Privacy Policy

Last updated 02 July 2026

This privacy policy is reviewed periodically and any updates will be published on this website, effective upon posting. For significant changes, we may also notify you directly or highlight the update prominently.

Who We Are

ALX Holdings Limited, a private company registered in Mauritius under registration number 213364 and with its registered office address at Lot 02, Floor 1, CentrePoint, Trianon, Mauritius (“ALX”, “we” or “us”).

 

We act as a ‘controller’ of the personal data to all information collected through our website (ALX Corporate Training), “Website”, “ALX Enterprise”  or collected for the Services, as identified below.

Purpose

The purpose of this Privacy Policy is to explain how ALX Enterprise collects, uses, stores, and protects personal data in connection with the Website administration and the Services we offer. We are committed to safeguarding the personal information visitors to our website and the representatives of businesses that enquire about or engage with our corporate training programmes. This policy outlines our data processing practices and reflects our commitment to transparency, legal compliance, and the responsible use of personal data.

  • Scope
      1. This Privacy Policy applies to all personal data collected by ALX in the context of our operations, including but not limited to:
        1. Representatives and contact persons of businesses that enquire about or engage with our services; 
        2. Individuals interacting with us through our Website, including sales, marketing, events, or community engagement.

Why we Collect Personal Data

      1. Our privacy policy applies to visitors to the Website and to the representatives or contact persons of businesses that enquire about or engage with ALX, in relation to the Website and any related sales, marketing or events (we refer to the Website and these related activities collectively in this privacy policy as the “Services”). We detail below the purposes of processing, type of personal data and legal basis for the processing. 
      2. We never sell personal data to anyone for any purpose. We do not give personal data to others for their own use.
      3. We hope you take some time to read through this Privacy Policy carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Website and our Services.

How we use Personal data About you

    1. Under the law, we must process your data lawfully, fairly, and transparently. We rely on one of the legal bases below for processing personal data, depending on what the data is and what we use it for:
      1. our legitimate interests;
      2. to comply with the law;
      3. your consent; or
      4. to perform a contract with you, or to take steps at your request before entering into a contract. 
    2. We do not collect any “special categories” of personal data as defined in the Data Protection Act 2017 (Mauritius) or the GDPR (European Union).
Purpose of Processing Categories of Personal Data Legal Basis for Processing
To respond to enquiries and communicate with you and the business you represent  Identification and contact details (e.g. Name, email, phone number, location, company name, role/title, area of expertise, website

Publicly available personal information (such as current and former addresses; phone numbers; email addresses; business email; business phone number; and information available on the LinkedIn profile)

Contract performance or pre-contractual steps – necessary to respond to your enquiry, to take steps at your request before entering into a contract and, where a contract is in place, to deliver and manage it and communicate with you 
To run and support our website and platform functionality Same as above, plus IP address, usage data, device/browser type, referral URLs Contract performance – necessary to operate and maintain the website and to deliver and manage the contract and communicate with you
Marketing, commercial communications, and public presence (e.g., event promotion, webinars, speaker/contributor recognition)  Identification and contact details (as above)

Data on outreach and deliverability of communications (advert engagement data; website conversion actions; browsing patterns) 

Image (for marketing of events; photos/videos)

IP (for webinars), user logs 

Consent for direct marketing, or legitimate interest if you are part of an existing relationship (e.g., an existing client, partner or business contact)
To improve services, user experience, and marketing effectiveness (data analysis, statistics and reporting) Identification data (name, email, age)

IP address, referral sources, location, browsing behavior (pages visited, time on site, clicks, keywords used, posts engaged with, browsing history, preferences), device and technical data

Data is aggregated for this purpose.

Legitimate interest – to analyze trends, improve services, and optimize the website and communications
To collect feedback and conduct surveys Name, email, phone number, address, age, gender, country, qualitative feedback, optional photos or voice recordings Consent – participation is voluntary and optional
To manage IT operations and ensure platform security All personal data collected during service use (e.g., communications metadata, login history, access logs, technical diagnostics) Legal obligation and legitimate interest – to ensure data security, system integrity, and compliance
To fulfill legal obligations and respond to lawful requests All relevant personal data collected Legal obligation – to comply with applicable laws, including tax, regulatory, or data protection compliance
To support business transitions (e.g., mergers, acquisitions, restructuring) All personal data collected during the course of service use Legitimate interest – to ensure continuity and transparency in business operations
Internal operations and communication All personal data necessary for daily operations, collaboration, and team communication (e.g., email threads, shared files) Contract performance and legitimate interest – to enable efficient internal communication and coordination
  1. For more context on how and with whom your data may be shared during processing, please refer to the ‘Who We Share Personal Data With’ section below.  
  2. Some of your legal rights will depend on which legal basis we are relying on for processing. Please see the “Your Rights” section below.

Where we get your Personal Data from

      1. We collect personal information that you provide to us.
      2. We collect personal information that you voluntarily provide to us when contacting us on the Website, expressing an interest in obtaining information about us or our products and Services, when participating in activities initiated by us (such as events, webinars or entering competitions, contests, giveaways, other activities) or otherwise contacting us.
      3. All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
      4. The personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use, including publicly available personal information as detailed above. 

