8. FOR HOW LONG DO WE STORE YOUR PERSONAL DATA
We only retain your personal data for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your information we use for marketing purposes will be kept with us until you unsubscribe or notify us that you no longer wish to receive our marketing offers or emails and request to destroy your personal information.
By law, we have to keep basic information about you including your Contact Data, Financial Data, and Transaction Data for ten (10) years or such number of years according the applicable laws, after you cease being our data subjects for statutory, tax and other judicial purposes.
Please contact us for further details on retention periods for different aspects of your personal data.
In some circumstances, you can ask us to erase or destroy your personal data: see Request erasure below for further information.
We may also anonymise your personal data (pseudonymisation) so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. WHO THE INTENDED RECIPIENTS OF YOUR PERSONAL DATA ARE
We do not share, sell or trade your personal data with other companies outside ENL Group for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.
In relation to the purposes for which we collect your personal data, we may have to share your personal data to:
- Our employees on a need-to-know basis;
- Third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your personal data, and to treat it in accordance with the law, (ii) not to use your personal data for their own purposes, and (ii) only to process your personal data for specified purposes and in accordance with our instructions;
- Our Associated Companies, for business purposes, to build up a centralised client database to better identify your needs regarding our different products and services offered across ENL Group and to share your CVs which could match positions advertised within ENL Group.
We may be required to share your personal data to external third parties, namely
- Our professional advisors that is our accountants, auditors, lawyers, insurers, and bankers;
- Any public or enforcement authority such as The Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius Ltd, Financial Services Commission in Mauritius or such similar authorities abroad to comply with our legal obligation, or in case of a court, administrative or governmental order.
10. HOW WE USE YOUR PERSONAL DATA FOR MARKETING PURPOSES
With your express consent, we may send you occasional notifications of new products and services from our company or those of ENL Group only, or important product updates, special offers and promotions. When you subscribe to receive email communications, we may track the actions you have taken regarding the emails, such as whether you opened the mail, or clicked on a specific link or your location when you opened the mail based on IP address. We may then use your Contact Data, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide, which services and promotions may be of interest for you. We may also send you marketing material where you have requested a quote or information about our product and/services, entered into a contractual relationship, participated in a competition with us or subscribing on our website.
We may obtain our marketing data through our direct interactions with you, through our automated technologies or through our Associated Companies.
11. WHAT ARE YOUR RIGHTS IN RESPECT OF MARKETING COMMUNICATIONS
You may object to our processing of your personal data for direct marketing purposes. You may do so by not ticking certain opt-in boxes on the forms we use to collect your personal data, or by utilising the unsubscribe link in e-mails we send to you, or by having your personal data removed from our database at any time by contacting us.
If you no longer wish to receive our e-mails, click on the “Unsubscribe” link at the bottom of every email sent to you and you will be redirected to a confirmation page that confirms you have been unsubscribed. Upon confirmation, no future communications will be sent to this email address.
Note that we will retain minimum personal data (for example, personal data provided to us as a result of previous service experience) as a record that you unsubscribed and to avoid contacting you again.
12. TRANSFER OF YOUR PERSONAL DATA
When sharing your personal data, whether this involves transferring your personal data outside Mauritius, we ensure this is done in accordance with the Applicable laws. Kindly note that when we transfer data abroad, some countries may not have the same degree of protection under their laws, however we impose contractual obligations on the recipients of the data to ensure a similar degree of security and protection is afforded to it. For further details, please contact us through our Data Protection Officer.
13. THE STEPS WE TAKE TO PROTECT YOUR PERSONAL DATA
We maintain organisational, physical and technical security measures (i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and (ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.
In particular, our preventive and protective measures include (i) the pseudonymisation and encryption of personal data; and (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Unfortunately the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted over the internet. Any transmission is at your own risk.
We require all our service providers to have appropriate measures in place to treat your personal data securely.
Where we have provided you with or you have chosen a password enabling you to access a personalised area on our website, you are responsible for keeping this password confidential. We advise you not to share it with anyone.
We limit access to your personal data to our and our Associated Companies’ employees, agents, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also maintain procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
14. YOUR RIGHTS IN RESPECT OF THE PROCESSING OF YOUR PERSONAL DATA
Unless otherwise stated by the Applicable laws, you have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, free of charge unless the request is excessive, and to check that we are lawfully processing it.
Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may ask you for an identification number such as your passport number.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the Applicable Laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it and request restriction of its use instead; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Refuse to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. We shall not process your personal data in such a way as to subject you to automated processing unless the decision: (i) is necessary for us to enter into or perform a contract with you; (ii) is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out by us before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Lodge a complaint at any time with the Data Protection Commissioner of Mauritius (the “Commissioner”) whose office is at Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Mauritius, by emailing any complaint to [email protected]. Where the GDPR is applicable, you have the right to lodge a complaint with the regulatory authority of the country of your residence, work place or where the data breach has occurred.
15. USE OF THIRD PARTY LINKS TO WEBSITES AND PROGRAMMES
All websites designed and managed by [Name of Company] and/or ENL may feature links to other sites operated by third parties websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices or the content of such websites.
A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our website. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file instructions.
These are the types of cookies collected:
Category 1 – Strictly Necessary Cookies: These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website.
Category 2 – Performance Cookies: These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.
Category 3 – Functionality Cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
Category 4 – Targeting Cookies or Marketing Cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our advertising campaigns.
By using www.enl.mu, you agree that we can place these types of cookies on your device. These cookies can be removed by following internet browser help file instructions.
Date published: April 2020
Third party means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data;
Traffic data means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service