Privacy Statement
We, CIEL Foundation, respect your privacy, and are committed to protecting the privacy, confidentiality and security of the personal data that you provide to us whether such data is provided to us through our website at www.actogether.mu (our “Website”), by email, through the filling of forms (including employment-related ones), through the exchange of contractual documents, by letter or fax, verbally, or through any other means.
We recognise that our success largely depends on establishing and maintaining a relationship of trust with our stakeholders, and we are fully committed to protecting your personal data in compliance with applicable data protection laws.
We ask that you read this privacy notice (the “Privacy Notice”) carefully as it contains important information on:
By entering into a business relationship with us or by providing your personal data to us, you confirm that you are agreeable to the processing of your personal data in accordance with the terms of this Privacy Notice.
Who we are
CIEL Foundation (hereinafter referred to as "we”, “us”) is part of the CIEL Group (CIEL Go Beyond). It is a private company incorporated in Mauritius having as objective to drive and implement the community development projects of the CIEL Group. Our online platform - www.actogether.mu – serves as a hub to connect NGOs, sponsors, beneficiaries, volunteers and other stakeholders to promote community development projects and foster collaboration for greater social impact.
We act as the controller of your personal data as we determine the purposes and means of the processing of your personal data. We are registered with the Data Protection Office of Mauritius.
The Categories of Personal Data that We Collect
We may collect the following personal data from you in the course of our interactions:
|
Categories of personal data |
Examples |
|
Identity |
|
|
Contact details |
|
|
Financial |
|
|
Technical |
|
|
Additional information collected in the context of HR-related interactions |
|
|
Others |
|
|
Special categories of personal data |
|
Personal data of children
We do not knowingly collect personal data relating to a child under 16 years unless we have obtained the parent’s or guardian’s consent.
If you are a child under 16 years, please ensure you have received authorisation from your parent or legal guardian as we may request proof of that authorisation.
Third party information
If you share third party information to us, you confirm that you have obtained the necessary permission of such person to the reasonable use of their information in accordance to this Privacy Notice or as otherwise permitted for you to give us this information on their behalf.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us contacting by our Data Protection Officer (Please check How to Contact Us below).
The Purpose & Lawful Basis for Collecting Your Personal Data
(i) Purpose
We collect and process your personal data for the following main purposes:
- To drive, implement and promote community development projects of the CIEL Group;
- To facilitate collaboration between NGOs, donors, volunteers, beneficiaries and other stakeholders;
- To offer support and related services to our stakeholders in the initiation, implementation and promotion of community development projects;
- To provide relevant information (including photographs/image/ videos) to our stakeholders and the public in general about community development projects promoted by the CIEL Group and by our partner NGOs, and matters related thereto;
- To enter into contractual relationships with suppliers and service providers, and execute such contracts;
- To consider job applications;
- To keep appropriate employment-related information on employees;
- To comply with any legal obligations and statutory reporting requirements towards authorities and regulatory bodies such as the Mauritius Revenue Authority, Registrar of Companies;
- To manage and protect our operations;
- To ensure security and safety on our premises;
- To manage and protect our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- To use data analytics to improve our Website, services, experience and communication;
- To pursue direct marketing and advertising;
- To respond to requests, queries or complaints; and
- To fulfil such other purposes as may be related, directly or indirectly to our activities and objects.
Direct Marketing
We may, from time to time, send you either via emails, post, or social media, information that we think may be of interest to you, including about our partner NGOs, CIEL Stories, events, products and services offered by our subsidiaries and affiliates, including offers and promotions and surveys but we can only do so with your consent.
You may opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications to you or by contacting our Data Protection Officer (Please check How to Contact Us below).
(ii) Lawful basis
We will only collect, use and process your personal data where we are satisfied that we have an appropriate legal basis to do this, for instance:
- where you have provided your consent to us using the personal data for specified purposes; or
- where the processing is necessary:
o to attend to your requests, deliver the services you requested from us or for the performance of our contract with you;
o to fulfill our statutory obligations with our regulators, tax officials, law enforcement bodies or otherwise to comply with our legal obligations; or
o for the pursuance of our legitimate interests (e.g improving our services and managing our Website effectively), so long as the processing does not override your own rights, freedoms and interests.
With Whom We Share Your Personal Data
Except as described in this Privacy Notice, we will not, without your consent, share, sell or trade your personal data with other companies outside CIEL Group for marketing purposes.
