Axess
Privacy Policy
Axess Limited or any subsidiary of ENL Limited, endorsing and referring to this Privacy Policy (hereinafter referred to as “ENL”, “we”, “us”), is part of the ENL Group. We act as the controller of your personal data as we determine the purposes and means of the processing of your personal data. We are registered as controller with the Data Protection Office in Mauritius.
We value the privacy of our data subjects and commit to protect their personal data in accordance with the Applicable Laws.
This privacy policy (“Privacy Policy”) applies to any processing by us of personal data of all our natural stakeholders, including but not limited to our employees, suppliers, creditors, clients, customers, job applicants, shareholders, investors and web users (hereinafter referred to as “data subjects” or “you”).
We invite you to read this Privacy Policy which explains the context in which we process your personal data and explains your rights as data subjects and our obligations when we do so. Please click here to access the Glossary for the meaning of some of the terms used in this Privacy Policy.
This Privacy Policy should be read together with any other privacy policy or fair processing notice we may provide on specific occasions when we process your personal data so that you are fully aware of how and the purpose for which we use your personal data. This Privacy Policy supplements the other policies and notices and is not intended to override them.
We have appointed a Data Protection Officer, whose duty is to provide guidance and advice to and oversee data protection compliance at ENL Limited and its subsidiaries. Should you have any questions in relation to the processing of your personal data, you may contact our Data Protection Officer as follows –
Data Protection Officer
ENL House
Business Park, Moka
Mauritius
Email: dataprotectionofficer@enl.mu
The personal data we collect include and are grouped as follows –
- Contact Information:
Such as your first name, maiden name, last name, title, address, telephone number, mobile phone number, job title, name of employer, fax number and email address, and business information which includes identification and your relationship to a person. Address may include both business address and home address where you have provided that to us.
- Personal Information:
Such as your date of birth or passport number, or any other identity document details, or signature (whether in ink or electronic form) to enable us to check and verify your identity.
- Financial Data:
Such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, bank account and payment card details including security code numbers and other related billing information, as well as, where applicable, information relating to the source of funds and source of revenue.
- Transaction Data:
Includes details about payments to and from you and other details of services you have purchased from us.
- Technical Data (if applicable):
Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- the presence of COVID-19 symptoms;
- confirmation of the individual’s travel to a particular country;
- indication of any close contact that the individual may have had with persons who may (i) have visited a particular country; or (ii) be showing COVID-19 symptoms [added April 2020]
- whether the individual is vaccinated or not against COVID-19 [added July 2021]
- Profile Data:
Includes your username and password, your interests, preferences, your psychometric assessment, your feedback and survey responses.
- Usage Data:
Includes information about how you use our website and services.
- Marketing and Communications Data:
Such as your preferences in receiving marketing from us and our third parties and your communication preferences.
- Information collected from publicly available resources and credit agencies:
or any other information needed to enable us to undertake a credit or other financial checks on you.
- Location data such as your geolocation, location or tracking of your device captured through a system or network.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.
We do not usually collect ‘sensitive personal data’ also known as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and any information about your criminal convictions and offences, if any).
In the context of coronavirus containment, relevant Special Categories of Personal Data is being collected to evaluate the risk that an individual carries the virus and to take proportionate risk-based measures. Accordingly, the information collectable from any individual could be:
In limited cases where we do seek to collect sensitive personal data (for example your health condition) we will do so in accordance with the Applicable Laws.
- Personal data of children
We do not knowingly collect personal data relating to a child under 16 years unless we have obtained the parent’s or guardian’s consent. If you are a child under 16 years, please ensure you have received authorisation from your parent or guardian as we may request proof of that authorisation.
- Third party information
If you share third party information to us, you confirm that you have obtained the necessary permission of such person to the reasonable use of their information in accordance to this Privacy Policy or as otherwise permitted for you to give us this information on their behalf.
It is important that the personal data we hold about you is accurate and current. Please keep us informed, if your personal data changes during your relationship with us.
We process your personal data for various purposes including:
- To manage our employment relationship with you;
- To manage our business relationship with you as client, customer, supplier, service provider or investor;
- The use your signature (whether in ink or electronic format), where you are an authorised signatory;
- To provide you our products and/or services and those of our Associated Companies;
- To respond to your request, query or complaint when you fill out a ‘contact us’ form;
- To consider your application where you have applied for a position with us;
- To comply with any legal obligations and statutory reporting requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius or the Financial Services Commission;
- To prevent or detect abuse of our products and/or services;
- To confirm your identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
- To personalise your experience on your repeated visits to our website by delivering relevant website content and advertisement to you;
- To keep a database of customers/clients and potential customers/clients to communicate with in respect of our products and/or services and matters related thereto;
- To enable us to carry out statistical and other analysis to provide better customer service and measure the effectiveness of our communications to you;
- To pursue direct marketing and advertising;
- To use data analytics to improve our website, products, services, customer/client relationships and experiences;
- To administer and protect our businesses;
- To ensure security and safety on our premises;
- To administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- Use of photographs/image for communication regarding our business activities in the ENL Group; and
- To fulfil such other purposes as may be related, directly or indirectly to our business activities.