Who we share Personal Data with

      1. As a visitor to the website or a representative of a business, your personal data may be processed or shared in the following situations, in line with our operational needs and applicable legal requirements:
      2. Internal Use 
        1. We may share your data within our organization and affiliated entities for operational and contractual purposes, such as our corporate internal management.
      3. Marketing, Communications, and Public Presence
        1. We may include your professional information (such as name, title, bio, photo, company name, and area of expertise):
          1. In marketing materials, including newsletters, brochures, event invitations, or other promotional content,
          2. On the ALX Enterprise website to acknowledge your role or contribution as a speaker, contributor, or partner,
          3. On social media to highlight your involvement. 
        2. This is done either with your explicit consent or where we have a legitimate interest, for example, to promote our services and acknowledge contributors.
        3. If at any time you would prefer not to be featured in our marketing or communications materials, you may request removal by pressing the unsubscribe button at the bottom of the email.
      4. Third-Party Service Providers
        1. We may share your information with trusted third-party vendors, service providers, and platforms that assist us in operating and delivering our services. These may include:
          1. IT and productivity tools (e.g., Google Workspace, Notion, Zoom, Slack, Jira, Juro),
          2. Website hosting providers (including for data analysis, data statistics, survey/feedback),
          3. Marketing platforms, CRM systems, and email delivery services,
          4. Event tools for virtual sessions, asynchronous interviews, or live experiences.
        2. These providers are contractually required to process your data only for agreed purposes and not for their own use.
      5. Legal and Regulatory Compliance
        1. We may disclose your data to third parties where legally required to do so, including:
          1. Regulatory bodies, tax authorities, and auditors,
          2. Courts or government agencies in response to lawful requests,
          3. Public institutions involved in compliance, inspections, accreditation, or verification processes,
          4. our external consultants assisting us to observe legal obligations.
      6. Business Partners
        1. In case we have an offer for certain products, services or promotions we may share or transfer your data with our partners, such as ALU Foundation. This is done either with your explicit consent or where we have a legitimate interest, for example, to promote similar products or services.
      7. Business Transitions
        1. In the event of a merger, reorganization, or acquisition, we may share or transfer your data with relevant third parties such as acquirers, advisors, or auditors, for due diligence or operational continuity. All such disclosures will occur under appropriate confidentiality.

How we Store and Secure Personal data

      1. The personal data we collect as part of our Services is hosted in the United States of America using secure cloud infrastructure providers such as AWS. We only engage with service providers who demonstrate robust cybersecurity and data protection measures.
      2. We have implemented appropriate technical and organisational safeguards to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. However, please note that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your data, accessing our Services and transmitting information is at your own risk. We encourage all visitors to access our website in secure environments.
      3. All third-party service providers (external processors) that process personal data on our behalf are contractually bound to maintain the confidentiality and security of your data. They are not permitted to use your personal information for their own purposes unless required by law and in accordance with applicable data protection legislation.

Transferring your personal data to other countries

      1. In the course of providing our Services, we may transfer your personal data to the United States of America, where our service providers (such as AWS, HubSpot, SuperSet, Salesforce, and Google Workspace) host data.
      2. Additionally, we may share personal data within our corporate group located in Egypt, Kenya, South Africa, Nigeria, Ghana, Ethiopia, Morocco, and Rwanda.
      3. We acknowledge the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, which affirms that certified U.S.-based companies provide a comparable level of data protection. Our primary providers — AWS, HubSpot, Salesforce, and Google — are certified under this framework.
      4. If we need to transfer your data to a country not deemed to have “adequate” protection by the European Commission, we will do so only under the European Commission’s Standard Contractual Clauses (SCCs) and, where necessary, implement supplementary measures to ensure adequate protection. You may view the SCCs here.
      5. If you would like more information about how we transfer data internationally, please contact us.

How Long we keep personal data

      1. We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required by applicable laws (e.g., tax, accounting, or regulatory compliance).
      2. If you submit your information via our Website but do not enter into negotiations or a formal agreement with us, we will delete your personal data within 90 days of your last contact.
      3. When there is no longer a legitimate business need to process your data, we will either securely delete or anonymize it. If deletion is not possible (e.g., due to backup systems), we will isolate and securely store your personal data until deletion becomes feasible.
      4. Should you have any questions regarding our data retention practices, please contact us using the details provided below.

Your Rights

      1. As a data subject, you have the right to:
        1. Request access to the personal data we hold about you;
        2. Request correction of any inaccurate or incomplete data;
        3. Request deletion of your data, subject to certain legal exceptions;
        4. Request restriction of processing where applicable (e.g., if you dispute data accuracy);
        5. Request data portability for information you provided to us, in a commonly used format.
      2. You may also:
        1. Object at any time to your personal data being used for direct marketing (or use the ‘unsubscribe’ link at the bottom of the email);
        2. Object to processing based on legitimate interests in certain circumstances.
      3. If we rely on your consent to process your personal data, you may withdraw that consent at any time. Please note:
        1. Withdrawal of consent does not affect processing that is required or permitted by law (e.g., for legal compliance or defense of rights);
        2. In some cases, we may no longer be able to provide certain services if consent is withdrawn. We will inform you if this applies.

Complaints

      1. If you wish to complain about our use of personal data, we would appreciate the chance to deal with your concerns first. If you still wish to complain, please consult the Mauritius Data Protection Office  website at https://dataprotection.govmu.org/
      2. If you are resident in the EEA (which includes the EU), the GDPR also gives you the right to lodge a complaint with your local data protection regulator.

How to Contact us

Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you can contact us at [email protected].

 

For any other questions in relation to this notice, you can contact us at:

Data Protection Officer

[email protected]

 

or our

EU Representative, if you are from EU:

Kinstellar SPARL

8 – 10 Nicolae Iorga, Sector 1, 

010434 Bucharest, Romania

[email protected]