1. Privacy Policy

This privacy notice (“Notice”) is issued by Intercontinental Trust Ltd. Intercontinental Trust Limited is duly authorised by the Data Protection Office in Mauritius to process personal data as a controller. As data controller, we determine the purposes and means of processing personal data.

References in this Notice to “ITL” are references to Intercontinental Trust Ltd, any of its affiliated entities and its subsidiaries. The affiliated entities and subsidiaries are authorised to process personal data as processors on behalf of Intercontinental Trust Limited and will only process your personal data upon the instruction of ITL in Mauritius.

This Notice concerns individuals outside our organisation, including visitors to our websites, prospective employees, customers and suppliers with whom ITL interacts in one way or the other.

Reference in this Notice to “Personal Data” means any or all information that identify, or could reasonably be used to identify, a living individual, either directly or indirectly.

2. Processing your Personal Data

Collection of Personal Data: ITL may collect your Personal Data from different sources, namely:

• When you contact us via email or telephone or by any other means of communications;
• As part of our client on-boarding procedure;
• When managing transactions for or on behalf of customersor suppliers; and
• When you input your personal data in the contact form or upload your CV on our website or simply visit our website.

Generally, you will have provided your personal data to us directly in above mentioned ways.

However, we may also collect your personal data in the following ways:

• When we obtain it indirectly, e.g., information is shared with us by third parties such as government, other agencies or another service provider.
• When it is available publicly, e.g., depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook or LinkedIn).
• When you browse and/or interact on our website.

Creation of Personal Data: ITL creates personal data about you, such as records of your interactions with ITL, and details of your accounts, subject to applicable law.

Relevant Personal Data: ITL may process the following categories of personal data, such as:

• Personal Details: first and last name, middle name, gender, date of birth or age, marital status, ID number, passport number, nationality, photographs;
• Family Details: names and contact details of family members including children;
• Contact Details: address, telephone and mobile numbers, email address;
• Employment Details: names of current and former employers, work address, work telephone number, work email address and work related social media profile details;
• Education History: details of your education and qualifications;
• Financial Details: billing address, bank account details, credit card numbers, cardholder or accountholder name and details, instruction records, transaction details;

Processing your Sensitive Personal Data: ITL does not seek to collect or otherwise process your sensitive personal data except when:

• required by law; or
• ITL has obtained, subject to applicable law, your explicit consent prior to processing your sensitive personal data.

  
  
  

3. Disclosure of Personal Data to third parties

ITL may also need to transfer and disclose your personal data to third parties (including Sub-Processors) involved in your matters, for legitimate business purposes, in accordance with applicable laws. Where ITL transfers or discloses your personal data to such third party, ITL will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection. ITL shall procure that each Sub-Processor enters into a written agreement subjecting such Sub-Processor to equivalent obligations with respect to Personal Data that are imposed on ITL under this Notice and under the Data Protection Act.

Where ITL intends to transfer your personal data to any third party (excluding affiliated entities, subsidiaries and required sub-processors for lawful processing of data), ITL shall request your consent for same.

4. International Transfer of Personal Data

ITL may need to transfer your personal data to its affiliated entities and subsidiaries outside Mauritius and international customers and business ventures in connection with the purposes set out in this Notice. All our data resides on private cloud in Microsoft data centres in the northern Europe.

5. Data Security

ITL has implemented the appropriate physical, technical and organisational security measures which ensures a level of internal security designed to protect your personal data in its control against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing of your Personal Data, in accordance with the applicable law. You are encouraged to use secure data transmission methods when sending your personal data to ITL.

6. Data Accuracy

ITL takes reasonable steps designed to ensure that:

• your personal data that we process are accurate and where necessary, kept up to date, and
• any of your personal data that ITL processes and are considered inaccurate, are erased or rectified without further delay.

ITL may request you to confirm the accuracy of your personal data from time to time.

7. Data Minimisation

ITL takes reasonable steps designed to limit the collection of personal data to what is directly relevant and necessary to accomplish specific purposes set out in this Notice.

8. Data Retention

ITL takes reasonable steps to ensure that your personal data, subject to any applicable law, are retained for only as long as it is necessary to fulfill the purposes set out in this Notice.

As a general rule, the maximum retention period is 7 years.

Where the purpose for keeping your personal data or the period of retention required by law has lapsed, ITL shall destroy your personal data as soon as reasonably practicable. ITL shall notify any party processing your personal data on behalf of ITL, of its duty to destroy such personal data.

9.Personal Data Breach

In the event there is any breach of your personal data, ITL shall, without undue delay and where reasonably practical, not later than 72 hours after having become aware of it, notify the personal data breach to the Data Protection Commissioner in Mauritius.

Where appropriate protection measures have been applied following a breach of your personal data and there are high residual risks to your rights and freedoms, ITL shall inform you, without undue delay, of the details regarding such breach, its effects and where applicable, the remedial actions taken to mitigate the possible adverse effects of the breach.

10. Your Legal Rights

Subject to applicable law, you rights regarding the processing of your personal data, are as follows:

• the right to request access to, or copies of, your personal data that ITL processes or control together with information regarding the nature, processing and disclosure of those personal data.
• the right to request from ITL, access to and rectification, restriction or erasure of any of your personal data that ITL processes or controls
• the right to object to ITL processing your personal data.
• the right to have your personal data that ITL processes or controls transferred to another controller, to the extent applicable.
• where ITL processes your personal data on the basis of your consent, the right to withdraw that consent at anytime.
• the right to know from which source ITL obtained your personal data where personal data is not directly collected from you;
• the right to lodge complaints with to the Data Protection Commissioner of Mauritius regarding the processing of your personal data by ITL or on ITL’s behalf.

  
  
  

11. Direct Marketing

ITL may process your personal data to contact you, primarily by email and also by telephone, so that we can provide you with information concerning services that may be of interest, provided that we have first obtained your consent, to the extent required by, and in accordance with the applicable laws in Mauritius. If you do not wish to receive marketing communications from ITL, you can object at any time by contacting your regular ITL’s client service contact or by electronically unsubscribing from emails ITL have sent you. After you have unsubscribed, we will not contact you for marketing purposes, but we may continue to contact you to the extent necessary for the purposes of any services you have requested..

12. Update to ITL’s Privacy Notice

This Notice is expected to be amended or updated from time to time to reflect changes towards processing of personal data or any changes as may be required by the Mauritius Data Protection Act 2017. This version was last updated on 01.06.2021 ITL highly encourages concerned users to review its Notice at regular intervals

13. Contact Details

If you have any comments, questions or concerns about this Notice , or any issues relating to the processing of your personal data by ITL, please contact your regular ITL’s client service contact or:

Address: Intercontinental Trust Ltd, Level 3 Alexander House, 35, Cybercity, Ebene, 72201, Mauritius.

Email: dpo@intercontinentaltrust.com

Website: www.intercontinentaltrust.com