1.1 Welcome to SmartBiz Suite, a digital platform owned and operated by LTGS RWANDA PLC, a public limited company duly incorporated under the laws of the Republic of Rwanda with registration number 15*****46 and having its registered office at Nyagatare, Rwanda. These Terms and Conditions constitute a legally binding agreement between you (hereinafter referred to as "User", "you", or "your") and LTGS RWANDA PLC ("LTGS", "we", "us", or "our") governing your access to and use of the SmartBiz Suite System, mobile applications, APIs, and all associated services, content, and functionalities (collectively, the "Services"). By accessing or using any part of the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms, as well as any additional terms, policies, or guidelines incorporated by reference. If you do not agree to these Terms, you must immediately cease all use of the Services.
1.2 LTGS RWANDA PLC is a pioneering Rwandan technology company dedicated to bridging the gap between service providers and citizens through innovative digital solutions. Our mission is to enhance efficiency, accessibility, and accountability in service delivery across multiple sectors, including public institutions, financial services, education, healthcare, and private enterprises. The SmartBiz Suite platform is a flagship product that consolidates diverse services into a single online gateway, enabling individuals, businesses, and organizations to apply for, process, and complete transactions seamlessly, either directly online or through our extensive network of certified LTGS agents located throughout Rwanda.
1.3 These Terms are designed to ensure a transparent, fair, and secure environment for all users. They outline your rights and obligations when using the Services, as well as LTGS's commitments to you. Please read them carefully. We may update or modify these Terms from time to time to reflect changes in our Services, legal or regulatory requirements, or for other operational reasons. When we make material changes, we will notify you by posting the revised Terms on this page with an updated effective date, and we may also provide additional notice via email or through the Services. Your continued use of the Services after such modifications constitutes your acceptance of the revised Terms. If you do not agree to the changes, you must stop using the Services.
1.4 The Services are intended for use by individuals who are at least 18 years old or of legal age in their jurisdiction. By using the Services, you represent and warrant that you meet this age requirement. If you are using the Services on behalf of a legal entity, you further represent and warrant that you have the authority to bind that entity to these Terms. The Services are provided for lawful purposes only and may not be used in any manner that violates applicable laws or regulations, including but not limited to those of the Republic of Rwanda. You are solely responsible for ensuring that your use of the Services complies with all applicable laws, rules, and regulations.
1.5 LTGS RWANDA PLC reserves the right to modify, suspend, or discontinue any part of the Services at any time, with or without notice, and without liability to you or any third party. We may also impose limits on certain features or restrict access to parts or all of the Services without notice or liability. While we strive to provide reliable and uninterrupted service, we cannot guarantee that the Services will always be available, error-free, or secure. We may perform maintenance, upgrades, or other changes that could temporarily affect availability, and we will use reasonable efforts to minimize any disruption.
1.6 These Terms are structured into chapters and sections for ease of reference. Headings are for convenience only and do not affect interpretation. Any reference to "including" or "such as" shall be construed as illustrative and not limiting. Unless otherwise specified, all monetary amounts are in Rwandan Francs (RWF). These Terms, together with any policies or agreements expressly incorporated, constitute the entire agreement between you and LTGS regarding the Services and supersede any prior agreements or understandings, whether written or oral.
1.7 If any provision of these Terms is found to be invalid or unenforceable by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect. Our failure to enforce any right or provision of these Terms shall not be deemed a waiver of such right or provision. You may not assign or transfer these Terms, by operation of law or otherwise, without LTGS's prior written consent. LTGS may assign these Terms freely without restriction.
1.8 For any questions or concerns regarding these Terms, you may contact us using the information provided in Chapter 15 (Contact Information). We value your feedback and strive to address any issues promptly and fairly. By using the Services, you acknowledge that you have had the opportunity to seek independent legal advice before agreeing to these Terms.
2.1 "API" means the Application Programming Interface provided by LTGS that allows third-party applications to interact with the SmartBiz Suite platform and access certain functionalities, data, or services, subject to separate API terms and conditions.
2.2 "Applicant" refers to any individual or legal entity that submits an application, request, or inquiry through the Services, whether for service registration, API access, partnership, or any other purpose.
2.3 "Data Controller" means LTGS RWANDA PLC, which, alone or jointly with others, determines the purposes and means of processing personal data. As the Data Controller, LTGS is responsible for ensuring that all processing activities comply with applicable data protection laws, including Law No 058/2021 of 13/10/2021 relating to the protection of personal data and privacy.
2.4 "Data Processor" means any natural or legal person, public authority, agency, or other body that processes personal data on behalf of LTGS, acting under its instructions. Data Processors may include third-party service providers, cloud hosting platforms, or other partners who assist in delivering the Services.
2.5 "Data Subject" means the identified or identifiable natural person to whom personal data relates. A data subject can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
2.6 "Personal Data" means any information relating to a data subject. This includes, but is not limited to, name, national ID number, passport number, contact details (address, phone number, email), financial information (bank account details, payment records), biometric data, health information, educational background, employment history, and any other information that can be linked to an individual.
2.7 "Service" or "Services" means all products, features, functionalities, and content offered by LTGS through the SmartBiz Suite platform, including but not limited to online applications, payment processing, agent services, API integrations, reporting tools, and any related documentation or support.
2.8 "User" means any individual or entity that accesses or uses the Services, whether registered or not. Users include applicants, customers, agents, partners, developers, and any other person interacting with the platform.
2.9 "Agent" means a natural person or entity that has been duly registered, trained, and certified by LTGS to provide Services on behalf of LTGS to end-users, typically in a physical location, and who acts under the terms of a separate agency agreement.
2.10 "Partner" means an organization, institution, or business that has entered into a formal partnership agreement with LTGS to offer its services through the SmartBiz Suite platform, subject to a Memorandum of Understanding (MOU) and these Terms.
