Selection Policy
Terms & Conditions (Portal)
Privacy
ALX Holdings Payment Terms and Conditions
Data Processing Terms
Contractor Privacy

Contractor Privacy

WHO WE ARE

ALX Holdings Limited (“ALX”, “we”, “us”) is a company registered in Mauritius.

Business registration number: C213364

Registered office address: 5th Floor, The CORE Building, No. 62, ICT Avenue, Cybercity, Ebene, MauritiusWe act as a ‘controller’ of the personal data to all information collected through our website (www.alxafrica.com), “Website”, “ALX Africa”  or collected for the Services, as identified below.

CONTRACTOR PRIVACY

Last updated: July 2025

Version: 2

This privacy policy is reviewed periodically and any updates will be published on this website, effective upon posting. For significant changes, we may also notify you directly or highlight the update prominently.

Purpose:

The purpose of this Privacy Policy is to explain how ALX Africa collects, uses, stores, and protects personal data in connection with the Services we offer. We are committed to safeguarding the personal information of our contractors, partners, potential contractors/partners, their representatives, and users of our digital platforms. This policy outlines our data processing practices and reflects our commitment to transparency, legal compliance, and the responsible use of personal data.

Scope:

This Privacy Policy applies to all personal data collected by ALX Africa in the context of our operations, including but not limited to:

  • This policy governs the processing of personal data across all ALX Africa platforms and initiatives, regardless of the medium or location of access.
  • Contractors and partners engaged by ALX Africa;
  • Potential contractors/partners in discussions or negotiations with ALX Africa;
  • Representatives and contact persons of contractors, partners, or potential partners;
  • Individuals interacting with us through our Services, including sales, marketing, events, or community engagement.

WHY WE COLLECT PERSONAL DATA

ALX Africa is ​​a community of passionate, courageous ‘doers’ where we help the world’s top talent to fulfil their potential and get connected with customers or employers all over the world. At ALX, people find employment and business opportunities, co-founders, investors, and a thriving community to connect with others and find information.

Our privacy policy applies to any contractor/partner, potential contractor/partner and their representatives or contact persons in relation to ALX and generally to any visitor to the Website or applications operated by ALX, for any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the “Services”). We detail below the purposes of processing, type of personal data and legal basis for the processing.

We never sell personal data to anyone for any purpose. We do not give personal data to others for their own use.

We hope you take some time to read through this Privacy Policy carefully, as it is important. If there are any terms in this Privacy Policy that you do not agree with, please discontinue use of our Website and our Services.

HOW WE USE PERSONAL DATA ABOUT YOU

Under the law, we must process your data lawfully, fairly, and transparently. We rely on one of the legal bases below for processing personal data, depending on what the data is and what we use it for:

  • our legitimate interests;
  • to comply with the law;
  • your consent; or
  • to perform our contract with you (providing your user account)

We do not collect any “special categories” of personal data as defined in the Data Protection Act 2017 (Mauritius) or the GDPR (European Union).

