Privacy Policy

Terms of service

PRIVACY POLICY

 St Lawrence Management Limited (BRN: C10093815) with registered office at 2nd Floor, C&R Court, Labourdonnais Street, Port Louis (“we” or “us” or “STLM”) is committed to protecting your personal data in accordance with the Mauritius Data Protection Act 2017 (‘DPA’).

 This Privacy Policy describes how we collect and use Personal Data about you during the period in which we are engaging with you on a business-to-business basis as well as on our website (regardless of where you visit it from).

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

 In relation to your Personal Data, we shall be acting as a Data Controller for Personal Data we collect about you. We also ensure that data protection laws are adhered to through specific clauses within contractual agreements and the guarantees provided by processors/sub-processors.

 The use of information collected through our service and our website shall be limited to the purpose of providing the service for which the Client has engaged with us.

Data Collection

 STLM collects and processes information under the direction of our clients or through direct relationship with individuals.

 The Personal Data, as defined under the DPA, which we process includes certain information which can be used to identify the person in question (“Data Subject”, or “you”). Although we do not currently collect and/or process Special Categories of Data, we shall inform you should this change, as well as the further protections that we would implement in relation to Special Categories of Data.

 Data Processing

All client and personal data are processed under the control of STLM in Mauritius.

 Purpose/Activity

 To manage our relationship with you, which includes:

 •        Notifying you about changes to our terms or privacy policy

•        Asking you to take a survey.

•        Raising awareness about our Company;

•        Using data analytics to improve our products/services, marketing, customer relationships and experiences.

•        To make suggestions and recommendations to you about goods or services that may be of interest to you and are related to the information or services we have previously provided.

•        Information obtained by completing any forms on our website. 

•        Communicating to you the latest news, and events, 

  Use of Information

 The information collected is maintained for the purpose of fulfilling our contractual obligations with our Client and is used as such or in order to contact you for the purpose of demonstrating our services. The information we collect is not shared with any organisations, except to provide products or services requested, when we have your permission, or under the following circumstances:

•        As required by law, such as to comply with legal proceedings, or similar legal process.

•        To investigate potential violations of our Terms of Service.

•        To third-party service provider as stated under Third Party disclosure.

Third Party Disclosure

Only aggregated, anonymized data may be periodically transmitted to external services to help us improve Our website and our service. For our website, we may use Google Analytics as an Analytics Provider. Only aggregated and anonymized data would be transferred.

 Data Retention

 We will retain personal data we process on behalf of our clients as long as needed to provide services to our client. STLM will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 Information we collect in order to demonstrate our services is maintained until the purpose of the collection has been fulfilled.

 Keeping in touch with You

 Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time.

 Where you request us to add you to a subscription list to receive certain information we will do so and communicate with you in your chosen method as applicable. You may request to be removed from such lists at any time.

 Log Files

As is true of most websites, we may gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. This information is used to administer, assist us in any troubleshooting to support our users and maintain the stability and performance of our website.

Data Subject Rights

The DPA give you the right to access the information we hold about you.

 An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data or exercise any of his/her rights under DPA should contact us, the Data Controller, at compliance@stlawrence.mu. You will not have to pay a fee to access your personal data (or to exercise any of your other rights).

However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Alternatively, we may refuse to comply with your request in these circumstances. STLM will make reasonable effort to promptly fulfil our clients’ request.

Security of Data

 We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and raising awareness. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

 Any data breaches will be managed according to the Company’s procedures and concerned data subjects will be notified of same as soon as possible. Unless otherwise directed by legal obligation, any requests from a governmental body shall be referred to the Data Controller.

 Data Protection Measures

 The Company is committed to ensuring the security of Personal Data and to processing it in line with the DPA. As such, the Company will:

 •        Ensure that all staff are aware of their responsibilities and the Company’s obligations and responsibilities in relation to data protection.

•        Ensure that all staff and individuals/organisations who handle data on behalf of the Company are appropriately trained and receive refresher training on a regular basis.

•        Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.

•        Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.

•        Regularly review the Company’s methods of data collection, handling, processing and storage.

 

Amendments to this Privacy Policy

 We may amend this privacy notice from time to time. Any amendment will be posted on our website so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on the website. Use of our website following such changes constitutes your acceptance of the revised privacy notice then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.  

 This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.

These terms of service ("Terms", "Agreement") are an agreement between the website ("Website operator", "us", "we" or "our") and you ("User", "you" or "your"). This Agreement sets forth the general terms and conditions of your use of this website and any of its products or services (collectively, "Website" or "Services").


DATA PROTECTION NOTICE

(When St Lawrence Management Limited is acting as Data Processor)

1.     Introduction

This notice describes how personal information is collected and handled by St Lawrence Management Limited a company incorporated in Mauritius with Business Registration Number C10093815 (hereinafter referred to as “We”), when it acts as a processor under the Data Protection Act 2017(“DPA”), so as to meet the data protection standards of the data controller and comply with the applicable laws, regulations and policies pertaining to data protection.

2.     Controller and Processor relationship

The Controller, as defined under the DPA, will determine the purposes and means of the processing of personal data and has decision making power with respect to such processing. The Controller has appointed St Lawrence Management Limited as Processor by virtue of an agreement, by virtue of which we would be processing data on behalf of such Controller.

