Terms and Conditions

SecureWeb — Terms & Conditions

Last updated: January 2026

⸻

1. Introduction

These Terms & Conditions (“Terms”) govern your access to and use of the SecureWeb website and your engagement of SecureWeb’s services, including cybersecurity, compliance, advisory, training and incident response services (collectively, the “Services”).

The Services are provided by Stuxweb (Private) Limited, trading as SecureWeb (“SecureWeb”, “we”, “us”, “our”), a company registered in Zimbabwe.

By accessing our website, requesting a proposal, or entering into any agreement or statement of work with SecureWeb, you agree to be bound by these Terms. If you do not agree, you must not use our website or Services.

If there is any inconsistency between these Terms and a specific written agreement or statement of work (“SOW”) you sign with us, the terms of that SOW will prevail for that specific engagement.

⸻

2. Scope of Services

SecureWeb provides cybersecurity, data protection and compliance services designed to support organisations operating in Africa, with particular alignment to Zimbabwean regulatory requirements (including the Cyber and Data Protection Act [Chapter 12:07]) and relevant international best practices.

Our Services may include, but are not limited to:

  •  Compliance assessments and implementation support

  •  Design and delivery of “Compliance-in-a-Box” and similar programmes

  •  Managed security and monitoring services

  •  Incident response and breach recovery support

  •  Data protection and DPO advisory services

  •  Policy development and governance frameworks

  •  Training, awareness and capacity-building programmes

The specific scope, timelines, responsibilities and deliverables for any engagement will be defined in one or more SOWs, engagement letters or proposals agreed in writing between SecureWeb and the client (the “Client”).

⸻

3. Roles and Responsibilities

Unless explicitly stated otherwise in a written agreement:

  •  The Client remains the Data Controller for all personal and business data processed in the course of the Services. The Client decides what data is collected, why it is processed, and the lawful bases for that processing.

  •  SecureWeb acts as a Data Processor and advisor, and, where formally appointed, may act as an outsourced Data Protection Officer (DPO). We process personal data only on the documented instructions of the Client, except where we are required to act otherwise by applicable law.

  •  SecureWeb may also act as an independent Data Controller for certain limited data processed for its own purposes (for example, contact and billing information about Client representatives, and internal records necessary to manage our business and comply with legal obligations).

The Client is responsible for:

  •  Ensuring that its collection and use of personal data complies with applicable law (including CDPA and sector-specific regulations)

  •  Informing individuals about how their data is used and obtaining any required consents

  •  Providing SecureWeb with accurate, lawful and complete instructions

  •  Implementing decisions and recommendations in its own environment

No legal advice

SecureWeb does not provide legal representation or act as a law firm. Our Services, including compliance and DPO support, are intended as professional and technical guidance, not as formal legal advice. Clients should seek advice from qualified legal practitioners where necessary.

⸻

4. Use of Cloud Services and Cross-Border Considerations

SecureWeb operates using reputable cloud service providers (for example Google Workspace, Microsoft 365 and similar platforms). These providers may host data on servers located outside Zimbabwe, and some SecureWeb personnel may access systems and data from outside Zimbabwe when delivering remote Services.

The Client acknowledges that:

  •  Some processing of personal and business data in connection with the Services may involve cross-border transfer or remote access, in line with the Cyber and Data Protection Act and applicable guidelines; and

  •  SecureWeb will implement appropriate technical and organisational measures, and will use providers with published data protection commitments and recognised security controls.

Where required by law (for example, for certain sensitive data or specific cross-border transfers), the Client is responsible for:

  •  Obtaining necessary consents from data subjects; and

  •  Making required notifications or filings with regulators, with SecureWeb’s assistance where agreed in the SOW.

Further information on how SecureWeb handles personal data is set out in our Privacy & Data Protection Policy, which forms part of these Terms.

⸻

5. Best-Effort Services & No Guarantee

SecureWeb commits to delivering the Services using reasonable skill and care, applying appropriate professional standards and industry best practices.

However:

  •  Cybersecurity, privacy and compliance risks cannot be eliminated entirely

  •  No system, control environment or organisation can be made 100% secure or 100% compliant at all times

  •  We cannot guarantee specific outcomes, including:

  •  Prevention of all cyber incidents, breaches, service interruptions or unauthorised access

  •  Avoidance of all regulatory investigations, findings, fines or enforcement actions

  •  Particular decisions by regulators, courts, funders or partners

Except where explicitly guaranteed in a written SOW, SecureWeb does not warrant that:

  •  Systems will be uninterrupted, error-free or completely secure; or

  •  Implementation of our recommendations will automatically result in full compliance with any specific law, regulation or standard.