2.11 "Data Protection Officer (DPO)" means the person designated by LTGS to oversee compliance with data protection laws, handle data subject requests, and act as a point of contact with supervisory authorities, including the National Cyber Security Authority (NCSA).
2.12 "Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
2.13 "Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.14 "Third Party" means any natural or legal person, public authority, agency, or body other than the data subject, LTGS, or persons who, under the direct authority of LTGS, are authorized to process personal data.
2.15 "NCSA" means the National Cyber Security Authority of Rwanda, the regulatory body responsible for enforcing data protection and privacy laws.
2.16 "BNR" means the National Bank of Rwanda, the central bank regulating financial services and payment systems.
2.17 "RURA" means the Rwanda Utilities Regulatory Authority, which oversees telecommunications and other utilities.
2.18 "MOU" means Memorandum of Understanding, a formal agreement between LTGS and a partner outlining the terms of their collaboration.
2.19 "E‑Correspondence System" means the online portal at https://management.lfsg.co.rw/e-correspondence/ where users can submit formal requests, including refund applications, and communicate with LTGS.
2.20 "Force Majeure" means any event beyond the reasonable control of LTGS, including but not limited to acts of God, war, terrorism, civil unrest, natural disasters, government actions, or failures of public infrastructure (e.g., internet or power outages).
2.21 "Intellectual Property" means all patents, trademarks, service marks, trade names, copyrights, trade secrets, know-how, software, databases, and any other proprietary rights, whether registered or unregistered, owned or licensed by LTGS.
2.22 "Refund" means the process by which a user requests and, if approved, receives a return of funds paid for a service, subject to the conditions set out in Chapter 8.
LTGS collects a wide range of personal data necessary to establish and maintain a lawful relationship with you, and to provide you with the Services you request. This includes personal identification data such as your full legal name, date and place of birth, national identification number (NID), passport details, gender, marital status, and signature specimen. We also collect contact information including your permanent and temporary addresses, telephone numbers, email addresses, and any other communication channels you choose to provide. This data is essential for verifying your identity, reaching you for contractual purposes, service delivery updates, security alerts, and regulatory compliance notifications. All collection is done with your explicit consent as required under Articles 4 and 6 of Law No 058/2021, and such information is processed strictly for the purposes communicated to you at the time of collection.
3.2 In addition to identification and contact data, we collect financial information to facilitate payments, reimbursements, and other financial transactions. This may include your bank account number, account holder name, branch location, IBAN (if applicable), SWIFT/BIC codes, and mobile money account details. We also gather residence details, such as your physical address, GPS coordinates, proof of residence documentation, and property ownership or rental agreements. Where relevant, we process workplace information like employer name, office address, job title, and employment terms. In certain cases, we may collect parents' or guardians' details, particularly for dependents or minors whose data is being processed, including their names, identification numbers, and contact information. The collection of such family-related data is strictly limited to purposes defined by law and handled with heightened confidentiality safeguards.
3.3 We also collect sensitive personal data categories such as health status details, including medical history necessary for occupational health compliance, disability status (where voluntarily disclosed), and fitness-to-work certifications. For individuals engaged in professional or academic programs, we gather educational background details including school or institution names, academic qualifications, professional licenses, and training records. In cases involving corporate, cooperative, or self-employed individuals, we process business and legal status details, such as company registration numbers, tax identification numbers, business permits, shareholder information, and governance documents. Employment records, including work history, job performance evaluations, and contract copies, may also be collected to support operational, regulatory, and legal requirements. All categories of data are processed under the principles of lawfulness, fairness, transparency, data minimization, and purpose limitation, ensuring your information is only used in ways consistent with the reasons you provided it.
3.2.1 Personal data is primarily collected during the initial service registration phase, which may include completion of application forms (physical or electronic), identity verification procedures, and submission of mandatory documentation as required by applicable laws and regulations. This stage may occur when you sign up as an employee, partner, supplier, customer, shareholder, agent, member, subscriber, or trainee. During registration, we gather details necessary to authenticate your identity, establish the nature of our relationship, and assess your eligibility for the requested service or engagement. The process may involve face-to-face interactions, secure online portals, or authorized third-party agents acting on our behalf. Data collected at this point is essential for fulfilling Articles 4 and 6 of Law No 058/2021, which mandate lawful authorization and explicit consent before processing personal data. All collected records are logged as per Article 16 and securely stored in compliance with Article 17.
3.2.2 Personal data may also be collected when entering into formal contractual agreements with LTGS or when subscribing to our products and services. This includes agreements for employment, supply of goods or services, partnership collaborations, shareholder arrangements, and service-level commitments. In such scenarios, the collection of data ensures we can manage obligations, enforce rights, and provide agreed-upon deliverables. Subscription processes may require ongoing collection of usage data, payment records, and communication preferences to ensure uninterrupted service delivery. Partnership onboarding involves the verification of corporate, cooperative, or legal entity documentation, as well as the identification of authorized representatives. These data collection events may be recurring and are governed by our retention policies to ensure no unnecessary information is kept longer than required. Throughout, we comply with Article 47 to maintain the security and confidentiality of the information entrusted to us.
3.2.3 In addition to initial collection phases, LTGS collects personal data during training programs, both for internal capacity building and external beneficiary education initiatives. These sessions may require participant registration, attendance tracking, evaluation results, and feedback forms. Data is also gathered during day-to-day legitimate operations, such as processing payments, responding to inquiries, handling customer support requests, and fulfilling legal reporting obligations. Furthermore, personal information may be updated or verified periodically to ensure accuracy, especially in the context of compliance checks, audits, or regulatory inspections. Operational collection is guided by the principles of necessity, proportionality, and purpose limitation, ensuring that only relevant information is processed for the specific activity at hand. All such collection points are documented in our internal data logs, and any change in purpose will trigger renewed consent from the data subject, in line with the transparency and accountability obligations set forth in Law No 058/2021.
