Your privacy is important to us and We know that You are concerned about how We use Your Personal Information. Standard Bank (Mauritius) Limited (We, us, our) collects and processes your Personal Information in accordance with the applicable Data Protection Law and in accordance with the privacy principles set out below.
This Privacy Statement is applicable to You where you are a Data Subject including a Customer (and potential Customer), a Service Provider (and potential Service Provider), an Enquirer, any Other Data Subject and/or a Related Party (as the context shall indicate). Defined terms used in this Privacy Statement are explained in Section 14 below.
This Privacy Statement provides an overview of:
- The type of Personal Information We collect and use
- The purposes for which We use Your Personal Information
- When and how We collect Your Personal Information
- Who We disclose Your Personal Information to
- How We keep Your Personal Information secure
- How long We keep Your Personal Information for
- Your rights in respect to Your Personal Information and how You can exercise those rights
When do we collect Personal information about You?
- When You are enquiring or applying for Our products and services;
- When We procure goods or retain Your services as Service Providers;
- When You talk to Us, for example, on the phone or in meetings with Your Relationship Manager, including recorded calls and notes We make;
- When You use Our websites, mobile device apps, web chat or any platform hosted by Us;
- In emails, letters and Customer surveys;
- When You attend any Event;
- When We provide You with funding/sponsoring as part of Our Corporate Social Responsibility agenda.
What Personal Information do We collect, have or compile about You?
Personal Information collected and stored by Us may include, but is not limited to the following types of data:
- Your contact information: name (and any previous names), home and/or business address(es), telephone number(s), email address(es), and any other contact information We reasonably require;
- Other identification data about You: identity and/or passport documentation, copy of professional and educational certificates, proof of address documentation, source of fund/wealth information, bank accounts, financial and tax information, transactional information on Your accounts/dealings, marital status, gender, date and place of birth, occupation and income including employment history, dependants , specimen signature and that of Related Party, photographs or other visual images of You such as CCTV footage, telephone conversations with Our staff, voicemail messages, proofs of standing and reputation, reference letters, and information You provide for secure passwords;
- Certain “Sensitive Personal Information” to the extent that it is relevant and subject to applicable laws;
- Certain other Personal Information relating to technical information about the browser, device and internet connection that You use when You browse, Your Internet Protocol (IP) address, Media Access Control address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, information about Your visit which may include pages viewed, page response times, Your country of location by reference to a look up of Your IP address against public sources;
- Certain other Personal Information about You as collected by Our cookies when You visit our web pages;
- Types of products/services received from Standard Bank Group or provided to Standard Bank Group;
- Any other Personal Information related to the conduct of Our business and in particular whether You may represent a politically exposed person or money laundering risk;
- Any views and opinions that You choose to send to us, or publish about Us (including on social media platforms) and
- Similar Personal Information on any of Your Related Party.
Where You provide us with Personal Information on a Related Party, You represent that this information is accurate, that You are authorised to provide the information to Us on their behalf for the purposes of Processing of their Personal Information in terms herein and specifically any cross-border transfer of Personal Information and that You are authorised to receive any privacy notices on their behalf.
How We collect Your Personal Information?
We collect Your Personal Information from a variety of sources as follows:
- We obtain Your Personal Information when You provide it to us (e.g., where you contact us via email or telephone, or by any other means). Subject to applicable laws, We may record and monitor our electronic communications with You, including Our telephone conversations;
- We collect Your Personal Information in the ordinary course of our relationship with You (e.g., in the course of managing transactions between You and Us);
- We collect Personal Information that You manifestly choose to make public, including via social media (e.g., We may collect information from Your social media profile(s), to the extent that You choose to make Your profile publicly visible);
- We receive Your Personal Information from third parties who provide it to Us (e.g., Your employer, Our Customers; credit reference agencies; and law enforcement authorities);
- We receive Your Personal Information from third parties, where You subscribe to any of Our products or services through such third parties;
Why we use, collect or process Your Personal Information?