In relation to the purposes for which we collect your personal data, we may have to share your personal data with:
- Partner NGOs, donors, volunteers, beneficiaries and other stakeholders as may be relevant for the above purposes, to facilitate collaboration amongst stakeholders on community development projects and related matters that align with their interests;
- Our subsidiaries and affiliates (CIEL Group) as may be relevant for the above purposes, to provide relevant information and updates on community development projects and matters related thereto, to facilitate our operations, to treat job applications, conduct internal analysis with a view to improving our services, but we shall only do so on a strictly need to know basis;
- Our employees on a need-to-know-basis for purposes of managing our operations, delivering our services and fulfilling our objectives;
- Our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors or third-party service providers for the purpose of assisting us to better manage, support or develop our operations, meet our objectives and comply with our legal and regulatory obligations;
- Authorities and regulatory bodies for purposes of complying with our statutory obligations; and
- with any other party at your consent or at your direction.
Overseas Transfers of Your Personal Data
We may need to share your personal data with organisations outside Mauritius when we use service providers located overseas to perform a function on our behalf. The data collected may also be stored on servers which are hosted outside of Mauritius (Microsoft servers for instance).
When personal data is transferred outside of Mauritius, we enter into contractual arrangements to ensure that your data is protected in line with the data privacy legislation applicable in Mauritius.
The Period for which We Retain Your Personal Data
We retain your personal data for as long as necessary to fulfil the purposes for which we collected it or for purposes required by law.
The legal prescription period in Mauritius (i.e., the period during which one party may sue another party or be sued after the happening of an event) is 10 years for non-immovable-property-related matters (‘actions personnelles’). Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data after our last transaction with you, for at least the legal prescription period to be able to defend or enforce our rights or for such number of years according to the applicable laws.
You can contact us for further details on retention periods for different aspects of your personal data.
In some circumstances, you can ask us to erase or destroy your personal data: Please check Your Right to request erasure of your personal data below for further information.
We may also anonymise your personal data by pseudonymisation or encryption, such that the personal data can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our Commitment to Data Security
We maintain technical, physical and organisational measures to protect your personal data from unlawful or unauthorised access, alteration, disclosure, accidental loss and destruction.
- These measures are subject to ongoing review and monitoring, and include:
- the pseudonymisation and encryption of personal data;
- the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
We also require our third-party service providers to take reasonable precautions to keep your personal data secure, and to act at all times in compliance with applicable data protection laws.
Where we have provided you with or you have chosen a password enabling you to access a personalised area on our Website, you are responsible for keeping this password confidential. We advise you not to share it with anyone.
We restrict access to your personal data to employees, agents, and service providers of our organisation and of our subsidiaries and affiliates on a need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We also maintain procedures to deal with any suspected personal data breach and will notify you and any relevant supervisory authority of a breach where we are legally required to do so.
Our Website may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal data to these sites.
Your Rights relating to Your Personal Data being Processed by Us
Under applicable data protection laws (including the Data Protection Act 2017 of Mauritius and the EU-General Data Protection Regulations), you have important rights which you are entitled to exercise by writing to our Data Protection Officer (Please check How to Contact Us below).
These rights include:
- Right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Right to request the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the applicable laws. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Right to Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data.
- Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
- Right to lodge a complaint at any time with the Data Protection Commissioner of Mauritius (DPC) at:
The Data Protection Office
5th floor, SICOM Tower
Wall Street
Ebène, Mauritius
Where the GDPR applies, the complaint may be lodged with the relevant supervisory authority in the European Union.
We would appreciate the opportunity to deal with your concerns in the first instance before you approach the Data Protection Commissioner or the relevant supervisory authority.
- If the GDPR applies to our processing of your personal data, you have the right of portability that is the right to receive your personal data, which you have previously provided in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.
To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your government issued identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).
Whenever reasonably possible and required, we will strive to grant these rights within one (1) month. but our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee.
There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.
To make these requests, or if you have any questions or complaints about how we handle your personal data or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer (Please check How to Contact Us below).
Changes to this Privacy Notice
We may modify this Privacy Notice from time to time. Any changes to this Privacy Notice will be posted to our Website so that you are always informed of the way we collect and use your personal data.
We encourage you to review this Privacy Notice whenever you access our Website or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.
How to Contact Us
We have appointed a Data Protection Officer, whose duty is to ensure data protection compliance at CIEL Foundation.
Should you have any questions in relation to the processing of your personal data or about this Privacy Notice, you may contact our Data Protection Officer as follows:
Data Protection Officer
CIEL Foundation
5th Floor, Ebène Skies,
Rue de l’Institut Ebène, Mauritius
Tel: 4042200
Email: DPO-CielFoundation@cielgroup.com
Last Updated: 28 November 2024