Data Protection Policy of the Rogers Group

We, the data controllers and data processors of the Rogers Group:

Shall endeavour to:

  • Ensure that we are duly registered as controllers and/or processors with the Data Protection Commissioner.
  • Ensure that personal data is:
  • processed lawfully, fairly and in a transparent manner;
  • collected for explicit, specified and legitimate purposes;
  • adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; and
  • processed in accordance with the rights of data subjects.
  • Inform data subjects of all relevant matters relating to the collection of their personal data, including the purpose for which the data is being collected and the period for which the data will be stored.
  • Adopt policies and implement appropriate technical and organisational measures so as to ensure that the processing of personal data is performed in accordance with applicable data protection legislation.
  • Maintain a record of all processing operations under our responsibility.
  • On the written request of a data subject, provide confirmation to him/her as to whether or not personal data relating to him/her is being processed and forward to him/her a copy of the data.
  • On being informed of the inaccuracy of personal data by a data subject to whom such data pertains, cause the data to be rectified without undue delay.
  • Destroy, as soon as reasonably practicable, personal data where the purpose for which the data was collected has lapsed.
  • Notify the Data Protection Commissioner and the relevant data subjects, where applicable, of any personal data breach in a timely manner.
  • Where processing operations are likely to result in a high risk to the rights and freedoms of data subjects, carry out, prior to the processing, an assessment of the impact of the envisaged processing operations on the protection of personal data.

Shall endeavour not to:

  • Collect personal data unless: (a) it is done for a lawful purpose connected with one of our functions or activities; and (b) the collection of the data is necessary for that purpose.
  • Process personal data unless:
  • the data subject consents to the processing; or
  • the processing is necessary:
    • for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject before entering into a contract;
    • for compliance with any legal obligation to which we are subject;
    • for the legitimate interests pursued by us, except if the processing is unwarranted in any particular case having regard to the harm and prejudice to the rights and freedoms or legitimate interests of the data subject; or
    • for such other purpose as may be authorised by law.
  • Process the personal data of a data subject who has objected in writing to such processing unless we demonstrate compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or for the establishment, exercise or defence of a legal claim.
  • Process the personal data of a child below the age of 16 years unless consent is given by the child’s parent or guardian.
  • Transfer personal data to another country:
  • unless we have provided to the Data Protection Commissioner proof of appropriate safeguards with respect to the protection of the personal data;
  • unless the data subject has given explicit consent to the proposed transfer;
  • the transfer is necessary for the performance of a contract between us and the data subject or the implementation of pre-contractual measures taken at the data subject’s request; or
  • in such other circumstances as may be allowed by law.
  • Without lawful excuse, disclose personal data in any manner that is incompatible with the purpose for which such data has been collected.

 

DATA PROTECTION NOTICE

Purpose

In our dealings with you, we are called upon to process your personal data. The purpose of this Data Protection Notice is to explain to you:

  1. Who we are and how we may be contacted;
  2. The categories of personal data we collect;
  3. The purpose for which we collect your personal data and the lawful basis for such collection;
  4. The intended recipients of the personal data;
  5. Whether the supply of personal data is voluntary or mandatory;
  6. Your rights relating to your personal data being processed by us;
  7. The possible existence of automated decision making in respect of your personal data;
  8. The period for which we will store your personal data;
  9. Whether, and in what circumstances, we may transfer your personal information to another country, and the safeguards we have put in place in relation to such transfer; and
  10. How we conduct direct marketing.

Application

This Data Protection Notice applies to any processing of your personal information by us, whether such information is provided to us through our website, by email, through the filling of forms (including employment-related ones), through the exchange of contractual documents, by letter or fax, verbally, or through any other means.

By entering into a business relationship with us, or by providing your personal data to us, you confirm that you are agreeable to the processing of your personal data in accordance with the terms of this Data Protection Notice.

Technical terms

We have tried to use simple and plain English as far as possible in this Data Protection Notice. However, data protection is a complex subject and the use of technical terms from time to time is inevitable. We have therefore set out below definitions of the technical terms we have used in this document:

Personal data”: Any data which allows or could allow us to identify you.

