Data Privacy Policy

1. WHO WE ARE

The Mauritius Sugar Syndicate (“MSS”/”We”/”us”), set up pursuant to the Mauritius Sugar Syndicate Act 1951, is the sole organisation responsible for the marketing and export of sugar produced in Mauritius. 

The MSS has for object (i) the sale of all sugars received by it for the account of its members, all of whom are sugar producers, comprising corporate and independent sugar cane growers as well as millers, and (ii) the distribution of the proceeds of such sale after deduction of common expenses. In relation to such purpose, the MSS has the power to make regular payments  to the sugar producers.

The operations of MSS are structured into specialised departments geared to provide support services of direct relevance to its core business, namely marketing and sales, logistics and planning, finance and accounts, service assistance to producers, and also ensuring the quality, food safety and ethical compliance of the sugars supplied with international sustainability standards and relevant local legislation.

Sugar cane planters and millers, members of the MSS, can access the “Producers’ Corner” with regard to the status of payments, while clients of MSS, namely the foreign distributors of the sugars exported by MSS, can access the “Club Area” for complaints. In this connection, MSS may Process Personal Data, as defined in the Data Protection Act, 2017 (the “Act”).

The MSS is duly registered as Controller and Processor with the Data Protection Commission of Mauritius.


2. OUR PRIVACY STATEMENT

As the MSS is committed to protecting Personal Data, this Privacy Policy outlines the purpose for which we collect your Personal Data through your use of our website, including any data you may provide through our website, how we Process your Personal Data, and tells you about your privacy rights.

This Privacy Policy may be updated regularly, and any changes shall be effective when they are posted on this page. You are advised to review this Privacy Policy periodically for any changes.


3. WHAT PERSONAL DATA DO WE COLLECT

Identity Data first name, last name, company name, username or similar identifier, title and gender, Sugar Insurance Fund Board registration number.
Contact Data registered address, email address and telephone numbers.
Financial data Bank information details, account number.
Technical Data internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access our website.
Profile Data username and password, preferences, interests, feedback and survey responses.
Usage Data information about how you use our website.

4. HOW IS PERSONAL DATA COLLECTED

(i) By direct interaction, You may give us your Identity, Contact and Financial Data by filling in physical or online forms or by corresponding with us in person, by post, phone, email or otherwise. This includes Personal Data you provide when you:

·   visit the premises of the MSS for registration as planter for payment purposes;

·   supply sugar cane to the mill(s);

·   pledge your sugar cane proceeds with a bank;

·   create an account on our website;

·   request for our feedback in relation to any complaint in respect to our services;

·   request marketing information to be sent to you;

 (ii) Automated technologies or interaction, when interacting with our website, we may:

·   automatically collect Technical Data about the equipment used by you, browsing actions and patterns, traffic data;

·   collect such Personal Data by using cookies, server logs and other similar technologies;

·   receive Technical Data when visiting other websites employing our cookies.  Please see our cookies policy for further details.

(iii) Third parties or publicly available sources, such as Technical Data from the following parties:

(a) analytics providers such as Google and
(b) search information providers inside and outside Mauritius.


5. How we use your Personal Data

We will only use Personal Data when the law allows us to do so, and most commonly, in the following circumstances:

(i) where we need to perform or fulfill our obligations / responsibilities / duties in line with our business purpose;

(ii) where it is necessary for our legitimate interest (or those of a third party) and the interests and your fundamental rights as Data Subject do not override those interests; and

(iii) where we are required to comply with a legal or regulatory obligation.

We will process Personal Data based on your prior consent, to the extent such consent is mandatory under the Act, and necessary to allow us to accomplish the purposes outlined in this Privacy Policy.

6. Who the intended recipient of your Personal Data are

In relation to the purpose for which the MSS Processes Personal Data, Personal Data may be shared with:

(i) employees of the MSS, including employees of our internal audit function;
(ii) accountants, auditors, lawyers, insurers, bankers, and other external professional advisors;
(iii) third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your Personal Data, and to treat it in accordance with the law, and (ii) not to use your Personal Data for their own purposes, and (ii) only to process your Personal Data for specified purposes and in accordance with our instructions;
(iv) any public or enforcement authority in Mauritius or elsewhere, or in case of a court, administrative or governmental order to do so.

We do not share your Personal Data with any third party outside the MSS for marketing purposes.

7 .How long will we store your Personal Data

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

8. What are your rights as Data Subject

In the circumstances and under the conditions, and subject to the exceptions set out in the Act, you have the right:

(i) to access your Personal Data, for example by requesting a copy thereof;
(ii) to request correction of incomplete or inaccurate Personal Data;
(iii)  to request deletion or removal of your Personal Data for a valid reason. However, we may not always be able to comply with a request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
(iv) to object to the processing of your Personal Data for a valid reason;
(v) to request restriction of the processing of your Personal Data, for example, to request that we suspend the processing of Personal Data for a valid reason;
(vi) to request the transfer of your personal data to you or to a third party;
(vii) to withdraw your consent at any time;
(viii) to lodge a complaint at any time with the Data Protection Commissioner; or with the regulatory authority of the country of your residence, or where the data breach has occurred, as applicable.

We have put in place a Data Subject Requests Handling Procedures, and will respond to your legitimate requests within 28 days from the date of your request. Occasionally, it may take us longer if the request is particularly complex or you have made a number of requests.

In this case, we will notify you and keep you updated. Before you approach the Data Protection Commissioner or any regulator, we would appreciate the chance to deal with your concerns so please the Data Protection Officer in the first instance.

9. How we use cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

For more information about the cookies we use, please see our cookies policy.

10. How do we protect your Personal Data

We have put in place appropriate security measures to protect the integrity and confidentiality of your Personal Data. Our security measures include :

(i) pseudonymisation, Encryption;
(ii) procedure in case of breach or suspected breach of Personal Data;
(iii) disaster recovery, business continuity and resilience of processing systems and services;
(iv) access authorisation controls and password;
(v) firewalls;
(vi) restricting access on a need to know basis;
(vii) ensuring Processes of your Personal Data are conducted on our instructions.

We may enter into a data processing agreement with our service providers and ensure that as Processor, they protect your Personal Data by maintaining physical, technical and organisational security measures to prevent risk of accidental loss, misuse, unauthorized access, disclosure, destruction and alteration of Personal Data, and to protect the Personal Data from any harm that may result therefrom.

We have put in place a Data Breach Policy and will notify you and any applicable regulator of a breach where we are legally required to do so within such delay as may be prescribed, upon becoming aware of such a breach, which includes accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

To the attention of: Parweezia Thupsee
Title: Data Protection Officer.
Email: [email protected]
Phone number: +230 212 08 14