Privacy Policy

1. Introduction

Leso2 Institute of Data & Technology ("Leso2", "we", "our", or "us") is a technology education, consultancy, and corporate training institution. We are committed to protecting personal information in accordance with the Lesotho Data Protection Act, 2011, and other applicable laws of the Kingdom of Lesotho.

This Privacy Policy explains how we lawfully collect, use, store, disclose, and protect personal information relating to students, corporate clients, consultancy clients, partners, website visitors, and other stakeholders who interact with Leso2 through our website, training programs, consultancy services, corporate engagements, or communications.

By using our website or services, you consent to the processing of your personal data as described in this Privacy Policy.

2. Definitions

• Personal Data: Any information relating to an identifiable individual.
• Data Subject: The individual to whom the personal data relates.
• Processing: Any operation performed on personal data, including collection, storage, use, or deletion.

3. Information We Collect

a) Personal Information

We may collect personal data relating to:

• Students and applicants
• Corporate trainees and sponsored participants
• Consultancy and advisory clients
• Business partners and vendors
• Website visitors and inquiry contacts

Such information may include:

• Full name
• Email address
• Phone number
• National ID or passport number (where required)
• Job title and employer (for corporate or consultancy engagements)
• Company name and business contact details
• Educational or professional background
• Payment, billing, and transaction details

b) Technical Information

• IP address
• Browser type
• Device information
• Website usage data

4. Lawful Basis for Processing

In accordance with the Lesotho Data Protection Act, we process personal data only where:

• The data subject has given explicit consent;
• Processing is necessary for performance of a contract (student enrollment);
• Processing is required to meet legal or regulatory obligations; or
• Processing is necessary for legitimate institutional purposes, provided such interests do not override the rights of the data subject.

5. Purpose of Data Processing

Personal information is processed strictly for legitimate institutional purposes, including:

• Student admissions, registration, and academic administration
• Delivery of training programs and educational services
• Provision of consultancy, advisory, and professional services
• Delivery of corporate and customized training programs
• Client communication, project coordination, and reporting
• Fee processing, invoicing, and financial administration
• Issuance of certificates, reports, or deliverables
• Compliance with legal and regulatory obligations

Personal data will not be processed for purposes incompatible with those listed above.

6. Data Accuracy

Leso2 takes reasonable steps to ensure that personal data is accurate, complete, and up to date. Data subjects are encouraged to notify us of any changes to their personal information.

7. Data Sharing and Disclosure

Leso2 does not sell or trade personal data.

Personal data may be disclosed only:

• To authorized Leso2 staff and instructors where necessary
• To licensed payment service providers
• Where disclosure is required by law, court order, or regulatory authority

Any third party receiving personal data is required to maintain appropriate confidentiality and security safeguards.

8. Cross-Border Data Transfers

Where personal data is processed or stored outside the Kingdom of Lesotho, Leso2 ensures that such transfers comply with applicable data protection requirements and that adequate safeguards are in place to protect the data.

9. Data Security Measures

Leso2 implements reasonable technical and organizational measures to safeguard personal data against:

• Unauthorized access
• Accidental loss
• Unlawful disclosure or alteration

Access to personal data is restricted to authorized personnel only.

10. Data Retention

Personal data is retained only for as long as necessary to fulfill academic, administrative, and legal purposes. Upon completion of the retention period, data is securely destroyed or anonymized.

11. Rights of Data Subjects

Under the Lesotho Data Protection Act, data subjects have the right to:

• Access their personal data
• Request correction of inaccurate or incomplete data
• Object to unlawful or excessive processing
• Request deletion where data is no longer lawfully required
• Withdraw consent, subject to legal and contractual limitations

Requests may be submitted using the contact details below.

12. Cookies and Website Use

Our website may use cookies to enhance functionality and analyze traffic. Users may disable cookies through browser settings; however, this may affect website performance.

13. Children and Minors

Leso2 does not knowingly collect personal data from individuals under the age of 18 without the consent of a parent or legal guardian, in compliance with applicable laws.

14. Policy Updates

Leso2 reserves the right to amend this Privacy Policy to reflect legal or operational changes. Updates will be posted on our website with a revised effective date.

15. Contact Details

For questions, concerns, or data access requests, contact: