- WHO WE ARE
- PRIVACY STATEMENT
We value the privacy of our data subjects and commit to protect their personal data in accordance with the Applicable Laws.
- HOW TO CONTACT US
We have appointed a Data Protection Officer, whose duty is to provide guidance and advice to and oversee data protection compliance at ENL Limited and its subsidiaries. Should you have any questions in relation to the processing of your personal data, you may contact our Data Protection Officer as follows –
Data Protection Officer
Vivea Business Park
- WHAT PERSONAL DATA WE COLLECT ABOUT YOU
The personal data we collect include and are grouped as follows –
Contact Information such as your first name, maiden name, last name, title, address, telephone number, mobile phone number, job title, name of employer, fax number and email address, and business information which includes identification and your relationship to a person. Address may include both business address and home address where you have provided that to us.
Personal Information such as your date of birth or passport number, or any other identity document details, or signature (whether in ink or electronic form) to enable us to check and verify your identity.
Financial Data such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, bank account and payment card details including security code numbers and other related billing information, as well as, where applicable, information relating to the source of funds and source of revenue.
Transaction Data includes details about payments to and from you and other details of services you have purchased from us.
Technical Data (if applicable) includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
Profile Data includes your username and password, your interests, preferences, your psychometric assessment, your feedback and survey responses.
Usage Data includes information about how you use our website and services.
Marketing and Communications Data such as your preferences in receiving marketing from us and our third parties and your communication preferences.
Information collected from publicly available resources and credit agencies or any other information needed to enable us to undertake a credit or other financial checks on you.
Location data such as your geolocation, location or tracking of your device captured through a system or network.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We do not usually collect ‘sensitive personal data’ also known as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and any information about your criminal convictions and offences, if any).
In the context of coronavirus containment, relevant Special Categories of Personal Data is being collected to evaluate the risk that an individual carries the virus and to take proportionate risk-based measures. Accordingly, the information collectable from any individual could be:
- the presence of COVID-19 symptoms;
- confirmation of the individual’s travel to a particular country;
- indication of any close contact that the individual may have had with persons who may (i) have visited a particular country; or (ii) be showing COVID-19 symptoms; and
[added April 2020]
- whether the individual is vaccinated or not against COVID-19 [added July 2021]
In limited cases where we do seek to collect sensitive personal data (for example your health condition) we will do so in accordance with the Applicable Laws.
Personal data of children
We do not knowingly collect personal data relating to a child under 16 years unless we have obtained the parent’s or guardian’s consent. If you are a child under 16 years, please ensure you have received authorisation from your parent or guardian as we may request proof of that authorisation.
Third party information
It is important that the personal data we hold about you is accurate and current. Please keep us informed, if your personal data changes during your relationship with us.
- HOW WE COLLECT YOUR PERSONAL DATA
We collect most of your personal data from our direct interactions with you in the course of our business, whether when you enter into an employment or business relationship with us, when you apply for a job with us, when you contact us through our contact form or by email and request information about our products, services and offers, engage with our staff for business related purposes, you sign up to receive information from us, or when you browse or use our website.
We may also collect information from third party sources including our Associated Companies within ENL Group, our referrals and agents, our suppliers, principals, franchisors and public authorities, public websites and social media.
When wanting to apply for a job with us, you will either be:
- directed to register on and apply through our website platform; or
- directed to register on and apply through a third-party platform, subject to the terms and conditions of that platform. The said third-party will share with us or grant us access to your relevant personal data for the purposes of the specific job vacancy that you have applied for; or
- able to submit a printed copy of your application to our office.
You may also send to us a ‘spontaneous job application’ for any future job openings.
