St Lawrence Management Limited (BRN: C10093815) with registered office at 2nd Floor, C&R Court, Labourdonnais Street, Port Louis (“we” or “us” or “STLM”) is committed to protecting your personal data in accordance with the Mauritius Data Protection Act 2017 (‘DPA’).

This Privacy Policy describes how we collect and use Personal Data about you during the period in which we are engaging with you on a business-to-business basis as well as on our website (regardless of where you visit it from).

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other notices and is not intended to override them.

In relation to your Personal Data, we shall be acting as a Data Controller for Personal Data we collect about you. We also ensure that data protection laws are adhered to through specific clauses within contractual agreements and the guarantees provided by processors/sub-processors.

The use of information collected through our service and our website shall be limited to the purpose of providing the service for which the Client has engaged with us.

Data Collection

STLM collects and processes information under the direction of our clients or through direct relationship with individuals.

The Personal Data, as defined under the DPA, which we process includes certain information which can be used to identify the person in question (“Data Subject”, or “you”). Although we do not currently collect and/or process Special Categories of Data, we shall inform you should this change, as well as the further protections that we would implement in relation to Special Categories of Data.

Data Processing

All client and personal data are processed under the control of STLM in Mauritius.

Purpose/Activity

To manage our relationship with you, which includes:

• Notifying you about changes to our terms or privacy policy
• Asking you to take a survey.
• Raising awareness about our Company;
• Using data analytics to improve our products/services, marketing, customer relationships and experiences.
• To make suggestions and recommendations to you about goods or services that may be of interest to you and are related to the information or services we have previously provided.
• Information obtained by completing any forms on our website.
• Communicating to you the latest news, and events,

Use of Information

The information collected is maintained for the purpose of fulfilling our contractual obligations with our Client and is used as such or in order to contact you for the purpose of demonstrating our services. The information we collect is not shared with any organisations, except to provide products or services requested, when we have your permission, or under the following circumstances:

• As required by law, such as to comply with legal proceedings, or similar legal process.
• To investigate potential violations of our Terms of Service.
• To third-party service provider as stated under Third Party disclosure.

Third Party Disclosure

Only aggregated, anonymized data may be periodically transmitted to external services to help us improve Our website and our service. For our website, we may use Google Analytics as an Analytics Provider. Only aggregated and anonymized data would be transferred.

Data Retention

We will retain personal data we process on behalf of our clients as long as needed to provide services to our client. STLM will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Information we collect in order to demonstrate our services is maintained until the purpose of the collection has been fulfilled.

Keeping in touch with You

Where we have reason under legitimate interest to update you about our services we may reasonably do so. You may opt out at any time.

Where you request us to add you to a subscription list to receive certain information we will do so and communicate with you in your chosen method as applicable. You may request to be removed from such lists at any time.

Log Files

As is true of most websites, we may gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, referring/exit pages, operating system, date/time stamp and clickstream data. This information is used to administer, assist us in any troubleshooting to support our users and maintain the stability and performance of our website.

Data Subject Rights

The DPA give you the right to access the information we hold about you.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data or exercise any of his/her rights under DPA should contact us, the Data Controller, at compliance@stlawrence.mu. You will not have to pay a fee to access your personal data (or to exercise any of your other rights).
However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Alternatively, we may refuse to comply with your request in these circumstances. STLM will make reasonable effort to promptly fulfil our clients’ request.

Security of Data

We are committed to taking steps to ensure that Personal Data is protected, and to prevent any unauthorised access, unauthorised changes, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and raising awareness. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

Any data breaches will be managed according to the Company’s procedures and concerned data subjects will be notified of same as soon as possible. Unless otherwise directed by legal obligation, any requests from a governmental body shall be referred to the Data Controller.

Data Protection Measures

The Company is committed to ensuring the security of Personal Data and to processing it in line with the DPA. As such, the Company will:

• Ensure that all staff are aware of their responsibilities and the Company’s obligations and responsibilities in relation to data protection.
• Ensure that all staff and individuals/organisations who handle data on behalf of the Company are appropriately trained and receive refresher training on a regular basis.
• Ensure that all staff and individuals/organisations who handle data on our behalf are regularly monitored, assessed and reviewed.
• Ensure that all organisations who handle data on our behalf are carrying out data processing in line with the Data Protection rules.
• Regularly review the Company’s methods of data collection, handling, processing and storage.

Amendments to this Privacy Policy

We may amend this privacy notice from time to time. Any amendment will be posted on our website so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on the website. Use of our website following such changes constitutes your acceptance of the revised privacy notice then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.

This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.