Enquiries

0975168880

Terms and Condition

Terms and Condition

SchoolMaster ZM - Terms and Conditions

TERMS AND CONDITIONS FOR SCHOOLMASTER ZM

Last Updated: 25/09/2025

By accessing or using SchoolMaster ZM ("the System"), you agree to be bound by these Terms and Conditions. Please read them carefully.

1. Introduction

SchoolMaster ZM ("the System") is a proprietary, cloud-based school management platform developed and maintained by Optimyze Technologies Limited. It is designed to facilitate administrative, academic, financial, and communication operations within educational institutions. By accessing, registering, or utilizing the System, you ("the User") acknowledge that you have read, understood, and irrevocably agreed to comply with these Terms, including all referenced policies.

This agreement constitutes a legally binding contract between the User and the School implementing the System. If you do not accept these Terms, you must immediately cease all use of the System.

2. Definitions

  • User: Any individual or entity authorized to access the System (administrators, teachers, parents, students, staff).
  • School: The educational institution deploying the System.
  • System Provider: Optimyze Technologies Limited, developer and maintainer of SchoolMaster ZM.
  • Personal Data: Information identifying a natural person (e.g., names, ID numbers, academic records, financial data).
  • Sensitive Personal Data: Personal Data which, by its nature, may be used to suppress a Data Subject's fundamental rights and freedoms, including race, marital status, ethnic origin, or sex; genetic data and biometric data; child abuse data; political opinions; religious beliefs; trade union membership; and physical or mental health or condition, as defined under the Data Protection Act (Zambia). Where the General Data Protection Regulation ("GDPR") applies under Section 6.3 below, this term also includes the "special category data" defined in Article 9 of the GDPR (which covers substantially the same categories).
  • Minor: A Data Subject below the age of legal majority under the laws of Zambia, or, where the GDPR applies to that Data Subject under Section 6.3 below, below the age of digital consent applicable under the GDPR (16, unless a lower age between 13 and 16 applies under the relevant EU/UK member state's implementing law).
  • Applicable Data Protection Laws: Includes the Data Protection Act (Zambia); the GDPR, where applicable under Section 6.3; and, as relevant and where in force, the data protection laws of other jurisdictions in which a Data Subject is located.

3. Purpose & Acceptable Use

The System is strictly for educational and administrative functions. Users agree to:

  • Access the System only for lawful, authorized, and school-related activities.
  • Refrain from unauthorized access, reverse engineering, data mining, or commercial exploitation.
  • Comply with all School policies, professional codes of conduct, and applicable laws.
  • Avoid introducing malware, spam, or any activity that disrupts service availability.

4. User Obligations

  • Provide accurate, current, and complete information during registration or data entry.
  • Safeguard login credentials and immediately report suspicious activity or breaches.
  • Refrain from account sharing, impersonation, or circumventing access restrictions.
  • Ensure compliance with all applicable laws when inputting or processing data.

Failure to comply may result in suspension, termination of access, or legal action.

5. Data Collection & Processing

The School collects and processes Personal Data for legitimate purposes, including:

  • Student admissions, academic records, and attendance tracking.
  • Staff management, payroll, and HR operations.
  • Financial transactions (invoicing, receipting, fee management).
  • Institutional reporting, regulatory compliance, and archival requirements.

By using the System, Users consent to the lawful collection, processing, storage, and use of Personal Data under Applicable Data Protection Laws. Where the School collects Sensitive Personal Data (for example, religious affiliation at admission, or biometric data where biometric attendance or identification features are enabled), this is collected only where permitted under Applicable Data Protection Laws, and is subject to the additional safeguards described in Section 6.2 below.

6. Data Protection, Security & Confidentiality

The School and System Provider are committed to safeguarding data confidentiality, integrity, and availability. Security measures include:

  • Encryption of data at-rest and in-transit (AES-256, TLS/SSL).
  • Role-Based Access Control (RBAC) to enforce least-privilege principles.
  • Comprehensive audit logs to track user activity for accountability.
  • Third-party service providers (e.g., payment processors, hosting services) bound by confidentiality and data protection agreements.

