GDPR Privacy Policy
ACI Group (“ACI”, or “we”/“us”/“our”) strongly recognizes the importance of protecting Personal Data, and in order to appropriately manage and protect all of the Personal Data provided from our customers, suppliers and other parties, we administer Personal Data based on our privacy policy. This GDPR Privacy Policy (this “Policy”) applies, in particular, to the processing of Personal Data concerning data subjects in the European Economic Area (the “EEA”) in accordance with the EU General Data Protection Regulation (the “GDPR”).
- Personal Data
In this Policy, “Personal Data” means any information relating to an identified or identifiable natural person. ACI may acquire and process “Personal Data”, which includes the name, company name, address, division, title, email address, phone number and an online identifier of the data subjects. - Use of Personal Data
ACI acquires and processes Personal Data for the following purposes:
–To provide you with information on our products and services. This may include technical information and/or marketing information – in pursuit of our legitimate interests in keeping you informed about our products, services and business updates.
–To deal with your enquiries made via the “Contact Us” forms on our website – in pursuit of our legitimate interest of ensuring your enquiry is dealt with in a prompt and efficient manner.
-To facilitate business between your company and ours – in pursuit of our legitimate interest of pursuing daily business with your company.
–To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes – in pursuit of our legitimate interests (to better understand how people interact with our website and resolve any issues it may have).
–To transfer Personal Data to service providers – in pursuit of our legitimate interests (outsourcing for effectiveness and efficiency).
–To comply with legal obligations. - Legal Grounds for Using Your Personal Data
We rely on the following legal grounds to process your Personal Data, namely:
– Performance of a contract
We may process your Personal Data to enter into a contract with you or to perform our obligations under a contract with you.
-Legitimate interests
We may process your Personal Data for our legitimate interests, some examples of which are given above.
-Compliance with laws and regulations
We may process your Personal Data as necessary for compliance with applicable laws and regulations.
-Consent
We may process your Personal Data based on your consent.
Provision of Personal Data from data subjects is necessary for the purposes listed above, as applicable, and we may not be able to provide appropriate services to, or fulfill necessary obligations under contracts with, data subjects without such provision. You may withdraw your consent to this processing at any time by contacting us (see below) without any costs and disadvantage. However, this will not affect the lawfulness of any processing carried out before withdrawal of the consent. - Disclosure to Third Parties
ACI may supply or disclose Personal Data to our group companies and other third parties that are our service provider. We may also supply or disclose Personal Data to the third parties when it is necessary for justifiable reasons permitted by laws and regulations. - Cross-Border Transfer
ACI may transfer Personal Data to entities in countries or jurisdictions outside the EEA, such as Mauritius. Please note that such countries or jurisdictions may not have the same data protection laws as the EEA and may not afford many of the rights conferred upon data subjects in the EEA. When we transfer your Personal Data outside the EEA, we will ensure that your Personal Data is protected and transferred in a manner consistent with legal requirements applicable to such Personal Data. You may obtain more details regarding the protection given to your Personal Data by contacting us when your Personal Data is transferred outside the EEA. - Security Management Measures
ACI shall prepare internal rules concerning the administration of Personal Data, and take steps to ensure that all of our employees are knowledgeable as to the contents of such rules. We shall manage Personal Data appropriately and implement the measures necessary to prevent the leakage, loss, falsification or other mishandling of Personal Data. We will retain your Personal Data for no longer than the period necessary to fulfill the purposes outlined in this Policy, unless laws and regulations require or permit the retention of Personal Data for longer periods. - Rights of Data Subjects
You have the right to access, request correction, request deletion, request limitation of processing, object to processing, and request data portability, with regard to your Personal Data retained by us. When we receive a request based on the rights specified above, we shall conduct any necessary investigation without delay and provide you or a nominated third party with Personal Data or respond to such request without delay. - Right to Complain to Data Protection Authority
You have the right to lodge a complaint with the local data protection authority if you have any complaint regarding our processing of your Personal Data. - Rights, contact Details
Generally, you have the right of access, the right to rectification, erasure, restriction of processing, data portability, and the right to object. If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Finally, you are entitled to file a complaint with a supervisory authority.
For any questions related to data privacy and asserting the rights listed above, please contact ACI at eugdpr@africancompassinternational.com or ACI Counsel and Compliance, 3rd Floor, Ebène Esplanade, 24 Cybercity, Ebène, Mauritius.
This data protection policy will be revised from time to time.