WHO WE ARE
1. Beachcomber Boutiques is a business unit of New Mauritius Hotels Limited, a public company headquartered in Mauritius and listed on the Stock Exchange of Mauritius (“NMH”). Beachcomber Boutiques comprises of 15 boutiques which are present in all the hotels of NMH (“Beachcomber hotels”), a dedicated shop called “L’Entrepôt by Beachcomber” and an online shop which can be acceded to at https://beachcomberboutiques.com/shop/ .
2. Our contact details are as follows:
New Mauritius Hotels Limited
Beachcomber House, Botanical Garden Street
Phone number: +230 601 9000
Fax Number: +230 601 9090
Email Address: firstname.lastname@example.org
OUR PRIVACY STATEMENT
3. The following sections provide further details on how we process your personal data:
• For which purpose we collect your personal data and which legal basis
• Which categories of data we collect about you
• Do we use third-party links to websites and programs
• How your personal data is collected
• How we use personal data for marketing purposes
• What your rights are in respect of marketing communications
• Who the intended recipients of your personal data are
• How long will we use your personal data for
• Transfer of your personal data
• How we protect your personal data
• What rights do you have in respect of the processing of your personal data
1. FOR WHICH PURPOSE WE COLLECT YOUR PERSONAL DATA AND WHICH LEGAL BASIS
1.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
1. After having received your consent as required under the Act.
2. Where we need to perform the contract we are about to enter into or have entered into with you.
3. Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
4. Where we need to comply with a legal or regulatory obligation.
5. In order to protect your vital interests.
1.2 We will not use your personal data for purposes that are incompatible with the purposes for which we collected it, and of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.
1.3 We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. For example, in order to prevent fraud and other illegal activity, and for verification process of any online transaction or payment.
2. WHICH CATEGORIES OF DATA WE COLLECT ABOUT YOU
2.3 We will not process the personal data of a child below the age of 16, unless consent to such processing is given by the child’s parent or guardian. In this case, we shall make every reasonable effort to verify using any reasonable means (including but not limited to any written supporting evidence) that consent has been given.
2.3 The personal data we may collect about you includes:
1. Identity Data includes first name, last name, nationality, username or similar identifier.
2. Contact Data includes billing address, delivery address, email address and telephone numbers.
3. Financial Data includes data necessary for processing payments and fraud prevention, including credit/debit card numbers, payment card details including security code numbers and other related billing information, bank account and payment card details.
4. Transaction Data includes details about payments to and from you and other details of products you have purchased from us.
5. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.
6. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
7. Usage Data includes information about how you use our Website and services.
8. Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
2.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
2.5 We do not collect ‘sensitive personal data’ also known as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
2.6 The above-mentioned categories of personal data have been obtained either directly from you (for example, when you provide information to sign up for a newsletter) or indirectly from certain third parties (for example, through our Website’s technology). Such third parties include our affiliates, public authorities, public websites and social media, suppliers and vendors.
IMPORTANT: It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
3. DO WE USE THIRD PARTY LINKS TO WEBSITES AND PROGRAMS
3.1 The use of our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
4. HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect data from and about you including through:
4.1 Direct interactions:
1. You may give us your personal data when you fill in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
(i) visit our boutiques located in the Beachcomber hotels or our shop L’Entrepôt by Beachcomber ;
(ii) create an account on our Website;
(iii) interact with us or by subscribing to our social media platforms (such as our Facebook and Instagram pages);
(iv) subscribe to our publications and newsletters;
(v) request brochures or newsletters to be sent to you; and
(vi) book a stay at one of the beachcomber hotels.
2. If you contact us, we may keep a record of that correspondence;
3. Any postings, comments or other contents that you upload or post on our Website or our social media platforms.
4.2 Automated technologies or interactions
As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions, patterns and traffic data . We collect this personal data by using cookies, server logs and other similar technologies.
4.3 Third parties or publicly available sources
We may receive personal data about you from a third party such as WhatsApp Business.
5.1 If using our Website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
6. HOW WE USE PERSONAL DATA FOR MARKETING PURPOSES
6.1 The source of our marketing data relates to the data and information collected through our direct interactions with you (please refer to paragraph 4.1 above), or through our automated technologies (please refer to paragraph 4.2 above) and data we obtain from other business units of NMH.
6.2 We will only process your personal data for direct marketing purposes when we obtain your prior consent.
7. WHAT YOUR RIGHTS ARE IN RESPECT OF MARKETING COMMUNICATIONS
7.1 We will not process your personal data for direct marketing purposes unless you have given your consent to such processing by ticking the appropriate box on the forms we use to collect your personal data (such as forms used when you have requested information from us or purchased a product at one of our boutiques or online); or by utilizing opt-in mechanisms in e-mails we send to you or which are available on our Website.
