8. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA
We only retain your personal data for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your information we use for marketing purposes will be kept with us until you unsubscribe or notify us that you no longer wish to receive our marketing offers or emails and request to destroy your personal information.
By law, we have to keep basic information about you including your Contact Data, Financial Data, and Transaction Data for ten (10) years or such number of years according to the applicable laws, after our dealings with you for statutory, tax and other judicial purposes.
Please contact our Data Protection Officer for further details on retention periods for different aspects of your personal data.
In some circumstances, you can ask us to erase or destroy your personal data: see Request erasure below for further information.
We may also anonymise your personal data so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. WHO THE INTENDED RECIPIENTS OF YOUR PERSONAL DATA ARE
We do not share, sell or trade your personal data with other companies outside ENL Group for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.
In relation to the purposes for which we collect your personal data, we may have to share your personal data to:
- Our employees on a need-to-know basis;
- Third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your personal data, and to treat it in accordance with the law, (ii) not to use your personal data for their own purposes, and (ii) only to process your personal data for specified purposes and in accordance with our instructions;
- Our Associated Companies, for statutory or business purposes, to build up a centralised client database to better identify your needs regarding our different products and services offered across ENL Group and to share your CVs which could match positions advertised within ENL Group.
- Our business partners such as franchisors, principals, tenants.
- Our professional advisors that is our accountants, auditors, lawyers, insurers, and bankers;
- Any public or enforcement authority such as The Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius Ltd, Financial Services Commission in Mauritius or such similar authorities abroad to comply with our legal obligation, or in case of a court, administrative or governmental order.
10. HOW WE USE YOUR PERSONAL DATA FOR MARKETING PURPOSES
With your express consent, we may send you occasional notifications and/or communications regarding products and services, from our company or those of ENL Group only, or important product updates, special offers and promotions. When you subscribe to receive email communications, we may track, such as through cookies, the actions you have taken regarding the emails, such as whether you opened the mail, or clicked on a specific link or your location when you opened the mail based on IP address. We may then use your Contact Data, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide, which services and promotions may be of interest for you. We may also send you marketing material where you have requested a quote or information about our product and/services, entered into a contractual relationship, participated in a competition with us or subscribing on our website.
We may obtain our marketing data through our direct interactions with you, through our automated technologies or through our Associated Companies. Unless otherwise is expressly written by us when you are being asked to provide your consent, your express consent to receive marketing material or latest news from us will entitle you to receive such marketing material or latest news from those entities within the ENL Group.
11. WHAT ARE YOUR RIGHTS IN RESPECT OF MARKETING COMMUNICATIONS
You may object to our processing of your personal data for direct marketing purposes. You may do so by not ticking certain opt-in boxes on the forms we use to collect your personal data, or by utilising the unsubscribe link such as in e-mails we send to you, or by having your personal data removed from our database at any time by contacting us.
If you no longer wish to receive our latest news or marketing information, let us know by contacting us or click on the “Unsubscribe” link at the bottom of our email sent to you and you will be redirected to a confirmation page that confirms you have been unsubscribed. Upon confirmation, you will be removed from our contact list for direct marketing purposes. It may happen that you are still interested in receiving latest news or marketing information in respect of specific brands within ENL Group. If this is the case, you may also have the option to customise your choice to receive latest news and marketing information from specific (and not all) entities within the ENL Group, by contacting us through our Data Protection Officer or clicking here.
Note that we will retain minimum personal data (for example, personal data provided to us as a result of previous service experience) as a record that you unsubscribed and to avoid contacting you again.
12. HOW DO WE USE YOUR PERSONAL DATA FOR SECURITY AT AND ACCESS TO OUR PREMISES?
This part explains to you how we handle and process your personal data (including location data) when such data is captured through our CCTV surveillance system and/or through our security measures on our premises.
Security measures on our premises may include any one or more of the following:
- Each visitor filling in and signing our log book (including name, contact details, time-in and time-out);
- Issue and presentation of a visitor’s pass;
- Swipe card access;
- Biometric data ID validation (such as fingerprint and/or facial recognition);
- Pin-Code access.
Such processing shall be in accordance with Applicable Laws. Personal data captured through our security measures may where necessary be shared with other property owners and/or tenants of premises that are the subject of those security measures.
CCTV cameras and other security devices are located at strategic points on our premises, namely at the entrances, receptions, the gates and parking to the site within which our premises are found, in common areas and in certain production areas. Signs will inform employees and visitors that CCTV cameras are in operation and who to contact for further information. If you require any information, please contact us through our Data Protection Officer.
13. TRANSFER OF YOUR PERSONAL DATA
When sharing your personal data, whether this involves transferring your personal data outside Mauritius, we ensure this is done in accordance with the Applicable laws. Kindly note that when we transfer data abroad, some countries may not have the same degree of protection under their laws, however we impose contractual obligations on the recipients of the data to ensure a similar degree of security and protection is afforded to it. For further details, please contact us through our Data Protection Officer.
