Introduction

1.1    At MauBank Ltd (hereafter referred to as “MauBank”, “we”, “us”, “our”), we are committed to safeguarding your personal data throughout and after your relationship with us. In accordance with the Mauritius Data Protection Act 2017 (hereafter referred to as the “MDPA”). While it outlines the broadest possible use of personal data, we may make less use of your personal data than is described here. 

2       Personal Data We Collect

2.     

2.1    The type of personal data we process will depend on the purpose for which it is collected. We will only process the data we need for the purpose required. 

2.2    We may collect your personal data in the following ways:

a.    Directly from you, for example:

i.         Through application forms,

ii.        Through phone call recordings, when you interact with our call centre agents,

iii.      When you send letters of queries, requests or complaints to MauBank,

b.   When you browse and/or interact with us through our website;

2.3    The types of personal data that we process are detailed below:

Categories of personal data	Details
Contact Details	Name, Username, Phone Number, Email Address, Address
Individual Details	Gender, Date of Birth, Marital Status, Nationality, Employment status
Identification Details	National Identity Card Number, Passport Number, Trade licence, Business Registration Number
Financial Information	Bank details, Pay details, Pension details, Tax details
Credit risk and anti-fraud details	Information which you need to collect in order to assess the risk in providing a product/service and provide a quote. This may include data relating to credit history, credit score, Source of funds, and information received from various anti-fraud databases or other special categories of personal data.
Video surveillance / Voice recording	Closed-circuit televisions (“CCTV”) footage
Voice recordings	Phone call recordings
Special Categories of Personal Data	Medical details, Disability, Criminal convictions, Children (Minors) data (Minors’ account), Politically Exposed Person (PEP) status

 

3       Purposes and Legal Basis for Processing Personal Data

2.     

3.     

3.1    We process your personal data for the following purposes and legal bases:

Purpose of processing	Legal basis of processing
·        To deliver our products and services ·        Carry out your instructions, e.g. to fulfil a payment request, or make a change to your pin ·        carry out checks in relation to your creditworthiness ·        support our banking operations ·        provide online banking, mobile applications and other online product platforms	-        The processing is necessary for the performance of your contractual relationship as a customer of MauBank. -        The processing is necessary for compliance with legal and regulatory obligations, for instance under AML/CFT laws and regulations
·        For monitoring phone call recordings and ensuring customer satisfaction, addressing complaints and requests of customers, conducting customer feedback surveys, and for managing our relationship with customers	Legitimate interests, namely for the proper management of our customer relationships.
·        For record-keeping purposes	For compliance with a legal obligation to which we are subject to, such as for regulatory audits and to comply with minimum retention periods.
·        For analysing customer data trends	Legitimate interests pursued by the company.
For publishing photos, surveys and video testimonials on: ·        External communications, for example, on our social media pages such as Facebook, LinkedIn, on MauBank’s website, and through newsletters. ·        Any other publications related to MauBank’s activities.	Consent
·        To confirm and verify your identity when you request to access, rectify, restrict or delete the information we hold on you	For compliance with a legal obligation to which we are subject to, that is, to verify the identity of a data subject who makes a subject rights request.
·        For physical security and grant you access to MauBank’s premises	Legitimate interests of ensuring physical security and proper conduct on our premises.
·        For legal disclosures (with regard to regulatory/ legal requirements or investigations)	The processing is necessary for compliance with our legal and regulatory obligations.

 

 3.2    In addition to the above-mentioned specific purposes, we may also process any of your personal data where such processing is necessary for compliance with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in connection with legal proceedings.

 

4       Mandatory and Voluntary Information

3.     

4.     

4.1    To effectively engage in business transactions and fulfil our contractual obligations, certain information is mandatory for you to provide. This mandatory information includes but is not limited to your name and contact information. Failure to provide this obligatory information may impact on your contractual relationship, receiving communication on new products and services, or receiving benefits.

4.2    If you choose to provide more information beyond what is required, we will evaluate its necessity for our purposes. If it is determined to be unnecessary, we will promptly delete it to ensure the protection of your privacy.

 

5       Who has access to your personal data?

4.     

5.     

5.1    Access to your personal data within MauBank

5.1.1    Employees of MauBank who may have access to the personal data are required to keep that data confidential.

5.2    Access to your personal data by third parties

5.2.1    We may need to share your personal data with third parties which assist us in fulfilling our responsibilities regarding the purposes listed above. These third parties include companies which provide services to us such as:

a.            For processing of banking transactions;

b.           For maintenance of our systems

5.2.2    We are also required to disclose your personal data where processing is necessary for us to comply with our legal obligation, including responding to legal processes or lawful requests or where:

a.            We have a duty or a right to disclose in terms of law or for national security and/or law enforcement purposes;

b.           We believe it is necessary to protect our rights;

c.            We need to protect the rights, property or personal safety of any member of the public or a customer of our company or the interests of our company; or

d.           You have given your consent.

