Privacy

Introduction

This Privacy Notice applies to any processing of your personal information by ABC Banking Corporation Ltd, whether such information is provided to us through our website, by email, through the filling of forms (including employment-related ones), through the exchange of contractual documents, by letter or fax, verbally, or through any other means.

 

Definitions of the technical terms we have used in this document are set out below:

– Data Subject (Individual) means an identified or identifiable individual, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.

– Personal Data means any information relating to a data subject.

– Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

ABC Banking Corporation Ltd is a registered controller and processes personal data in accordance with the Data Protection Act 2017.

 

Data Processing

Personal data is processed to:

. ensure compliance with regulatory obligations under the applicable anti-money laundering or other applicable laws and regulations;
. assess applications with respect to a loan, a debit card, and any other banking, investment or fiduciary products or services; and
. as is necessary for the performance of obligations to you under any agreement entered into with the bank, as may be amended in accordance with its terms.

 

The provision of personal data is of course entirely voluntary. You are free to choose whether to provide your personal data to us or not. Please note however that if you choose not to provide your personal data, we may not be able to provide certain services to you or enter into a contractual relationship with you.

 

We do not knowingly process data relating to a child under the age of 16, without the consent of his parents or guardians. If you are a child under the age of 16, please ensure that you (a) obtain the consent of your parents or guardians before providing such data to us; and (b) provide a record of such consent to us.

 

If you provide us with the personal data of another person, you are responsible for ensuring that such person is made aware of the information contained in this Data Protection Notice and that the person has given you his/her consent for sharing his/her personal data with us.

 

The categories of personal data we collect are set out in the Information Table.

 

Cookies

Information is collected via cookies or similar technology on the website or apps of the bank. Cookies are small text files that are automatically placed on a computer or mobile device when visiting a website. These are stored by the internet browser. Cookies contain basic information about one’s use of the internet. The internet browser sends these cookies back to the website of the bank every time a user visits it, so it can recognise a computer or mobile device and personalise and enhance the browsing experience of the user.

 

Lawful basis

The law provides that personal data cannot be processed in the absence of a lawful basis. The lawful bases which apply to the processing of personal data by the bank are as follows:

. your consent having been obtained;
. the processing being necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract;
. for compliance with any legal obligation to which the bank is subject;
. for the purpose of historical, statistical or scientific research; and/or
. for the legitimate interests pursued by the bank (except if the processing is unwarranted in any particular case having regard to the harm and prejudice to your rights and freedoms or legitimate interests).

 

Your Rights

In accordance to the Data Protection Act 2017, you have certain rights relating to the personal data being processed by the bank. These rights are set out below.

 

–           Right to withdraw consent at any time

 

Where personal data is processed on the basis of express consent, such consent may be withdrawn at any time. The withdrawal of consent will not affect the lawfulness of any processing done by the bank prior to such withdrawal.

Please note that withdrawal of consent may result in the bank not being able to provide certain services or enter into a contractual relationship with you.

 

–           Right of access

 

You may request a copy of the personal data held. Such request to be made in writing to the bank’s Data Protection Officer.

If the request is manifestly excessive, a fee shall be charged for attending to same, at the discretion of the bank.

 

–           Rectification, erasure or restriction of processing

 

You may also, at any time, request:

 

to have any inaccurate personal data the bank holds on the Data subject corrected. This includes the right to supplement and/or update existing personal data provided to the bank;

 

that the bank erases any personal data held where (i) such data is no longer necessary in relation to the purpose for which it was collected or otherwise processed; (ii) consent to hold and process such data has been withdrawn and there are no overriding legitimate grounds for the continued processing; or (iii) the personal data has been unlawfully processed.