We have described the purposes for which we may use your personal data. We will only use your personal data when the law allows us to and where it is necessary. The lawful bases we rely on when processing your personal data can be:
- Where you have given your consent; or
- The processing is necessary:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for compliance with our legal obligations, for example any statutory reporting or record-keeping requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies;;
- for the pursuance of our legitimate interests or those of a third party;
- for the purpose of historical, statistical and/or scientific research; or
- for the establishment, exercise or defence of legal claims or proceedings
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights, freedoms and interests. Examples of such ‘legitimate interests’ are data processing activities performed: for the better running of our business; (ii) for the provision and administration and improvement of IT services and network security; (iii) for a better identification on the types of customers we have and a study on their use of our services in order to develop our marketing strategy accordingly; (iv) for the prevention fraud or crime.
We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is required under Applicable Laws.
If you send to us a ‘spontaneous job application’ for any future job, you may be contacted by us regarding job vacancies within the ENL Group that could be of interest to you. We do not share your job applications and associated personal data with other entities in the ENL Group without your consent unless there is another lawful ground for doing so. When applying for a position with us, whether for a specific job or as part of a spontaneous job application, we will hold onto your personal data provided to us, for future job openings (please refer to Paragraph 8 below).
Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data, or you fail to provide that data when requested. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Policy, in particular, we or you may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
We will not use your personal data for purposes that are incompatible with the purposes for which they were collected, and of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
We may process your personal data without your knowledge or consent, where this is required or permitted by law. For example, in order to prevent fraud and other illegal activity, and for verification process of any payment transaction or online payment.
We take cautionary measures to ensure we do not collect any personal data from you which we do not need in order to provide our products and services to you.
We shall pass on your personal information to our Associated Companies: i) only where you agree, so that they may offer you their products and services; or ii) where we are able to do so in accordance with Applicable Laws.
We only retain your personal data for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your information we use for marketing purposes will be kept with us until you unsubscribe or notify us that you no longer wish to receive our marketing offers or emails and request to destroy your personal information.
By law, we have to keep basic information about you including your Contact Data, Financial Data, and Transaction Data for ten (10) years or such number of years according the applicable laws, after you cease being our data subjects for statutory, tax and other judicial purposes.
Please contact us for further details on retention periods for different aspects of your personal data.
In some circumstances, you can ask us to erase or destroy your personal data: see Request erasure below for further information.
We may also anonymise your personal data (pseudonymisation) so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We do not share, sell or trade your personal data with other companies outside ENL Group for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.
In relation to the purposes for which we collect your personal data, we may have to share your personal data to:
- Our employees on a need-to-know basis;
- Third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your personal data, and to treat it in accordance with the law, (ii) not to use your personal data for their own purposes, and (ii) only to process your personal data for specified purposes and in accordance with our instructions;
- Our Associated Companies, for statutory or business purposes, to build up a centralised client database to better identify your needs regarding our different products and services offered across ENL Group and to share your CVs which could match positions advertised within ENL Group.
- Our business partners such as franchisors, principals, tenants.
- Our professional advisors that is our accountants, auditors, lawyers, insurers, and bankers;
- Any public or enforcement authority such as The Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius Ltd, Financial Services Commission in Mauritius or such similar authorities abroad to comply with our legal obligation, or in case of a court, administrative or governmental order.
This part explains to you how we handle and process your personal data (including location data) when such data is captured through our CCTV surveillance system and/or through our security measures on our premises.
Security measures on our premises may include any one or more of the following:
- Each visitor filling in and signing our log book (including name, contact details, time-in and time-out);
- Issue and presentation of a visitor’s pass;
- Swipe card access;
- Biometric data ID validation (such as fingerprint and/or facial recognition);
- Pin-Code access.
Such processing shall be in accordance with Applicable Laws. Personal data captured through our security measures may where necessary be shared with other property owners and/or tenants of premises that are the subject of those security measures.
CCTV cameras and other security devices are located at strategic points on our premises, namely at the entrances, receptions, the gates and parking to the site within which our premises are found, in common areas and in certain production areas. Signs will inform employees and visitors that CCTV cameras are in operation and who to contact for further information. If you require any information, please contact us through our Data Protection Officer.
Other devices namely fingerprint, and facial recognition devices will be located at the entrance to the premises and/or secured locations on the premises.
We may use your personal data –
- to send you customer satisfaction survey as part of the performance of the contract to assess your experience with us and how we may improve to offer you a better service in the future;
- to send you reminders such as servicing reminders which is a continuity of service we offer when you purchase a product with us;