The Client remains responsible for its final decisions, risk appetite and implementation of controls in its own environment.

⸻

6. Incident Response and Breach Support

Where SecureWeb provides incident response, breach recovery or emergency advisory Services:

  •  Services are provided on a best-effort and time-sensitive basis, using the information and access reasonably available at the time

  •  Our recommendations may evolve as new information becomes available

  •  Ultimate decision-making authority, including whether to notify regulators, data subjects, funders or partners, remains with the Client, unless otherwise required by law

SecureWeb does not guarantee:

  •  That all threats or malicious actors will be identified or removed

  •  Recovery of all systems or data

  •  Any particular regulatory or legal outcome

The Client is responsible for maintaining appropriate backups, business continuity and disaster recovery capabilities, and for making timely decisions based on the information and options available.

⸻

7. Fees, Subscriptions and Payments

  •  Fees for the Services are set out in Client-specific SOWs, proposals or pricing schedules, or on applicable pricing pages where Services are offered on a standardised basis.

  •  Subscription or retainer-based Services (for example, ongoing monitoring or outsourced DPO support) are typically billed monthly or annually in advance, unless otherwise agreed in writing.

  •  Project-based work may be billed on fixed-fee, milestone or time-and-materials bases, as agreed in the SOW.

Unless explicitly stated otherwise:

  •  All fees are exclusive of taxes, levies and bank charges, which will be borne by the Client where applicable.

  •  Invoices are payable within the period set out in the SOW or on the invoice. Late or unpaid fees may result in suspension or termination of Services, after notice to the Client.

SecureWeb may review and adjust its pricing from time to time. Changes will not affect existing SOWs already signed unless otherwise agreed.

⸻

8. Confidentiality

Both SecureWeb and the Client agree to:

  •  Treat as confidential any non-public information disclosed by the other party in connection with the Services; and

  •  Use such information solely for purposes related to delivering or receiving the Services.

Confidential information may be shared with:

  •  Staff, contractors and professional advisers who need to know it for service delivery and are bound by confidentiality obligations; and

  •  Regulators or authorities where disclosure is required by law or legitimately requested in connection with an investigation.

Confidentiality obligations do not apply to information that:

  •  Is or becomes publicly available through no breach of these Terms

  •  Was already lawfully in the receiving party’s possession

  •  Is received from a third party lawfully and without confidentiality obligations

  •  Is independently developed without reference to the other party’s confidential information

⸻

9. Limitation of Liability

To the maximum extent permitted by applicable law:

  •  SecureWeb’s total aggregate liability to the Client for all claims arising out of or in connection with the Services and these Terms (whether in contract, delict/tort, negligence or otherwise) is limited to the total fees actually paid by the Client to SecureWeb for the Services giving rise to the claim during the twelve (12) months immediately preceding the event giving rise to the claim.

  •  SecureWeb shall not be liable for any:

  •  Loss of profits, revenue, business, contracts or anticipated savings

  •  Loss of data or corruption of data (except to the extent caused directly by SecureWeb’s gross negligence)

  •  Loss of goodwill or reputation

  •  Indirect, incidental, special, punitive or consequential loss or damage

This limitation applies even if SecureWeb was advised of the possibility of such losses.

Nothing in these Terms excludes or limits liability that cannot be excluded or limited under applicable law, including liability for fraud or fraudulent misrepresentation.

⸻

10. Governing Law and Dispute Resolution

These Terms, any SOWs, and any non-contractual obligations arising out of or in connection with them are governed by the laws of Zimbabwe, without regard to conflict-of-laws principles.

The parties will first seek to resolve any dispute, controversy or claim arising out of or relating to these Terms or the Services through good-faith negotiation between senior representatives.

If a dispute cannot be resolved informally within a reasonable period, either party may refer the matter to:

  •  Mediation or another agreed alternative dispute resolution mechanism; and, if that fails

  •  The competent courts of Zimbabwe, which shall have jurisdiction to settle the dispute.

⸻

11. Updates to These Terms

SecureWeb may update these Terms from time to time, for example to reflect changes in our Services, legal requirements or business practices.

  •  The “Last updated” date at the top of this page will be revised when changes are made.

  •  Where changes are material and affect existing Clients, we will take reasonable steps to notify you (for example by e-mail or through our website).

Your continued use of the website or Services after updated Terms take effect will constitute acceptance of those changes.

⸻

12. Contact

If you have any questions about these Terms or about the Services, please contact:

E-mail: info@secureweb.org.zw

Website: https://secureweb.org.zw