5.2.3    We require our service providers and other third parties to keep your personal data confidential and that they only use the personal data in furtherance of the specific purpose for which it was disclosed. We have agreements in place with our processors to ensure that they comply with these privacy terms.

 

6       Personal Data Security

5.     

6.     

6.     

6.1    We prioritise the security of your personal data and have adopted IT Policies to protect all information by safeguarding its confidentiality, integrity and availability and to ensure business continuity and minimise operational damage by reducing the impact of security incidents. 

6.2    We have also put in place procedures to deal with any suspected data security breach and will promptly notify you and the Data Protection Office of any suspected breaches where we are legally required to do so. 

7       Data Retention

7.     

7.     

7.1    We collect and process your personal data for specific purposes and will retain it only as long as necessary to fulfil those purposes unless required for legitimate business or legal reasons. MauBank thus retains data for the duration of the customer’s business relationship with MauBank and for ten (10) years after the termination of the contractual relationship, except for:

a.            CCTV footage: Retained for ninety (90) days at MauBank’s Head Office

 

8       Transfer of Personal Data outside Mauritius

8.     

8.     

8.1    In certain circumstances, your personal data may be transferred to and processed outside Mauritius. We will ensure that any such transfer is compliant with the provisions stipulated in the MDPA. If your personal data is transferred to a country that does not provide an adequate level of protection, we will implement appropriate safeguards, such as contractual clauses, to protect your personal data.

 

9       Your Responsibilities

9.     

9.     

9.1    You are responsible for the data you provide or make available to us, and you must ensure it is honest, truthful, accurate and not misleading in any way. You must ensure that the data provided does not contain material that is obscene, defamatory, or infringing on any rights of any third party, does not contain malicious code, and is not otherwise legally actionable.

9.2    Further, if you provide any data concerning any other person, such as individuals you provide as references, you are responsible for providing any notices and obtaining any consent necessary for us to collect and use that data as described in this Notice.

 

10   Your Rights

10.      

10.      

10.1     As a data subject, you have certain rights regarding your personal data as detailed below and we are committed to facilitating the exercise of these rights: 

·      Right of Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation of whether we process your personal data and to receive a copy of that information, in an intelligible form, using clear and plain language.

·      Right to Rectification: If you believe that the personal data, we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it.

·      Right to Erasure: In certain circumstances, you may have the right to request the erasure of your personal data. This includes situations where your personal information is no longer necessary for the purposes for which it was collected, or you withdraw your consent and there is no other legal basis for processing.

·      Right to Restriction of Processing: You have the right to request the restriction of the processing of your personal data under certain conditions. This means we will temporarily suspend the processing of your personal data, such as when you contest its accuracy or when you object to the processing.

●     Right to Object: You have the right to object to the processing of your personal data for certain reasons, such as direct marketing or legitimate interests. If you exercise this right, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

·      Right to Withdraw Consent: If we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

 

10.2     To exercise your right as a data subject, you are requested to fill out the Data Subject Rights Request Form (DSRR), available on our website at the following link https://www.maubank.mu/ or send an email to the DPO.

 

10.3     You are asked to send your request with all required information, including:

·        The request type – For example, are you requesting a copy of your information, the deletion or modification of your personal data; and 

·        All relevant information which can help to successfully respond to your request.

 

11   Queries and Complaints

11.1      

11      

11.      

11.      

11.1     If you have any questions or concerns about your personal data processing or wish to exercise your rights, you should contact our DPO as detailed in Section 12. When contacting the DPO, you are requested to provide a clear and detailed description of your concerns.  This will help us understand the issue and take the appropriate action.

 

11.2 We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of your personal data in accordance with this Notice and provide you with a timely and appropriate response, typically within thirty (30) days. If additional time is required, we will inform you accordingly.

11.3     If you believe we have not handled your response appropriately, you may submit a complaint to the Data Protection Office in Mauritius.

 

12   Contact Us

12      

12.      

12.      

12.1     For inquiries or to exercise your data protection rights, kindly contact our Data Protection Officer as follows:

Email: dpo@maubank.mu

Phone Number: (+230) 405 9400

Address: 25 Bank Street, Ebene Cyber City, Mauritius

 

13   Changes to this Notice

13.      

13.      

13.1     We may update this Notice from time to time to reflect best practices in data management, security, and control and to ensure compliance with any changes or amendments made to the MDPA and any laws or regulations thereof. We encourage you to review this Notice periodically to stay informed about how we protect and use your personal data.