3.3.1 LTGS uses your personal data primarily to deliver the services, products, and programs you have subscribed to, applied for, or contracted with us. This includes verifying your eligibility, processing your application, managing your account or membership, and providing ongoing support. For employees, partners, suppliers, and agents, the data enables us to manage assignments, monitor performance, and facilitate contractual deliverables. For customers, shareholders, members, subscribers, and trainees, the information ensures that we can fulfill commitments such as processing orders, delivering communications, issuing payments, or providing benefits. All processing activities in this context are conducted strictly for the purposes for which consent was given, and under the principles of lawfulness, fairness, and transparency as mandated by Articles 4 and 6 of Law No 058/2021.
3.3.2 Your data will also be used to comply with legal and regulatory requirements, including tax reporting, employment law obligations, anti-money laundering checks, and mandatory disclosures to competent authorities. This may require us to process and share relevant information with government bodies, regulators, and legally authorized entities. Financial transactions such as salary payments, supplier settlements, refunds, shareholder dividends, and reimbursement claims require us to process your banking information, transaction records, and supporting documents. Additionally, we may process data to prevent fraud, enforce contractual rights, and manage operational risks. Such usage is always documented as per Article 16, retained as required by Article 17, and secured according to Article 47, ensuring both accountability and protection of your personal information.
3.3.3 LTGS will use your contact information to send service-related notifications, operational updates, partnership communications, event invitations, and training schedules. For partners, agents, and suppliers, data is used to coordinate joint activities, manage partnership terms, and maintain accurate contact networks. We may also use your information for internal analysis to improve service quality, enhance user experiences, and develop new offerings that align with your needs. In some cases, anonymized or aggregated data may be used for statistical reporting, without revealing individual identities. Any change in purpose will be communicated to you, and renewed consent will be obtained before your data is used in a way not previously agreed. This approach ensures that our data processing remains transparent, proportionate, and fully aligned with the legitimate purposes communicated at the time of collection.
3.4.1 At LTGS, we are committed to retaining personal data only for as long as it is necessary to fulfill the specific, lawful purpose for which it was collected. This approach aligns with the principle of storage limitation under Law No 058/2021, which requires that personal data not be kept longer than necessary, unless a longer retention period is mandated by legal, regulatory, or contractual obligations. The duration for which data is retained will vary depending on the category of information and the reason for its collection. For instance, employment records may be kept for several years after the end of the employment relationship due to labor law requirements, while financial records may need to be retained for a statutory tax period. During the retention period, we ensure that all records are maintained in secure systems and are accessible only to authorized personnel who have a legitimate purpose to process them.
3.4.2 Once personal data is no longer required for its original purpose or any other lawful, compatible purpose, we take steps to securely delete, destroy, or anonymize it. Secure deletion may include the permanent removal of data from all storage systems, including backups, in such a way that it cannot be recovered. Where data is anonymized, it is stripped of all identifiers so that it can no longer be linked to the data subject, enabling its continued use for statistical or research purposes without infringing on individual privacy rights. This process is carried out in strict accordance with Article 47, which mandates appropriate technical and organizational measures to protect personal data. In all cases, we maintain audit logs documenting when and how data was deleted or anonymized, ensuring transparency and accountability.
3.4.3 Certain circumstances may require us to retain personal data for longer than originally planned. These include pending legal proceedings, unresolved disputes, ongoing regulatory investigations, or explicit legal provisions requiring extended retention. For example, if a data subject has filed a complaint or initiated legal action against LTGS, relevant records may need to be preserved until the matter is resolved. Similarly, where consent-based processing is involved, the retention period may be extended if the data subject grants renewed consent. We will notify you if your data needs to be retained beyond the standard retention period and will explain the reasons for such an extension. Regardless of the retention period, our policies ensure that personal data is never stored indefinitely without justification, and that periodic reviews are conducted to identify and securely dispose of records that are no longer needed.
3.5.1 At LTGS, the security of your personal data is a top priority, and we implement comprehensive technical measures to safeguard it against unauthorized access, accidental loss, or malicious attacks. All data is stored on secure servers with encryption both in transit and at rest, ensuring that information is protected from interception or unauthorized viewing. Access to personal data is strictly limited to authorized personnel on a need-to-know basis, with role-based permissions and multi-factor authentication mechanisms to prevent unauthorized entry. Systems are regularly monitored for suspicious activity, and strong password policies are enforced to maintain integrity. Additionally, secure backup and disaster recovery procedures are in place to prevent data loss in the event of system failures, natural disasters, or cyber incidents, consistent with the obligations under Article 47 of Law No 058/2021.
3.5.2 Beyond technical safeguards, LTGS emphasizes organizational measures to ensure that staff understand and comply with data protection obligations. Employees, partners, and contractors who handle personal data receive regular training on privacy policies, legal requirements, and internal procedures for reporting data breaches. Clear policies and procedures define responsibilities, including the immediate reporting of security incidents to the Data Protection Officer (DPO). Staff are also trained in secure handling of physical documents, proper disposal of sensitive records, and protocols for remote work, ensuring that both electronic and hard copy data are protected. These measures are supplemented by periodic audits and compliance checks to verify adherence to security standards and identify areas for improvement.
3.5.3 LTGS continuously monitors its information systems for vulnerabilities, unauthorized access attempts, and potential threats. In the event of a suspected or actual data breach, predefined incident response procedures are activated, including containment, investigation, notification to the DPO, and, where applicable, reporting to the NCSA and affected data subjects. Security measures are regularly reviewed and updated to adapt to evolving threats, technological advancements, and changes in regulatory requirements. By combining technical, organizational, and procedural safeguards, LTGS ensures that personal data is processed in a secure manner, fully compliant with Articles 4, 16, 17, and 47 of Law No 058/2021, while maintaining accountability, transparency, and the trust of all data subjects.