7.2 In case you have opted-in to receiving marketing materials, you will receive promotional offers from us. We may then use your Identity Data, Technical Data, Usage Data and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide, which products and offers may be relevant for you.
7.3 You have the right to withdraw your consent from receiving marketing communications from us at any time by utilizing opt-out mechanisms found in forms and our Website and emails we send to you. You can also object to the processing of your personal data for direct marketing purposes and exercise your right to have your personal data removed from our database at any time by contacting us. When you withdraw your consent or when you object to the processing of your personal data for direct marketing purposes, we shall stop processing your personal data for such direct marketing purposes.
8. WHO THE INTENDED RECIPIENTS OF YOUR PERSONAL DATA ARE
8.1 We do not share your personal data with any company outside NMH for marketing purposes.
8.2 In relation to the purposes for which we collected your personal data, we may have to share your personal data to:
1. Employees of NMH;
2. Internal third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require
(i) to respect the security of your personal data, and to treat it in accordance with the law, and
(ii) not to use your personal data for their own purposes, and
(iii) only to process your personal data for specified purposes and in accordance with our instructions.
8.3 We may require to share your personal data to external third parties:
1. Such as WhatsApp Business for the purposes of communicating with you, with your consent;
2. Our professional advisors that is our accountants, auditors, lawyers, insurers, bankers, and other outside professional advisors; and
3. Any public or enforcement authority in Mauritius or elsewhere, or in case of a court, administrative or governmental order to do so.
9. HOW LONG WILL WE USE YOUR PERSONAL DATA FOR
9.1 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
9.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
9.3 We wish to draw your attention to the fact that the legal prescription period in Mauritius (i.e. the period during which one party may sue another party or be sued after the happening of an event) is 10 years for non-immovable-property-related matters (actions personnelles). Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data after our last transaction with you, for at least the legal prescription period in order to be able to defend or enforce our rights or for such number of years according to the applicable laws.
9.4 Please contact us for further details on retention periods for different aspects of your personal data.
9.5 In some circumstances, you can ask us to delete your personal data: see ‘’Request erasure” below for further information.
9.6 In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you and is thus no longer your personal data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
10. TRANSFER OF YOUR PERSONAL DATA
10.1 Whenever we transfer your personal data outside Mauritius, we ensure that we can do so and that your personal data are protected in accordance with the requirements set out in the applicable data protection laws.
11. HOW WE PROTECT YOUR PERSONAL DATA
11.1 We maintain organisational, physical and technical security measures
(i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and
(ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.
11.2 In particular, our preventive and protective measures include:
(i) having in place policies, antiviruses and firewalls to protect your personal data; and
(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services through our disaster recovery management procedure.
11.3 We limit access to your personal data to those employees, agents, and other third parties who only process your personal data on our instructions and they are subject to a duty of confidentiality.
11.4 We maintain procedures to deal with any suspected personal data breach and will notify you (where necessary) and the Data Protection Commissioner of a breach where we are legally required to do so.
12. WHAT RIGHTS DO YOU HAVE IN RESPECT OF THE PROCESSING OF YOUR PERSONAL DATA
12.1 You have the right to, in the circumstances and under the conditions, and subject to the exceptions, set out in applicable laws :
1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you free of charge and to check that we are lawfully processing it.
2. Request not to be subject to automated individual decision-making process. This enables you to request that a decision that has automatically been taken by automated means (including by the use of our Website) which produces legal effects concerning you or significantly affects you be reviewed by a human being.
3. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
4. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
5. Object to processing of your personal data in writing where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes, in which case the personal data shall no longer be processed for that purpose. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
6. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
12.2 Right to lodge a complaint at any time with the Data Protection Commissioner of Mauritius (DPC).
• If you wish to exercise any of the rights set out above or need any clarification thereon, please contact us.
• We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12.3 In the event the GDPR finds its application in relation to you, you have the right of portability that is the right to receive your personal data, which you have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.
Biometric data means any personal data relating to the physical, physiological or behavioural characteristics of an individual which allows his unique identification, including facial images or dactyloscopy data.
Consent means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed.
Direct marketing means the communication of any advertising or marketing material which is directed to any particular individual.
Encryption means the process of transforming data into coded form.
GDPR means the European Union General Data Protection Regulation, which came into force on 25 May 2018.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information and the additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed.