PRIVACY NOTICE OF SEMARIS LTD

Semaris Ltd (BRN: C18153946), a public company limited by shares, duly registered under the laws of Mauritius and having its registered office at Beachcomber House, Botanical Garden Street, Curepipe, Mauritius (hereinafter referred to as "Semaris", "we", "us", "our") respect your privacy, and are committed to protecting the privacy, confidentiality and security of the personal data you provide to us when you use our website, when you contact our office, or when you otherwise interact with us. We appreciate that the success of our business is largely dependent upon a relationship of trust being established and maintained with our stakeholders and we are committed to protect your personal data in compliance with applicable data protection laws. We ask that you read this privacy notice (the “Privacy Notice”) carefully as it contains important information on how we, as data controller, treat the personal data that you provide to us including how and why we collect, store, use, share and otherwise process your personal data, your rights in relation to your personal data and on how to contact us and the Data Protection Commissioner or any other supervisory authorities, where the General Data Protection Regulation 2016/671(“GDPR”) applies, in the event you have a complaint. Except as described in this Privacy Notice, we will not, without your consent, sell or rent to any third party any of personal data.

Your personal data will be processed by us in accordance with the Data Protection Act 2017 (the “Act”) and the GDPR (where applicable) (the Act and the GDPR being together referred to as the “applicable data protection laws”). CATEGORIES OF DATA WE COLLECT ABOUT YOU

We may collect the following personal data from you, being the visitor of our website, www.semaris.mu (the “Website”), our supplier, external service provider, shareholder and director in the course of our interaction with you and for purposes of our business operations.The personal data we collect from you is inter alia:

  • Identity Data which includes first name, last name, date of birth, passport, national identity card, nationality, Curriculum Vitae, utility bills, pictures;
  • Contact Data which includes and email address, telephone and fax numbers, residential address;
  • Financial Data which includes data necessary for processing payments such as bank account details;
  • Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website;
  • Usage Data includes information about how you use our Website and services.
  • Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.



It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Methods we use for collection of personal data

We use different methods to collect data from and about you including through:

1. Direct interactions:

You may give us your personal data when you fill in forms or when you correspond with us by post, phone, email, fax or otherwise. This includes personal data you provide when you:
(i) subscribe to our social media platforms (such as our Facebook); and (ii) subscribe to our publications and newsletters.

If you contact us, we may keep a record of that correspondence or any posts, comments or other contents that you upload or post on our Website or our social media platforms.

2. Automated technologies or interactions

As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, patterns and traffic data . We collect this personal data by using cookies, server logs and other similar technologies.

3. Third parties or publicly available sources

We may receive personal data about you from a third party or from publicly available sources.

How We Use Your Personal Data

We use your personal data in the course of our business operations for purposes of complying with any legal or regulatory obligations imposed on us, for the purposes of performing the contract we are about to enter or have entered with you, for fulfilling our legitimate commercial interests, for sending you promotional communications or special offers if you have consented to receiving the same, and for any other purposes for which we have your consent.

Legal basis for collecting your Personal Data

We are committed to collecting and using your personal data in accordance with applicable data protection laws. We will only collect, use, share and generally process your personal data where we are satisfied that we have an appropriate legal basis to do this, for instance, where you have provided your consent to us using the personal data for specified purposes; our use of your personal Information is necessary to provide you with the service under our contract with you; our use of your personal data is necessary to fulfill our statutory obligations with our regulators, tax officials, law enforcement bodies, or otherwise meet our legal responsibilities; and our use of your personal data is in our legitimate interest as a commercial organization.

Retention of Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for satisfying our business purpose and any legal, accounting, or reporting requirements.

The legal prescription period in Mauritius (i.e. the period during which one party may sue another party or be sued after the happening of an event) is 10 years for non-immovable-property-related matters (actions personnelles). Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data after our last transaction with you, for at least the legal prescription period in order to be able to defend or enforce our rights or for such number of years according to the applicable laws.

In some circumstances, you can ask us to delete your personal data as if further explained below.

We may anonymise your personal data (so that it can no longer be associated with you and is thus no longer your personal data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Our Commitment to Data Security

We have in place reasonable technical and organisational measures to prevent unauthorised access, alteration, disclosure, accidental loss and destruction of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third-party service providers to take reasonable precautions to keep your personal data confidential and to prevent any breach and to act at all times in compliance with applicable data protection laws.