3.6.1 As a data subject under Law No 058/2021, you have the right to request access to your personal data processed by LTGS. This means you can obtain information about the types of data collected, the purposes of processing, the categories of recipients, and the retention periods. You also have the right to rectify inaccurate or incomplete data to ensure that your personal information is always correct and up-to-date. In addition, you may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when processing is unlawful, or when you have withdrawn consent. All access, rectification, and deletion requests are handled promptly, transparently, and in compliance with Articles 4, 6, 16, and 17 of Law No 058/2021.
3.6.2 You have the right to request the restriction of processing of your data in certain circumstances, such as when accuracy is contested, when processing is unlawful but you oppose deletion, or when LTGS no longer needs the data for processing but you require it for legal claims. You may also object to processing based on legitimate interests or direct marketing purposes. Where applicable, LTGS will facilitate data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller without hindrance. These rights ensure that you maintain control over your information, exercising autonomy and consent in line with Article 6 of the law.
3.6.3 At any time, you may withdraw your consent for processing your personal data without affecting the lawfulness of processing carried out before withdrawal. Additionally, you have the right to lodge complaints with the NCSA if you believe your data rights are violated. LTGS ensures all requests, objections, and complaints are documented, investigated, and responded to in accordance with Articles 4, 6, 16, 17, and 47 of Law No 058/2021. Our aim is to safeguard your rights, ensure transparency, and foster trust in the management of personal data. Below is a summary of your key rights (non-exhaustive):
| # | Right | Description |
|---|---|---|
| 1 | Right to Access | Obtain a copy of your personal data. |
| 2 | Right to Rectification | Correct inaccurate or incomplete data. |
| 3 | Right to Deletion | Request deletion when no longer needed. |
| 4 | Right to Restrict Processing | Limit data usage in specific situations. |
| 5 | Right to Object | Oppose processing for marketing or legitimate interests. |
| 6 | Right to Data Portability | Receive data in a structured, machine-readable format. |
| 7 | Right to Withdraw Consent | Revoke consent at any time. |
| 8 | Right to Complain | Lodge a complaint with NCSA. |
| 9 | Right to Transparency | Be informed about processing activities. |
| 10 | Right to Know Recipients | Know who receives your data. |
3.7.1 At LTGS, the processing of personal data relating to children is handled with the highest level of care and in strict adherence to Law No 058/2021, which recognizes the heightened vulnerability of minors. We only process children's data when we have obtained explicit, verifiable consent from a parent or legal guardian. This consent must be informed, specific, and freely given, ensuring that the parent or guardian fully understands the purpose, scope, and implications of the processing activities. We verify consent through documented proof of guardianship, such as birth certificates, court orders, or other legally recognized identification. In no circumstance will LTGS collect, store, or use children's data for purposes that are not directly related to the delivery of services, programs, or legal obligations relevant to the child's best interests. All processing activities are documented in compliance with Article 16 and subject to the storage limitation requirements of Article 17.
3.7.2 Children's data we may process includes basic identification details (such as name, date of birth, and gender), contact information (parental or guardian contact details), educational records, health-related information necessary for training or program participation, and other relevant biodata. Given the sensitivity of this category, we implement additional safeguards, such as restricted access controls, encryption, and mandatory background checks for staff who handle children's information. We also ensure that any third-party processors involved in handling children's data are contractually obligated to follow the same or higher data protection standards. When processing involves children in digital environments such as online training platforms or e-learning portals we apply extra measures to protect against unauthorized access, cyber threats, and exploitation risks, fully in line with Article 47's security requirements.
3.7.3 Children's personal data is processed solely for purposes that serve the child's welfare, education, training, or legal protection, and never for commercial gain or marketing without appropriate consent. The retention period for children's data is limited to the duration necessary to fulfill the stated purpose or to comply with applicable laws, after which it is securely deleted or anonymized. Parents or guardians have the right to request access to, correction of, or deletion of their child's personal data at any time. Where children are of an age and capacity to understand their rights, we encourage them to be informed and involved in decisions about their data. In cases of a data breach affecting children's information, we will immediately inform both the legal guardians and the competent authority (NCSA) as required by law, and take all necessary steps to mitigate harm. This approach ensures that LTGS upholds not only the legal obligations but also the moral responsibility to protect the most vulnerable data subjects.
3.8.1 At LTGS, we respect your right to control the flow of your personal information. Accordingly, personal data will not be transferred to any third party, whether inside or outside Rwanda, without your explicit, informed, and freely given consent. This ensures compliance with Articles 4 and 6 of Law No 058/2021, which emphasize lawful authorization and the necessity of consent for processing activities involving third-party sharing. Before any transfer, we will clearly communicate the identity of the recipient, the purpose of the transfer, the categories of personal data involved, and any potential consequences of the data being shared. Only after obtaining your renewed consent will LTGS initiate the transfer, thereby maintaining transparency and accountability while protecting your rights as a data subject.
3.8.2 There are certain instances where LTGS may need to transfer personal data without prior consent, strictly in compliance with legal obligations or to perform contractual duties. Such scenarios include reporting to government authorities, regulatory submissions, tax compliance, legal investigations, or facilitating service delivery in partnership with authorized third parties. In all such cases, transfers are limited to what is strictly necessary, documented in internal data logs as required under Articles 16 and 17, and processed in accordance with Article 47 on data security. LTGS ensures that any mandatory transfer is carried out with appropriate safeguards to prevent unauthorized access, loss, or misuse of the personal data involved.