Breach Notification: In the event of a confirmed data breach, the System Provider will notify the School's Data Protection Officer (DPO) within 72 hours of discovery, including details of the breach, potential impact, and remediation measures.

Data Subject Rights: Users may exercise their rights to access, rectification, erasure, restriction of processing, and data portability by submitting a written request to the DPO.

6.1 Data Hosting & Cross-Border Transfers

Personal Data collected through the System is, by default, stored on servers located within the Republic of Zambia, in accordance with the Data Protection Act (Zambia).

Where the School has elected, or in the future elects, to have Personal Data hosted on infrastructure located outside Zambia, the following applies:

  • This currently applies to: [INSERT PROVIDER/LOCATION — e.g. "Optimyze Technologies Limited's cloud hosting infrastructure, located in the United States"].
  • Such transfer is carried out only on the basis of one or more of the following lawful grounds recognized under the Data Protection Act: (a) the explicit, informed consent of the Data Subject (or their parent/guardian, where the Data Subject is a minor); (b) a transfer mechanism approved by the Zambia Data Protection Commissioner, such as standard contractual clauses; or (c) another lawful basis permitted under the Act's provisions on cross-border transfer.
  • Where consent is the basis relied upon, this consent is sought separately and specifically — distinct from general acceptance of these Terms and Conditions — at the point of enrollment or data submission, and may be withdrawn at any time by written request to the DPO, without affecting the lawfulness of processing carried out before withdrawal.

6.2 Sensitive Personal Data

Where the System collects any Sensitive Personal Data (for example, religious affiliation collected at admission, or biometric data where the School has enabled biometric attendance or identification features), this data is stored within Zambia and is not transferred outside the Republic except with the Data Subject's (or parent/guardian's) explicit, separate consent for that specific category of data, as required under the Data Protection Act. General consent to these Terms and Conditions does not, by itself, constitute such consent.

6.3 International Users: GDPR and Regional Frameworks

The System and the School may process Personal Data of Users located outside Zambia, including parents, guardians, students, or staff who are residents of, or located in, the European Union, the United Kingdom, or other Southern African Development Community ("SADC") member states. The following applies to such Users in addition to the provisions above:

European Union / United Kingdom (GDPR): Where a Data Subject is located in the EU or UK, the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR apply to the processing of that Data Subject's Personal Data, regardless of where the System or its hosting infrastructure is located. In particular:

  • Processing relies on a lawful basis recognized under Article 6 of the GDPR (most commonly, performance of the School's educational services, compliance with a legal obligation, or consent).
  • Processing of a child's Personal Data on the basis of consent requires the consent of a parent or holder of parental responsibility, in accordance with Article 8 of the GDPR, where the child is below the applicable age of digital consent (see "Minor" in Section 2).
  • Special category data (as described in the definition of Sensitive Personal Data in Section 2) is processed only where an additional condition under Article 9 of the GDPR is met, such as explicit consent.
  • EU/UK Data Subjects may exercise the rights described in Section 6 (access, rectification, erasure, restriction, and data portability), together with the right to lodge a complaint with their relevant supervisory authority.
  • Where Personal Data of an EU/UK Data Subject is transferred outside the EU/UK (including to Zambia or elsewhere), this is done on the basis of a recognized transfer mechanism, such as the Data Subject's explicit consent or Standard Contractual Clauses, consistent with Chapter V of the GDPR.
  • A breach affecting EU/UK Data Subjects' Personal Data that is likely to result in a risk to their rights and freedoms is notified to the relevant supervisory authority within 72 hours of the System Provider or School becoming aware of it, consistent with Articles 33–34 of the GDPR.

