DATA PROTECTION NOTICE
In our dealings with you, we are called upon to process your personal data. The purpose of this Data Protection Notice is to explain to you:
1. Who we are and how we may be contacted;
2. The categories of personal data we collect;
3. The purpose for which we collect your personal data and the lawful basis for such collection;
4. The intended recipients of the personal data;
5. Whether the supply of personal data is voluntary or mandatory;
6. Your rights relating to your personal data being processed by us;
7. The possible existence of automated decision making in respect of your personal data;
8. The period for which we will store your personal data;
9. Whether, and in what circumstances, we may transfer your personal information to another country, and the safeguards we have put in place in relation to such transfer; and
10. How we conduct direct marketing.
This Data Protection Notice applies to any processing of your personal information by us, whether such information is provided to us through our website, by email, through the filling of forms (including employment-related ones), through the exchange of contractual documents, by letter or fax, verbally, or through any other means.
By entering into a business relationship with us, or by providing your personal data to us, you confirm that you are agreeable to the processing of your personal data in accordance with the terms of this Data Protection Notice.
We have tried to use simple and plain English as far as possible in this Data Protection Notice. However, data protection is a complex subject and the use of technical terms from time to time is inevitable. We have therefore set out below definitions of the technical terms we have used in this document:
“Personal data”: Any data which allows or could allow us to identify you.
“Processing”: Any manipulation of personal data, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Who we are and how we may be contacted
Details about us and how we may be contacted are set out in the table found in the schedule of this Data Protection Notice (the “Information Table”).
We have appointed a Data Protection Officer to monitor the adherence to data protection principles within our organisation. His name and contact details are also set out in the Information Table. You may wish to contact him if you have any query regarding this Data Protection Notice or any other matter relating to your personal data.
2. The categories of personal data we collect
The categories of personal data we collect are set out in the Information Table.
While we have attempted to make the list as exhaustive as possible, there is a possibility we may have omitted come categories due to the complexity of our organisation and the intricacies of our operations.
We encourage you to get in touch with our Data Protection Officer if you find that any of your personal data which we collect is not listed in this Data Protection Notice. We will then endeavour to promptly amend this Data Protection Notice accordingly.
2.2. Personal data of children
We do not knowingly process data relating to a child under the age of 16, without the consent of his parents or guardians. If you are a child under the age of 16, please ensure that you (a) obtain the consent of your parents or guardians before providing such data to us; and (b) provide a record of such consent to us.
If you provide us with the personal data of another person, you are responsible for ensuring that such person is made aware of the information contained in this Data Protection Notice and that the person has given you his consent for sharing his personal data with us.
2.3. Special categories of personal data
Special categories of personal data are data pertaining to racial or ethnic origin, political opinion or adherence, his religious or philosophical beliefs, membership of a trade union, physical or mental health or condition, sexual orientation, practices or preferences, genetic data or biometric data uniquely identifying someone or data relating to the commission or alleged commission of an offence.
We do not collect any of your personal data which falls within the special categories of personal data, unless:
(a) you have consented to the processing for one or more specified purposes;
(b) the processing is necessary:
(i) for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract;
(ii) for compliance with any legal obligation to which we are subject;
(iii) for the purpose of historical, statistical or scientific research; or
(iv) for such other legitimate purposes as may be authorised by law.
The special categories of data which we may collect, in accordance with the above terms, are set out in the Information Table.
Please note that we collect information via cookies and other similar technologies (such as web beacons).
Cookies are small text files that are automatically placed on your computer or mobile device when you visit a website. They are stored by your internet browser. Cookies contain basic information about your use of the internet. Your browser sends these cookies back to our website every time you visit it, so it can recognise your computer or mobile device and personalise and enhance your browsing experience.