Purpose of ProcessingCategories of Personal DataLegal Basis for Processing
To provide and manage our services, including communication with contractorsIdentification and contact details (e.g. Name, email, phone number, location, company name, role/title, area of expertise, websitePublicly available personal information (such as current and former addresses; phone numbers; email addresses; business email; business phone number; and information available on the LinkedIn profile)Contract performance – necessary to deliver and manage the contract and communicate with you
To run and support our website and platform functionalitySame as above, plus IP address, usage data, device/browser type, referral URLs, payment information (if applicable, such as a credit card number), and the security code associated with your payment instrument)Contract performance – necessary to operate and maintain the platform
Marketing, commercial communications, and public presence (e.g., event promotion, webinars, mentor/facilitator recognition)Identification and contact details (as above)For communication via social media (e.g. Telegram, WhatsApp, Instagram, or Facebook/Meta, Tiktok, LinkedIn), relevant profilesData on outreach and deliverability of communications (advert engagement data; website conversion actions; browsing patterns) Image (for marketing of events; photos/videos)IP (for webinars), user logs Consent for direct marketing, or legitimate interest if you are part of an existing relationship (e.g., mentor, facilitator, contractor)
To improve services, user experience, and marketing effectiveness (data analysis, statistics and reporting)Identification data (name, email, age)IP address, referral sources, location, browsing behavior (pages visited, time on site, clicks, keywords used, posts engaged with, browsing history, preferences), device and technical dataData is aggregated for this purpose.Legitimate interest – to analyze trends, improve services, and optimize the website and communications
To collect feedback and conduct surveysName, email, phone number, address, age, gender, country, qualitative feedback, optional photos or voice recordingsConsent – participation is voluntary and optional
To manage IT operations and ensure platform securityAll personal data collected during service use (e.g., communications metadata, login history, access logs, technical diagnostics)Legal obligation and legitimate interest – to ensure data security, system integrity, and compliance
To fulfill legal obligations and respond to lawful requestsAll relevant personal data collectedLegal obligation – to comply with applicable laws, including tax, regulatory, or data protection compliance
To support business transitions (e.g., mergers, acquisitions, restructuring)All personal data collected during the course of service useLegitimate interest – to ensure continuity and transparency in business operations
Internal operations and communicationAll personal data necessary for daily operations, collaboration, and team communication (e.g., email threads, shared files)Contract performance and legitimate interest – to enable efficient internal communication and coordination

For more context on how and with whom your data may be shared during processing, please refer to the ‘Who We Share Personal Data With’ section below.

Some of your legal rights will depend on which legal basis we are relying on for processing. Please see the “Your Rights” section below.

WHERE WE GET YOUR PERSONAL DATA FROM

We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when contacting us on the Website, expressing an interest in obtaining information about us or our products and Services, when participating in activities initiated by us (such as events, webinars or entering competitions, contests, giveaways, other activities) or otherwise contacting us.

All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.

The personal information that we collect depends on the context of your interactions with us, the choices you make and the products and features you use, including publicly available personal information as detailed above.

WHO WE SHARE PERSONAL DATA WITH

As a contractor (either as an individual or a business), your company or personal data may be processed or shared in the following situations, in line with our contractual obligations, operational needs, and applicable legal requirements:

Internal Use

We may share your data within our organization and affiliated entities for operational and contractual purposes, such as:

  • Enabling communication between you and our learners,
  • Supporting learner progress, mentorship, feedback, and engagement,
  • our corporate internal management.

Marketing, Communications, and Public Presence

We may include your professional information (such as name, title, bio, photo, company name, and area of expertise):

  • In marketing materials, including newsletters, brochures, event invitations, or other promotional content,
  • On the ALX website to showcase your role or contribution as a mentor, facilitator, speaker, or partner,
  • On social media or internal platforms to highlight your involvement in the programme.

This is done either with your explicit consent or where we have a legitimate interest, for example, to promote the programme and acknowledge contributors.

If at any time you would prefer not to be featured in our marketing or communications materials, you may request removal by pressing the unsubscribe button at the bottom of the email.

Third-Party Service Providers

We may share your information with trusted third-party vendors, service providers, and platforms that assist us in operating and delivering our services. These may include:

  • IT and productivity tools (e.g., Google Workspace, Notion, Zoom, Slack, Jira, Juro, Calendly),
  • Website and LMS hosting providers (including for data analysis, data statistics, survey/feedback),
  • Marketing platforms, CRM systems, and email delivery services,
  • Event tools for virtual sessions, asynchronous interviews, or live experiences.

These providers are contractually required to process your data only for agreed purposes and not for their own use.

Legal and Regulatory Compliance

We may disclose your data to third parties where legally required to do so, including:

  • Regulatory bodies, tax authorities, and auditors,
  • Courts or government agencies in response to lawful requests,
  • Public institutions involved in compliance, inspections, accreditation, or verification processes,
  • our external consultants assisting us to observe legal obligations.

Business Partners

In case we have an offer for certain products, services or promotions we may share or transfer your data with our partners, such as ALU Foundation. This is done either with your explicit consent or where we have a legitimate interest, for example, to promote similar products or services.

Business Transitions

In the event of a merger, reorganization, or acquisition, we may share or transfer your data with relevant third parties such as acquirers, advisors, or auditors, for due diligence or operational continuity. All such disclosures will occur under appropriate confidentiality safeguards.