Personal Information is mainly Processed for the following purposes:
- For the performance of any contractual obligations towards the Data Subjects , including but not limited to relationship management and providing or receiving product and services contract, and for the exercise of Our rights as set out in agreements ; or
- For compliance with any legal obligation to which We are subject ;or
- For the purposes of the legitimate interests pursued by Us or by a third party to whom the Personal Information is disclosed; or
- To protect Your vital interests (or that of a third party), for example, in an emergency situation; and
- With Your consent, where applicable,
in order to:
If You are a Customer:
- Respond in Our legitimate interests to Your enquiries about Our products/services, and/or any other general requests;
- Enter into an agreement with You regarding provision of products/services and to administer and manage Our relationship with You. Process your Personal Information for ordinary business purposes (this includes to open and maintain your account, give effect to transactions, administer claims where applicable, manage our risks and maintain Our overall relationship with You);
- Provide Us with Your feedback with a view to improve Our Services;
- Perform credit assessments and obtain references in order to provide You with services and meet our compliance obligations;
- Carry out the management of our Business and to comply with policies and procedures under applicable guidelines, regulations or notices and/or that may have been put in place by Us (including risk management, corporate governance, credit management, finance and accounting, billing and collections, audit, IT systems, data and website hosting, training, testing and business continuity);
- Carry out statistical and other analysis including behavior and scoring , to identify potential markets and trends and evaluate and improve customer service and our business (this includes improving existing and developing new products and services);
- Correspond with You concerning Our present and future services and relevant news and service updates with Your consent where required by law or otherwise in Our legitimate interests provided that these interests do no override Your right to object to such communications;
- Profile Customers for targeted marketing to bring to your attention services and products customized to Your needs and/or develop and carry out marketing activities.
If You are a Service Provider:
- Respond in Our legitimate interests to Your enquiries about supplying goods or services to Us and/or any other general requests;
- Assessment of bids proposals;
- Enter into an agreement with You regarding provision of services/goods; and
- Comply with legal or regulatory obligations, for example relating to a regulator’s outsourcing policy.
If You are an Enquirer or any Other Data Subject or a Related Party:
- Respond in Our legitimate interests to Your enquiries about Us, Our products/services, and/or any other general requests;
- Enter into an agreement with You regarding provision of services or funding/sponsorship pertaining to Our Corporate Social Responsibility agenda
In all cases:
- Verify Your identity, for due diligence exercises and carry out "know your customer" checks;
- Enforce Our rights and protect against harm Our property/asset and interests and allow other members of the Standard Bank Group to do the same;
- Use Sensitive Personal Information for public interest in responding to regulatory requirements and using criminal records data to help detect, prevent and prosecute unlawful and fraudulent behavior;
- Detect, investigate, report, and seek to prevent fraud, misconduct, corruption ,financial crime and any unlawful act or omission , whether or not relating to Your enquiry and whether or not there is any suspicion of any illegality, comply with applicable legislations and regulations, including applicable anti-money laundering, sanctions, anti-bribery and tax laws;
- If You are attending an Event, We may use in Our annual report, in media communications and on Our social media platforms, any photographs or other visual images of You in whatever form and
- To fulfil any other purposes related thereto.
Marketing by electronic means or otherwise
We may contact You for advertising or marketing purposes including to provide You with material on our products/services or products/ services offered by Standard Bank Group and We may also invite You to tell us what Your requirements are. We will usually contact You through telephone calls, emails, messaging services, social media platforms or notify You on Your mobile applications. If You have not already done so, You may select Your preferred method of communication by contacting Us.
You may update your preferences or elect to unsubscribe from those communications, at any time by following the links which appear at the end of our promotional communications or by contacting Us and We will ensure that Your preferences or Your request to unsubscribe are dealt with promptly.
To Whom We disclose Your Personal Information?
We primarily share Your Personal Information for legitimate business purposes to the following:
Standard Bank Group – Standard Bank (Mauritius) Limited forms part of Standard Bank Group of Companies. A full list of all the members of the Standard Bank Group and respective countries of operation can be found on the Group’s website.
Service Providers - We may need to share certain Personal Information with Our Service Providers for the performance of any agreement We enter with You. They may assist us in providing the products/ services We offer , for processing transactions, fulfilling requests for information, receiving and sending communication, updating marketing lists, analyzing data, providing IT and other support services or in other tasks, from time to time.
Third Party Processors - We may need to share certain Personal Information with any person or entity that Processes Personal Information on our behalf.
Third Party Agents and Correspondent Banks - We may share your Personal Information to Your advisers and others acting for the processing of Your transactions (including payment recipients, beneficiaries, account nominees, intermediaries, correspondent and agent banks, clearing houses and clearing or settlement systems), anyone You authorise to give instructions or to use services on Your behalf;
Law enforcement agencies, governmental authorities, regulatory and tax authorities and others - Where obliged by law to do so, We may disclose Your Personal Information to law enforcement and revenue agencies and their officers and agents, when required to do so. To the extent required by law, We will inform You of such disclosures.
We may also share Your Personal Information:
- In order to enforce or apply our terms under any agreement with You or to protect Our rights, property or safety and that of our Customers or others. This includes to professional advisers, fraud prevention agencies, credit reference agencies and debt recovery agents;
- To any person who may assume Our rights under any agreement with You and to any person to whom We have assigned or ceded our rights under any agreement with You or to any sub-participant to Our obligations to You under a financing arrangement; or
- To third parties in connection with a re-organisation, sale or acquisition of any part of the Standard Bank Group Business.