3.8.3 All third-party transfers are governed by contractual agreements that impose strict confidentiality, data protection obligations, and compliance with applicable laws. LTGS conducts regular audits and monitoring to ensure that recipients of personal data adhere to these obligations, maintaining accountability at every stage of the transfer process. Where personal data is transferred internationally, additional measures are implemented to ensure adequate protection under the standards established by Law No 058/2021. Any breach, misuse, or unauthorized transfer is immediately reported to the Data Protection Officer (DPO) and, where required, to the NCSA to mitigate risks and ensure compliance. This comprehensive approach ensures that LTGS maintains full control over personal data transfers while protecting the rights, privacy, and security of its data subjects.
3.9.1 The LTGS Data Protection Officer (DPO) is appointed to oversee and ensure full compliance with Law No 058/2021 relating to the protection of personal data and privacy. The DPO's responsibilities include monitoring all data processing activities within LTGS, ensuring that personal data is collected, stored, processed, and shared in accordance with legal and regulatory requirements, and managing any requests from data subjects regarding access, correction, deletion, or objection to the processing of their personal information. The DPO also acts as the primary point of contact between LTGS and the NCSA, providing timely reports, facilitating audits, and coordinating responses to inquiries or inspections. In addition, the DPO develops, implements, and continuously updates internal policies, procedures, and training programs to maintain awareness among staff about data protection obligations, security protocols, and ethical handling of personal information.
3.9.2 By maintaining accountability, transparency, and adherence to Article 47 of Law No 058/2021, the DPO ensures that the rights of data subjects are fully respected, while safeguarding the integrity, confidentiality, and availability of LTGS's data systems and personal data assets. You may contact the DPO directly at dpo@ltgs.rw for any data protection-related inquiries or to exercise your rights.
3.10.1 At LTGS, any suspected or confirmed data breach is treated as a critical incident, and immediate measures are taken to contain and mitigate the impact. Our internal monitoring systems and security protocols allow for early detection of unauthorized access, accidental disclosure, loss, or destruction of personal data. Once a breach is identified, the DPO is promptly notified and initiates a structured response plan that includes investigation, assessment of affected data, and determination of potential risks to the data subjects. This ensures compliance with Article 47 of Law No 058/2021, which requires prompt action to protect personal data and maintain the integrity of LTGS's processing systems.
3.10.2 In accordance with the law, the DPO reports all relevant breaches to the NCSA without undue delay, providing details such as the nature of the breach, categories of personal data affected, estimated number of data subjects involved, and actions taken to contain the incident. Where the breach is likely to result in a high risk to the rights and freedoms of individuals, affected data subjects are informed promptly with clear instructions on measures they can take to protect themselves. Notifications are designed to be transparent, actionable, and timely, ensuring that both regulatory and ethical obligations are met, while minimizing potential harm to the individuals whose data is involved.
3.10.3 Following a data breach, the DPO oversees the implementation of corrective measures, such as system updates, enhanced encryption, additional staff training, and revised operational protocols to prevent recurrence. Detailed documentation of the incident, including root cause analysis, risk assessment, and remedial actions, is maintained for accountability and audit purposes. LTGS continuously evaluates its data security policies and procedures, learning from incidents to strengthen protective measures and maintain compliance with Articles 4, 16, 17, and 47 of Law No 058/2021. By doing so, LTGS ensures that the rights of data subjects are preserved, data integrity is maintained, and public trust in our information management practices is upheld.
4.1 All personal data collected by LTGS is stored on secure servers located within the Republic of Rwanda, in compliance with national data sovereignty requirements. We utilize state-of-the-art data centers that employ multiple layers of physical and logical security controls, including 24/7 surveillance, biometric access controls, fire suppression systems, and redundant power supplies. Data is stored in encrypted form using industry-standard encryption algorithms (e.g., AES-256) both at rest and during transmission. This ensures that even in the unlikely event of unauthorized physical access, the data remains unintelligible. Regular security audits and penetration tests are conducted to identify and remediate vulnerabilities, and all security measures are continuously reviewed and updated to address emerging threats.
4.2 Access to stored data is strictly limited to authorized personnel who require it to perform their job functions. Role-based access controls (RBAC) ensure that employees can only view or modify data necessary for their specific tasks. Multi-factor authentication (MFA) is mandatory for all accounts with access to sensitive data. Detailed access logs are maintained and regularly audited to detect and investigate any unauthorized or suspicious activity. LTGS also enforces strict password policies, including regular password changes and prohibition of password sharing. Any access to personal data is logged with timestamp, user identity, and action performed, providing a complete audit trail as required by Article 16 of Law No 058/2021.
4.3 We maintain comprehensive backup and disaster recovery procedures to protect against data loss. Backups are performed regularly (at least daily) and stored in geographically separate, secure locations. Backup data is encrypted and subject to the same access controls as primary data. In the event of a system failure, natural disaster, or other incident, we have documented recovery plans to restore services and data with minimal downtime. These procedures are tested periodically to ensure their effectiveness. Our goal is to maintain business continuity and protect the integrity and availability of your personal data at all times.
4.4 Data storage practices are designed to comply with the principle of data minimization. We do not store data that is not necessary for the purposes for which it was collected. When data is no longer needed, it is securely deleted or anonymized as described in Chapter 3.4. Retention periods are defined for each data category and are regularly reviewed. Any data that exceeds its retention period is automatically flagged for secure deletion. We also ensure that data stored on behalf of partners or third parties is handled according to the same high standards and subject to contractual obligations.
4.5 LTGS also utilizes cloud storage services from reputable providers who meet rigorous security and compliance standards. Any such providers are carefully vetted and contractually bound to adhere to LTGS's data protection requirements, including restrictions on data access, transfer, and processing. We ensure that any cloud services used are located within Rwanda or in jurisdictions with adequate data protection laws, and that they provide equivalent levels of security. Regular audits of these providers are conducted to verify compliance.