3. The purpose for which we collect personal data and the lawful basis for such collection
We collect personal data for a number of purposes, including:
(a) to provide services to our clients. You will find a brief description of the services we provide in the Information Table;
(b) to enter into contractual relationships with suppliers and service providers and execute such contracts;
(c) to keep a database of clients and potential clients to communicate with in respect of our services and matters related thereto;
(d) to comply with our legal obligations towards authorities, including the Mauritius Revenue Authority, the Registrar of Companies and the regulators;
(e) to keep a database of candidates who have sent CVs to us, for potential future use;
(f) to keep appropriate employment-related information on employees;
(g) to provide facilities and benefits to our employees;
(h) for security purposes;
(i) to generate statistics and reports on different aspects of our business; and
(j) for such other purposes as may be related, directly or indirectly, to our business activities.
3.2. Lawful basis
The law (a) provides that we cannot process personal data unless we have a lawful basis for such processing; and (b) lists a number of lawful bases for the processing of data.
The lawful bases which apply to our processing of your personal data are as follows:
(a) your consent having been obtained; and/or
(b) the processing being necessary:
(i) for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract with you; and/or
(ii) for compliance with any legal obligation to which we are subject; and/or
(iii) for the purpose of historical, statistical or scientific research; and/or
(iv) for the legitimate interests pursued by us (except if the processing is unwarranted in any particular case having regard to the harm and prejudice to your rights and freedoms or legitimate interests).
4. The intended recipients of the personal data
The primary purpose of collecting your personal data is for our own uses, in connection with our business relationship with you. In this context, we may disclose your personal information to our collaborators, including our employees, consultants, advisors, directors and service providers who need to access the personal data.
However, we may also be required to disclose your personal data to third parties to comply with our legal obligations. Such third parties may include the Registrar of Companies, the Mauritius Revenue Authority, the Stock Exchange of Mauritius Ltd, the Financial Services Commission and other government authorities.
As you are aware, we form part of the Rogers Group. In this context, we may, from time to time, disclose your personal information to other companies forming part of the Rogers Group. The objective of this disclosure is to develop a centralised database of clients, which would help the Rogers Group better identify your needs and provide tailor-made packages and services to you. If you do not wish that your personal data be communicated to other companies within the Rogers Group, we encourage you to notify our Data Protection Officer as soon as possible.
5. Whether the supply of personal data is voluntary or mandatory
The provision of personal data is of course entirely voluntary. You are free to choose whether to provide your personal data to us or not. Please note however that if you choose not to provide your personal data to us, we may not be able to provide certain services to you or enter into a contractual relationship with you.
6. Your rights relating to your personal data being processed by us
The law confers upon you a number of rights relating to the personal data being processed by us. These rights are set out below. If you wish to exercise any of the said rights, we encourage you to contact our Data Protection Officer.
6.1. Right to withdraw consent at any time
Where we process your personal data on the basis of your consent, you may withdraw such consent at any time. The withdrawal of your consent will not affect the lawfulness of any processing done by us prior to such withdrawal.
Please note that withdrawing your consent may result in us not being able to provide certain services to you or enter into a contractual relationship with you.
6.2. Right of access
You may request a copy of the personal data we hold about you. Kindly ensure that such request is made in writing to our Data Protection Officer.
Please note that if, in our opinion, your request is manifestly excessive, we may either not attend to your request or charge a fee for attending to same.
6.3. Rectification, erasure or restriction of processing
You may also, at any time, request:
(a) to have any inaccurate personal data we hold on you corrected. This includes the right to supplement and/or update existing personal data provided to us;
(b) that we erase any personal data we hold on you where (i) such data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; (ii) you have withdrawn your consent to us holding and processing such data and there are no overriding legitimate grounds for the continued processing; or (iii) your personal data has been unlawfully processed.
You will understand that this right is not absolute and that it will not be applicable where the exceptions provided for by law apply, including where our processing of your personal data is necessary for the purpose of historical, statistical or scientific research or for compliance with a legal obligation or for the establishment, exercise or defence of a legal claim;
(c) us to restrict processing of your personal data where (i) the accuracy of your personal data is contested by you. This restriction will apply for such period as may be necessary to enable us to verify the accuracy of the data; (ii) we no longer need the personal data for the purpose of processing; (iii) you deem the processing of your personal data to be unlawful, but do not wish us to erase it; or (iv) you have objected to the processing of your data. Such restriction will apply pending verification as to our legitimate grounds to keep processing the personal data, despite your objection.
