PRIVACY NOTICE OF PROXIPASS LTD
ProxiPass Ltd (hereinafter “Company” or “we” or “us”) is concerned about privacy issues and wants you to know how we are collecting, using, processing, disclosing and protecting your information in accordance with applicable law and the Data Protection Act 2017.
The PassPass application is intended for adults only (i.e., persons 18 years old and older). The Company’s website, if any, is not intended for persons below the age of 16.
You agree to the collection and use of information in connection with this Privacy Notice (the “Notice”) if you are a data subject who chooses to use our services, purchase our product, is an employee, is in correspondence with us, or otherwise involved in the activities of the Company. Where the Company has a website, you will be requested to accept the terms of this Notice when visiting the website. However, where you do not consent to the collection and use of your information in certain circumstances, we may not be able to provide you certain products or services or react to a problem you raised.
You may not be asked for consent where the Company has a lawful basis for processing personal data, through performance of a contract, in compliance with legal requirements, for the protection of your vital interests as a data subject, for the performance of a task carried out in the public interest or the processing is necessary for other legitimate interests of us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
The Company has the right at any time to update or modify this Notice. The most recent Notice will be updated on this page.
PERSONAL DATA WE COLLECT
Personal data means any information relating to a data subject, as such term is defined under the Data Protection Act 2017. Personal data we collect includes, but is not restricted to:
Personal contact details (name, NIC or passport details, address, contact number and email address))
Gender and date of birth
Curriculum Vitae
Nationality
Training of our officers
Bank Details
Personal data such as race, ethnicity, sexual orientation, medical information or biometrics are sensitive data according to the requirements under the Data Protection Act 2017 and as such are subject to enhanced security measures as required by the applicable law.
USE OF PERSONAL DATA
To the extent permitted by law, we may use your information for purposes of operating our business and other legitimate purposes. We may use your personal information in the following ways:
Performance of a contract
Reporting to management
To deliver services to you
To reply to your requests
Data analysis
To personalize your experience (Your information helps us respond better to your individual needs)
Website- to know your preferences
Contacting you with information about our products and services
Sending you important notices
The purpose and retention conditions for which we collect the personal data will be stated in any consent form you are asked to accept or implied in any participation in a lawful basis for collection. Where we collect or use personal information other than as set out in this Notice, we will ensure that we do so in accordance with applicable law and the Data Protection Act 2017.
DISCLOSURE OF PERSONAL DATA
We may disclose to relevant authorities, our lawyers, auditors, insurers or to our third-party service providers your Personal Information:
With your consent; or
When it is required by law
To comply with law (judicial proceedings, court order, law enforcement, exercise our legal rights, defend against legal claim, request from public and governmental authorities)
When there is an investigation or in prevention, against illegal activities
When there is a suspected fraud
When there is a potential threat to a safety of any person
For the purposes set out in this Notice, to our affiliates
For due diligence procedures or tender award purposes
For promotional purposes
To our third-party service providers to provide service on our behalf, facilitate our service or perform related services
We ensure that any third-party processors we engage with are compliant with data protection regulations and have appropriate safeguards in place to protect your personal data. We conduct regular reviews and due diligence to ensure continued compliance with these regulations.
RETENTION OF PERSONAL DATA
The Company only retains your personal data for a reasonable period and until the purpose for which the data was collected is achieved, including for the purposes of satisfying any legal, accounting, or reporting requirements. It is our policy to destroy personal information once we are no longer required to retain it by law or business.
Therefore, your personal data will be kept for the following periods (or, where there is no fixed period, we shall apply market standards in assessing a retention period that complies with data protection regulations):
2 years after the latest positive contact with the individual for processing relating to marketing and data analytics; and
7 years for all other personal data.
THIRD-PARTY
The privacy practices and data protection policies of third parties are not covered by this Notice and cannot be controlled. Please read and refer to the third party’s privacy notice when you submit personal information to such a third party. In circumstances, we disclose your personal data to third parties for the purposes described in this Notice, they are bound by contractual obligation not to disclose or use the information for any other purpose.
If you choose to provide personal information of a third party (such as name, email and telephone number) to the Company, you represent and warrant that you have permission from the third party to do so (e.g. marketing material or job referrals). However, we do not accept any personal data of third party without the proof of consent.
YOUR RIGHTS
The Company is committed to comply with regulations with respect to your rights. It is your responsibility as a data subject to assure that your information we collect is kept up to date and is accurate. The Company takes all reasonable step to discard or update any inaccurate data without delay.
You have certain rights in respect to how we use your personal data. These are:
to access the personal information we have about you as far as practical; unreasonable request, or information that is difficult or time consuming to retrieve, may be subjected to charges;
to amend your your personal data if they are not accurate, therefore it is your responsibility to submit correct and updated data to the Company and our responsibility is to update the data provided by you;
to have your personal data erased if the personal data collected, for the purposes for which it was collected, are no longer necessary, unless we are required by law to retain it;
to withdraw your consent whenever the Company processes your personal data based on your consent, subject to applicable laws;
to object to the processing of your personal data.
If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Mauritian Data Protection Office. You can contact them to the following address:
Data Protection Office
Level 5, SICOM Tower,
Wall Street, Ebene Cyber City, Mauritius
Phone: +230 460 0251
Email: dpo@govmu.org
PROTECTING YOUR PERSONAL DATA
The security of your personal data is important for us. We use appropriate methods to protect your personal data. The Company is compliant with the basic privacy and security principles such as access control to different categories of personal data, clear screen policy, clean desk policy, and lockable document storage cabinets. Wherever practical, we ensure that data is encrypted during transit and storage and that access to this data is strictly limited to a minimum number of individuals and subject to confidentiality obligations.
We also train our employees on privacy and security protection to raise awareness on personal data protection and to ensure the security of your personal data. Our personnel having access to your personal data are bound by a non-disclosure agreement with the Company.
In certain circumstances, we may anonymize your personal data (so that it is no longer associated with you) for research or statistical purposes.
CHILDREN’S PERSONAL DATA
The Company is sensitive with regards to children’s personal data, which is considered sensitive data. children’s personal data is collected with prior consent from their parents or guardians, for purposes outlined in that consent, for example, to be published in our newsletter or on our website or otherwise displayed within the Company. The Company will be using or disclosing the data only as permitted by law, with the clear consent of the parents or guardians of the child or as required for the child’s protection. If we accidentally collect personal data of a child without verified prior permission from the parent or guardian, we will endeavor to delete the data at the earliest practicable opportunity.
TRANSFER OF INFORMATION OUTSIDE MAURITIUS
By accepting this privacy notice, you consent to your personal data being processed or accessed outside Mauritius where the Company’s affiliates, service providers, or business partners are situated. This includes your credit card(s) details, which are processed and accessed outside Mauritius by ACI Worldwide, the business partner of our service provider for credit card payment processing, Peach Payments. Whenever personal data is processed outside Mauritius, we take appropriate safeguards to ensure that the personal data is treated securely in accordance with our data protection policy and applicable laws. We use encryption where appropriate. The Company uses a wide range of legal procedures, such as standard contractual clauses with those parties to ensure data is processed in a secure manner.
CONTACT US
If you wish to exercise any of the above rights, if there are any questions regarding this Privacy Notice or if you have any complaints or concerns about privacy and want to contact the Company’s Data Protection Officer of the Company, do not hesitate to contact us at:
ProxiPass Ltd
BBI Group
Data Protection Officer | dpo@bbigroup.mu | 2nd Floor, the Cubicle, Phoenix