In particular, our preventive and protective measures include:

  • lihaving in place policies, antiviruses and firewalls to protect your personal data.
  • limiting access to your personal data to those employees, agents, and other third parties who only process your personal data on our instructions and they are subject to a duty of confidentiality.



Children and Minors

We will not process the personal data of a child below the age of 16, unless consent to such processing is given by the child’s parent or guardian. In this case, we shall make every reasonable effort to verify using any reasonable means (including but not limited to any written supporting evidence) that consent has been given.

If you are below the age of 16, you may only use our Website and services with the permission of your parent or guardian.

Third Party Sites

Our Website may contain links to other websites, apps, content, plug-ins, applications and services or resources on the internet which are operated by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.If you access other websites, apps, content, services or resources using the links provided, please be aware they we do not control these third party websites which may have their own privacy policies and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. When you leave our Website, we encourage you to read the privacy policy/statement of every website you visit before you submit any personal information to these sites.

Your Rights

Under the applicable data protection laws, you have a number of important rights which you may exercise by writing to us at the address set out below under Contact Us. Those rights are:

  • Right to access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you free of charge and to check that we are lawfully processing it.
  • Right not to be subject to automated individual decision-making process. This enables you to request that a decision that has automatically been taken by automated means (including by the use of our Website) which produces legal effects concerning you or significantly affects you be reviewed by a human being.
  • Right to rectify the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right to erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to object to the processing of your personal data in writing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes, in which case the personal data shall no longer be processed for that purpose. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Right to restrict the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Right to lodge a complaint with the Data Protection Commissioner (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius) and/or the relevant supervisory authority when GDPR applies to you
  • In the event the GDPR finds its application in relation to you (in the event you are in the EU), you have the right of portability that is the right to receive your personal data, which you have previously provided in a 'commonly use and machine readable format' and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.



To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your government issued identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will strive to grant these rights within one (1) month, but our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee.

There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.

Cookies

Our website uses Google Analytics as a cookie.

What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

Why do we use Google Analytics?

Google Analytics is Google’s analytics tool that helps website and app owners to understand how their visitors engage with their properties. It may use a set of cookies to collect information and report website usage statistics without personally identifying individual visitors to Google. The main cookie used by Google Analytics is the ‘_ga’ cookie.

In addition to reporting website usage statistics, Google Analytics can also be used, together with some of the advertising cookies described above, to help show more relevant ads on Google properties (like Google Search) and across the web and to measure interactions with the ads we show.

Learn more about Analytics cookies and privacy information.

For more information about the cookies we use, you can accede our Cookie Policy via the following link: https://www.semaris.mu/cookie-policy.

Recipients of your personal data

In relation to the purposes for which we collect your personal data, we may have to share your personal data to:

  • New Mauritius Hotels Limited as per its management services agreement with Semaris;
  • Our professional advisors that is our accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors; and
  • Any public or enforcement authority in Mauritius (including the Mauritius Revenue Authority, the Stock Exchange of Mauritius, the Registrar of Companies, the Courts of Mauritius upon a court order) or elsewhere where legally required to do so.



Whenever we are sharing your personal data, we will require the recipient of your data:

(i) to respect the security of your personal data, and to treat it in accordance with the law;
(ii) not to use your personal data for their own purposes, and
(iii) only to process your personal data for specified purposes and in accordance with our instructions.
Transfer of your personal data

Whenever we transfer your personal data outside Mauritius, we will ensure that we can do so and that your personal data is protected in accordance with the requirements set out in the applicable data protection laws.

Changes to the Privacy Policy

We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be communicated to you and will be posted on our Website so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access our Website or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. Updated versions of this Privacy Policy will include the date of the revision at the end of this Privacy Policy so that you are able to check when the Privacy Policy was last amended.

Contact us

We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:

The Data Protection Officer
Semaris Ltd
Beachcomber House, Botanical Garden Street
Curepipe, Mauritius
info@semaris.mu
601 9000

Complaints

We hope that we can resolve any query or concern you raise about our use of your personal data. The Data Protection Act 2017 (Mauritius) and the General Data Protection Regulation (EU) also gives you the right to lodge a complaint with a supervisory authority.
The supervisory authority in Mauritius is the Data Protection Commissioner (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we ask that you please try to resolve any issues with us first before referring your complaint to the supervisory authority.

Miscellaneous

This Privacy Policy is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This Privacy Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Privacy Policy, the English version shall prevail.