At NWT (Mauritius) Limited, we respect your privacy and are committed to protecting your personal data. This privacy notice will provide you with an explanation as to how we keep your personal data and your rights under the Data Protection Act 2017 (the Act).
Our service agreement will include a consent form which will authorize us to hold and process your personal data.
You may withdraw your consent, in writing, at any point in time, for the disclosure and processing of your personal data by us.
As data controller we are responsible for your personal data. Personal data means any information relating to you as a data subject.
The Data Protection Officer
NWT (Mauritius) Limited
6th/7th Floor, Dias Pier Building, Le Caudan Waterfront Caudan, Port Louis 11307, Mauritius
Telephone No : (230) 405 4000
THE DATA WE COLLECT ABOUT YOU
When you use our online services, we may collect personal data, for example data about your device, obtain your internet protocol address or other technology on the device you use to access our online services. We collect personal data by using cookies.
Personal data or personal information collected and stored by us include, but are not limited to, the following:
- Identification data & personal details such as name, date of birth, nationality, gender, marital status, place of birth, employment, education background and interest, country of tax residence, tax number, social security numbers, any political affiliation;
- Contact details, such as telephone & fax number, email address, work and home address;
- Financial and banking information, such as financial reports/accounts, bank account number, currency, authorized signatories;
- Usage Data such as how you use our website, products and services.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We primarily use your data for the following purposes:
- Performance of a contract to which you are a party, or in order to take steps following your instructions before entering into a contract (for example to incorporate a company on your behalf, liaise with the authorities, open bank account for the company and to provide services to you under the management services agreement);
- To meet our legal, compliance and regulatory obligations such as the Anti Money Laundering & Terrorist Financing Laws, Common Reporting Standards, FATCA Reporting to which we, as Controller, are subject to;
- To protect your vital interest as data subject;
- For the performance of a task carried out in public interest or in the exercise of official authority vested in the Controller;
- For the performance of any task carried out by the public authority;
- In the exercise, by any person in the public interest, of any other functions of a public nature;
- For the legitimate interests pursued by us as Controller or by a third party to whom the data are disclosed, except if the processing is unwarranted in any particular case having regard to the harm and prejudice to your rights and freedoms or your legitimate interest;
- For historical, statistical or scientific research.
In addition, we may use your data:
- To provide you with a proposal with regards to the services we offer to you;
- To handle queries or complaints you may have in order to improve our services;
- To process your feedback;
- To forward to any competent court, regulator and/or legal authority as may be required for fraud or any related investigation;
- For recruitment purpose;
- At your request: marketing information, flyers, brochures, guides to be sent to you.
DISCLOSURE OF PERSONAL DATA
Personal data will not be shared to third parties, except to the following:
- Public authorities;
- Services providers, e.g. Auditors, Accountant, Tax Advisors;
- Affiliated companies of NWT with whom we engage to assist in delivering the services to you;
- All of whom are usually registered as Controllers under the Act.
We may disclose personal data in the following situations:
- A Court Order in the event of an investigation;
- If we have outsourced some or all of our operations of our business to a third-party service provider who has a duty of Controller/Processor under the Act;
- In the event of a sale or acquisition of companies/subsidiaries or within our business units.
Your personal data will be safeguarded and released as per applicable laws, our policy and the terms and conditions of the management agreement in place, to fully protect both your rights and ours.
We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirement. Your personal data will not be stored for a period longer than necessary for the realization of such purposes.
The retention period will always be in line with any applicable and relevant laws.
We are committed to protecting your personal data and have put in place appropriate security measures to prevent your personal data from being used, or accessed in an unauthorized manner, altered or disclosed. We limit the access to your personal data to our employees, agents and other third parties. They will only process your personal data further to our instructions and they are subject to a duty of confidentiality.
We ensure a secure processing of data by relying on:
- A strong password management;
- Limited access to office premises;
- Limited access to server;
- Limited staff access & CCTV to the server room;
- Physical locks, video surveillance system;
- Encryption of company’s mobile devices and phones;
- Prohibiting use of social media sites, control cloud-based internet storage sites;
- Disabling of the USB, CD Drives on staff terminals & laptops;
- A trusted backup and restore policy for data.
YOUR LEGAL RIGHTS
Under both the General Data Protection Regulation 2016/679 (GDPR) and the Act, you have the following rights:
- Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- Right of access, rectification and erasure and right to request a copy of the personal data which we hold;
- Right to object to the processing of personal data;
- Right not to be the subject to a decision based solely on automated processing, including profiling;
- Right to lodge a complaint with the Data Protection Commissioner;
- Right to data portability, that is, the right to have the personal data transmitted directly from one controller to another.
Our employees who have access to Personal Data are given specific training in compliance with the Act.