Background and Scope
This website is operated by Sunibel Corporate Services Ltd (“Sunibel” or “we” or “us”), Company duly incorporated under the Laws of Mauritius. Please see the ‘Presentation’ section on our website for more information about the Company.
“Consent” means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;
“Data Subject” means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
“Personal Data” means any information relating to a data subject;
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
“Special Categories of Personal Data” means personal data pertaining to:
- his racial or ethnic origin;
- his political opinion or adherence;
- his religious or philosophical beliefs;
- his membership of a trade union;
- his physical or mental health or condition;
- his sexual orientation, practices or preferences;
- his genetic data or biometric data uniquely identifying him;
- the commission or alleged commission of an offence by him;
- any proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any Court in the proceedings; or
- such other personal data as the Commissioner may determine to be sensitive personal data;
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Processing” means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Processor” means a person who, or public body which, processes personal data on behalf of a controller;
“Third party” means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data.
Note that there may be links to third party websites on our website (example Facebook, Linkedin or Youtube). We do not have any control and accept no responsibility regarding the manner into which third party websites are operated, collect or process personal data. For privacy information relating to these other third party websites, we recommend that you consult their relevant privacy policies, as appropriate.
When do we collect your personal information?
- When you are enquiring or subscribing to any of our products or services;
- When we retain services of any service provider;
- When you send us emails, or during meetings if we take notes or record meetings. To note that recording meetings is not our usual
- practice and we will ask your consent if we wish to do so;
- When you use our website;
- When you attend any event that we make;
- When we provide you with funding or sponsor you as part of our Corporate Social Responsibility activities
Collection and use of your personal information
The personal data collected and stored by us include, but are not limited to information relating to your/your client:
- identification details (name, contact details, national identity number);
- email address;
- phone number:
- physical address;
- professional details;
- Country of residence;
- Information provided by yourself for recruitment purposes;
- Details regarding feedbacks on our services or courses
- Technical details, including the Internet Protocol (IP) address used to browse our website, frequency of visits, or other similar details (see our Cookies Policy for more information)
- We may also collect personal data classified as Special Categories of Personal Data. For instance, we may require your dietary requirements, including any allergies or restrictions. This information will be solely used to cater for your specific dietary requirements during tea break or lunch for training courses;
- Our website is not intended for use by Children [under the age of 16] and we do not knowingly collect or use personal information of children.
Purpose of processing
Kindly note that we use your personal data for the following:
- Registration for any of our courses;
- For the performance of a contractual / pre-contractual agreement;
- To abide by legal obligations imposed on us;
- Recruitment purposes;
- Collecting feedbacks and appreciations on our services or courses;For the enhancement of our services and your browsing experience.
Legal basis for Processing
For the processing of personal information, we are required to have a legal basis to rely on, which may vary depending on what information we process and why. The legal bases we may rely on include:
This is where you have expressly provided us with a clear consent for us to process your personal information for a specific purpose.
This is where the processing of your personal information is necessary for the performance of a contractual obligation between us, or because you requested us to take specific steps towards entering into a contract.
- Legal Obligations
This is where we are legally obliged to process your personal information, in accordance with prevailing Laws.
- Legitimate Interest
This is where we process your personal information for our legitimate interest.
With whom is your personal data being shared?
Your personal data may be shared with specific organizations, for the sole purpose of the Company to perform its contractual or legal duties. In effect, your personal data may be shared with:
- Postal services;
- Companies with which we have a joint venture or an agreement;
- Regulatory authorities and/or any other relevant authority;
- Companies you ask us to share your personal data with;
- IT service providers with whom we have a contractual service agreement with;
- Affiliate companies of the Company;
- Legal Professionals for the performance of a letter of engagement;
- Any other third parties to whom your personal data is shared upon your request or consent
Disclosure of personal data to third parties may occur for one or more of the below reasons:
- In the event where we receive a legal request and/or in the course of an investigation where disclosure is necessary to prevent a crime from occurring, or to comply with any piece of legislation or Court order;
- On your instructions;
If we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In this specific case and for the legitimate interest of our Company, we may disclose personal data to these service providers who process these data on behalf of and under the instruction of the Company only. Note that we restrict how service providers access, use, disclose and protect data remitted to them;
- In general, for the performance of our duties and/or for the legitimate interest of our business.
