Privacy statement of MITCO Group
To perform our contractual obligations, MITCO Group (“MITCO” or “We”) collects, processes, and stores personal data relating to you, including but not limited to, sensitive personal data. MITCO treat personal data we collect according to our client on-boarding process and as part of provision of our services as private and confidential and we abide by all data protection laws as may be applicable, including the Mauritian Data Protection Act 2017 and the EU General Data Protection Regulation (“GDPR”). We have implemented organisational, physical and technical safeguards which are designed to protect your personal information from unauthorised access, use or disclosure. We are also committed to being transparent about how your personal data is collected and used. We ask that you read this privacy statement carefully as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and the supervisory authorities if you have a complaint on the way your personal data is being collected or processed.
We collect personal data directly from you, and where lawful and reasonable, we may collect personal information about you from third parties and publicly available sources, such as Business Introducers, internet websites, Anti-Money Laundering screening software for the purposes set out below.
We may use your personal data to:
- meet our responsibilities towards you;
- follow your instructions;
- process your personal data for ordinary business purposes (this includes to open and maintain your bank account, give effect to transactions, administer claims where applicable, manage our risks and maintain our overall relationship with you);
- carry out statistical and other analyses to identify potential markets and trends, evaluate and improve our business (this includes improving existing and developing new products and services);
- tell you about services and products available within the Group;
- make sure our business suits your needs; and
- comply with applicable laws.
Without your personal data, we may not be able to provide or continue to provide you with the products or services that you need.
You are entirely free to decide whether or not to provide us with your personal data and there are no consequences should you refuse to do so unless for when the supply of specific personal data is mandatory by law.
We may shall process your personal data if you give us your express consent willingly or in accordance with the law. You give your consent to us through our client acceptance mandate and services agreements.
We may only disclose your personal data if:
- the law requires it or such personal data is exempted from data protection laws;
- such disclosure is for the administration of justice or in the public interest or relates to the use of a unique identification number to facilitate sharing information and avoid multiple registrations among public sector agencies;
- such disclosure is necessary for the performance of a contract to which you are a party or to enable you to enter into a contract; or
- such disclosure is required to protect your vital interests;
- you agreed that we may disclose your data for the purposes for which such data has been collected and of which you have been informed.
We routinely share your personal data internally if access to the data is necessary for performance of our contract. We may share your personal data with the regulatory authorities, if required. We will not share your personal information with any other third party except with your prior written consent.
We may ask third-party service providers to agree to our privacy policies if they need access to any personal data to carry out their services.
We will not disclose your personal data to external organisations that are not our service providers, unless you give us your consent, or unless required by law, or if it is necessary for the conclusion or performance of our agreement with you.
Transfer across borders
Sometimes we may process your personal data in other countries, either to carry out your instructions or for ordinary business purposes.
These countries may not have the same level of protection. If necessary, we will ask the party to whom we transfer your personal data to agree to our privacy principles, associated policies and practices.
Storing of personal data
We store personal data as required by law.
Our security practices
Our security systems and technical and organisational measures are designed to prevent loss (including accidental loss), alteration of, unauthorised destruction, damage and/or unlawful access, disclosure of your personal data or the processing of personal data from unauthorised third parties.
Access to your personal data and your other rights
As our customer, you may:
- ask us to give you a description of your personal information that we hold;
- ask us to correct or update your personal information through our customer service channels;
- ask us to restrict the processing of or erase your personal data; or
- object to the processing of your personal data for a specific purpose.
We will take note of your rights under applicable privacy and data protection laws.
You have the right to query a decision that we make about our services that you have requested for.
During your contractual relationship with us, if you would like further information on the way in which MITCO collects, processes, and protects personal information or would like to access and correct your personal information, please contact the Data Protection Officer at the address set out below.
Monitoring of electronic communications
We communicate with you through different methods and channels. If allowed by law, we may record and monitor electronic communications to make sure that they comply with our legal and regulatory responsibilities and internal policies.
Retention of personal data
We retain personal data as per the statutory and regulatory requirements. Where there is no legal requirement, your personal data will be destroyed after one year following the lawful purpose for which the data was obtained.
Usage of cookies
Given our website is continually evolving as we aim to ensure it best serves the interest of our users.
Information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information to compile reports on website activity and internet usage. We, in turn use this information to improve our user experience and content.
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.
By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You may turn cookies off in your web browser by selecting the appropriate settings in your browser.
Right to change this privacy statement
We may change this privacy statement. We will communicate all changes on our websites. The latest version of our privacy statement will replace all earlier versions, unless it says differently.
Queries, complaints, and breach
If you have any queries or complaints about privacy or believe that there has been a breach with respect to your privacy, please contact the designated Data Protection Officer at the address set out below:
Mr. Jaweed Lallmahomed
Data Protection Officer
4th Floor Ebene Skies
Rue de l’Institut
Ebene, Republic of Mauritius
Telephone: (230) 404 8053
The Data Protection Act 2017 also gives you the right to lodge a complaint directly with the Data Protection Commissioner.