Processing”: Any manipulation of personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Who we are and how we may be contacted

Details about us and how we may be contacted are set out in the table found in the schedule of this Data Protection Notice (the “Information Table”).

We have appointed a Data Protection Officer to monitor the adherence to data protection principles within our organisation. His name and contact details are also set out in the Information Table. You may wish to contact him if you have any query regarding this Data Protection Notice or any other matter relating to your personal data.

  • The categories of personal data we collect
    1. Categories

The categories of personal data we collect are set out in the Information Table.

While we have attempted to make the list as exhaustive as possible, there is a possibility we may have omitted come categories due to the complexity of our organisation and the intricacies of our operations.

We encourage you to get in touch with our Data Protection Officer if you find that any of your personal data which we collect is not listed in this Data Protection Notice. We will then endeavour to promptly amend this Data Protection Notice accordingly.

    1. Personal data of children

We do not knowingly process data relating to a child under the age of 16, without the consent of his parents or guardians. If you are a child under the age of 16, please ensure that you (a) obtain the consent of your parents or guardians before providing such data to us; and (b) provide a record of such consent to us.

If you provide us with the personal data of another person, you are responsible for ensuring that such person is made aware of the information contained in this Data Protection Notice and that the person has given you his consent for sharing his personal data with us.

    1. Special categories of personal data

Special categories of personal data are data pertaining to racial or ethnic origin, political opinion or adherence, his religious or philosophical beliefs, membership of a trade union, physical or mental health or condition, sexual orientation, practices or preferences, genetic data or biometric data uniquely identifying someone or data relating to the commission or alleged commission of an offence.

We do not collect any of your personal data which falls within the special categories of personal data, unless:

  1. you have consented to the processing for one or more specified purposes;
  2. the processing is necessary:
  1. for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract;
  2. for compliance with any legal obligation to which we are subject;
  3. for the purpose of historical, statistical or scientific research; or
  4. for such other legitimate purposes as may be authorised by law.

The special categories of data which we may collect, in accordance with the above terms, are set out in the Information Table.

    1. Cookies

Please note that we collect information via cookies and other similar technologies (such as web beacons).

Cookies are small text files that are automatically placed on your computer or mobile device when you visit a website. They are stored by your internet browser. Cookies contain basic information about your use of the internet. Your browser sends these cookies back to our website every time you visit it, so it can recognise your computer or mobile device and personalise and enhance your browsing experience.

We invite you to read our Cookie Policy if you wish to further understand our use of cookies in relation to your personal data.

  • The purpose for which we collect personal data and the lawful basis for such collection
    1. Purpose

We collect personal data for a number of purposes, including:

  1. to provide services to our clients. You will find a brief description of the services we provide in the Information Table;
  2. to enter into contractual relationships with suppliers and service providers and execute such contracts;
  3. to keep a database of clients and potential clients to communicate with in respect of our services and matters related thereto;
  4. to comply with our legal obligations towards authorities, including the Mauritius Revenue Authority, the Registrar of Companies and the regulators;
  5. to keep a database of candidates who have sent CVs to us, for potential future use;
  6. to keep appropriate employment-related information on employees;
  7. to provide facilities and benefits to our employees;
  8. for security purposes;
  9. to generate statistics and reports on different aspects of our business; and
  10. for such other purposes as may be related, directly or indirectly, to our business activities.
    1. Lawful basis

The law (a) provides that we cannot process personal data unless we have a lawful basis for such processing; and (b) lists a number of lawful bases for the processing of data.

The lawful bases which apply to our processing of your personal data are as follows:

  1. your consent having been obtained; and/or
  1. the processing being necessary:
  1. for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract with you; and/or
  2. for compliance with any legal obligation to which we are subject; and/or
  3. for the purpose of historical, statistical or scientific research; and/or
  4. for the legitimate interests pursued by us (except if the processing is unwarranted in any particular case having regard to the harm and prejudice to your rights and freedoms or legitimate interests).
  • The intended recipients of the personal data

The primary purpose of collecting your personal data is for our own uses, in connection with our business relationship with you. In this context, we may disclose your personal information to our collaborators, including our employees, consultants, advisors, directors and service providers who need to access the personal data.

