We respect the privacy of everyone to whom we provide our services. As a result, we would like to inform you regarding the way we would use your personal data. We recommend you to read this Privacy Notice so that you understand our approach towards the use of your personal data. By submitting your personal data to us, you will be treated as having given your permission – where necessary and appropriate – for disclosures referred to in this policy. By using this web site, you acknowledge that you have reviewed the terms of this Privacy Notice.
This Privacy Notice explains how we obtain, use and disclose your personal data, as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”) and the Data Protection Act 2017 (hereafter the “DPA”). Eclosia Corporate Services Ltd, (hereafter “ECS”) is committed to protecting your privacy impact and to ensure that your personal data is collected and used properly, lawfully and openly.
2. WHO WE ARE
We regroup the support services proposed to the other companies of the group. Some of these services include finance, risk management, human resources, communication, health & safety, quality management, compliance, security, legal, internal audit, cybersecurity and operation management. We are also responsible for the Group’s corporate social responsibility program, sustainable development, and the ACS – the Arts, Culture, and Sports program for all of the group’s employees.
We, as data controller, are responsible for deciding how we hold and use personal data about you. We are required under the GDPR and the DPA to notify you of the information contained in this Privacy Notice.
3. THE DATA WE COLLECT
3.1 COLLECTION OF PERSONAL DATA
We collect and process your personal data when you provide us with your personal details, for example, when you submit your CV and enquiries to us or contact us. Where possible, we will inform you what data you are required to provide to us and what data is optional.
The types of personal data that are collected and processed may include:
We may also disclose your data: Details:
Contact details First name, surname, username, email address, phone, number
Individual details Sex (male/female), nationality, birth, age, language, qualifications, employment history, photos
3.2 COLLECTION OF NON-PERSONAL DATA
We may automatically collect non-personal data about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to the site. You cannot be identified from this data and it is only used to assist us in providing an effective service on this web site. We may from time to time supply third parties with this non-personal or aggregated data for uses in connection with this website, for example to Google Analytics and Facebook Pixel.
4. COOKIES POLICY
4.1 WHAT IS A COOKIE?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
- Google Analytics cookies
- Umbraco CMS cookies
4.3 HOW ARE THIRD PARTY COOKIES USED?
4.4 HOW DO I REJECT AND DELETE COOKIES?
5. HOW WE USE YOUR DATA
We will use your personal data only for the purposes for which it was collected or agreed with you, for instance:
- To collect data about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your personal data so as to ensure that the site presents the best web experience for you;
- To help speed up your future activities and experience on the site. For example, a site can recognise that you have provided your personal data and will not request the same data a second time;
- To evaluate the use of the site;
- For audit and record keeping purposes;
- For recruitment purposes;
- For monitoring and auditing site usage;
- In connection with legal proceedings;
- To carry out our obligations arising from any contracts entered into between you and us.
- To respond to your queries or comments.
- To comply with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law.
6. DISCLOSURE OF PERSONAL DATA
We may disclose your personal data to our business partners who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with these privacy terms.
We may share your personal data with, and obtain data about you from:
- Third parties for the purposes listed above (including lawyers, bankers and auditors who provide consultancy, banking, legal and accounting services);
- Other companies in Eclosia Group for the purposes listed above when we believe it will enhance the services and products they can offer to you, but only where you have not objected to such sharing.
We may also disclose your data:
- Where we have a duty or a right to disclose in terms of law or industry codes;
- Where we believe it is necessary to protect our rights.
7. INTERNATIONAL TRANSFERS
The third parties to whom we may disclose your personal data may be located outside of Mauritius. Those transfers would always be made in compliance with the GDPR / DPA.
If you would like further details of how your personal data would be protected if transferred outside of Mauritius, please contact our Data Protection Committee (hereafter the “DPC”) by referring to section 12.
8. PERSONAL DATA SECURITY
We are legally obliged to provide adequate protection for the personal data we hold and to stop unauthorised access and use of personal data. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal data is secure.
Our security policies and procedures cover:
- Acceptable usage of personal data;
- Access to personal data;
- Computer and network security;
- Governance and regulatory issues;
- Investigating and reacting to security incidents.
- Monitoring access and usage of personal data;
- Physical security;
- Retention and disposal of data;
- Secure communication;
When we contract with third parties, we impose confidentiality obligations on them to ensure that personal data that we remain responsible for is kept secure.
We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.
9. YOUR DATA PROTECTION RIGHTS
Under the GDPR/DPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
9.1 YOUR RIGHT TO ERASURE OF YOUR PERSONAL DATA
You have the right to ask us to delete your personal data in certain circumstances:
- When we no longer need your personal data;
- If you initially consented to the use of your personal data, but have now withdrawn your consent;
- If you have objected to us using your personal data, and your interests outweigh ours;
- If we have collected or used your personal data unlawfully; and
- If we have a legal obligation to erase your data.
Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. In order to protect data from accidental or malicious destruction, when we delete data from our services we may not immediately delete residual copies from our servers or remove data from our backup systems.
9.2 YOUR RIGHT OF ACCESS TO YOUR PERSONAL DATA
You have the right to request a copy of the personal data we hold about you. To do this, simply contact our DPC (refer to section 12) and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
9.3 YOUR RIGHT TO RECTIFICATION OF YOUR PERSONAL DATA
You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.
9.4 YOUR RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to limit how we use your data. If necessary, you may also stop us from deleting your data. To exercise your right to restriction, simply contact our DPC (refer to section 12), say what data you want restricted and state your reasons. You may request us to restrict processing of your personal data in the following circumstances:
- If you have contested the accuracy of your personal data, for a period to enable us verify the accuracy of the data;
- If you have made an objection to the use of your personal data;
- If we have processed your personal data unlawfully and you do want it deleted;
- If we no longer need your personal data but you want us to keep it in order to create, exercise or defend legal claims.
9.5 YOUR RIGHT TO OBJECT TO PROCESSING
You also have the right to object to us processing your personal data where your data is being used:
- For a task carried out in the public interest;
- For our legitimate interests;
- For scientific or historical research, or statistical purposes; or
- For direct marketing.
You should contact our DPC (refer to section 12) to inform that you are objecting to any more processing of your personal data and state in your objection why you believe we should stop using your data in this way. Unless we believe we have strong legitimate reasons to continue using your data in spite of your objections, we will stop processing your data as per the objection raised.
9.6 YOUR RIGHT TO DATA PORTABILITY
The right to data portability allows you to ask for transfer of your personal data from one organisation to another, or to you. The right only applies if we are processing information based on your consent or performance of a contract with you, and the processing is automated. You can exercise this right with respect to information you have given us by contacting our DPC (refer to section 12). We will ensure that your data is provided in a way that is accessible and machine-readable.
10. DEFINITION OF PERSONAL DATA
Personal data is any data from which you can be identified and which relates to you.
11. CHANGES TO THIS NOTICE
This Privacy Notice may be updated from time to time: this version is dated 15th January 2020.
12. HOW TO CONTACT US
We have appointed a DPC to oversee compliance with and questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the email address firstname.lastname@example.org
You have the right to complain to the supervisory authority if you believe we have not handled your request in an appropriate manner.