4.6 In addition to electronic data, LTGS may store physical records containing personal data (e.g., paper application forms, contracts). Such physical records are kept in secure, locked cabinets within access-controlled offices. Access is limited to authorized personnel, and logs are maintained for any retrieval or filing. Physical records are digitized where possible and then securely shredded in accordance with our retention policy. Secure disposal of physical documents is carried out by certified shredding companies with strict confidentiality agreements.
4.7 LTGS is committed to transparency regarding data storage. Upon request, data subjects may obtain information about where their data is stored and the security measures in place. We also provide information about any third-party data processors involved in storage and their locations. This transparency helps build trust and ensures that data subjects are fully informed about the handling of their personal information.
4.8 We continuously monitor advancements in data storage technology and security best practices to ensure our infrastructure remains resilient and compliant. As part of our commitment to continuous improvement, we regularly update our storage policies and procedures to reflect new legal requirements, technological developments, and feedback from audits or data subjects. Any significant changes will be communicated through our website or other appropriate channels.
5.1 LTGS Agents are certified representatives who form the backbone of our service delivery network, bringing digital services closer to citizens across Rwanda. Agents are carefully selected, trained, and equipped to provide a wide range of services, including application assistance, payment processing, and customer support. LTGS is committed to providing comprehensive support to its agents to ensure they can perform their duties effectively and maintain the highest standards of service quality and compliance.
5.2 All agents undergo rigorous initial training covering system usage, service offerings, customer service skills, compliance with regulations (including AML/KYC), data protection, and security protocols. This training is delivered through a combination of in-person sessions, online modules, and practical assessments. Agents receive detailed handbooks and access to an online knowledge base for ongoing reference. Refresher training is provided regularly to keep agents updated on new services, policy changes, and best practices. LTGS also offers specialized training for advanced services or for agents taking on additional responsibilities.
5.3 Technical support is available to agents through multiple channels, including a dedicated agent support hotline (+250 786 384 528), email (supportagent@ltgs.rw), and a support portal. Support hours are Monday to Friday from 8:00 AM to 6:00 PM, with extended hours during peak periods. For critical issues, 24/7 emergency support is available. Support staff are trained to resolve issues promptly and efficiently, minimizing disruption to agent operations. Common issues include login problems, transaction errors, commission inquiries, and system navigation. Escalation procedures are in place for complex issues requiring deeper investigation.
5.4 LTGS provides agents with marketing and branding materials to help them promote services locally. This includes brochures, posters, banners, and digital assets. Agents also receive guidance on local marketing strategies and community engagement. Periodic promotional campaigns are organized, and agents are informed in advance to maximize participation. LTGS also facilitates communication between agents and the communities they serve through town hall meetings, radio programs, and other outreach initiatives.
5.5 Agents are compensated through commissions based on the transactions they facilitate. Commission rates are clearly defined in the agency agreement and are paid monthly, typically between the 1st and 5th of the following month. Payments are made directly to the agent's registered bank account or mobile money account. Detailed transaction reports are provided to agents to enable them to verify their earnings. Any discrepancies can be reported through the support channels and are investigated promptly. LTGS also offers performance-based incentives and bonuses to recognize and reward top-performing agents.
5.6 LTGS provides insurance coverage for agents under the Internal Risks Insurance Scheme (IRIS), which protects agents against operational risks such as theft, fraud, or errors that may occur during service delivery. The scheme covers losses up to specified limits and includes legal support if needed. Agents are required to adhere to all security protocols and report any incidents immediately to qualify for coverage. Details of the insurance coverage are provided in the agency agreement and are reviewed periodically to ensure adequate protection.
5.7 Regular performance monitoring and feedback are integral to agent support. LTGS conducts quarterly performance reviews to assess agent activity, compliance, and customer satisfaction. Agents receive personalized feedback and recommendations for improvement. High-performing agents may be recognized publicly or given opportunities to mentor new agents. Underperforming agents receive additional coaching and support to help them improve. In cases of persistent non-compliance or poor performance, LTGS may take corrective actions, including suspension or termination of the agency agreement, after due process.
5.8 LTGS fosters a sense of community among its agents through regular meetings, workshops, and an online forum where agents can share experiences, ask questions, and learn from one another. This peer support network is valuable for disseminating best practices and building morale. LTGS also conducts annual agent conferences to celebrate achievements, introduce new initiatives, and gather feedback. Agents are encouraged to contribute ideas for improving the program, and many such ideas have been implemented, demonstrating our commitment to continuous improvement.
6.1 LTGS welcomes partnerships with a wide range of organizations, including government institutions, private companies, schools, universities, religious organizations, NGOs, cooperatives, and associations. A partnership is formalized through a Memorandum of Understanding (MOU) that sets out the terms of collaboration. The MOU includes: the general objectives and purpose; roles, responsibilities, and obligations of both parties; the list of services to be provided through the SmartBiz platform; detailed descriptions of each service (cost, processing time, required attachments, responsible officers); revenue sharing and reporting mechanisms; conflict resolution procedures; and any other specific terms agreed upon.
6.2 To qualify as a partner, an organization must be officially registered in Rwanda, compliant with Rwanda Revenue Authority (RRA) tax obligations, maintain a clean legal and operational record, and demonstrate organizational capacity. Partners must provide all necessary information for service integration, including service descriptions, pricing, processing timelines, and required attachments. LTGS may conduct due diligence, including background checks and financial assessments, before approving a partnership. The approval process typically takes 5-10 business days.
6.3 Once the MOU is signed, LTGS works with the partner to integrate their services into the SmartBiz platform. This involves technical configuration, testing, and training of relevant staff. Partners are responsible for providing accurate and up-to-date information about their services, and for ensuring that their staff are trained to handle inquiries or issues that may arise. LTGS provides a dedicated partner liaison to facilitate integration and ongoing support.
