Effective Date: November 2025

Gateway Christian Training College is committed to protecting the privacy and personal data of all individuals associated with the school in accordance with the Cyber and Data Protection Act [Chapter 12:07] of Zimbabwe.

This Data Privacy Notice outlines how we collect, use, store, share, and protect your personal data in the course of our academic, research, and administrative functions.

  1. What This Notice Covers

This notice applies to all students, staff, applicants, alumni, research participants, website visitors, and other individuals whose personal data we collect and process.

  • What Personal Data We Collect


We may collect and process the following categories of personal data:


  • Identification Data: Name, national ID number, student/staff number, passport number, date of birth, gender, nationality, age, sex, marital status, religious beliefs, fingerprints, bloodtype,
  • Contact Details: Email address, phone number, residential address,
  • Academic Information: Transcripts, examination results, enrolment records,
  • Financial Information: Bank account details, tuition payment records, scholarship data,
  • Employment Data (for staff): Employment history, qualifications, performance records,
  • Digital Information: IP addresses, device data, access logs, school email, correspondence and device information,
  • Health and Emergency Data: Medical conditions, next of kin details, healthcare history, physical or mental disabilities, (only where necessary and lawful).
  • How We Collect Personal Data

We collect data through various channels, including:

  • Application and registration forms,
  • Online portals and websites,
  • Email and written correspondence,
  • Biometric systems and CCTV,
  • Research and surveys,
  • School events and activities.

4. Purpose of Data Collection

  • We collect and use personal data for the following lawful purposes:
  • Admission, registration, teaching, and learning,
  • Student support services and accommodation,
  • Employment and human resource management,
  • Research, publications, and innovation,
  • ICT services and digital learning platforms,
  • Communication and alumni relations,
  • Legal compliance and institutional governance,
  • Safety, security, and health monitoring.

We may process your personal information for the following purposes;

  • To provide and improve our services/products,
  • To manage your account and communicate with you,
  • To process your transactions,
For marketing and promotional purposes (with your consent where required),
  • To personalize your experience,
  • To ensure the security of our systems and prevent fraud,
  • To comply with legal and regulatory obligations

5. Legal Basis for Processing Data

The Act requires that we have a lawful basis for processing your personal information. These may include:

  • Consent: Where you have freely given your explicit consent for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you.
  • Legal Obligation: Where processing is necessary for compliance with a legal obligation.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and fundamental rights do not override those interests.
  • Public Interest: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • Vital Interests: Where processing is necessary to protect your vital interests or those of another person.

6. Data Sharing and Disclosure

We may share your personal information with the following categories of recipients:

  • Our employees and authorized personnel for lawful and legitimate purpose,
  • Third-party service providers who assist us in delivering our services (e.g., payment processors, hosting providers, marketing platforms) (eg BELINA PAYROLL),
  • Business partners,
  • Legal authorities or regulatory bodies when required by law,
  • Government ministries (e.g., The Ministry of Primary and Secondary Education), Zimbabwe Council for Higher Education (ZIMCHE),
  • Professional bodies e.g. (Allied Health Professions Council of Zimbabwe), Examination boards (e.g., ZIMSEC, Cambridge),
  • Research collaborators (with appropriate safeguards),
  • Sponsors and funding bodies,
  • Health Insurances providers (e.g., CIMAS),
  • Service providers (e.g., Tel one, mailing services),
  • Law enforcement or regulatory bodies where required by law (e.g. ZIMRA, NSSA),
  • All registered banks in and outside Zimbabwe.

7. Transfer of personal Information outside Zimbabwe

We may transfer your personal information to countries outside Zimbabwe, for various purposes, including:

  • Educational and Research Purposes: sharing student information with partner institutions for exchange programs.

  • Joint Research Projects: collaborating with international researchers and sharing relevant personal data.

  • Transnational Education: delivering programs or courses in partnership with international institutions.

  • Enrolment and Admission: verifying student credentials with international institutions.

  • Alumni Relations: sharing updates with international alumni associations.

  • International Collaborations: exchanging staff or student information for collaborative projects.

  • Immigration and Visa Requirements: sharing student and staff information with immigration authorities.
  • Tax Compliance: reporting income or tax-related information to international authorities.
  • Anti-money Laundering and Counter-terrorism Financing: complying with international regulations.
  • Staff and Student Mobility Programmes: information on students and staff who spend a period at a partner institution outside the country.

The school commits to balance the need to share information for legitimate purposes with its obligation to protect individuals’ personal data under the Cyber and Data Protection Act.

8. Data Retention


  • We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected or as required by law. Retention periods may vary depending on academic, administrative, and legal obligations.

9. Data Security Measures


We implement technical and organisational measures to safeguard your personal data, including:

  • Access controls and user authentication,
  • Data encryption and secure servers,
  • Physical security of premises,

  • Staff training and confidentiality agreements,
  • Regular audits and vulnerability assessments.

10. Your Rights as a Data Subject under the CDPA

Under the Act, you have certain rights regarding your personal information:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal information.
  • Right to Access: You have the right to request access to your personal information that we hold.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal information under certain circumstances.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information in certain situations.
  • Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance.
  • Right to Object: You have the right to object to the processing of your personal information in certain circumstances, including for direct marketing purposes.
  • Rights Related to Automated Decision-Making, including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless there is a lawful basis for such processing.

To exercise your rights, please contact the Data Protection Officer (DPO) via the contact details below:

11. Contact Information


For any inquiries or requests related to data privacy and protection, please contact:


Data Protection Officer

Pride Mujokeri

Gateway School Trust

10 Prices Road

Emerald Hill


HARARE


Email: dpo@gatewaytac.co.zw

12. Updates to This Notice


This Privacy Notice may be reviewed and updated periodically to reflect changes in law or school practices. The most current version will be posted on our website.