Transfer of personal data outside Mauritius
Your personal data may be transferred outside Mauritius for storage purposes, or if same is necessary for the performance of a contract we have with you. Note however that in case of transfer of your personal data outside Mauritius (if applicable), we ensure that all appropriate safeguards are in place to cater for appropriate security of the data, and relevant steps are taken in accordance with provisions of the Law.
Cookies and similar technologies
We would like to send you information about our products and services that we think would be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, or telephone, as the case requires.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes/fill in the relevant consent form when either you register/attend our training courses, or we enter into an agreement with you for the delivery of services. If you have previously agreed to being contacted this way, you can unsubscribe at any time by:
- Contacting us at firstname.lastname@example.org
- Using the unsubscribe link in emails
You may also contact us on the above email address if you wish to update your marketing preferences, that is choose what marketing messages, about which specific services or products you would be interested to receive. Note that the change in preferences may take up to 5 working days to take place. For more information on your rights with regards to marketing, please see “Your Rights” below.
Data subjects have specific rights under the Mauritius DPA and the EU GDPR. In summary, those include:
- Right of Access
- Right to Rectification
You have the right to have your incomplete personal data completed.
- Right to erasure
This provides for the right to have your data erased in case the processing of your personal data is not justified.
- Right to restrict
You have the right to restrict the processing of your personal data.
- Right to object
You have the right to object to the processing of your personal data.
- Withdrawal of consent
You have the right to withdraw your consent at any point in time, if your consent was required for the processing of your personal data.
- Right to Complaint
You have the right to lodge a complaint to the Mauritius Data Protection Office regarding the processing of your personal data by us.
- Automated processing
You have the right not to be subject to a decision based solely on an automated processing of your personal data, including profiling, which produces legal effects on you.
If you would like to exercise any of those rights, please send an email to our Data Protection Officer on email@example.com. Note that we may, at our discretion, verify your identity by requiring a proof of your identity before addressing your request.
Keeping your information secure
We take the security of your data very seriously and, as such, we have incorporated appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business requirement to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality and to our own security policies and procedures.
Some of these measures are as follows:
- There are restricted access to our office premises, and only our authorized employees have access;
- If personal data is retained in hard copy, same is kept in locked filing cabinets;
- All staff have followed relevant awareness sessions on protection of personal data and same is provided on a regular basis;
- We have established policies and procedures for security of data internally, to which our staff are obliged to adhere to in their daily tasks. Such policies and procedures include, among other things, clean desk policy, screen locking, encryption of data/documents, usage of IT devices/equipment among others;
- We use Citrix technology, which is a closed circuit system that provides a virtual platform to operate. As such, no documents are saved on the hard drive of computer we use. Citrix also requires a login and password for staff to access it;
- Our IT system incorporates enhanced security measures that are reviewed and updated on a regular basis. This comprises of firewalls, anti-virus and other related scanning software;
- Where we contract service providers to outsource any function necessary for our operations, we ensure that they only have access to information they require for the performance of the contract, and that we have binding contractual clauses specific to data protection in place.
We also have procedures in place to deal with any suspected data security breach. In case any breach occurs, we will notify you and the Data Protection Office where we are legally obliged to do so.
Note that the above is a non-exhaustive list of security measures in place to safeguard personal data.
How long do we keep your information?
We retain your information in accordance with our Retention policy, and as required by relevant Laws. As such, your personal data will not be stored for a period longer than is reasonably necessary for the purpose for which it was collected.
How to Complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. Do not hesitate to contact him on firstname.lastname@example.org or on +203 460 00 50 should you require any further information or wish to complain about the processing of your personal data by our Company.
You also have the right to complain directly to the Data Protection Office (http://dataprotection.govmu.org/English/Pages/Contact-Us.aspx)
This Policy was published to provide you with all information you should legally know about the manner into which we process your personal data. We may change this Policy from time to time without prior notice. If changes occur with regards to the specific processing of your information, we will inform you via email directly.
How to contact us
Please contact our Data Protection Officer (contact details below) should you require any further information, exercise your right or complain about the processing of your personal data.
Telephone: +230 460 00 50