Privacy Policy
Information on Data Protection & GDPR Regulation 2016/679
Mauritius has adopted the Data Protection Act 2017 on 15th January 2018 to strengthen the control and personal autonomy of data subjects over their personal data. It also seeks to bring Mauritius data protection framework in line with the international standards, namely the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
GDPR was introduced to strengthen and unify data protection for all individuals within the European Union (EU) and addresses the export of personal data outside the EU. It provides for the harmonisation of the data protection regulations throughout the EU, thus making it easier for non-European companies to comply with these regulations.
The word ‘Act’ will be used throughout this article to collectively mean the Data Protection Act 2017 and the GDPR.
Our commitment to Data Protection
As a reliable service provider, AcuFin Corporate Limited (“AcuFin”) ensures the privacy of its clients by ensuring that all of their personal information are treated with care. Incidentally, while gathering, handling and dealing with all such information, including email addresses and contact numbers, we guarantee that such information is kept securely at our end and in conformity with the Act.
This devotion is led by our compliance team that supervises, among others, the use of personal data in our services, working closely with our IT department.
All of our employees are contractually bound to operate with an utmost degree of confidentiality. Incidentally, any information obtained during the course of an assignment entrusted to any employee of the company is always confidential and is not to be divulged to anyone outside the company except in the course of its business operations or with the express consent of the client.
For the purposes of the Act, AcuFin is classified as a “controller”.
Meaning of personal data
Personal data refers to all information that has been provided by the client relating to his personal needs.
Categories of personal data
The categories of personal data we collect comprise of information relating to contact information (such as name, address and telephone), identity information (such as passport number, nationality and place of birth) and any other information as may be required to ease business operations.
Why we need personal data
As a licensee of the Financial Services Commission of Mauritius, AcuFin is mandated to fulfil some legal and regulatory requirements, for instance, “Customer Due Diligence” on our clients. Your personal data allows us to effect our screening such as to provide you with our range of services.
Right to access your personal data
As a client, you will have the right to request access to your personal data submitted by you to AcuFin and to review the data we hold on you.
Keeping of your personal data
As per the laws of Mauritius, we need to keep personal data as follows:
- As long as one is a client and contact of AcuFin.
- AcuFin shall destroy the data on the client as soon as is reasonably practicable once the purpose for keeping the personal data has lapsed, and notify any processor holding the data on the client to destroy the data as specified by AcuFin.
- For a period not more than ten (10) years as per the laws of Mauritius when a person is no longer a client of AcuFin. After this period, personal data on the client will be destroyed.
Where consent has been received from yourself to receive updates and similar materials from AcuFin, we will keep any personal data held by us for that purpose until we are notified that you no longer wish to.
Consent
All information provided to AcuFin is treated confidentially within the company to facilitate fulfilling your requests, unless we are legally necessitated by a regulatory body or court of a competent jurisdiction. It will however be deemed consent from the client’s side that their respective personal data could be passed on to such organisations or individuals that are not associated to AcuFin as long as the purpose is to assist us to supply our services such as courier services or other third party service providers acting upon our request to fulfil your requests.
If you have any specific concerns around this arrangement, you are kindly requested to email us on info@acufin.global.
Exceptions and exclusions
It is important to note that when the data is mandatory under another law, there is no need to follow the Act meaning that consent of the data subject is not required before processing the personal data.
No exception to the Act shall be allowed except where it constitutes a necessary and proportionate measure in a democratic society for –
- the protection of national security, defence or public security;
- the prevention, investigation, detection or prosecution of an offence;
- an objective of general public interest, including an economic or financial interest of the State;
- the protection of judicial independence and judicial proceedings; or
- the protection of data subject or the rights and freedoms of others.
Your right to complain
As a data subject, should you have any concerns that any personal data we hold relating to you is incomplete or incorrect, you may request to view this information, amend it or have it deleted. Please contact us by either liaising with your usual contact at AcuFin or send us an email on info@acufin.global. You also have the right to lodge a complaint with the Data Commissioner through the Data Protection Office.
We have tried to capture the basic essence of the Act to the best of our ability. For further detailed queries, please consult the following websites:
Data Protection Office website: www.dataprotection.govmu.org
GDPR Official website: www.eugdpr.org