However, we may also be required to disclose your personal data to third parties to comply with our legal obligations. Such third parties may include the Registrar of Companies, the Mauritius Revenue Authority, the Stock Exchange of Mauritius Ltd, the Financial Services Commission and other government authorities.

As you are aware, we form part of the Rogers Group. In this context, we may, from time to time, disclose your personal information to other companies forming part of the Rogers Group. The objective of this disclosure is to develop a centralised database of clients, which would help the Rogers Group better identify your needs and provide tailor-made packages and services to you. If you do not wish that your personal data be communicated to other companies within the Rogers Group, we encourage you to notify our Data Protection Officer as soon as possible.

  • Whether the supply of personal data is voluntary or mandatory

The provision of personal data is of course entirely voluntary. You are free to choose whether to provide your personal data to us or not. Please note however that if you choose not to provide your personal data to us, we may not be able to provide certain services to you or enter into a contractual relationship with you.

  • Your rights relating to your personal data being processed by us

The law confers upon you a number of rights relating to the personal data being processed by us. These rights are set out below. If you wish to exercise any of the said rights, we encourage you to contact our Data Protection Officer.

    1. Right to withdraw consent at any time

Where we process your personal data on the basis of your consent, you may withdraw such consent at any time. The withdrawal of your consent will not affect the lawfulness of any processing done by us prior to such withdrawal.

Please note that withdrawing your consent may result in us not being able to provide certain services to you or enter into a contractual relationship with you.

    1. Right of access

You may request a copy of the personal data we hold about you. Kindly ensure that such request is made in writing to our Data Protection Officer.

Please note that if, in our opinion, your request is manifestly excessive, we may either not attend to your request or charge a fee for attending to same.

    1. Rectification, erasure or restriction of processing

You may also, at any time, request:

  1. to have any inaccurate personal data we hold on you corrected. This includes the right to supplement and/or update existing personal data provided to us;
  1. that we erase any personal data we hold on you where (i) such data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; (ii) you have withdrawn your consent to us holding and processing such data and there are no overriding legitimate grounds for the continued processing; or (iii) your personal data has been unlawfully processed.

You will understand that this right is not absolute and that it will not be applicable where the exceptions provided for by law apply, including where our processing of your personal data is necessary for the purpose of historical, statistical or scientific research or for compliance with a legal obligation or for the establishment, exercise or defence of a legal claim;

  1. us to restrict processing of your personal data where (i) the accuracy of your personal data is contested by you. This restriction will apply for such period as may be necessary to enable us to verify the accuracy of the data; (ii) we no longer need the personal data for the purpose of processing; (iii) you deem the processing of your personal data to be unlawful, but do not wish us to erase it; or (iv) you have objected to the processing of your data. Such restriction will apply pending verification as to our legitimate grounds to keep processing the personal data, despite your objection.
    1. Right to object

You have the right to object to our processing of your personal data at any time. Upon receiving such objection, we will stop processing your personal data, except where there are compelling legitimate grounds to continue such processing;

    1. Right to lodge a complaint

If you feel that we have not processed your personal data lawfully, please do feel free to contact us through our Data Protection Officer.

If you remain unsatisfied, you may lodge a complaint with the Data Protection Commissioner in Mauritius. Her contact details are as follows:

Address: 5th Floor, SICOM Tower, Wall Street, Ebène

Email address: dpo@govmu.org

Phone number: + (230) 460-0253

Fax: + (230) 489-7346

  • The possible existence of automated decision making in respect of your personal data

Unless one of the following exceptions apply, we will not process your personal data in such as way to subject you to a decision which produces legal effects concerning you or which significantly affects, you, based solely on automated processing, including profiling:

  1. where the decision is necessary for entering into, or performing, a contract between us;
  2. where the decision is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or
  3. where the decision is based on your explicit consent.
  • The period for which we will store your personal data

The law provides that where the purpose for keeping any personal data has lapsed, we should destroy the data as soon as reasonably practicable.

