Purpose of the Policy
This Data Privacy Policy outlines how Dimensions Management Consultants (“DMC”) collects, processes, stores, and protects personal data obtained through its talent sourcing, recruitment, and human capital advisory services. DMC is committed to ensuring that all personal data is handled lawfully, transparently, and securely, in line with applicable data protection principles and best practices.
Scope
This policy applies to all personal data processed by Dimensions Management Consultants (DMC) in the course of its operations, including but not limited to talent sourcing and recruitment services, training and development programs, consultancy engagements, website and digital interactions, and general business communications such as enquiries, registrations, feedback submissions, and program evaluations.
Types of Personal Data Collected
3.1 Personal Identifiers
DMC may collect personal identifiers, including a candidate’s full name, physical and postal address, telephone number, and email address, for identification, communication, and recruitment processing.
3.2 Demographic Data
DMC may collect demographic data such as age or date of birth, sex or gender, marital status, family status, where relevant and legally permissible, and where voluntarily disclosed or required by law, information relating to race, nationality or ethnic origin, colour, as well as religious or political beliefs or associations, strictly where relevant to the role or provided with consent.
3.3 Identifying Numbers or Symbols
DMC may process identifying numbers or symbols, including national identification numbers, driver’s license numbers, and, where necessary for verification or cross-border assignments, passport numbers, in order to support candidate verification and compliance requirements.
3.4 Biometric Information
DMC does not routinely collect biometric information such as fingerprints or inheritable characteristics; however, where such data is required by law, client mandate, or security verification processes, it will only be collected with appropriate consent and processed in accordance with applicable data protection laws.
3.5 Personal History
DMC may collect and process personal history information, including educational background and academic qualifications, employment history and career progression, financial history where relevant and legally permissible for role-specific screening, criminal or background check information where required and permitted by law, and health-related information including disabilities only where directly relevant to job requirements and with the candidate’s consent.
3.6 Opinions and Assessments
DMC may collect opinions and evaluative data, including views expressed by candidates during interviews and assessments, feedback and evaluation notes recorded by recruiters or assessors, professional reference reports provided by referees, and internal assessment results arising from psychometric, behavioural, or technical evaluation processes.
3.7 Online Identifiers and Technical Data
When candidates or users interact with DMC’s digital platforms, the organisation may collect online identifiers such as IP addresses, device and browser information, location data, and other usage-related technical information necessary for system functionality, security, and service improvement.
3.8 Recruitment-Specific Data
DMC may collect recruitment-specific data, including curriculum vitae and resumes, professional references, academic and professional qualifications, background verification reports, interview records, and job application details required to assess suitability and facilitate placement processes.
3.9 General Business Communication Data
DMC may collect personal data submitted through general communication channels such as “Contact Us” forms, email correspondence, telephone calls, or other direct engagements, including names, contact details, organisation details, and the content of messages or enquiries submitted to DMC.
3.10 Program Registration Data
DMC may collect personal data during registration for training programs, workshops, or professional development interventions, including participant names, contact details, job titles, employer information, billing or invoicing details where applicable, and any additional information required to facilitate program participation and administration.
3.11 Program Evaluation and Feedback Data
DMC may collect and process feedback and evaluation data provided by participants after training or consultancy interventions, including ratings, written comments, learning assessments, competency evaluations, and recommendations aimed at improving service delivery and program effectiveness.
3.12 Digital Interaction Data
DMC may also collect technical and usage-related data when individuals interact with its digital platforms, including website usage information, IP addresses, device and browser details, form submissions, and interaction patterns necessary for service improvement, security, and analytics.
Purpose of Data Processing
Dimensions Management Consultants (DMC) processes personal data strictly for legitimate business purposes arising from its recruitment, talent sourcing, training and development, consultancy services, and general business operations. Personal data is used to identify and place suitable candidates, deliver and administer training programmes, manage programme registrations and participation, facilitate consultancy engagements, respond to enquiries, and maintain ongoing professional communication with stakeholders. DMC also processes personal data for programme administration, including logistics, attendance tracking, certification, invoicing where applicable, and post-programme evaluation, as well as for feedback analysis, quality assurance, and continuous service improvement. In addition, personal data may be used to support digital platform functionality, enhance user experience, ensure system security, monitor service usage, and maintain internal reporting, client engagement, and talent databases for future opportunities.
All personal data is processed for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
Legal Basis for Processing
Dimensions Management Consultants (DMC) processes personal data on lawful grounds in accordance with applicable data protection laws, including the Zimbabwe Cyber and Data Protection Act, and relevant international best practice principles. Processing is undertaken where necessary for the performance of contracts with candidates, clients, and program participants, including recruitment, training delivery, consultancy services, and related administration. DMC also processes personal data based on the consent of the data subject, particularly where information is submitted through applications, registrations, enquiries, or feedback mechanisms. In addition, processing may occur on the basis of DMC’s legitimate business interests, including talent sourcing, service delivery, stakeholder communication, and business development, provided such interests do not override the rights and freedoms of the data subject.
Where required, DMC processes personal data to comply with applicable legal and regulatory obligations.