6.4 Revenue sharing is defined in the MOU and may be based on a percentage of transaction fees, fixed fees per transaction, or other models. LTGS provides detailed financial reports to partners on a monthly basis, showing all transactions processed, fees collected, and revenue shares due. Payments are made within 15 days of the end of each month, directly to the partner's designated bank account. Partners may request additional reports or audits as needed, subject to reasonable notice.
6.5 Partners are required to comply with all applicable laws and regulations, including those related to data protection, consumer protection, and anti-money laundering. They must ensure that their services are delivered in accordance with the descriptions provided and that any changes are communicated to LTGS in advance. Partners are also responsible for handling customer complaints related to their services, although LTGS may assist in resolving disputes if necessary.
6.6 LTGS and partners agree to maintain the confidentiality of any proprietary information shared during the partnership. Both parties will implement appropriate security measures to protect such information. Any breach of confidentiality may result in termination of the partnership and legal action.
6.7 The MOU has a fixed term (usually one year) and may be renewed by mutual agreement. Either party may terminate the MOU with 30 days' written notice. LTGS may terminate immediately if the partner breaches any material term, fails to comply with laws, or if its services pose a risk to users or LTGS's reputation. Upon termination, all outstanding fees will be settled, and the partner's services will be removed from the platform.
6.8 LTGS values its partners and strives to build long-term, mutually beneficial relationships. We regularly seek feedback and hold partner meetings to discuss performance, address challenges, and explore new opportunities. Partners are considered an integral part of the SmartBiz ecosystem, and their success contributes to the overall success of the platform.
7.1.1 Developers seeking to integrate with LTGS APIs must be legally registered businesses or individuals with valid identification. They must submit a completed API application form, pay a non-refundable application fee of 5,000 RWF, and provide supporting documents including a valid business certificate (if applicable), tax clearance certificate, and an application letter addressed to the Deputy CEO of LTGS. Upon approval, developers must sign an API agreement that incorporates these Terms by reference. LTGS reserves the right to reject any application without providing reasons.
7.1.2 Approved applicants will receive an API key and access to the developer portal, which includes documentation, sandbox environment, and support resources. API keys are confidential and must not be shared with third parties. Developers are responsible for all activities conducted using their API keys and must immediately notify LTGS of any suspected compromise.
7.2.1 LTGS offers several APIs, including Imboni Merchant Pay, Imboni Pay, Banking Send Funds, Banking Receive Funds, Agents API, and Public Billing API. Each API has specific functionality and usage limits. Developers must use APIs only for their intended purpose and in compliance with the documentation. Misuse, including attempts to exceed rate limits, reverse engineer, or use APIs for unauthorized purposes, will result in suspension.
7.2.2 All transactions must comply with BNR's Digital Payments Regulations, AML/KYC guidelines, and other applicable laws. Transaction limits are subject to regulatory caps, and developers must implement necessary checks to ensure compliance. Real-time reporting of certain transactions may be required, and monthly transaction summaries must be submitted.
7.2.3 LTGS provides a sandbox environment for testing. Developers must complete sandbox testing and obtain approval before moving to production. The sandbox mimics the live environment but does not process real transactions. Test credentials expire after a certain period. Any misuse of the sandbox (e.g., attempting to access live data) is prohibited.
7.3.1 Developers must implement encryption for all API transactions using TLS 1.2 or higher. API access must be restricted to authorized IP addresses. Multi-factor authentication is recommended for any administrative access. Developers must securely store API keys and never embed them in client-side code.
7.3.2 Any data breach involving API credentials or user data must be reported to LTGS within 24 hours. Developers must cooperate fully in investigations and remediation. Failure to report breaches may result in termination and legal action.
7.3.3 Developers must comply with all applicable data protection laws, including Law No 058/2021. Personal data accessed through APIs must not be shared without consent. Data retention must follow regulatory guidelines. LTGS may audit developers' data handling practices periodically.
7.4.1 API usage fees are outlined in the pricing schedule provided upon approval. Fees may be per transaction, monthly subscription, or a combination. Developers will receive monthly invoices and must settle them within 14 days. Late payments incur penalties of 2% per month on the outstanding amount. LTGS reserves the right to suspend access for non-payment.
7.4.2 Fees are subject to change with 30 days' notice. Developers may terminate API access before changes take effect if they do not agree.
7.5.1 LTGS may terminate API access immediately for breach of terms, including security violations, non-payment, or illegal activities. Developers may terminate with 30 days' written notice. Termination does not relieve the developer of outstanding fees. Upon termination, API keys will be revoked, and access to the developer portal will be disabled.
7.5.2 Developers may appeal termination within 14 days by submitting a written explanation. LTGS will review and respond within 7 days. Reinstatement may require additional compliance measures.
7.6.1 LTGS is not liable for any indirect, incidental, or consequential damages arising from API use. Developers assume full responsibility for any claims resulting from their misuse of APIs. Developers indemnify LTGS against third-party claims arising from their integration, including legal fees.
7.6.2 LTGS's total liability is limited to the fees paid by the developer in the 12 months preceding the claim.
8.1.1 A refund may be requested when a service has been confirmed as eligible by the service provider. Refunds are only processed for amounts paid for services that were not fully delivered, were erroneously charged, or where the service provider explicitly authorizes a refund. Refunds are not available for services that have been fully rendered as described, or for amounts under 1,000 RWF due to administrative costs. Eligibility is determined on a case-by-case basis by LTGS Finance in consultation with the service provider.
8.2.1 All refund requests must be submitted through the LTGS E‑Correspondence System at https://management.lfsg.co.rw/e-correspondence/. The request must include: a written letter describing the reason for refund, the original transaction details (date, amount, service, reference number), and where the money should be sent (bank account or mobile money details). Attach a copy of the payment receipt or transaction confirmation, and any supporting documents (e.g., confirmation from service provider, correspondence). Incomplete requests will be rejected.