Other Southern African jurisdictions: The Data Protection Act (Zambia) was developed with reference to, and shares core principles with, the data protection laws of other SADC member states (such as South Africa's Protection of Personal Information Act) and the non-binding SADC Model Law on Data Protection. Where a Data Subject is located in another SADC member state with its own data protection legislation in force, the System Provider and School will, on request, provide such additional information or documentation as is reasonably required to support the School's own compliance with that jurisdiction's specific requirements. This Section does not constitute a representation of certification under, or formal compliance with, any specific non-Zambian national law; Users and Schools operating across multiple jurisdictions should seek independent legal advice on their specific obligations in each relevant jurisdiction.

Business Continuity: The System maintains backup, disaster recovery, and high-availability strategies to ensure service resilience.

7. Data Retention & Deletion Policy

7.1 Retention Periods

Data Category Retention Period Legal Basis
Student Records 7 years post-graduation/withdrawal Education Act; archival for transcripts, certification
Staff Records 7 years post-termination Labor laws; payroll and tax compliance
Financial Data 10 years ZRA statutory audit and Companies Act compliance
Disabled Accounts Revoked immediately; retained as per retention schedule Disputes, reporting, compliance

7.2 Account Deactivation

Accounts for departing staff or students are disabled immediately. Retained data remains subject to compliance and audit requirements but is inaccessible to inactive users.

7.3 Data Deletion Requests

Users or legal guardians may request deletion via written submission to the DPO. Data required for ongoing legal proceedings, audits, or certifications may be exempted.

7.4 Secure Disposal

  • Digital data permanently erased using NIST 800-88 or ISO/IEC 27040 standards.
  • Physical records securely shredded or incinerated with documented proof.

8. Payment Processing (via Flutterwave)

All financial transactions processed through the System are subject to transaction fees:

Payment Method Local Fees International Fees
Local Debit/Credit Cards 3.5% N/A
International Cards N/A 4.8% + 0.4% (currency conversion)
Mobile Money 2.5% N/A
Bank Transfer (Local) ZMW 4 flat Variable

Example Transaction:

  • Amount Charged: ZMW 20.60
  • Customer Fee: ZMW 0.60
  • Merchant Fee: ZMW 0.40
  • Net Settlement to School: ZMW 19.60

By submitting payment, Users agree to all applicable deductions and settlement policies.

9. Parental/Guardian Consent

Submission of online enrollment forms or fee payments constitutes parental/guardian consent to these Terms. Parents/guardians who object must contact the School directly. Non-acceptance may limit enrollment or access to services.

Separately from general acceptance of these Terms, where the System or School seeks to transfer a child's Personal Data outside Zambia, or to process that child's Sensitive Personal Data, the relevant specific consent described in Sections 6.1 and 6.2 is sought independently, and is not satisfied by acceptance of these Terms alone. Where a child is a Minor for the purposes of the GDPR (see Section 2 and Section 6.3), parental or guardian consent obtained at enrollment is also relied upon to satisfy Article 8 of the GDPR where consent is the lawful basis for processing that child's Personal Data.

10. Amendments & Governing Law

  • The School reserves the right to modify these Terms at any time. Updates will be communicated through official channels.
  • Continued use of the System after updates constitutes acceptance of the revised Terms.
  • These Terms are governed by the laws of Zambia. Disputes shall first be addressed through mediation before formal legal proceedings.
  • This governing law clause does not affect the statutory rights of EU/UK Data Subjects under the GDPR described in Section 6.3, including the right to lodge a complaint with their relevant supervisory authority, which remain available regardless of this clause.

11. Contact Information

For inquiries, including data access, deletion, or incident reports:

Data Protection Officer (DPO):
Allen Donald
Email: [email protected]
Phone: +27 71 909 2239

SchoolMaster ZM Support Team:
Email: [email protected]

Response Time: Formal requests will be acknowledged within 7 business days and resolved per statutory timelines.

© 2025 SchoolMaster ZM. All rights reserved.

This document was last updated on 25/09/2025