- WHY WE PROCESS YOUR PERSONAL DATA
We process your personal data for various purposes including:
- To manage our employment relationship with you;
- To manage our business relationship with you as client, customer, supplier, service provider or investor;
- The use your signature (whether in ink or electronic format), where you are an authorised signatory;
- To provide you our products and/or services and those of our Associated Companies;
- To respond to your request, query or complaint when you fill out a ‘contact us’ form;
- To consider your application where you have applied for a position with us;
- To comply with any legal obligations and statutory reporting requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius or the Financial Services Commission;
- To prevent or detect abuse of our products and/or services;
- To confirm your identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
- To personalise your experience on your repeated visits to our website by delivering relevant website content and advertisement to you;
- To keep a database of customers/clients and potential customers/clients to communicate with in respect of our products and/or services and matters related thereto;
- To enable us to carry out statistical and other analysis to provide better customer service and measure the effectiveness of our communications to you;
- To pursue direct marketing and advertising;
- To use data analytics to improve our website, products, services, customer/client relationships and experiences;
- To administer and protect our businesses;
- To ensure security and safety on our premises;
- To administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- Use of photographs/image for communication regarding our business activities in the ENL Group; and
- To fulfil such other purposes as may be related, directly or indirectly to our business activities.
We have described the purposes for which we may use your personal data. We will only use your personal data when the law allows us to and where it is necessary. The lawful bases we rely on when processing your personal data can be:
- Where you have given your consent; or
- The processing is necessary:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for compliance with our legal obligations, for example any statutory reporting or record-keeping requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies;;
- for the pursuance of our legitimate interests or those of a third party;
- for the purpose of historical, statistical and/or scientific research; or
- for the establishment, exercise or defence of legal claims or proceedings
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights, freedoms and interests. Examples of such ‘legitimate interests’ are data processing activities performed: for the better running of our business; (ii) for the provision and administration and improvement of IT services and network security; (iii) for a better identification on the types of customers we have and a study on their use of our services in order to develop our marketing strategy accordingly; (iv) for the prevention fraud or crime.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is required under Applicable Laws.
If you send to us a ‘spontaneous job application’ for any future job, you may be contacted by us regarding job vacancies within the ENL Group that could be of interest to you. We do not share your job applications and associated personal data with other entities in the ENL Group without your consent unless there is another lawful ground for doing so. When applying for a position with us, whether for a specific job or as part of a spontaneous job application, we will hold onto your personal data provided to us, for future job openings (please refer to Paragraph 8 below).
We will not use your personal data for purposes that are incompatible with the purposes for which they were collected, and of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
We may process your personal data without your knowledge or consent, where this is required or permitted by law. For example, in order to prevent fraud and other illegal activity, and for verification process of any payment transaction or online payment.
We take cautionary measures to ensure we do not collect any personal data from you which we do not need in order to provide our products and services to you.
We shall pass on your personal information to our Associated Companies: i) only where you agree, so that they may offer you their products and services; or ii) where we are able to do so in accordance with Applicable Laws.
- FOR HOW LONG DO WE STORE YOUR PERSONAL DATA
We only retain your personal data for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your information we use for marketing purposes will be kept with us until you unsubscribe or notify us that you no longer wish to receive our marketing offers or emails and request to destroy your personal information.
By law, we have to keep basic information about you including your Contact Data, Financial Data, and Transaction Data for ten (10) years or such number of years according to the applicable laws, after our dealings with you for statutory, tax and other judicial purposes.
Please contact our Data Protection Officer for further details on retention periods for different aspects of your personal data.
In some circumstances, you can ask us to erase or destroy your personal data: see Request erasure below for further information.
We may also anonymise your personal data so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- WHO THE INTENDED RECIPIENTS OF YOUR PERSONAL DATA ARE
We do not share, sell or trade your personal data with other companies outside ENL Group for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.
In relation to the purposes for which we collect your personal data, we may have to share your personal data to:
- Our employees on a need-to-know basis;
- Third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your personal data, and to treat it in accordance with the law, (ii) not to use your personal data for their own purposes, and (ii) only to process your personal data for specified purposes and in accordance with our instructions;
- Our Associated Companies, for statutory or business purposes, to build up a centralised client database to better identify your needs regarding our different products and services offered across ENL Group and to share your CVs which could match positions advertised within ENL Group.
- Our business partners such as franchisors, principals, tenants.
