CIEL Limited and its subsidiaries (“CIEL”, “we”, “us”, “our”) respect your privacy, and are committed to protecting the privacy, confidentiality and security of the personal data you provide to us when you use our website, when you contact our office, or when you otherwise interact with us. 

We appreciate that the success of our business is largely dependent upon a relationship of trust being established and maintained with our stakeholders and we are committed to protect your personal data in compliance with applicable data protection laws. 

We ask that you read this Privacy Notice carefully as it contains important information on how we, as data controller and processor, treat the personal data that you provide to us including how and why we collect, store, use and share your personal data, your rights in relation to your personal data and on how to contact us and the supervisory authorities in the event you have a complaint. Except as described in this Privacy Notice, we will not, without your consent, sell or rent to any third party any of personal data.

CIEL Limited is a public company incorporated in Mauritius and listed on the stock exchange of Mauritius. Our registered office and principal place of business is situated at 5th Floor, Ebene Skies, Rue de L’institut, Ebene, Mauritius. We invite you to browse our website for further details on our diversified group of companies. 

This Privacy Policy applies to Ciel Limited and all its main subsidiaries, material investee companies and, on a best effort basis, to other investee companies which may or may not be controlled by Ciel Limited (collectively referred to as “CIEL”, “we”, “our”).

We may collect the following personal data from you in the course of our interaction, for purposes of our business operations or for purposes of responding to your requests (newsletters or job applications) namely your name, address, contact details such as phone and fax numbers, e-mail addresses, qualifications, current employer, CV, areas of expertise, country of residence, financial data, technical data, profile data, usage data and any other personal data necessary to fulfill your special requests, and any other personal data that you choose to provide to us. 

We may also collect sensitive personal data also known as “Special Categories of Personal Data” about you in accordance with the Data Protection Act 2017 (the “DPA”) and where applicable, the European Union General Data Protection Regulation (the “GDPR”) (the “DPA” and the “GDPR” being collectively referred to as the “applicable data protection laws”). The sensitive personal data we process may include biometric data such as facial images in photos and CCTV footages.

When you consent to receive our marketing materials by opting-in, we ask that you provide us with your email address. The   provision of this information is purely voluntary and you may opt out of receiving our newsletters at any time by selecting the option “unsubscribe” which is available on any marketing materials issued by CIEL. 

When you make a job application through our Website, we ask that you provide us with your name, address, contact details such as phone and e-mail addresses, qualifications, current employer, CV, areas of expertise, country of residence. The provision of this information is purely voluntary for purposes of processing your job application. You may at any time send a written request to delete your record from our systems.

We use your personal data in the course of our business operations and interaction with you for purposes of performing our agreement with you, assisting you with your queries or concerns, complying with any legal or regulatory obligations imposed on us, fulfilling our legitimate commercial interests, sending you promotional communications or special offers if you have consented to receiving the same, processing any job applications which you submitted through our Website, promoting eventual business relationships, performing recruitment analytics with CVs received, promoting our corporate initiatives, improving our Website, promoting investor relations and for any other purposes for which we have your consent or rely on other legal basis.

We may share your personal data as follows:

• Between and amongst our subsidiaries and affiliates as may be relevant for the above purposes, to facilitate the operation of our business, to treat job applications, conduct internal analysis with a view to improving our company and services, but we shall only do so on a strictly need to know basis.
• With our employees for purposes of fulfilling our business operations or conducting internal analysis with a view to improving our enterprise.
• With our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors  or thirdparty service providers for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations.
• Personal data of our shareholders are shared with our share registry service provider.
• With any other party with your consent or at your direction.

We take great measures to ensure that all your personal data is kept safely. We take steps to ensure that only designated persons have access to your personal data on a strictly need-to-know basis for the purpose of fulfilling our agreement with you. Furthermore, all third persons with whom we share your personal data are under a contractual obligation with us to protect all personal data to which they have access.

Where personal data is being shared to third parties who act as processors of data, we ensure that the processors warrant that:

• They have in place all the security and organizational measures to protect your data.
• They will only process your personal data in accordance with our instructions.

We will share your personal data without first obtaining your consent as follows:

• With law enforcement and other statutory authorities if required by law;
• If required or authorized by law; or
• If we suspect any unlawful activities on your part.

Where we have collected your personal data on behalf of another party the use of your personal data by that party is governed by their privacy policy for which we are not responsible. 

We may also disclose anonymized data that is not personal data with third parties, including our commercial and strategic partners.

