Privacy Policy on Data Protection
In light of the EU General Data Protection Regulation (“GDPR”) which came into effect on 25 May 2018, Mauritius has implemented the Data Protection Act 2017 (the “DPA”) which came into effect on 15 January 2018 (repealing the previous Data Protection Act 2004). The DPA strengthens the control and personal autonomy of data subjects over their personal data in line with international standards, namely with the GDPR and the European Convention for Protection of Individuals with regards to automatic processing of personal data. The DPA also aims to align the Mauritius provisions for data protection with the current and challenging technological and other advancements that have occurred.
In this document, the terms “personal data” and “personal information” are used interchangeably.
Our commitment to Data Protection
Axis Fiduciary Ltd (“Axis” or “the company”), as a trusted and specialist service provider, is committed to safeguard personal information of its clients and contacts. We value your privacy and care on how your personal data is treated. As such, while collecting, processing and managing all such information, including your email addresses and contact numbers, we have processes in place to ensure that such information is kept securely on our systems and in compliance with the DPA.
This commitment is driven by our compliance team that oversees, inter alia, the use of personal data in our services, working in close collaboration with the IT team. This is acknowledged by all our employees through our Code of Ethics which sets out the standards of correct conduct expected of our employees and which emphasises on all the obligations we place on them, including that of confidentiality.
Moreover, in line with our Code of Ethics, all of our employees, in whatever capacity, are required to sign a confidentiality agreement by virtue of which they undertake to observe the strictest confidentiality in respect of any information acquired in the course of their duties or in connection with their employment relating to the affairs or business of the company, any member or employee of the company, the clients of the company or any person dealing with the company. All information obtained in the execution of the duties entrusted to any employee of the company is always of a confidential nature and is not to be divulged to anybody outside the company except in the course of its business operations.
Sailing through the change of Data Protection
Data protection is an important aspect of our operations and business, and we fully recognise that. Since the start of 2018, we have invested significant time and resources in our compliance team for it to ensure that our services, processes, policies and marketing materials, amongst others, are in line with DPA. This included a review of all aspects of our privacy and information security compliance, including identification of data processes, risk assessment, policies, and aligning same to the changes brought by the DPA.
Collection of personal data
We have a data protection policy (the “Data Protection Policy”) in place which governs, inter alia, the use and storage of our clients and contacts personal data.
For the purposes of the DPA, Axis is a “Controller”. The information that is collected from you includes (but is not limited to): Names, addresses, email address, contact numbers, details on identification documents, employment details.
Why we need personal data
Axis is licensed by the Financial Services Commission of Mauritius as a management company. As part of our licensing conditions and in order to fulfil our legal and regulatory requirements in Mauritius, we need to undertake “Customer Due Diligence” on our clients in their capacity as a principal of an entity to which Axis provides/shall provide services. We need your personal data in order to provide you with a full range of corporate, private wealth, fund and accounting services.
All information provided to us is strictly confidential and are not disclosed or revealed to any person or party whatsoever unless we are legally required to do so to a regulatory body or a court of competent jurisdiction in Mauritius or abroad.
What we do with personal data
All personal data are processed at our registered office in Mauritius. No third party has access to such personal data, unless specifically required by law. In certain instances, Axis may be called upon to disclose and transfer personal data to certain jurisdictions which do not afford or guarantee that appropriate safeguards are in place to protect such personal data. In that connection, by providing us with your consent to such disclosure and transfer, you understand and expressly agree that there may be risks involved in such disclosure and transfer being made.
How long we keep it
Under Mauritian law, we are required to keep personal data as follows:
- As long as one is a client and contact of Axis.
- Where the purpose for keeping personal data has lapsed, Axis shall destroy the data as soon as is reasonably practicable and notify any processor holding the data to destroy the data as specified by Axis.
- When a person is no more a client of Axis, for a period not exceeding ten (10) years in line with the prevailing laws of Mauritius. After this period, such personal data will be destroyed.
Where you have consented to receive updates and similar materials from us, any personal data held by us for that purpose will be kept by us until such time that you notify us that you no longer wish to
What are your rights?
Should you believe that any personal data we hold relating to you is incorrect or incomplete, you may request to see this information, rectify it or have it deleted. Please contact us by either liaising with your usual contact at Axis or send us an email on DataProtectionOfficer@axis.mu.
In the event that you wish to complain about how we have handled your personal data, please contact your usual contact at Axis or send us an email on DataProtectionOfficer@axis.mu. We will then look into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you may contact the Data Protection Office in Mauritius and file a complaint with them.