Privacy Policy
Effective date: 27 January 2026 · Last updated: 15 March 2026
IMIZI Cyber Consulting Ltd ("imizicyber", "we", "us", or "our") is committed to protecting
your privacy. This privacy policy explains how we collect, use, store, and protect personal
data when you visit imizicyber.com and use our services.
We operate under the laws of the Republic of Rwanda, including Law No. 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy. Where applicable, we also comply with the EU General Data Protection Regulation (GDPR) and other international data protection standards.
1. Data Controller
The data controller responsible for your personal data is:
Kigali, Rwanda
Email: info@imizicyber.com
Data protection enquiries: dpo@imizicyber.com
2. What Data We Collect
We collect the minimum data necessary to operate our website and respond to your enquiries.
2.1 Data you provide directly
- Contact form submissions: Name, email address, organisation name, service interest, and message content -- processed via Formspree
- Email correspondence: Your email address and message content when you contact us directly
2.2 Data collected automatically
- Analytics data (with consent): When you accept analytics cookies, Google Analytics 4 collects anonymised usage data including pages visited, session duration, referral source, approximate geographic location (country/city level), device type, and browser type. IP addresses are anonymised by default in GA4.
- Technical data: Our hosting provider (GitHub Pages) may log standard HTTP request data including IP addresses, user agent strings, and request timestamps in server access logs. We do not access or process these logs.
2.3 Data we do not collect
- We do not use advertising or remarketing trackers
- We do not sell, rent, or trade personal data to third parties
- We do not collect payment information through this website
- We do not use automated decision-making or profiling
3. Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Responding to contact form submissions | Legitimate interest / Pre-contractual measures |
| Analytics (Google Analytics 4) | Consent (cookie banner) |
| Security monitoring of our website | Legitimate interest |
| Legal compliance | Legal obligation |
4. Cookies and Tracking Technologies
We use cookies only when you provide explicit consent via our cookie consent banner.
4.1 Essential cookies
We use one strictly necessary local storage item:
-
imizi-theme-- stores your light/dark mode preference. This does not contain personal data and does not require consent. -
imizi-cookie-consent-- stores your cookie consent preference ("accepted" or "rejected"). This is strictly necessary for remembering your choice.
4.2 Analytics cookies (optional, consent required)
If you accept analytics cookies, Google Analytics 4 sets the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
_ga | Distinguishes unique visitors | 2 years |
_ga_* | Maintains session state | 2 years |
Google Analytics cookies are only loaded after you click "Accept" on the cookie consent banner. If you reject cookies or do not interact with the banner, no analytics cookies are set.
4.3 Managing your preferences
You can change your cookie preferences at any time by clearing your browser's local storage for this site or by clicking the cookie settings link in the footer of any page. You can also configure your browser to block third-party cookies.
5. Third-Party Services
We use a limited number of third-party services. Each is selected for its security posture and compliance:
| Service | Purpose | Data Shared |
|---|---|---|
| Formspree | Contact form processing | Form submission data (name, email, message) |
| Google Analytics 4 | Website analytics (consent-only) | Anonymised usage data, no personal identifiers |
| GitHub Pages | Website hosting | Standard HTTP request logs |
We do not share personal data with any other third parties. We do not transfer data for marketing or advertising purposes.
6. International Data Transfers
Some of our third-party service providers (Google, GitHub, Formspree) are based in the United States. Where personal data is transferred outside Rwanda or the European Economic Area, these transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The service provider's compliance with applicable data protection frameworks
- Technical safeguards including encryption in transit (TLS/HTTPS)
7. Data Retention
- Contact form data: Retained for as long as necessary to respond to your enquiry and for up to 12 months thereafter for follow-up purposes, then deleted
- Analytics data: Google Analytics data is automatically deleted after 14 months (our configured retention period)
- Cookie consent preferences: Stored in your browser's local storage until you clear it
8. Your Rights
Under Rwanda's Data Protection Law and, where applicable, the GDPR, you have the following rights:
- Right of access -- request a copy of the personal data we hold about you
- Right to rectification -- request correction of inaccurate data
- Right to erasure -- request deletion of your personal data
- Right to restrict processing -- request that we limit how we use your data
- Right to data portability -- receive your data in a structured, machine-readable format
- Right to object -- object to processing based on legitimate interest
- Right to withdraw consent -- withdraw consent for analytics cookies at any time via the cookie settings in the footer
To exercise any of these rights, contact us at dpo@imizicyber.com. We will respond within 30 days.
9. Data Security
As a cybersecurity company, we take data protection seriously. Our measures include:
- HTTPS/TLS encryption for all data in transit
- Content Security Policy (CSP) headers on all pages
- No server-side database -- this is a static website with no stored user accounts
- Third-party services selected for their security certifications and compliance
- Regular security review of our own web properties
10. Children's Privacy
Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at dpo@imizicyber.com and we will delete it promptly.
11. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with:
For EU residents, you may also contact your local data protection supervisory authority.
13. Contact Us
For any questions or requests regarding this privacy policy or your personal data:
General enquiries: info@imizicyber.com
Security issues: Responsible Disclosure Policy