1.1. In this General Privacy Notice, “CJ” refers to Currimjee Jeewanjee and Company Limited and all the words and expressions used in this General Privacy Notice shall be interpreted and construed in line with the definitions used in CJ’s General Data Protection Policy.

1.2. This General Privacy Notice should be read and interpreted in conjunction with and subject to CJ’s General Data Protection Policy that governs all the personal data processing activities of CJ.

1.3. This General Privacy Notice is relevant to all persons (“data subjects”) whose personal data is collected by CJ in line with the requirements of the European General Data Protection Regulation 2016 (“GDPR”) and the Mauritius Data Protection Act 2017 (“DPA”).

1.4. Users of CJ’s website as well as CJ’s customers and potential customers are likely to be data subjects in as much as CJ may collect their personal information whether by automated or non-automated means.

2.1. CJ is responsible for ensuring that this General Privacy Notice is made available to data subjects prior to CJ collecting/processing their personal data.

2.2. All Employees of CJ who interact with data subjects, both employees and nonemployees are responsible for ensuring that:

2.2.1. this General Privacy Notice is drawn to the data subject’s attention prior to
processing the latter’s personal data; and

2.2.2. they obtain the consent of the data subjects prior to the processing of their
data wherever consent is required under either the GDPR or the DPA.

3.1. Who is CJ and what does CJ do?
3.1.1. CJ is a private company duly registered and validly existing under the laws of Mauritius.

3.1.2. CJ has its registered office situated at 38 Royal Street, Port Louis 11602, Mauritius and its administrative headquarters situated at 38 Royal Street, Port Louis 11602, Mauritius. CJ’s other contact details are as follows:

Telephone Number(s): +230 650 6200
Email address: cjcorporate@currimjee.com

3.1.3. More information on CJ is contained in its General Data Protection Policy.

3.1.4. Although established, based and domiciled in Mauritius, CJ’s business activities go beyond the jurisdiction of Mauritius including but not limited to parts of the European Union and/or the United Kingdom.

3.1.5. In the light of paragraph 3.1.4 above, CJ is likely to process personal data both under the GDPR and the DPA.

3.1.6. The contact details of the Data Protection Officer are as follows:

Name: Ismael Soodeen
Postal address: Currimjee Jeewanjee and Company Limited, 38 Royal
Street, Port Louis
Email address: dpo@currimjee.com
Telephone No.: 6506222

3.1.7. The personal data CJ is likely to collect from you and process includes any information about an individual from which that person can be identified. Such data includes contact information (for e.g. name, home address, telephone numbers, email address, date of birth, identity and passport documentation), financial information (for e.g. bank details and payment card details). The personal data referred to is not an exhaustive list and can be updated for legitimate business or legal purposes.

3.1.8. The personal data CJ collects from you will be used for such purposes as may be related, directly or indirectly, to our business activities. Your data may be used in the course of our business operations, for the purpose of the contract you have entered with us and for compliance with any legal and regulatory obligations.

3.1.9. In any event, CJ is committed to ensuring that the information it collects and usesis appropriate for the purpose for which it was collected, and does not constitute an invasion of your privacy.

3.1.10. From time to time, CJ would like to use your name and contact details to send you either through telephone calls, messaging services, emails, post, or social media platforms, information about our offers, promotions, products, surveys and services, as well as those of our subsidiaries and affiliates, that we believe may be of interest to you, but we will only do so with your consent.

If you have agreed to receive direct marketing, you may always opt out at a later stage by following the unsubscribed instructions on each of our marketing communications. You have the right at any time to stop CJ from contacting you for direct marketing purposes.

3.2.1. By using CJ’s website (as a user of CJ’s website) you are giving CJ permission to process your personal data specifically for the purposes identified above.

3.2.2. CJ will request your consent prior to processing any of your sensitive or special categories of personal data.

3.2.3. Sensitive or special categories of personal data is information about racial origin, ethnic origin, political opinion, religious belief, philosophical belief, trade union membership, genetic data, biometric data, health data, criminal record, data concerning sex life and/or sexual orientation.

3.2.4. You may withdraw consent at any time by informing CJ and/or CJ’s Data Protection Officer in writing of your wish to withdraw your consent without having to assign any reason for your decision.

3.2.5. CJ may exceptionally process sensitive or special categories personal data without your consent if such processing is required by law and/or a Court order or where the information is already in the public domain.

3.3.1. CJ may pass your personal data on to third-party service providers contracted by CJ in the course of dealing with you. Any third parties that CJ may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on CJ’s behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with CJ’s procedures.

3.3.2. Basically, CJ will not pass on your personal data to third parties unless it has obtained your consent or such disclosure is necessary for the processing activities of CJ in furtherance of a contractual relationship to which you are privy as a customer or potential customer of CJ or from which you will be deriving a personal interest.

3.3.3. CJ will not transfer your personal data to a different country without having carried out an adequacy test as explained in CJ’s General Data Protection Policy.

The CJ website may contain links to other websites, apps, content, services or resources of interest, which are operated by third parties. If you access websites, apps, content, services or resources using the links provided and you have left the CJ website, you must be aware CJ does not have any control over the other websites apps, content, services or resources. CJ is not responsible for the protection and privacy of any information you provide whilst visiting such websites, apps, content, services or resources and they are not governed by this Privacy Notice.

We use cookies that identify your browser. When you visit the CJ website, CJ may collect information from you automatically through cookies or similar technology. CJ may collect and store information about how you use the CJ website, as well as provide you with a better service and experience when browsing, and for analytics. The personal data we collect through these technologies will also be used to manage your session.

Whenever CJ is on notice that a breach of personal data has been committed or reasonably suspects that a breach of personal data is likely to be committed, CJ shall as soon as reasonably practicable inform the relevant supervisory authority about the same. You shall also be informed about the same where such a breach is likely to impact on your rights and freedoms as a data subject.

3.7.1. Subject to paragraph 3.7.2 below, CJ will process and store your personal data for no longer that is required for the purpose for which it is initially collected.

3.7.2. Notwithstanding paragraph 3.7.1 above, CJ may store your personal data for such period as may be necessary for CJ’s compliance with legal obligations and for CJ’s legitimate interests such as the defence by CJ of legal claims that may be brought before it.

At any point, while CJ is in possession of or processing your personal data, you, the data subject, have the following rights:

(a) Right of access to your personal data;
(b) Right of rectification to correct data that CJ holds about you that is inaccurate or incomplete;
(c) Right to erase personal data from CJ records;
(d) Right to restriction of processing - where certain conditions apply to have a right to restrict the processing;
(e) Right of personal data portability;
(f) Right to object - you have the right to object to certain types of processing such as direct marketing;
(g) Right to object to automated processing of your personal data, including profiling; and
(h) Right to complain against CJ.

In the event that you wish to make a complaint about how your personal data is being processed by CJ, or how your requests under paragraph 3.8 above have been handled, you have the right to lodge a complaint directly with the relevant supervisory authority and CJ’s Data Protection Officer.

3.10.1. At any point in time, you can find out the personal data that the organisation holds about you, if any.

3.10.2. Upon a written request being received, CJ can confirm what information it holds about you and how it is processed.

3.10.3. Where CJ holds your personal data, you can request the above from CJ who will provide the information in accordance with the provisions of the Data Protection Act.

3.10.4. When making a written request to CJ pursuant to this paragraph 3.10, you will need to provide to CJ an appropriate form of identification (“ID”) in order to have access to the information. An appropriate form of ID is either your National Identity Card or your passport (provided the same has not expired).

This General Privacy Notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This General Privacy Notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version, the English version shall prevail.