Legal and Regulatory Compliance
Dimensions Management Consultants (DMC) is committed to full compliance with applicable data protection and privacy laws governing the collection, processing, storage, and transfer of personal data. In particular, this policy is aligned with the provisions of the Cyber and Data Protection Act [Chapter 12:07], which regulates data protection and privacy in Zimbabwe. DMC adheres to the principles set out in this Act, including lawful and transparent processing, purpose limitation, data minimization, accuracy, security, and accountability. Where DMC engages in talent sourcing or recruitment activities involving international clients or cross-border data flows, the organization also aligns its practices with internationally recognized data protection frameworks, including the General Data Protection Regulation, to ensure an adequate level of protection for personal data.
DMC implements appropriate technical and organizational measures to ensure that all personal data is processed securely and in accordance with applicable legal and regulatory requirements. All employees, consultants, and third-party partners engaged by DMC are required to uphold strict confidentiality and data protection standards. In the event of any conflict between applicable laws, DMC shall comply with the most stringent data protection requirements to safeguard the rights and interests of data subjects. DMC further commits to continuous review and enhancement of its data protection practices in line with evolving legal, regulatory, and industry best practices.
Data Sharing and Disclosure
Dimensions Management Consultants (DMC) shares personal data only where necessary for recruitment, training and development, consultancy services, and related business operations. Data may be disclosed to client organisations for recruitment and selection purposes, limited strictly to information relevant to candidate assessment and placement decisions. DMC may also share personal data with authorised third-party service providers, including assessment platforms, verification agencies, and technology providers, solely for service delivery and subject to confidentiality and data protection obligations.
For training and consultancy engagements, participant data may be shared for administration, attendance tracking, certification, evaluation, and reporting where required. DMC does not sell personal data and ensures all disclosures are lawful, necessary, and appropriately safeguarded.
Data Retention
Dimensions Management Consultants (DMC) retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including recruitment, training and development, consultancy services, administration, evaluation, and legal or regulatory compliance requirements.
Candidate and client-related data may be retained for future placement, engagement, or service opportunities, unless a deletion request is received or retention is no longer justified. Training and programme participant data is retained for purposes of administration, certification, reporting, and quality assurance, after which it is securely archived or deleted. Where data is no longer required, it is securely deleted or anonymised in accordance with applicable data protection standards.
Data Security
DMC implements appropriate technical and organisational measures to safeguard personal data, including:
Secure digital storage systems
Restricted access to authorised personnel only
Confidentiality agreements with staff and consultants
Ongoing data protection awareness practices
Data Subject Rights
Individuals whose personal data is processed by Dimensions Management Consultants (DMC) have rights under applicable data protection laws, including the Zimbabwe Cyber and Data Protection Act.
These include the right to access, correct, or update their personal data, and to request deletion or restriction of processing where legally permissible.
Where processing is based on consent, individuals may withdraw consent at any time, without affecting prior lawful processing.
All requests may be submitted through DMC’s official channels and will be handled in accordance with applicable legal requirements.
Consent
By submitting personal data to Dimensions Management Consultants (DMC) through any channel, including applications, registrations, enquiries, or feedback forms, individuals consent to the collection, processing, and use of their personal data for legitimate business purposes as outlined in this policy.
Where required, DMC may request explicit consent for specific processing activities, including sharing data with third parties for recruitment, training, or consultancy purposes.
Individuals may withdraw consent at any time; however, such withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
Cross-Border Data Transfers
Dimensions Management Consultants (DMC) may transfer personal data outside Zimbabwe where required for recruitment, training, consultancy, or service delivery purposes, including where clients, service providers, or technology systems are located in other jurisdictions.
All cross-border transfers are conducted in compliance with applicable data protection laws, including the Zimbabwe Cyber and Data Protection Act, and are subject to appropriate safeguards to ensure an adequate level of protection for personal data.
DMC ensures that any third parties receiving such data are bound by contractual confidentiality and data protection obligations consistent with this policy.
Policy Updates
DMC reserves the right to update this policy periodically to reflect changes in legal, regulatory, or operational requirements.
Contact Information
For any data privacy inquiries, requests, or concerns, individuals may contact our Data Protection Officer:
Commitment to Ethical Data Protection
Dimensions Management Consultants (DMC) is committed to ethical, transparent, and responsible handling of personal data across all recruitment, training, consultancy, and business operations. DMC upholds confidentiality, data minimisation, and lawful processing principles, and ensures that personal data is used only for legitimate and specified purposes. The organisation is committed to continuous improvement of its data protection practices in line with applicable legal requirements and relevant international best practices. DMC also promotes accountability among its employees, consultants, and partners to ensure responsible handling and protection of all personal data entrusted to the organisation.
Disclaimer and Limitation of Liability
Dimensions Management Consultants (DMC) takes reasonable measures to ensure personal data is processed securely and accurately for recruitment, training, consultancy, and related services. However, DMC does not warrant the accuracy or completeness of information provided by candidates, participants, referees, or third parties. DMC shall not be liable for any loss or damage arising from reliance on such information or from decisions made by client organisations based on data supplied through its services. While DMC applies appropriate safeguards to protect personal data, it is not responsible for unauthorised access, disclosure, or loss arising from events beyond its reasonable control, including cyber incidents, system failures, or third-party breaches.
Submission of personal data acknowledges that final recruitment and employment decisions rest with client organisations, not DMC.