How We keep Your Personal information secure?
We have implemented appropriate technical and organizational security measures designed to protect Your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of Processing in accordance with applicable law.
Some of these measures are as follows:
- Our offices are equipped with physical access/security systems including secure entry systems and auto-lock door mechanisms, alarm and CCTV systems;
- Where Personal Information is retained in hard copy (paper) format it is kept safe in locked secure office locations or if kept outside those office locations with duly approved safe storage organizations;
- All staff is obliged to adhere to comprehensive written policies and procedures and undertake regular and ongoing training on data protection. These address, amongst other things, our clear desk awareness, screen locking, use of own devices, encryption of data, the use of passwords on the systems and general data protection principles. Certain staffs have also been assigned roles and responsibilities to help ensure the security and integrity of our information, including our Data Protection Officer. We restrict access to our IT systems to those personnel that require it in the performance of their role(s);
- Our IT systems (including cloud- based services) are inherently designed and to ensure they remain as secure as possible and the security features are regularly updated. We use secure servers, firewalls, virus and ransom scanning software, and employ a team of IT professionals to support these systems;
- Where We engage a Service Provider, the Service Provider will be subject to binding contractual obligations to (i) only Process the Personal Information in accordance with Our prior written instructions and (ii) use measures to protect the confidentiality and security of the Personal Information;
- Because of the international nature of Our Business, We may need to transfer Your Personal Information within the Standard Bank Group, and to third parties as noted in Section 6 above, in connection with the purposes as set out. For this reason, We may transfer Your Personal Information to other countries that may have different laws and data protection compliance requirements, including data protection laws of a lower standard to those that apply in the country in which You are located. Your Personal Information may also be store on cloud-based platforms.
Where We transfer your Personal Information to other countries, We do so on the basis of:
- Adequacy decisions;
- Our binding corporate rules;
- Suitable standard contractual clauses; or
- Other valid transfer mechanism.
How long We keep Your Personal Information for?
We retain Your Personal Information in accordance with Our document retention policy and in terms of law.
We will not use Your Personal Information for purposes other than those for which it has been collected. Your Personal Information shall not be stored for a period longer than necessary for the realization of such purposes, for legal, regulatory, fraud prevention or for legitimate business purposes.
Automated decision making
We, at times, utilise automated processes to generate a profile and/or make decisions about You based on Your Personal Information and to facilitate the business relationship with You, for example, for credit scoring systems and profiling systems for marketing purposes. Please note these decisions are not derived solely via automated means, and elements of human intervention and supervision are applied to all automated processes to ensure that Your best interests are always taken into consideration.
Social media & Websites
We operate and communicate updates through Our designated channels, pages and accounts on some social media sites to inform, help and engage with Our stakeholders. We monitor and record comments and posts made about Us on these channels so that We can improve our services.
The general public can access and read any information posted on these sites. We are not responsible for any information posted on those sites other than the information posted by Our designated officials. We do not endorse the social media sites themselves, or any information posted on them by third parties or other users.
When You engage with Us through social media Your Personal Information may be processed by the site owner; this process is outside Our control and may be in a country outside of Mauritius that may have different privacy principles.
Social media sites are not appropriate forums to discuss Our products, financial arrangements or any other business relationship. We will not ask You to share personal, account or security information on social media sites.
Links to other websites
Our website, related websites and mobile applications may have links to or from other websites. Although We try to link only to websites that also have high privacy standards, We are not responsible for their security, privacy practices or content. We recommend that You always read the privacy and security statements on these websites.
Subject to applicable laws, You may have a number of rights regarding the Processing of Your Personal Information including:
- The right to request a copy of Your Personal Information that We Process;
- The right to request rectification of any inaccuracies in Your Personal Information that We Process;
- The right to object to the Processing of Your Personal Information on grounds related to Your particular situation or in certain circumstances (including for direct marketing);
- The right to request Us the restriction of the Processing of Your Personal Information or the erasure of Your Personal Information to the extent such Personal Information (i) is no longer necessary in relation to the initial purposes for which it was collected (ii) consent, where applicable, has been withdrawn and there is no other means of legitimating the Processing of Your Personal Information and (iii) the Personal Information is unlawfully Processed;
- Where We Process Your Personal Information on the basis of Your consent , the right to withdraw that consent;
- The right to lodge complaints with the Mauritius Data Protection Commissioner regarding the Processing of Your Personal Information by Us or on our behalf.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of Our Privacy Statement or about our Processing of Your Personal Information, please use the contact details provided in Section 13 below.
