requirements and is securely disposed of when no longer required.

11.  Data Subject Rights

In terms of the Cyber and Data Protection Act [Chapter 12:07], data subjects have the right to:

  • Request access to personal information held by ZIMRA,
  • Request correction of inaccurate or incomplete information,
  • Object to unlawful processing,
  • Request restriction of processing where applicable,
  • Withdraw consent where processing is based on consent, and
  • Lodge a complaint with the Data Protection Authority.

Where information cannot be accessed through self-service platforms such as TaRMS or ASYCUDA or where broader data subject rights are being exercised, requests may be submitted to the Data Protection Officers at This email address is being protected from spambots. You need JavaScript enabled to view it.

ZIMRA may require proof of identity before processing such requests.

12.  Updates to This Privacy Notice

This Privacy Notice may be updated periodically to reflect legal, regulatory or operational changes.

The latest version will always be available on the ZIMRA website.

END OF PRIVACY NOTICE