In some cases, we may need to share some of your personal data with organisations outside Mauritius when you instruct us to carry out a transaction to or from an overseas country, or when we use service providers located overseas to perform a function on our behalf, such as when data is being hosted outside Mauritius. When personal data is transferred outside of Mauritius, we enter into contractual arrangements to ensure that all the safeguards are present to protect your data being transferred, in line with applicable data protection laws. 

From time to time, we would like to use your name and contact information to send you either via emails, posts, or social media information that we think may be of interest to you, including about CIEL Stories, events, products, newsletters and services offered by our subsidiaries including offers and promotions and surveys but we will only do so with your consent, which may be obtained by ticking a box found on a document or online. 

You may opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications to you or by contacting us in accordance with the section “Contact Us” below. 

You can also object to the processing of your personal data for direct marketing purposes and exercise your right to have your personal data removed from our database at any time by contacting us. When you withdraw your consent or when you object to the processing of your personal data for direct marketing purposes, we will stop processing your personal data for such direct marketing purposes.

Your personal data will be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

The legal prescription period in Mauritius (i.e., the period during which one party may sue another party or be sued after the happening of an event) is 10 years for non-immovable-property-related matters (‘actions personnelles’). Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data after our last transaction with you, for at least the legal prescription period in order to be able to defend or enforce our rights or for such number of years according to the applicable laws. 

You can contact us for further details on retention periods for different aspects of your personal data. 

In a few circumstances, we may anonymise your personal data (so that it can no longer be associated to you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We are committed to collecting and using your personal data in accordance with applicable data protection laws. We will only collect, use and share and process your personal data where we are satisfied that we have an appropriate legal basis to do this, for instance where you have provided your consent to us using the personal data for specified purposes; our use of your personal data is necessary to provide you with the service under our contract with you; our use of your personal data is necessary to fulfill our statutory obligations with our regulators, tax officials, law enforcement bodies, or otherwise meet our legal responsibilities; our use of your personal data is in our legitimate interest as a commercial organization.

We have in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring. To protect your personal data, we also require our third-party service providers to take reasonable precautions to keep your personal data confidential and to prevent unauthorised or accidental access, processing, erasure, loss or use of personal data, and to act at all times in compliance with applicable data protection laws. 

We cannot guarantee that our website will function without fault/bugs and/or without any interruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

Except where required by local laws, we do not knowingly collect personal data from minors below the age of 16. If you are a minor below the age of 16, you may only use our Website and services with the consent of your parent or guardian. In this case, we shall make every reasonable effort to verify that consent has been given or authorized. If you are in the EU, our online services are not directed at children under the age of 13. If you believe we have collected information about a child under the age of 13, please contact us so that we may take appropriate steps to delete such information. If you are at least 13 but under the age of 16, please get the consent of your parent or legal guardian before giving us any personal data about yourself.

The Website may contain links to other websites, apps, content, plug-ins, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected and shared through these sites. Please check these policies before you submit any personal data to these sites.

Under applicable data protection laws you have a number of rights, subject to exceptions, which you may exercise by writing to us at the address set out below under Contact Us. The rights are as follows:

• Right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Right to request the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Right to Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data.
• Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
• Right to lodge a complaint at any time with the Data Protection Commissioner of Mauritius (DPC). Where the GDPR applies, the complaint may be lodged with the relevant supervisory authority in the European Union. 
• If the GDPR applies to our processing of your personal data, you have the right of portability that is the right to receive your personal data, which you have previously provided in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.

To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will respond to all legitimate requests within one (1) month but our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, manifestly excessive or repetitive in which case we reserve the right to charge a fee.

There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.

To make these requests, or if you have any questions or complaints about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our data protection officer at the address set out below under Contact Us.

When using our Website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. 

If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more information about the cookies we use, please consult our Cookie Policy. 

We may modify this Privacy Policy from time to time. Any changes to this Privacy Policy will be posted to our Website so that you are always informed of the way we collect and use your personal data, and we encourage you to review this Privacy Policy whenever you access our Website or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. 

We hope that we can resolve any query or concern you raise about our use of your personal data. The supervisory authority in Mauritius is the Data Protection Commissioner who may be contacted at:

The Data Protection Office  

5th floor, SICOM Tower Wall Street 

Ebène, Mauritius

We would appreciate the chance to deal with your concerns in the first instance before you approach the Data Protection Commissioner or the relevant supervisory authority.

Please contact us if you have any questions about this Privacy Notice or the information we  hold about you by writing to us at the following address:

Data Protection Officer 

CIEL Limited 

5th Floor, Ebène Skies, Rue de l’Institut 

Ebène, Mauritius