General Privacy Notice
1. WHO WE ARE

Currimjee Jeewanjee and Company Limited, hereafter referred as “CJ” or “US/We/Our”, is part of the Currimjee Group and is a family-owned business. CJ is a company duly registered under the laws of Mauritius. CJ has five strategic clusters, namely Telecommunications, Media, IT (TMIT), Real Estate, Tourism & Hospitality, Commerce & Financial Services and Energy. In line with the provision of its services, CJ may process personal data as defined in the Mauritius Data Protection Act 2017 (“DPA 2017”) and the European Union General Data Protection Regulation (“GDPR”) (collectively referred to as “Laws”). Our company details are as follows: 

 

Registered Office: 

38 Royal Street, Port Louis 11602, Mauritius 

Phone Number: 

+230 650 6200 

 

CJ is duly registered as a data controller and a data processor with the Data Protection Office of Mauritius. 

2. PRIVACY STATEMENT

This general privacy notice (“General Privacy Notice”) is intended to help you understand how CJ collects and uses personal data and describes the rights you have with respect to your personal data amongst others. Personal data (“Data” or “information”) refers to information about you, and from which you could be directly or indirectly identified as defined under the applicable Laws. 

 

CJ collects, uses, or otherwise processes different types of personal data relating to different categories of individuals (“data subjects”) and for different purposes including visiting our website (https://www.currimjee.com), accessing our premises etc. Data subjects may be customers, prospective customers  and/or prospective employees. The lists and examples below are illustrative, non-exhaustive and not fully representative for every individual circumstance. 

 

We are committed to respecting and protecting your privacy and the personal data you may provide to us. If you have any questions regarding the processing of your personal data, please contact our Data Protection Officer.  

3. WHAT PERSONAL DATA WE COLLECT ABOUT YOU?

We may collect, use, or otherwise process different types of personal data about you. These may include: 

 

Type of personal data 

Examples (Note that the examples are illustrative and non-exhaustive) 

Information about you 

Name (first name and/or last name), address, data of birth, nationality 

Information to contact you 

Telephone numbers, email address, address 

Information to identify you 

Photographs, passport number, national identification number, video footage, car plate number 

Information about your device 

Internet protocol (IP) address, browser type, browser version etc. 

Information about your suitability to work for us 

Curriculum vitae details, references, qualifications, work experience, skills, training, certifications 

 

The personal data referred to above is not an exhaustive list and we may request additional information for legitimate business or legal purposes during the course of our business activities. In any event, CJ is committed to ensuring that the information it collects and uses is appropriate for the purpose for which it was collected and does not constitute an invasion of your privacy. 

 

There may be instances where some categories of personal data are mandatory while others are optional. Mandatory personal data is needed to ensure our ability to perform the required functions while optional data is entirely voluntary and intended for ancillary activities. 

 

We do not collect sensitive personal data (also known as special categories of personal data) but there may be circumstances where such data may be shared with us in an unsolicited manner.  

4. HOW IS PERSONAL DATA COLLECTED?

We may collect your personal data directly through physical forms, electronic forms, or other forms of correspondences (e.g., email, post). This can be by corresponding with us in person, by post, telephone, email, social media or otherwise. Refer to our Cookie Policy for information relating to use of cookies on our website.

5. HOW WE USE YOUR PERSONAL DATA?

We process personal data where such processing is: 

 

  • Reasonably necessary to fulfil our obligations, responsibilities, and duties in line with our business purpose. 
  • Reasonably necessary for compliance with legal or regulatory obligations to which we are subject to. 
  • Within CJ’s legitimate interests and the interests do not override your rights as a data subject. 
  • Subject to your consent in specific circumstances. 

 

We use your personal data for a variety of purposes including but not exclusively related to: 

 

  • Corporate communications (e.g., business sponsorships/opportunities, vacancies) through the website and social media 
  • Recruitment 
  • Security of CJ premises 
  • Security of CJ systems including website 
  • Compliance with internal policies and procedures 

We currently do not use automated decision-making including profiling. 

6. HOW WE TREAT UNSOLLICITED PERSONAL DATA?

There may be instances where data subjects may submit personal data which we have not requested. If you submit unsolicited personal data to us, we will process the data in accordance with this General Privacy Notice. We will only use and store such information if it is relevant to our legitimate business purposes or if we are required to do so by law.