It is understood that this right is not absolute and that it will not be applicable where the exceptions provided for by law apply, including where processing of the personal data is necessary for the purpose of historical, statistical or scientific research or for compliance with a legal obligation or for the establishment, exercise or defence of a legal claim;

The bank to restrict processing of the personal data where (i) the accuracy of the personal data is contested by you. This restriction will apply for such period as may be necessary to enable the bank to verify the accuracy of the data; (ii) the personal data is no longer needed for the purpose of processing; (iii) the processing of the personal data is deemed by you to be unlawful, but do not wish the bank to erase it; or (iv) you have objected to the processing of the personal data. Such restriction will apply pending verification as to legitimate grounds of the bank to keep processing the personal data, despite your objection.

 

–           Right to object

 

You have the right to object to the processing of his/her personal data at any time. Upon receiving such objection, the bank shall stop processing the personal data, except where there are compelling legitimate grounds to continue such processing;

 

–           Right to lodge a complaint

 

If you feel that the bank has not processed your personal data lawfully, the Data Protection Officer of the bank shall be contacted for lodging of a complaint.

 

Where you remain unsatisfied, you may lodge a complaint with the Data Protection Office in Mauritius. Contact details are as follows:

 

Address: 5th Floor, SICOM Tower, Wall Street, Ebène

Email address: [email protected]

Phone number: + (230) 460-0253

Fax: + (230) 489-7346

 

To exercise any of the above rights, please contact the Data Protection Officer of the bank, whose contact details are available in the Information Table.

 

 

Data Breach Notification

 

A data breach occurs where there is an unauthorised disclosure or a loss of personal data. Any breach must be reported to the Data Protection Officer as soon as the breach is noted so that appropriate measures can be taken to recover or limit any damage.

 

The bank is bound by law to notify the Data Protection Office of any breach within 72 hours after becoming aware. Further, where a breach is likely to put your rights and freedoms at risk, the Bank has the obligation to notify you directly.

Information Table

Controller ABC Banking Corporation Ltd
Contact details

Address: PLANTATION HOUSE, Duke of Edinburgh Avenue, Place d’Armes, 11328, Port Louis

Telephone number: (230) 206 8020

Fax number: (230) 208 0088

Email address: [email protected]
Data Protection Officer

Mahesh Ittoo

Contact details are the same as above.
The categories of personal data collected (including the special categories of personal data) Please refer to Appendix A below.
Services

The bank is involved in the following businesses:

  • Banking Business;
  • Leasing;
Transfer of personal data to another country Whenever personal data is transferred to other countries, the recipients of such personal data shall comply with all applicable data protection laws and principles.

Appendix A – Categories of personal data held

Categories of personal data Examples
Identity
  • First name
  • Maiden name
  • Last name
  • Username or similar identifier
  • Marital status
  • Job title
  • Date of birth
  • Gender
  • Signature
  • National Identity Card information
  • Passport Information
Contact details
  • Email Address
  • Telephone numbers
  • Fax numbers
  • Address
Financial
  • Tax Identification Number
  • Transactional information on accounts/dealings/activities, inter- alia, incomer, assets & liabilities.
  • Source of wealth information
  • Banking details
  • Telephone conversations confirming transactions
Transactional
  • Inward and Outward Payments
  • Services/goods purchase history
Mandatory info
  • Information about beneficial owners, /ultimate beneficial owners, intermediaries and other parties, which is required by law
  • Information about third-parties such as spouse, with respect to certain products & services, where this information is required by law
Technical
  • Internet Protocol (IP) address
  • Login data
  • Browser type and version
  • Time zone setting and location
  • Browser plug-in types and versions
  • Operating system and platform
  • Traffic data
Usage
  • Information about usage of website and service.
Additional information collected if relationship with the Bank is an HR-related one (solicitation, recruitment or employment)
  • Qualifications
  • CVs
  • Records of past employment
  • Employment records, including remuneration details, attendance records, performance-related information
Special categories of personal data
  • Biometric data, if a face recognition-based access systems is operated
  • Criminal records, including certificate of character (for HR purposes and to meet obligations towards the Bank of Mauritius)
  • Trade union membership records (if an employee)
  • Health records with respect to Employee Medical Insurance
Others
  • Photographs
  • Videos, including where CCTV surveillance systems are operated