Background and Scope
This website is operated by Rockmills Financials Ltd ("Rockmills" or "we" or "us" or the "Company"), a company licensed and regulated as a Management Company that offers formation and administration of Mauritian Global Business Companies, Authorized Companies, Collective Investment Schemes, Trusts and Foundations, together with supporting accounting, secretarial, tax and business advice services . Please see the "ABOUT US" section on our website for more information about the Company.
"Consent" means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;
"Data Subject" means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
"Personal Data" means any information relating to a data subject;
"Restriction of processing" means the marking of stored personal data with the aim of limiting their processing in the future;
"Special Categories of Personal Data" means personal data pertaining to:
(a) racial or ethnic origin;
(b) political opinion or adherence;
(c) religious or philosophical beliefs;
(d) membership of a trade union;
(e) physical or mental health or condition;
(f) sexual orientation, practices or preferences;
(g) genetic data or biometric data uniquely identifying him;
(h) commission or alleged commission of an offence by him;
(i) proceedings for an offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any Court in the proceedings; or
(j) such other personal data as the Commissioner may determine to be sensitive personal data;
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
"Processing" means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Processor" means a person who, or public body which, processes personal data on behalf of a controller;
"Third party" means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data.
Note that there may be links to third party websites on our website. We do not have any control and accept no responsibility regarding the manner into which third party websites are operated, collect or process personal data. For privacy information relating to these other third party websites, we recommend that you consult their relevant privacy policies, as appropriate.
You may also consult our Cookies Policy for more information.
When do we collect personal information?
- When you are enquiring or subscribing to any of our services;
- When entering/ prior to entering any contractual relationship with you;
- Upon client-onboarding;
- When we retain the services of any service provider;
- When you send us emails/ job applications / CV/ requests;
- During meetings if we take notes or record meetings. To note that recording meetings is not our usual practice and we will ask your consent if we wish to do so;
- When you use our website.
Collection and use of your personal information
The personal data collected and stored by us include, but are not limited to information relating to you/your client:
- identification details (name, national identity number, gender);
- contact details
- email address;
- phone number:
- physical address;
- professional details;
- country of residence;
- information provided by yourself for recruitment purposes;
- information provided by yourself for entering a contract with us;
- details regarding feedbacks on our services;
- technical details, including the Internet Protocol (IP) address used to browse our website, frequency of visits, or other similar details (see our Cookies Policy for more information)
- We may also collect personal data classified as Special Categories of Personal Data.
- Our website is not intended for use by children [under the age of 16] and we do not knowingly collect or use personal information of children.
Purpose of processing
Kindly note that we use your personal data for the following:
- For the performance of a contractual / pre-contractual agreement;
- To abide by legal/compliance obligations imposed on us;
- For recruitment purposes;
- For business development activities;
- For the enhancement of our services and your browsing experience.
Legal basis for Processing
For the processing of personal information, we are required to have a legal basis to rely on, which may vary depending on what information we process and why. The legal bases we may rely on include:
This is where you have expressly provided us with a clear consent for us to process your personal information for a specific purpose.
This is where the processing of your personal information is necessary for the performance of a contractual obligation between us, or because you requested us to take specific steps towards entering into a contract.
- Legal Obligations
This is where we are legally obliged to process your personal information, in accordance with prevailing Laws.
- Legitimate Interest
This is where we process your personal information for our legitimate interest.
With whom is your personal data being shared?
Your personal data may be shared with specific organizations, for the sole purpose of us performing our contractual or legal duties. In effect, your personal data may be shared with:
- Postal services;
- Regulatory authorities and/or any other relevant authorities;
- The Bank;
- Companies/ third parties you ask us to share your personal data with;
- Service providers with whom we have a contractual service agreement with (including IT service providers);
- Affiliate companies of the Company (where applicable);
- Professionals for the performance under a letter of engagement (including auditors and accountants).