8.3.1 A processing fee of 4.2% of the original refund amount will be deducted from the refunded sum. This fee covers administrative costs, payment gateway charges, and handling expenses. The fee is non-refundable even if the refund request is denied (though in such cases no amount is deducted).
8.4.1 Refund requests are reviewed by LTGS Finance within 10 business days. If approved, the refund is disbursed within 5 business days thereafter. The actual time for funds to reach your account depends on your bank or mobile money provider. If additional information is needed, LTGS will contact you via the E‑Correspondence system.
8.5.1 Fees for services already rendered, API subscription fees, commissions paid to agents, and amounts under 1,000 RWF are non-refundable. Additionally, refunds will not be granted for change of mind, incorrect selection of service, or failure to read service descriptions. LTGS reserves the right to refuse any refund request that appears fraudulent or abusive.
8.5.2 In the event of a disputed transaction, users should first contact the service provider. If the provider confirms eligibility for refund, the user may then submit a refund request as described. LTGS will not mediate disputes between users and service providers but will rely on provider confirmation.
9.1 All APIs, software, code, documentation, designs, trademarks, service marks, trade names, logos, and content provided by LTGS through the Services are the exclusive property of LTGS RWANDA PLC or its licensors. They are protected by Rwandan and international intellectual property laws. Users are granted a non-exclusive, non-transferable, revocable license to use the Services for their intended purpose, strictly in accordance with these Terms. No other rights are implied.
9.2 Users may not reproduce, modify, distribute, display, perform, or create derivative works from any LTGS intellectual property without prior written consent. Reverse engineering, decompiling, or disassembling any software or APIs is prohibited. Any unauthorized use may result in legal action and termination of access.
9.3 Any feedback, suggestions, or ideas provided by users regarding the Services may be used by LTGS without obligation or compensation. By submitting feedback, you grant LTGS a perpetual, irrevocable, worldwide, royalty-free license to use and incorporate it.
9.4 LTGS respects the intellectual property of others. If you believe that your work has been copied in a way that constitutes infringement, please contact our DPO with details, and we will investigate promptly.
10.1 To the maximum extent permitted by law, LTGS, its affiliates, officers, employees, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenues, data, use, goodwill, or other intangible losses, resulting from (i) your use or inability to use the Services; (ii) any unauthorized access to or use of our servers and/or any personal data stored therein; (iii) any interruption or cessation of transmission to or from the Services; (iv) any bugs, viruses, or the like that may be transmitted to or through our Services by any third party; (v) any errors or omissions in any content or for any loss or damage incurred as a result of your use of any content posted, emailed, transmitted, or otherwise made available through the Services; and/or (vi) the defamatory, offensive, or illegal conduct of any third party.
10.2 In no event shall LTGS's total liability to you for all claims arising out of or relating to these Terms or your use of the Services exceed the amount you paid to LTGS during the twelve months preceding the claim, or 100,000 RWF, whichever is greater. This limitation applies regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise) and even if LTGS has been advised of the possibility of such damages.
10.3 Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the above limitations may not apply to you. In such jurisdictions, LTGS's liability is limited to the greatest extent permitted by law.
11.1 You agree to indemnify, defend, and hold harmless LTGS RWANDA PLC, its affiliates, and their respective officers, directors, employees, agents, and licensors from and against any and all claims, liabilities, damages, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to (i) your breach of these Terms; (ii) your violation of any law or the rights of any third party; (iii) your use of the Services; (iv) any content you submit or transmit through the Services; or (v) any activity related to your account, including negligent or wrongful conduct.
11.2 LTGS reserves the right, at your expense, to assume the exclusive defense and control of any matter subject to indemnification by you, and you agree to cooperate with our defense of such claims. You will not settle any claim without LTGS's prior written consent.
11.3 This indemnification obligation survives termination of these Terms and your use of the Services.
12.1 Any dispute, controversy, or claim arising out of or in connection with these Terms, or the breach, termination, or invalidity thereof, shall first be addressed through LTGS's support team. The parties agree to use good faith efforts to resolve any dispute informally for at least 30 days before initiating formal proceedings.
12.2 If the dispute cannot be resolved informally, it shall be referred to and finally resolved by arbitration in accordance with the Arbitration Rules of the Kigali International Arbitration Centre (KIAC). The number of arbitrators shall be one, appointed by mutual agreement, or failing agreement, by KIAC. The seat of arbitration shall be Kigali, Rwanda. The language of arbitration shall be English. The award of the arbitrator shall be final and binding on the parties, and judgment thereon may be entered in any court having jurisdiction.
12.3 Notwithstanding the foregoing, LTGS may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property or confidential information, or to prevent fraud or other harm. Such action does not waive the obligation to arbitrate other disputes.
12.4 Any arbitration shall be conducted on an individual basis, and not as a class, consolidated, or representative action. The parties waive any right to participate in any class action lawsuit or class-wide arbitration.
13.1 These Terms and any dispute arising out of or in connection with them (including non-contractual disputes) shall be governed by and construed in accordance with the laws of the Republic of Rwanda, without regard to its conflict of laws principles. The parties irrevocably submit to the exclusive jurisdiction of the courts of Rwanda for any matters not subject to arbitration, and for enforcement of arbitration awards.
14.1 LTGS reserves the right to modify these Terms at any time. We will notify users of material changes by posting the revised Terms on this page with an updated effective date, and may provide additional notice via email or through the Services. Changes become effective 30 days after posting, except for changes required by law which may be effective immediately. Your continued use of the Services after the effective date constitutes acceptance of the modified Terms. If you do not agree, you must stop using the Services.