 3.     Data Collection – Which personal data we collect?

The personal data that we collect from the data subject could be one or more of the following or such other data relating to the economic or social identity of the data subject.

  • name and surname;
  • national identity card number;
  • passport details; 
  • residential address;
  • contact details (phone and fax numbers, email addresses); and
  • Curriculum Vitae (CV).

We may also request for special categories of data in the event that we came across potential adverse media or hit on the data subject while conducting compliance screening. These data will cover, but not be limited to:

  • the commission or alleged commission of an offence by the data subject; and
  • any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any Court in the proceedings.

 4.     How and why we use your personal data?

As data processor, we may collect and process the personal data of employees, directors, shareholders and clients of the controller. This may include data we receive directly from a data subject for example by completing forms, by corresponding with us over the phone, by email or otherwise and data we receive from other sources including for example, business partners, sub-contractors in technical, payment and delivery services, credit reference agencies and others.

We will only process personal data for specific purposes. We use the personal data in the course of our business activities and interaction with the data subject only for the following purposes: 

  • performing our agreement with the data controller;
  • promoting eventual business relationships; 
  • assisting the data subject with any queries or concerns;
  • complying with any legal or regulatory obligations imposed on us;
  • fulfilling our legitimate commercial interests; and 
  • sending communications to the data subject if the latter has consented to receiving the same, and for any other purposes for which we have the consent of the data subject.

We will not keep personal data longer that is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

5.     To whom do we disclose personal data?

The personal data of the data subject may be shared as follows:

  • with our employees to fulfil our contractual obligations with the Controller; and
  • with our accountants, auditors, lawyers, other professional advisors, or third-party service providers, on a need-to-know basis, for the purpose of assisting us to manage, support and develop our contractual obligations and generally to comply with our legal and regulatory obligations.

We will ensure that the personal data of data subjects is kept safely. Only designated persons will have access to such personal data on a strictly need-to-know basis for the purposes of fulfilling our agreement, or promoting our business relationship with the controller. In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.

Some disclosures do not require the consent of the data subject. This happens when we share personal data with (i) law enforcement bodies/agencies and other statutory authorities, if required by law and (ii) if required or authorized by law or if we suspect any unlawful activities

Where we have collected personal data on behalf of another party, the use of such personal data by that party is governed by their privacy policy for which we shall not be responsible.

6.     Data Security

The Controller will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

As Processor, we have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will maintain data security by protecting the confidentiality, integrity and availability of the personal data.

7.     Data Protection Officer

The Data Protection Officer of the Controller is Ms Roheenee Bheergoonath, who can be contacted on the following:

 Address: 49 Labourdonnais Street, 2nd Floor C&R court, Port- Louis

Phone number: 213 7000

Email: complianceteam@stlawrence.mu

 

8.     What are Data Subject’s rights? 

As per the DPA, all individuals who are the subject of personal data held by a data controller are entitled to inter alia have a:

(a)         Right to have access to any personal data being processed by the Company (see also paragraph 9 of the Data Protection Policy).

(b)        Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for the said data subject.

(c)         Right to rectification, erasure or restriction on processing.

(d)        Right to have personal data taken off a direct marketing or direct mailing list.

(e)         Right to object in writing at any time to the processing of personal data unless the Controller demonstrates compelling legitimate grounds for such processing which                 override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of a legal claim.

When a request to disclose or rectify personal data is received, no disclosure or rectification will be carried out unless the authority and authenticity of such a request has been established.

9.     Compliance with Data Protection Act 2017

All processing of personal data by Processor will be done in compliance with the Data Protection Act 2017.

10.  Complaints

If a data subject believes that we have not handled a request in an appropriate manner, the data subject may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we would request the data subject to contact us to try to resolve any issues amicably before referring any complaint to the DPC.       

11.  Conclusion

This notice will be updated as and when required to reflect best practices in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2017, regulations made thereunder, any data protection policies and generally applicable data protection rules.

 

  Glossary of Terms:

Data Protection Act 2017: In Mauritius, the law which governs the protection of personal data is the Data Protection Act 2017 (hereinafter referred to as “DPA”).

Controller means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision making power with respect to the processing.

Processor means any person who or public body which, processes personal data on behalf of the Controller.

Data Subject (Individual) means an identified or identifiable individual, in particular by reference to an identifier as described under paragraph 4.

Personal Data means any information relating to a data subject.

Although this Website may be linked to other websites, we are not, directly or indirectly, implying any approval, association, sponsorship, endorsement, or affiliation with any linked website, unless specifically stated herein.

You should carefully review the legal statements and other conditions of use of any website which you access through a link from this Website. Your linking to any other off-site pages or other websites is at your own risk.

Cookies policy

Our website uses cookies.

 What is a cookie?

Cookies are small data files that your browser places on your computer or device.  Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

Why do we use cookies?

We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. 

Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer. The types of cookies we use are the following:

Session cookies – to allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new page you visit.

Technical cookies – These cookies are required for the proper functioning and operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

Functional cookies - Used to recognise you when you return to our website. This enables us to remember your preferences, such as language or region, which remain as your default settings when you revisit the website.

How are third party cookies used?

For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third-party websites for data regarding their use of cookies. 

How do I reject and delete cookies?

We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third-party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.

 You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For data on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.