- Our professional advisors that is our accountants, auditors, lawyers, insurers, and bankers;
- Any public or enforcement authority such as The Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius Ltd, Financial Services Commission in Mauritius or such similar authorities abroad to comply with our legal obligation, or in case of a court, administrative or governmental order.
- HOW WE USE YOUR PERSONAL DATA FOR MARKETING PURPOSES
With your express consent, we may send you occasional notifications and/or communications regarding products and services, from our company or those of ENL Group only, or important product updates, special offers and promotions. When you subscribe to receive email communications, we may track, such as through cookies, the actions you have taken regarding the emails, such as whether you opened the mail, or clicked on a specific link or your location when you opened the mail based on IP address. We may then use your Contact Data, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide, which services and promotions may be of interest for you. We may also send you marketing material where you have requested a quote or information about our product and/services, entered into a contractual relationship, participated in a competition with us or subscribing on our website.
We may obtain our marketing data through our direct interactions with you, through our automated technologies or through our Associated Companies. Unless otherwise is expressly written by us when you are being asked to provide your consent, your express consent to receive marketing material or latest news from us will entitle you to receive such marketing material or latest news from those entities within the ENL Group.
- WHAT ARE YOUR RIGHTS IN RESPECT OF MARKETING COMMUNICATIONS
You may object to our processing of your personal data for direct marketing purposes. You may do so by not ticking certain opt-in boxes on the forms we use to collect your personal data, or by utilising the unsubscribe link such as in e-mails we send to you, or by having your personal data removed from our database at any time by contacting us.
If you no longer wish to receive our latest news or marketing information, let us know by contacting us or click on the “Unsubscribe” link at the bottom of our email sent to you and you will be redirected to a confirmation page that confirms you have been unsubscribed. Upon confirmation, you will be removed from our contact list for direct marketing purposes. It may happen that you are still interested in receiving latest news or marketing information in respect of specific brands within ENL Group. If this is the case, you may also have the option to customise your choice to receive latest news and marketing information from specific (and not all) entities within the ENL Group, by contacting us through our Data Protection Officer.
Note that we will retain minimum personal data (for example, personal data provided to us as a result of previous service experience) as a record that you unsubscribed and to avoid contacting you again.
- HOW DO WE USE YOUR PERSONAL DATA FOR SECURITY AT AND ACCESS TO OUR PREMISES?
This part explains to you how we handle and process your personal data (including location data) when such data is captured through our CCTV surveillance system and/or through our security measures on our premises.
Security measures on our premises may include any one or more of the following:
– Each visitor filling in and signing our log book (including name, contact details, time-in and time-out);
– Issue and presentation of a visitor’s pass;
– Swipe card access;
– Biometric data ID validation (such as fingerprint and/or facial recognition);
Such processing shall be in accordance with Applicable Laws. Personal data captured through our security measures may where necessary be shared with other property owners and/or tenants of premises that are the subject of those security measures.
CCTV cameras and other security devices are located at strategic points on our premises, namely at the entrances, receptions, the gates and parking to the site within which our premises are found, in common areas and in certain production areas. Signs will inform employees and visitors that CCTV cameras are in operation and who to contact for further information. If you require any information, please contact us through our Data Protection Officer.
Other devices namely fingerprint, and facial recognition devices will be located at the entrance to the premises and/or secured locations on the premises.
- TRANSFER OF YOUR PERSONAL DATA
When sharing your personal data, whether this involves transferring your personal data outside Mauritius, we ensure this is done in accordance with the Applicable laws. Kindly note that when we transfer data abroad, some countries may not have the same degree of protection under their laws, however we impose contractual obligations on the recipients of the data to ensure a similar degree of security and protection is afforded to it. For further details, please contact us through our Data Protection Officer.
- THE STEPS WE TAKE TO PROTECT YOUR PERSONAL DATA
We maintain organisational, physical and technical security measures (i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and (ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.
In particular, our preventive and protective measures may include (i) the pseudonymisation and encryption of personal data; and (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
Unfortunately the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted over the internet. Any transmission is at your own risk.
We require all our service providers to have appropriate measures in place to treat your personal data securely.
