Performance Manager logo

Privacy Policy

How we protect and process your data

Performance Manager acts as a trusted Data Processor for employers using the platform. This policy explains what data we handle, why we process it, and how you can exercise your rights.

Version 1.0.0Last updated: November 20, 2025

Who We Are

Performance Manager is the performance management platform your employer uses to run balanced scorecards, 360-degree assessments, action plans, and strategy validation.

  • Your employer is the Data Controller – they decide why and how your information is processed.
  • Performance Manager is the Data Processor – we process your data only under your employer’s documented instructions and in line with the Zimbabwean Data Protection Act.

A. Information We Process and Why

We process only the data your employer supplies so we can deliver the services they have requested. All processing is lawful, fair, transparent, and limited to what is necessary for performance management.

Personal data categories may include:

  • Identifiers such as your name, employee number, job title, and employment history
  • Feedback or observations recorded by your peers, managers, or direct reports (e.g., 360-degree assessments)
  • Self-assessments, goal updates, or other views you submit yourself
  • Role or project documentation such as KPIs, action plans, development plans, or supporting attachments..

Some of these data points may be considered sensitive data. We only process sensitive data when you have provided explicit written consent or when the processing is necessary for your employer to exercise rights and obligations under employment law.

B. Your Rights as a Data Subject

Performance Manager is designed to help your employer uphold your rights. You can exercise these rights by contacting your employer’s HR team or Data Protection Officer.

  • Be informed – know how and why your data is processed.
  • Access – obtain a copy of the personal data held about you.
  • Correct – rectify inaccurate or incomplete information.
  • Delete – request deletion of false, misleading, or no-longer-needed data.
  • Object – object to all or part of the processing activities.

Your employer (the Data Controller) owns the relationship with you and will coordinate with Performance Manager to fulfil any validated request.

C. How We Protect Your Data

We apply technical, administrative, and organisational controls that are proportionate to the sensitivity of the information and the risks involved. These controls include:

  • Encryption at rest and in transit
  • Role-based access controls, MFA, and detailed audit trails
  • Continuous monitoring, network segmentation, and automated alerting
  • Secure software development practices, code reviews, and dependency monitoring
  • Annual third-party penetration testing plus regular vulnerability scans

If a security incident affects your data, we notify the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) within 24 hours and support your employer in notifying affected individuals where required.

D. Data Retention

We only retain identifiable data for as long as your employer’s retention schedule requires. When instructed to delete or anonymise data, we carry out that instruction promptly and provide confirmation.

E. Transfers Outside Zimbabwe

To deliver a resilient service, your data may be stored or processed on infrastructure located outside Zimbabwe. We only transfer data when one of the following safeguards is in place:

  • The destination country provides an adequate level of protection.
  • Appropriate contractual safeguards (such as standard contractual clauses or binding corporate rules) exist.
  • You have given explicit, unambiguous consent.

We maintain a vetted list of sub-processors. Each is contractually obligated to follow our instructions, apply appropriate security controls, and report incidents promptly. Your employer can request the current list at any time.

F. Contact Us

Questions about this policy

Performance Manager – Strategy and Performance Office

Email: fspi@ipcconsultants.com

Phone: +263 24 2481950

Exercise your rights
Please contact your employer’s HR team or Data Protection Officer directly. They will use the Performance Manager platform to respond to your request.

Summary

  • Your employer controls your data; Performance Manager processes it on their behalf.
  • We follow strict legal, contractual, and security requirements.
  • You keep all rights under the Data Protection Act.
  • Transfers outside Zimbabwe happen only with adequate safeguards.
  • Sub-processors are vetted and disclosed transparently.

This policy will be reviewed regularly to stay aligned with regulatory requirements and best practices.