Haness Consult Group Limited is committed to protecting the privacy and personal data of every individual we interact with. This Privacy Policy explains how we collect, use, store, and protect your information in accordance with Tanzania's Personal Data Protection Act, Cap. 455 (PDPA) and applicable regulations. Please read it carefully.
Haness Consult Group Limited ("Haness", "we", "us", or "our") is a corporate advisory firm registered in Tanzania under Registration Number 140274100, TIN 140-274-100. We are a registered Investors Service Provider under TISEZA (Certificate No. 153).
Our registered office is located at:
Plot 504, Block K, Colonel Mitha Street
Off Mwai Kibaki Road, Mbezi Beach
Dar es Salaam, Tanzania
Email: advisory@hanessconsultgroup.co.tz
Phone / WhatsApp: +255 744 919 147
We provide services in six practice areas: Investment Facilitation, Legal Services & Compliance, Company Incorporation, HR Advisory & Recruitment, Data Protection (DPO Services), and Corporate Advisory & Intelligence. As a provider of Data Protection Officer (DPO) services, we take our own data obligations with the same seriousness we bring to our clients.
We collect personal data in the following categories, depending on how you interact with us:
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, title, job title, company name | Directly from you |
| Contact Data | Email address, phone number, postal address | Directly from you |
| Business Data | Organisation name, business registration number, industry sector, nature of enquiry | Directly from you or publicly available sources |
| Transaction Data | Details of services purchased, payment references (we do not store card data) | Directly from you or third-party payment processors |
| HR & Employment Data | Employee records, contracts, salary information, disciplinary records, NSSF/WCF data — only where you engage us for HR advisory or outsourced services | Client organisations on behalf of their employees |
| Technical Data | IP address, browser type, device identifiers, pages visited, session duration | Automatically via cookies and server logs |
| Communication Data | Emails, WhatsApp messages, contact form submissions, and notes from telephone consultations | Directly from you |
We do not intentionally collect sensitive personal data (such as health records, religious beliefs, or criminal records) unless it is strictly necessary for the legal or HR services you have specifically engaged us to provide, and only with your explicit consent or as permitted by law.
We use your personal data for the following purposes:
We will never use your data for purposes incompatible with those for which it was originally collected, without obtaining fresh consent or establishing a new lawful basis.
Under the Tanzania Personal Data Protection Act, Cap. 455 (PDPA), we are required to have a lawful basis for every processing activity. Our legal bases are as follows:
| Processing Activity | Lawful Basis (PDPA) |
|---|---|
| Responding to an enquiry or delivering a requested service | Performance of a contract / Pre-contractual steps (s.19(1)(b)) |
| Maintaining client records and issuing invoices | Legal obligation (s.19(1)(c)) |
| HR advisory — processing employee data on behalf of a client | Legitimate interests of the client organisation; explicit consent where sensitive data is involved |
| Investment and regulatory submissions to TISEZA, TIC, BRELA, TRA | Performance of a contract; legal obligation |
| Sending insights, newsletters, and service updates | Consent (s.19(1)(a)) — freely given, specific, and withdrawable at any time |
| Website analytics and technical logs | Legitimate interests — website security and performance improvement |
| Retaining records for legal defence or regulatory enquiries | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have conducted a balancing test to confirm that our interests do not override your fundamental rights and freedoms. Documented records of these assessments are maintained by our DPO.
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
Where we act as a data processor on behalf of a client organisation (for example, when providing outsourced HR or DPO services), the client remains the data controller. In such cases, our processing is governed by a written Data Processing Agreement, and we act only on documented instructions from the controller.
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:
| Data Category | Retention Period | Basis |
|---|---|---|
| Client engagement files and correspondence | 7 years after matter closure | Tax Act; legal professional obligations; limitation periods |
| HR and employment advisory records | 7 years after termination of engagement | ELRA; CMA limitation periods |
| Investment facilitation documents | 10 years after project completion | TISEZA regulatory requirements; investor protection |
| Incorporation and corporate secretarial records | Duration of company existence + 7 years | Companies Act, Cap. 212 |
| Financial records and invoices | 7 years | Tanzania Income Tax Act; VAT Act |
| Website enquiry / contact form data | 3 years from last interaction (where no engagement follows) | Legitimate interests; limitation periods |
| Marketing consent records | Until consent is withdrawn, then deleted within 30 days | PDPA — accountability |
| Website server logs and technical data | 12 months | Security; legitimate interests |
When data reaches the end of its retention period, it is securely deleted or anonymised. Anonymised data may be retained indefinitely for statistical analysis.
Under the Tanzania Personal Data Protection Act, you have the following rights in relation to your personal data. These rights apply subject to any applicable legal exceptions:
To exercise any of these rights, contact our Data Protection Officer using the details in Section 12. We will respond to all requests within 30 days. Where a request is complex or we receive a high volume, we may extend this by a further two months — and will notify you if so.
Our website (hanessconsultgroup.co.tz) uses cookies and similar technologies. A cookie is a small text file placed on your device when you visit a website. The following categories of cookies are used:
| Cookie Type | Purpose | Basis |
|---|---|---|
| Strictly Necessary | Essential for the website to function correctly. These cannot be disabled. Examples: session state, security tokens. | Strictly necessary — no consent required |
| Performance / Analytics | Help us understand how visitors use our site (pages visited, time spent, errors encountered). Data is aggregated and anonymised where possible. | Legitimate interests / Consent |
| Functional | Remember your preferences (e.g., language) to improve your experience. | Legitimate interests / Consent |
We do not use advertising or third-party tracking cookies. You can manage or delete cookies through your browser settings at any time. Note that disabling certain cookies may affect website functionality. Most browsers provide guidance on cookie management in their help sections.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (PDPC) within the timeframes prescribed by the PDPA.
While we take all reasonable precautions, no electronic transmission over the internet is entirely secure. Any data you transmit to us via our website contact form or email is at your own risk during transit.
Haness Consult Group is a Tanzania-based firm and our primary data processing operations are conducted within Tanzania. However, certain third-party service providers (such as cloud storage or email hosting providers) may be located outside Tanzania.
Where personal data is transferred outside Tanzania, we ensure that appropriate safeguards are in place in accordance with the PDPA. These safeguards may include:
For services involving East African cross-border advisory (Kenya, Uganda, Rwanda), data shared with partner professionals in those jurisdictions is subject to professional confidentiality obligations and equivalent data protection standards.
We review and update this Privacy Policy periodically, particularly when there are changes to our services, applicable law, or regulatory guidance. The most current version is always available at hanessconsultgroup.co.tz/privacy-policy.html.
When we make significant changes, we will notify active clients by email and update the "Last updated" date at the top of this page. We encourage you to review this policy whenever you engage with our services or visit our website.
Continued use of our website or services after a change to this policy constitutes acceptance of the updated terms, to the extent permitted by law.
For all privacy-related enquiries, data subject rights requests, or data breach reports, please contact our designated Data Protection Officer:
If you are not satisfied with our response, you may escalate your complaint to the Personal Data Protection Commission (PDPC) of Tanzania. Information about the PDPC and how to file a complaint is available through the Commission's official channels.
We aim to respond to all privacy enquiries within 3 business days and to resolve all formal data subject rights requests within 30 days of receipt.