Where we have provided you with or you have chosen a password enabling you to access a personalised area on our website, you are responsible for keeping this password confidential. We advise you not to share it with anyone.
We limit access to your personal data to our and our Associated Companies’ employees, agents, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We also maintain procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- YOUR RIGHTS IN RESPECT OF THE PROCESSING OF YOUR PERSONAL DATA
Unless otherwise stated by the Applicable laws, you have the right to:
Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, free of charge unless the request is excessive, and to check that we are lawfully processing it.
Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may ask you for an identification number such as your passport number.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the Applicable Laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing or profiling for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms or other lawful grounds (not requiring your consent, for example statutory requirements) to process your information.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it and request restriction of its use instead; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
Refuse to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or significantly affects you. We shall not process your personal data in such a way as to subject you to a decision that is based solely on automated processing unless the decision: (i) is necessary for us to enter into or perform a contract with you; (ii) is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent. Some psychometric assessments, namely in job recruitment processes, involve automated processing and profiling, but our screening and decision-making in respect of a job candidate will not be based solely on that psychometric assessment.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out by us before you withdraw your consent. If for example, you provide your consent to publish your photograph or image in an article on our website or publicly available mediums, and subsequently withdraw your consent, it is likely that we will have a compelling legitimate interest to continue processing your photograph or image that is already being used or published prior to you withdrawing your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Lodge a complaint at any time with the Data Protection Commissioner of Mauritius (the “Commissioner”) whose office is at Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Mauritius, by emailing any complaint to email@example.com. Where the GDPR is applicable, you have the right to lodge a complaint with the regulatory authority of the country of your residence, work place or where the data breach has occurred.
If you wish to exercise any of the rights set out above or need any clarification thereon, please write to our Data Protection Officer on firstname.lastname@example.org.
We try to respond to all legitimate requests within one (1) month. Occasionally it may take us longer than one (1) month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can lodge a complaint with the Commissioner by writing to email@example.com.
We would appreciate the chance to deal with your concerns before you approach the Commissioner or any other regulatory authority, so please contact us in the first instance.
- USE OF THIRD PARTY LINKS TO WEBSITES AND PROGRAMMES
All websites designed and managed by Nabridas and/or ENL may feature links to other sites operated by third parties websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices or the content of such websites.
A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie alone is in no way linked to any personally identifiable information while on our website. We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file instructions.
These are the types of cookies collected:
Category 1 – Strictly Necessary Cookies: These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website.
Category 2 – Performance Cookies: These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.
Category 3 – Functionality Cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.
Category 4 – Targeting Cookies or Marketing Cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our advertising campaigns.
By using , you agree that we can place these types of cookies on your device. These cookies can be removed by following internet browser help file instructions.
- REVISION HISTORY
Authorised changes made to this document have been summarised in the revision history as shown:
Description of changes
Clause 5 amended – new paragraph
Clauses 1, 3, 5, 6, 7, 8, 9, 10 and 11 amended.
New Clause 12 added.
Newly numbered Clauses 15, 17 and 18 amended.
Date published: July 2021
COPYRIGHT NOTICE AND DISCLAIMER
Associated Company means any company related to, or associate of, ENL Limited and related shall be construed in accordance with the Companies Act 2001 while associate shall mean those companies disclosed as associates in the audited financial statements of ENL Limited.
Biometric data means any personal data relating to the physical, physiological or behavioural characteristics of an individual which allow his unique identification, including facial images or dactyloscopic data;
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;
Consent means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;
Controller means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision making power with respect to the processing;
Direct marketing means the communication of any advertising or marketing material which is directed to any particular individual;
ENL Group means ENL Limited and its Associated Companies;
Encryption means the process of transforming data into coded form;
GDPR means the European Union General Data Protection Regulation, which came into force in 25 May 2018;
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest. We do not use your personal data for activities where the impact the processing has on you overrides our interests (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interest against any potential impact on you in respect of specific activities by contacting us;
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data);
Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Processor means a person who, or public body which processes personal data on behalf of the controller;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information and the additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;
Third party means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data;
Traffic data means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.