Please note that We shall only be able to respond favorably to any of the above requests relating to the right to oppose, right to erasure and right to restriction provided that it does not interfere with or contradict a legal obligation that We may have or where We have a legitimate interest to Process this data (for example for the establishment, exercise or defence of a legal claim) or where We can demonstrate compelling legitimate grounds for the Processing which override Your interests, rights and freedoms. Should You withdraw consent (where we have sought same) or should You object to the processing of Your Personal Information and as a result we stop Processing it, it may also mean that We may not be able to continue to provide services to You in a particular manner or at all, and We may as a result need to terminate our agreement or relationship with You.
Our Right to change this privacy statement
We review our policies and procedures regularly and We reserve the right to amend the terms of the Privacy Statement from time to time. We will publish all changes on our website and You are encouraged to visit our website from time to time to ensure that You are aware of our latest polices in relation to Processing of Personal Information. Our Privacy Statement has been last updated on the 31 August 2018.
If You wish to exercise any of Your rights in relation to Your Personal Information or You have a complaint about the way in which We Process Your Personal Information or You require any further information about this Privacy Statement or its contents, please contact our Data Protection Officer at:
Standard Bank (Mauritius) Limited
Level 9, 1 CyberCity Ebene, Republic of Mauritius
Telephone: +230 402 5000
Fax: +230 402 50 50
Email: [email protected]
Please click here to download a pdf version of the Privacy Statement
The terms and expressions in capital letters used in this Privacy Statement have the meanings set forth below. Words in singular include the plural and vice versa.
“Business” means the business You are associated with, whether it is a company, partnership, sole trader, or other entity such as a special purpose vehicle, club, charity or trust;
“Confidential Information” means any data, reports, records, correspondence, information relating to You or relating to Your affairs that is implicitly or explicitly of a private or confidential nature;
“Customer” is to be given its widest possible interpretation and includes, but is not limited to, any natural or juristic person being a past, present or prospective/potential client or customer of Standard Bank (Mauritius) Limited to whom We provide products and/or services whether located locally or abroad;
“Data Subject” means an identified or identifiable individual/natural person and/or juristic person whose Personal Information is being Processed by Us;
“Enquirer” means a Data Subject providing Us with Personal Information by corresponding with Us either via email and/or fills a contact form and and/or visits our web pages/ website;
“Event” means any conference, Customer event, seminar, workshop or any other event organized, hosted or sponsored by Us;
“Personal Information” means information about a Data Subject including, but not limited to information about: race, gender, sex, pregnancy, marital status, nationality, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, birth, education, medical, financial, criminal or employment history, any identifying number, symbol, e-mail, postal or physical address, telephone number, location, any online identifier, any other particular assignment of the person, biometric information, personal opinions, views or preferences of the person or the views or opinions of another individual about the person and the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person. Personal Information includes any Confidential Information;
“Other Data Subject” means any Data Subject (i) with whom We deal with or who benefits from Our corporate social responsibility funding/sponsoring and/or (ii) who attends any Event and in all cases provides Us with or whose Personal Information is being processed by Us;
“Process” means any operation or set of operations performed on Personal Information or sets of Personal Information , whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing and Processed will have a similar meaning;
“Service Provider” includes any natural or juristic person being a past, present or prospective/potential third party suppliers, vendors, agents and contractors, sub contractors, consultants whether located locally or abroad;
“Sensitive Personal Information” includes information relating to political opinions/exposure/adherence You or those closely related/associated to You may have, trade union memberships held, commission or alleged commission of an offence, any proceedings for an offence committed or alleged to have been committed by a natural person, the disposal of such proceedings or the sentence of any Court in the proceedings, racial and ethnicity originin, physical or mental health or condition, sexual orientation, practices or preferences, genetic data or biometric data uniquely identifying a natural person, disability related information or such other personal data as the Data Protection Commissioner may determine to be sensitive personal information;
“Standard Bank Group” means Standard Bank Group Limited, its subsidiaries, affiliates and associate companies of Standard Bank Group Limited;
“You/Your” means You as a Data Subject whose Personal Information We may collect, use or Process including but not limited to You as Customers , as Service Providers , as an Enquirer, or as any Other Data Subject and Your Related Parties;
“Related Party” includes, Your family members and dependents , partners, directors, employees, authorized signatories, agents, representatives, company secretaries, shareholders, beneficial owners, trustees or other controlling officials within its organization/business; and
“We/Us/Our” means Standard Bank (Mauritius) Limited.