AfrAsia Bank Limited (we, us, our) is committed to safeguarding the privacy of your personal data.
We understand that the protection of your personal data is an essential requirement for you and that you expect us to handle your personal data according to high standards of privacy and security. This Privacy Statement aims to explain in a simple and transparent way what personal data we gather about you and how we process it. In this connection, we have prepared this Q & A to explain how we use and process your personal data.
Personal data means any information which identifies an individual person or from which an individual person is identifiable.
What is a data subject, a data processor and a data controller?
Personal data that is typically collected and used by us includes but is not limited to the following:
We will only collect and use your personal data where we have lawful grounds and legitimate business reasons to do so.
We collect and process your personal data to:
As a result, the personal data you provide to us at any point, may be shared by us with one or more of the following organisations or persons:
Most of your personal data is collected at the time we on-board you as a customer. It may also be collected when there are changes to your personal data and our records need to be updated. We will mostly collect your personal data directly from you. In some cases, as and when required, we may also collect information about your credit exposure from credit reporting agencies or your tax related information under international agreements, such as your tax residency status, tax account number and may further request you to provide us with a self-certification certificate, where necessary.
We may from time to time use your personal data to send you information about our products, services and promotions and those of the entities within our group, which we believe may be of interest to you. At the time we on-board you, we will ask you to provide your express consent to being contacted for such purposes. If we do not have your consent to the processing of your personal data for marketing purposes, or if we have your consent and you subsequently notify us of the withdrawal of your consent, we will not send you any marketing correspondence.
You may change your mind and update your preferences at any time by notifying us.
We will only hold your personal data for as long as is necessary for the purposes for which it was obtained.
However, if we are obliged pursuant to our regulatory or statutory requirements to retain your personal data for a specified period of time, then we will retain your personal data for that minimum specified period.
[We do not currently use any system pursuant to which your personal data is subjected to automated decision making or profiling. However, if this changes, it may affect the products and services we offer you and we will amend our Privacy Notice accordingly].
For information about cookies and how they’re used on this website, visit our cookies page
Your personal data may be transferred to and stored in locations outside Mauritius. However, any such transfer does not affect our commitment to safeguard the privacy of your personal data and we will ensure that the transfer is lawful.
As data subject, you have a number of rights under applicable data protection laws in respect of your personal data, which include but are not limited to the following:
Data Protection Act 2017 and the impact of GDPR in Mauritius
The Data Protection Act 2017 (DPA) has replaced the Data Protection Act 2004. This new law has been passed with the following aims (according to the Data Protection Office’s website):
If you wish to obtain information about your rights under the new Data Protection legislation, please consult the Data Protection Office website: www.dataprotection.govmu.org/
Your consent must be a freely given, specific, informed and unambiguous indication of your wishes to our collection, use or processing of your personal data, either by a statement or a clear affirmative action on your part.
We will process your personal data if you give us your consent in accordance with the law. Our account opening mandate and agreements (including our General Terms and Conditions) contain express provisions regarding your consent, pursuant to which you authorise us to process your personal data.
However, we will not be able to provide you certain products or services as a result of such withdrawal.
Notwithstanding the withdrawal of your consent, we may still continue to collect and process your personal data if we are obliged to do so pursuant to our regulatory or statutory requirements [or if this is necessary pursuant to a contract to which we are a party].
Nothing in this document shall be represented or construed as any representation, warranty or undertaking on our part or any of our officers, employees, directors, agents or affiliates. Accordingly, we do not give any representation, warranty or undertaking and we accept no responsibility or liability as to the accuracy, or completeness, of the information set out in this document. The information contained does not purport to be complete and is subject to change.
You are advised to rely on your independent appraisal of and investigations into the information provided, and we advise you to obtain legal advice if you have any concerns regarding your data protection rights.
If you have any queries or complaints in respect of your personal data, please contact our Data Protection Office:
Data Protection Office
5th Floor NeXTeracom Tower III
T: (+230) 403 5500
F: (+230) 468 1655