HOW WE STORE AND SECURE PERSONAL DATA

The personal data we collect as part of our Services is hosted in the United States of America using secure cloud infrastructure providers such as AWS. We only engage with service providers who demonstrate robust cybersecurity and data protection measures.

We have implemented appropriate technical and organisational safeguards to protect your personal information from loss, misuse, unauthorised access, disclosure, alteration, or destruction. However, please note that no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your data, accessing our Services and transmitting information is at your own risk. We encourage all contractors to access our systems in secure environments.

All third-party service providers (external processors) that process personal data on our behalf are contractually bound to maintain the confidentiality and security of your data. They are not permitted to use your personal information for their own purposes unless required by law and in accordance with applicable data protection legislation.

TRANSFERRING YOUR PERSONAL DATA TO OTHER COUNTRIES

In the course of providing our Services, we may transfer your personal data to the United States of America, where our service providers (such as AWS, HubSpot, SuperSet, Salesforce, and Google Workspace) host data.

Additionally, we may share personal data within our corporate group, including offices or hubs located in Egypt, Kenya, South Africa, Nigeria, Ghana, Ethiopia, Morocco, and Rwanda.

We acknowledge the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, which affirms that certified U.S.-based companies provide a comparable level of data protection. Our primary providers — AWS, HubSpot, Salesforce, and Google — are certified under this framework.

If we need to transfer your data to a country not deemed to have “adequate” protection by the European Commission, we will do so only under the European Commission’s Standard Contractual Clauses (SCCs) and, where necessary, implement supplementary measures to ensure adequate protection. You may view the SCCs here.

If you would like more information about how we transfer data internationally, please contact us.

HOW LONG WE KEEP PERSONAL DATA

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required by applicable laws (e.g., tax, accounting, or regulatory compliance).

If you submit your information via our Website but do not enter into negotiations or a formal agreement with us, we will delete your personal data within 90 days of your last contact.

When there is no longer a legitimate business need to process your data, we will either securely delete or anonymize it. If deletion is not possible (e.g., due to backup systems), we will isolate and securely store your personal data until deletion becomes feasible.

Should you have any questions regarding our data retention practices, please contact us using the details provided below.

YOUR RIGHTS

As a data subject, you have the right to:

  • Request access to the personal data we hold about you;
  • Request correction of any inaccurate or incomplete data;
  • Request deletion of your data, subject to certain legal exceptions;
  • Request restriction of processing where applicable (e.g., if you dispute data accuracy);
  • Request data portability for information you provided to us, in a commonly used format.

You may also:

  • Object at any time to your personal data being used for direct marketing (or use the ‘unsubscribe’ link at the bottom of the email);
  • Object to processing based on legitimate interests in certain circumstances.

If we rely on your consent to process your personal data, you may withdraw that consent at any time. Please note:

  • Withdrawal of consent does not affect processing that is required or permitted by law (e.g., for legal compliance or defense of rights);
  • In some cases, we may no longer be able to provide certain services if consent is withdrawn. We will inform you if this applies.

DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have contacted us on the Website or for the Services, you have the right to request removal of unwanted data that you shared with us. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your correspondence and a statement that you reside in California. We will make sure the data is not publicly displayed, but please be aware that the data may not be completely or comprehensively removed from our systems.

COMPLAINTS

If you wish to complain about our use of personal data, we would appreciate the chance to deal with your concerns first. If you still wish to complain, please consult the Mauritius Data Protection Office  website at https://dataprotection.govmu.org/

If you are resident in the EEA (which includes the EU), the GDPR also gives you the right to lodge a complaint with your local data protection regulator.

HOW TO CONTACT US

Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you can contact us at  [email protected].
For any other questions in relation to this notice, you can contact us at:

Data Protection Officer

[email protected]

or our

EU Representative, if you are from EU:

Kinstellar SPARL
8 – 10 Nicolae Iorga, Sector 1,
010434 Bucharest, Romania

[email protected]

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Ready to Get Started?

Do More for Your Career with ALX

Explore the ALX Ecosystem