Credentia International Management Ltd (“CIML” or the “Company” or the “Firm”) recognises the importance of protecting the personal data of its clients, employees, service providers and other relevant parties.
The Company registered with the Data Protection Commissioner and paid the prescribed registration fees as outlined in Part III of the Data Protection Act 2017 (the “Act”).
It is noted that the Company has registered as a Data Controller to be compliant with the Data Protection Act as applicable in Mauritius and that Mrs. Seevanee Greedhun-Hussenee has been duly appointed as the Data Protection Officer of the Company.
In order to ensure compliance with the Act, the firm has implemented this data protection program, which consist of the following building blocks:
I. Written Policy and Procedures
Business units, including the Information Technology (“IT”) and Operations departments, also implement and maintain procedures for the security and protection of personal data as well as other related privacy matters.
II. Appropriate Delegation of Authority
The firm has designated a Data Protection Officer (DPO) who will be responsible for compliance issues related to data collection and processing by the Company. The designated individual will have relevant experience and the ability to oversee the implementation and maintenance of proper privacy standards across the organisation.
III. Education and Awareness
All staff members, including new hires, will be subject to data protection training. The DPO, in coordination with designated staff, identifies the employees that are subject to role-based privacy training requirements and will, as needed, conduct or facilitate the mandatory training courses or seminars for appropriate employees. The Company will provide refresher training and education on a periodic basis to employees that work with client data. Training may include online courses, in-person lessons, or other instructive memorandums.
IV. Compliance Oversight
The DPO will be tasked with evaluating new products, technologies, online activities, contracts, and regulations for potential privacy impacts, and advising other members of senior management on implementation of corresponding privacy protections. Additionally, the DPO will maintain records to satisfy record keeping obligations and the firm will implement appropriate controls to recognise and respond to personal data breaches, including response plans and escalation procedures.
V. Periodic Assessments of Program Effectiveness
On a periodic basis, the Company will evaluate and may adjust the program in light of risk assessment results, relevant findings by Compliance and the DPO or in response to any significant change to business practices, operations or regulatory requirements.
In the course of its business, the Company will be collecting personal information about potential clients, employees, service providers and other third parties. The Company is committed to maintaining the highest standards of integrity and seeks to provide fair, secure and appropriate methods for the handling of non-public personal information. All such activities are intended to be consistent with generally accepted privacy ethics and standard business practices.
2.1 Personal Identifiable Information
The Company will collect personal information specifically and knowingly provided by clients, staffs, service providers and any other third parties.
Where stated, the Company may use the personal information of the Clients to contact them about the Company’s services or to provide them feedback and updates in relation to their use of the services of the Company. The Company wilt only hold data which is necessary to offer its services and ensure continuity of the services.
2.2 Privacy Statement Changes
2.3 Retention of Records
The Company will keep personal information only as long as it is necessary and in compliance with any provisions of the laws as applicable in Mauritius as far as record keeping is concerned, including for the purposes of providing its services or as required by law. Personal information that is no longer required will be destroyed either by shredding or other approved destruction methods to prevent unauthorized parties from gaining access to the information during and after the process, unless required to be kept as per regulatory requirements.
The Company will safeguard all clients’ information in its custody and will develop and maintain security procedures to safeguard personal information against loss, theft, copying, and unauthorized disclosure, use or modification.
Access to personal information is restricted strictly to employees and authorized service providers with a need to know and use for the performance of their activities.
The Company will make no other use of the personal information of the clients unless authorized.
The Board of Directors
Credentia International Management Ltd
The Cyberati Lounge
Ground Floor, The Catalyst,
Silicon Avenue, 40 Cybercity, 72201 Ebène,
Republic of Mauritius
Tel: +230 467 2000, +230 468 6666
Fax: +230 467 7456
At Credentia, we believe that human talent, expertise and experience can make a difference in the way we deliver unparalleled, exceptional and consistent service whilst propositioning a way to operate the day to day.
With a high-calibre team carefully selected individuals and a solution-oriented work environment, life at Credentia thrives on a culture that supports talent, openness, ambition and coherency.