6.4. Right to object
You have the right to object to our processing of your personal data at any time. Upon receiving such objection, we will stop processing your personal data, except where there are compelling legitimate grounds to continue such processing;
6.5. Right to lodge a complaint
If you feel that we have not processed your personal data lawfully, please do feel free to contact us through our Data Protection Officer.
If you remain unsatisfied, you may lodge a complaint with the Data Protection Commissioner in Mauritius. Her contact details are as follows:
Address: 5th Floor, SICOM Tower, Wall Street, Ebène
Email address: email@example.com
Phone number: + (230) 460-0253
Fax: + (230) 489-7346
7. The possible existence of automated decision making in respect of your personal data
Unless one of the following exceptions apply, we will not process your personal data in such as way to subject you to a decision which produces legal effects concerning you or which significantly affects, you, based solely on automated processing, including profiling:
(a) where the decision is necessary for entering into, or performing, a contract between us;
(b) where the decision is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or
(c) where the decision is based on your explicit consent.
8. The period for which we will store your personal data
The law provides that where the purpose for keeping any personal data has lapsed, we should destroy the data as soon as reasonably practicable.
We will keep storing your data for as long as is necessary:
(a) for us to fulfil the purposes we collected it for;
(b) for the performance of any contract which may exist between us;
(c) for us to share with you the latest news regarding our organisation and our services;
(d) for us to keep a record of your preferences in order to service you again on future occasions;
(e) for us to satisfy any legal requirement, including statutory reporting obligations;
(f) for the keeping of adequate records for historical, financial or statistical purposes;
(g) for security purposes;
(h) for the prevention of fraud and abuse; and
(i) for us to defend or enforce our rights.
We wish to draw your attention to the fact that the legal prescription period in Mauritius (i.e. the period during which one party may sue another after the happening of an event) is 10 years for non-immovable-property-related matters. Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data for at least the legal prescription period in order to be able to defend or enforce our rights.
In some circumstances, we may anonymise your personal data by pseudonymisation or encryption, such that the personal data can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. Whether, and in what circumstances, we may transfer your personal information to another country, and the safeguards we have put in place in relation to such transfer
Please refer to the Information Table.
10. How we conduct direct marketing
You may from time to time receive communication of advertising or marketing material from us (“Direct Marketing”) if:
(a) you have given your consent;
(b) you asked for a quote or other information on us;
(c) you have, at any time, purchased goods or services from us and have not opted out of receiving advertising or marketing material;
(d) you have entered into a contractual relationship with us; or
(e) you have provided us with your personal data when you entered a competition or registered for a promotion.
You have the right, at any time, to object to the processing of your personal data for direct marketing purposes. Where we receive such an objection from you, we will stop processing your data for direct marketing purposes
If you have any queries on this Data Protection Notice, we encourage you to get in touch with us through our Data Protection Officer.
The Information Table
Who we are BS Travel Management Ltd
Our contact details Address:
2 Gardens of Bagatelle Office Park, Moka
(230) 202 6655
(230) 468 8886
Our Data Protection Officer Soorjee Ravindranath (Janesh)
The categories of personal data we collect
(including the special categories of personal data) Please refer to Annex B below.
Transfer of personal data to another country We endeavour to ensure that whenever we transfer personal data to other countries, the recipients of such personal data comply
with all applicable data protection laws and principles.
|Categories of personal data||Examples|
Username or similar identifier
Date of birth
Passport number and validity
|Contact details||Email Address
|Financial||Credit/Debit card numbers
Payment card details (including security
code numbers) and other related billing information
|Transactional||Payments to and from you
Services/goods purchase history
Frequent flyer program references
|Technical||Internet Protocol (IP) address
Browser type and version
Time zone setting and location
Browser plug-in types and versions
Operating system and platform
Other technology on the devices used to access
|Preferences and interests||Hotel category
Class of travel
|Usage||Information about how you use
|Additional information we collect if your relationship with us is an
HR-related one (solicitation, recruitment or employment)
Records of past employment
Employment records, including remuneration
details, attendance records, performance-related information
Fingerprints, if weoperate a fingerprint-based access systems
Videos, including where we operate CCTV surveillance systems