7. WHO ARE THE INTENDED RECIPIENTS OF YOUR PERSONAL DATA?

We are committed to maintaining your privacy and we comply with all legal requirements regarding the sharing/disclosure of personal data. In relation to the purpose for which CJ processes personal data, we can disclose your personal data to the following recipients where there are legal requirements or it is within our legitimate interests to do so: 

 

  • Other entities within the Currimjee Group 
  • Service providers: We use third-parties to provide services and other activities. We only share personal data when the third-party has a legitimate business reason to have access to such information and where it has agreed in writing to provide an adequate level of data protection.  
  • Public or enforcement authorities in Mauritius 
8. WHERE DO WE TRANSFER PERSONAL DATA OUTSIDE MAURITIUS?

There are some instances where we may need to transfer personal data of our employees outside Mauritius. In such instances, we follow the DPA 2017 requirements which consists of consultation with the Mauritius Data Protection Commissioner, enforcing strict contractual clauses on data protection, performing a risk assessment and implementing adequate safeguards amongst others.

9. HOW LONG DO WE STORE YOUR PERSONAL DATA?

We retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. 

 

To determine the appropriate retention period for personal data, we consider the volume, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements. Once your personal data has reached its retention period, we will dispose your information through secure means of destruction unless it is not feasible. 

 

We maintain the accuracy and completeness of the personal data we process. It is important that you inform us promptly of any updates to your personal data so that we have the most up-to-date information about you.  

10. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

At any point while CJ is processing your personal data, you may have the following rights regarding your personal data. Please note that these rights are not absolute and are subject to specific conditions:  

 

  • Right of access: You have the right to ask us for copies of your personal information. 
  • Right to rectification: You have the right to ask us to rectify personal information which is inaccurate.  
  • Right to erasure: You have the right to ask us to erase your personal information in certain circumstances. However, we may not always be able to comply with a request of erasure for specific reasons which will be notified to you, if applicable, at the time of your request. 
  • Right to restriction of processing: You have the right to ask us to restrict or suspend the processing of your personal information in certain circumstances.  
  • Right to object to processing: You have the right to object to the processing of your personal information in certain circumstances. 
  • Right to withdraw your consent: You have the right to withdraw your previously given consent. 
  • Right to data portability: You have the right to ask that we transfer your personal information to another organisation. This applies only in instances where the processing falls under GDPR. 
  • Right to lodge a complaint: You have the right to lodge a complaint with the Data Protection Commissioner, for DPA 2017, or with the regulatory authority of the country of your residence, for GDPR. 

 

11. HOW DO WE PROTECT YOUR PERSONAL DATA?

CJ implements a combination of administrative, technical, and organisational measures designed to safeguard the confidentiality, integrity, and availability of your personal data.  

 

Our security measures include the following which are not exhaustive: 

 

  • Access control: Only authorised individuals have access to personal data and access is granted based on the principle of least privilege. 
  • Firewalls: Firewalls are used to protect the internal network from unauthorised access and security threats. 
  • Physical security: Physical restrictions are used to control access to sensitive areas. 
  • Disaster recovery: Contingency plans are defined to ensure recoverability of data and continuity. 
  • Training and awareness: Key employees receive regular training on data protection and security best practices.  
  • Breach response and management: Procedures are in place to detect and respond to breaches and related incidents.  

We may enter into a Data Processing Agreement with our service providers and ensure that as data processors, they protect your personal data by maintaining technical and organisational security measures to protect personal data. 

12. UPDATES TO THIS NOTICE

This General Privacy Notice may be updated periodically and without prior notice to reflect changes in our privacy practices. We will let you know about any significant changes to this General Privacy Notice and will indicate at the top of the General Privacy Notice when it was last updated. We recommend that you check this page from time to time to inform yourself of any changes in this General Privacy Notice.

13. HOW TO COMPLAIN?

If you have any concerns about our use of your personal data, we would appreciate the chance to deal with your concerns in the first instance. You can make a complaint to us at: 

 

Title: 

Data Protection Officer 

Email: 

dpo@currimjee.com 

Contact number: 

+230 650 6280 

 

If you are not satisfied with the response you obtain from us, you can also lodge a complaint with the Mauritius Data Protection Commissioner (refer to https://dataprotection.govmu.org/Pages/Home%20-%20Pages/Take%20Action/To-report-your-Complaint.aspx).  

The contact of the Mauritius Data Protection Commissioner is as per below: 

 

Address: 

5th, SICOM Tower,  

Wall Street, Ebene Cyber City 

Ebene 

Mauritius 

Email: 

dpo@govmu.org or dpo22@govmu.org 

Phone number: 

+230 460 0251 

Website: 

https://dataprotection.govmu.org 
14. MISCELLANEOUS

This Notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. 

 

This Notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version, the English version shall prevail.