Disclosure of personal data to third parties may occur for one or more of the below reasons:
- For the performance of our legal/ compliance/ reporting obligations;
- In the event where we receive a legal request and/or in the course of an investigation where disclosure is necessary to prevent a crime from occurring, or to comply with any piece of legislation or Court order;
- On your instructions;
- If we outsource some or all of the operations of our business to third party service providers, as we do from time to time. In this specific case and for the legitimate interest of our Company, we may disclose personal data to these service providers who process these data on behalf of and under the instruction of the Company only. Note that we restrict how service providers access, use, disclose and protect data remitted to them;
- In general, for the performance of our duties and/or for the legitimate interest of our business.
Transfer of personal data outside Mauritius
Your personal data may be transferred outside Mauritius where same is necessary for the performance of a contract we have with you. Note however that in case of transfer of your personal data outside Mauritius (if applicable), we ensure that all appropriate safeguards are in place to cater for appropriate security of the data, and relevant steps are taken in accordance with provisions of the Law.
Cookies and similar technologies
We would like to send you information about our services that we think would be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, or telephone, as the case requires.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes/fill in the relevant consent form sent to you by us. If you have previously agreed to being contacted this way, you can unsubscribe at any time by:
- Using the unsubscribe link in emails
You may also contact us on the above email address if you wish to update your marketing preferences, that is choose what marketing messages, about which specific services you would be interested to receive. Note that the change in preferences may take up to 5 working days to take place. For more information on your rights with regards to marketing, please see "Your Rights" below.
Data subjects have specific rights under the Mauritius DPA and the EU GDPR. In summary, those include:
- Right of Access
- Right to Rectification
You have the right to have your incomplete personal data completed.
- Right to erasure
This provides for the right to have your data erased in case the processing of your personal data is not justified.
- Right to restrict
You have the right to restrict the processing of your personal data.
- Right to object
You have the right to object to the processing of your personal data.
- Withdrawal of consent
You have the right to withdraw your consent at any point in time, if your consent was required for the processing of your personal data.
- Right to Complaint
You have the right to lodge a complaint to the Mauritius Data Protection Office regarding the processing of your personal data by us.
- Automated processing
You have the right not to be subject to a decision based solely on an automated processing of your personal data, including profiling, which produces legal effects on you.
Keeping your information secure
We take the security of your data very seriously and, as such, we have incorporated appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business requirement to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality and to our own security policies and procedures.
Some of these measures are as follows:
- There are restricted access to our office premises, and only our authorized employees have access;
- If personal data is retained in hard copy, same is kept in locked filing cabinets;
- All staff have followed relevant awareness sessions on protection of personal data and same is provided on a regular basis;
- We have established policies and procedures for security of data internally, to which our staff are obliged to adhere to in their daily tasks. Such policies and procedures include, among other things, clean desk policy, screen locking, encryption of data/documents, usage of IT devices/equipment among others;
- Our IT system incorporates enhanced security measures that are reviewed and updated on a regular basis. This comprises of firewalls, anti-virus and other related scanning software;
- Where we contact service providers to outsource any function necessary for our operations, we ensure that they only have access to information they require for the performance of the contract, and that we have binding contractual clauses specific to data protection in place.
We also have procedures in place to deal with any suspected data security breach. In case any breach occurs, we will notify you and the Data Protection Office where we are legally obliged to do so.
Note that the above is a non-exhaustive list of security measures in place to safeguard personal data.
How long do we keep your information?
We retain your information in accordance with our retention policy, and as required by relevant laws. As such, your personal data will not be stored for a period longer than is reasonably necessary for the purpose for which it was collected.
How to Complain
You also have the right to complain directly to the Data Protection Office (http://dataprotection.govmu.org/English/Pages/Contact-Us.aspx)
This Policy was published to provide you with all information you should legally know about the manner into which we process your personal data. We may change this Policy from time to time without prior notice. If changes occur with regards to the specific processing of your information, we will inform you via email directly.
How to contact us
Please contact our Data Protection Officer (contact details below) should you require any further information, exercise your right or complain about the processing of your personal data.
Telephone: +230 2126946