We will keep storing your data for as long as is necessary:

  1. for us to fulfil the purposes we collected it for;
  2. for the performance of any contract which may exist between us;
  3. for us to share with you the latest news regarding our organisation and our services;
  4. for us to keep a record of your preferences in order to service you again on future occasions;
  5. for us to satisfy any legal requirement, including statutory reporting obligations;
  6. for the keeping of adequate records for historical, financial or statistical purposes;
  7. for security purposes;
  8. for the prevention of fraud and abuse; and
  9. for us to defend or enforce our rights.

We wish to draw your attention to the fact that the legal prescription period in Mauritius (i.e. the period during which one party may sue another after the happening of an event) is 10 years for non-immovable-property-related matters. Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data for at least the legal prescription period in order to be able to defend or enforce our rights.

In some circumstances, we may anonymise your personal data by pseudonymisation or encryption, such that the personal data can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  • Whether, and in what circumstances, we may transfer your personal information to another country, and the safeguards we have put in place in relation to such transfer

Please refer to the Information Table.

  • How we conduct direct marketing

You may from time to time receive communication of advertising or marketing material from us (“Direct Marketing”) if:

  1. you have given your consent;
  2. you asked for a quote or other information on us;
  3. you have, at any time, purchased goods or services from us and have not opted out of receiving advertising or marketing material;
  4. you have entered into a contractual relationship with us; or
  5. you have provided us with your personal data when you entered a competition or registered for a promotion.

You have the right, at any time, to object to the processing of your personal data for direct marketing purposes. Where we receive such an objection from you, we will stop processing your data for direct marketing purposes.

  • Queries

If you have any queries on this Data Protection Notice, we encourage you to get in touch with us through our Data Protection Officer.

Schedule

The Information Table

Who we are Rogers Capital Finance Ltd
Our contact details

Address: No. 5, President John Kennedy Street, Port Louis

 

Telephone number: (230) 260 9920

Fax number: (230) 211 3782

Email address: Yerusha.Narrainen@rogerscapital.mu

Our Data Protection Officer

Yerusha Narrainen

 

Her contact details are the same as above.

The categories of personal data we collect (including the special categories of personal data) Please refer to Annex A below.
Our services

Rogers Capital Finance Ltd is involved in the following businesses:

 

      1. Hire Purchase;
      2. Leasing;
      3. Credit Finance; and
      4. Insurance Agency (in respect of Hire Purchase).
Transfer of personal data to another country We endeavour to ensure that whenever we transfer personal data to other countries, the recipients of such personal data comply with all applicable data protection laws and principles.

Annex A

The categories of personal data we hold

Categories of personal data Examples
Identity
  • First name
  • Maiden name
  • Last name
  • Username or similar identifier
  • Marital status
  • Job title
  • Date of birth
  • Gender
  • Signature
  • National Identity Card information
  • Passport Information
Contact details
  • Email Address
  • Telephone numbers
  • Fax numbers
  • Address
Financial
  • Credit/Debit card numbers
  • Payment card details (including security code numbers) and other related billing information
  • Bank details
  • Payment card details
Transactional
  • Payments to and from you
  • Services/goods purchase history
Technical
  • Internet Protocol (IP) address
  • Login data
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Other technology on the devices used to access our website
  • Traffic data
Preferences and interests
  • Not applicable
Usage
  • Information about how you use our website and service (You may also wish to consult our Cookie Policy).
Additional information we collect if your relationship with us is an HR-related one (solicitation, recruitment or employment)
  • Qualifications
  • CVs
  • Records of past employment
  • Employment records, including remuneration details, attendance records, performance-related information
  • Fingerprints, if we operate a fingerprint-based access systems
Special categories of personal data
  • Fingerprints (for the purposes of operating a fingerprint-based access system for employees)
  • Criminal records, including certificate of character (for HR purposes and to meet our obligations towards the Financial Services Commission)
  • Trade union membership records (if you are an employee)
  • Health records (if you are an employee and are or wish to become a member of Rogers Pension Fund or Rogers Group Provident Association)
Others
  • Photographs
  • Videos, including where we operate CCTV surveillance systems