MATCO Limited, hereinafter “MATCO”, cares about your privacy and values the trust you place in us when you share your personal information.
Accordingly, by this Notice, we want to let you know how we deal with the personal information you give us or is given to us by a third party. The aim of this Notice is to explain to you as Data Subject what kind of personal information we gather on you, why and how we process it as Data Controller. This Notice sets out your rights with regard to the General Data Protection Regulation 2016/679 (“GDPR”).
This Notice may be subject to changes. Any updates will be posted on our website. We recommend you regularly review it to ensure that you are always aware of our privacy practices. Our privacy commitments to you are:
• We keep your data safe and private;
• We ensure that you can exercise your rights;
• We train our employees to properly manage your personal information;
• We ensure that your personal data is processed only for the purpose for which it has been collected.
WHO IS CONCERNED?
This Notice describes our practices when using:
• The personal information of natural persons who are prospective clients or representatives of prospective clients being legal persons based in the European Economic Area (EEA) or outside the EEA;
• The personal information of any other Data Subject which operates as a legal representative, a supplier, a partner, a proxy, an administrator, a guarantor or a contact person;
• The personal information of natural persons based in the EEA who may visit our website.
WHAT PERSONAL INFORMATION ARE WE COLLECTING AND WHY?
In general, we may collect the following types of personal information you give us or which is given to us by third parties:
• Full Name;
• Email Address;
• Any other personal information as required for the setting-up and/or management of a structure in Mauritius or any other services provided by MATCO to its clients, necessary for the provision of investment services and compliance with legal requirements.
General Data Protection Regulation requires that we undertake to process only the data necessary for the purpose pursued by the processing.
More specifically, we use your personal data for the following purposes:
• To enter into a contract to which you are party, or as part of the pre-contractual measures of such contract, e.g. assess your needs and process your application, provide preliminary advices in relation to your needs, etc.;
• To comply with legal and regulatory requirements including anti-money laundering, anti-bribery and “know your client” requirements;
• To pursue our legitimate interest as far as it is not overridden by your fundamental rights and freedoms, e.g. update and maintain records;
• For any additional purpose to which you have explicitly consented.
WHAT ARE YOUR RIGHTS?
Individuals have the following rights, under certain circumstances, in relation to their personal information:
• Right to access personal information;
• Right to rectify personal information;
• Right to restrict the use of personal information;
• Right to request that personal information is erased;
• Right to object to processing of personal information;
• Right to data portability (in certain specific circumstances);
• Right to withdraw consent for data processing (if the consent was required for lawful processing);
• Right to lodge a complaint with a supervisory authority.
If you as an individual wish to exercise these rights, you can send an email to: email@example.com.
We may ask for additional information to verify your identity before carrying out a request.
DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We share your personal data with entities acting as our service providers and delegates who process the data on our behalf and act as the Data Processors for the purposes defined above.
It should be noted that we are a company based in Mauritius and also subject to the Data Protection Act which entered into force in Mauritius in 2017 and ensures the equivalent level of protection of Data Subjects’ rights as GDPR.
You must note that your data can be transmitted to public authorities, regulatory authorities, courts, etc. when required by law.
We only transmit your data for commercial use with your prior consent.
We will retain your personal information covered by this Notice for as long as required to perform the purposes for which the data was collected, depending on the legal basis on which that data was obtained and/or whether additional legal/regulatory obligations mandate that we retain the personal information. In general terms, this will mean that personal information will be kept for the duration of our relationship, and:
• the period required by tax, company and financial services laws and regulations, especially AML/CFT regulations; and
• as long as it is necessary for individuals to be able to bring a claim against us, and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under applicable law.
CONFIDENTIALITY AND SECURITY
We are subject to certain confidentiality and secrecy obligations, e.g. arising under data protection, other legal obligation, contract, professional secrecy, as the case may be. The personal data we process is also subject to the said obligations. We are required to follow specific procedures with respect to maintaining the confidentiality of our prospective clients’ personal information. We and our duly authorised delegates apply appropriate information security measures designed to protect data in our possession and/or our delegates’ possession from unauthorised access by third parties or any form of computer corruption. We continuously improve our security measures in line with the technological developments.
HOW TO CONTACT US
If you would like to raise any questions, concerns or complaints concerning this Notice, you can contact us at:
11th Floor, Tower 1
The person responsible for Data Protection can be contacted directly at firstname.lastname@example.org.
You can also lodge a complaint with the competent supervisory authority in your respective country of residence if you are resident in European Union or you can lodge a complaint in Mauritius to:
The Data Protection Office
Level 5, SICOM Tower
Phone: +230 460 0251