14. THE STEPS WE TAKE TO PROTECT YOUR PERSONAL DATA
We maintain organisational, physical and technical security measures (i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and (ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.
In particular, our preventive and protective measures may include (i) the pseudonymisation and encryption of personal data; and (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Unfortunately the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted over the internet. Any transmission is at your own risk.
We require all our service providers to have appropriate measures in place to treat your personal data securely.
Where we have provided you with or you have chosen a password enabling you to access a personalised area on our website, you are responsible for keeping this password confidential. We advise you not to share it with anyone.
We limit access to your personal data to our and our Associated Companies’ employees, agents, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also maintain procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
15. YOUR RIGHTS IN RESPECT OF THE PROCESSING OF YOUR PERSONAL DATA
Unless otherwise stated by the Applicable laws, you have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, free of charge unless the request is excessive, and to check that we are lawfully processing it.
Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may ask you for an identification number such as your passport number.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the Applicable Laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing or profiling for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms or other lawful grounds (not requiring your consent, for example statutory requirements) to process your information.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it and request restriction of its use instead; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Refuse to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or significantly affects you. We shall not process your personal data in such a way as to subject you to a decision that is based solely on automated processing unless the decision: (i) is necessary for us to enter into or perform a contract with you; (ii) is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent. Some psychometric assessments, namely in job recruitment processes, involve automated processing and profiling, but our screening and decision-making in respect of a job candidate will not be based solely on that psychometric assessment.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out by us before you withdraw your consent. If for example, you provide your consent to publish your photograph or image in an article on our website or publicly available mediums, and subsequently withdraw your consent, it is likely that we will have a compelling legitimate interest to continue processing your photograph or image that is already being used or published prior to you withdrawing your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Lodge a complaint at any time with the Data Protection Commissioner of Mauritius (the “Commissioner”) whose office is at Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Mauritius, by emailing any complaint to [email protected]. Where the GDPR is applicable, you have the right to lodge a complaint with the regulatory authority of the country of your residence, work place or where the data breach has occurred
16. USE OF THIRD PARTY LINKS TO WEBSITES AND PROGRAMMES
All websites designed and managed by Plastinax Austral Ltd, trading under the name of ‘Plastinax’ and ‘Helios Eyewear’ and/or ENL may feature links to other sites operated by third parties websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices or the content of such websites.
A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie alone is in no way linked to any personally identifiable information while on our website. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file instructions.
These are the types of cookies collected:
Category 1 – Strictly Necessary Cookies: These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website.
Category 2 – Performance Cookies: These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.
Category 3 – Functionality Cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
Category 4 – Targeting Cookies or Marketing Cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our advertising campaigns.
By using www.helioseyewear.mu, you agree that we can place these types of cookies on your device. These cookies can be removed by following internet browser help file instructions.
19. REVISION HISTORY
Authorised changes made to this document have been summarised in the revision history as shown:
- Revision ref
Description of changes
Clause 5 amended – new paragraph
- Revision ref
Description of changes
Clauses 1, 3, 5, 6, 7, 8, 9, 10 and 11 amended
New Clause 12 added.
Newly numbered Clauses 15, 17 and 18 amended.
Date published: July 2021
COPYRIGHT NOTICE AND DISCLAIMER
All contents featured on our website (including photos, design, codes, texts, logos and trademarks) are the sole property of Plastinax Austral Ltd, trading under the name of ‘Plastinax’ and ‘Helios Eyewear’ cannot be used on any type of support without the prior consent of Plastinax Austral Ltd. Should you have any query, please do not hesitate to contact us through our website.
PICTURES, VIDEOS AND PLANS ARE PROVIDED FOR INDICATIVE PURPOSES ONLY AND ARE NON-CONTRACTUAL.
Associated Company means any company related to, or associate of, ENL Limited and related shall be construed in accordance with the Companies Act 2001 while associate shall mean those companies disclosed as associates in the audited financial statements of ENL Limited.
Biometric data means any personal data relating to the physical, physiological or behavioural characteristics of an individual which allow his unique identification, including facial images or dactyloscopic data;
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;
Consent means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;
Controller means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision making power with respect to the processing;
Direct marketing means the communication of any advertising or marketing material which is directed to any particular individual;
ENL Group means ENL Limited and its Associated Companies;
Encryption means the process of transforming data into coded form;;
GDPR means the European Union General Data Protection Regulation, which came into force in 25 May 2018;
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest. We do not use your personal data for activities where the impact the processing has on you overrides our interests (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interest against any potential impact on you in respect of specific activities by contacting us;
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data);
Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor means a person who, or public body which processes personal data on behalf of the controller;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information and the additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
Third party means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data;
Traffic data means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.