• Home
  • >
  • Privacy Policy

Privacy Policy

Scope

This Privacy Policy applies to personal data provided by you to any member of the SICOM Group (hereinafter referred to as ‘we’/ ‘us’/ ‘our’ as appropriate) and describes how we handle your personal data in line with the Data Protection Act 2017 (hereinafter referred to as ‘the Act’), including taking appropriate measures to ensure confidentiality and security of such data.

 

Definition

Wherever used in this Policy, the following terms will have the meaning defined in this section.

SICOM Group

 

The SICOM Group comprises the State Insurance Company of Mauritius Ltd, SICOM General Insurance Ltd and SICOM Financial Services Ltd.

Services

 

Services include the provision of advice and quotation and online facilities the processing and assessing of your application, the administration of the contract you hold with us and the handling of a claim.

Personal data Any information relating to an identified or identifiable individual.

Special categories of personal data

 

Personal data concerning an identified or identifiable individual and consisting of information such as his/her physical or mental health or conditions and criminal convictions.

 

Purpose

We will use your personal data in order to provide you with services as defined above and to comply with any legal requirements. Should we need to use your personal data for any other purpose, your consent will first be sought.

 

Information we collect

  • Information that you provide to us, or that we collect from you by filling in forms or when you upload a document on our Website/Customer Portal; information such as your name, address, telephone number, email etc
  • Details of your visits to our Website/Customer Portal and the resources and pages that you access for statistical purposes and for measuring site activity to improve usefulness of customer visits
  • Information provided when you communicate with us.

We may also need to collect special categories of personal data concerning you that would be necessary for us to process your application.

If you do not provide all of the requested information, we may not be able to provide our services to you.

We shall not collect more details than is necessary for the services stated above. 

 

Disclosure of personal data

Access to your personal data is limited to those persons whom we reasonably believe need to use that data in order to provide you with the service you requested.

Where disclosure is required by law or in connection with legal proceedings, we shall have to disclose your personal data to relevant governing and regulatory bodies.

In addition, in order to deliver the services described above, we may have to share your personal data with specific third parties such as sub-contractors, service providers, intermediaries, surveyors, reinsurers, other insurers, off-site security storage providers and website hosts, whether in Mauritius or in another country.

Where your personal data, including any special category of your personal data, needs to be shared, this will be done under a duty of confidentiality on the third parties concerned.

 

Accuracy of personal data

We will take all reasonable precautions to ensure accuracy of your personal data.  Upon notification by you of any update in your personal data held by us, we shall, as soon as reasonably possible, take the necessary steps to rectify such data.

Should there be any changes in your personal data, please notify us in due course in order for us to update our records and ensure accuracy of your personal data at all times.

 

Period for which personal data will be retained

We will not retain your personal data for longer than is necessary for the purpose of the contract you hold with us.  However, in some circumstances, it may be necessary for us to keep your personal data for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.

In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.

 

Data storage and transfers

In order to deliver the service you requested, we may have to transfer/store your personal data outside Mauritius, e.g. When you complete and submit online forms on our Website or upon your registration on our Customer Portal, your personal data will be stored overseas or in the Cloud outside Mauritius where the servers are hosted.  We shall at all times ensure that this is done in compliance with the Act, including obtaining your consent where deemed necessary.

 

Protection of personal data

We have in place appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of your personal data that is provided to us.

However, the transmission of information via the internet is not completely secure and, therefore we cannot guarantee the security of data sent to us electronically and the transmission of such data is thus entirely at your own risk.  Where we have given you or where you have chosen a password so that you can access your account, you are responsible for keeping that password confidential.

In the case of a personal data breach which is likely to result in a high risk to your rights and freedoms, we shall communicate such breach to you as soon as reasonably possible.


 

Payment Procedures

If you are effecting an online payment through our Website / - Customer Portal, you will be required to input your card details on a bank’s payment gateway, which is a secured platform for processing and approval.

You will be redirected from our Website/Customer Portal to the bank’s payment page/gateway that collects card information (whereby the cardholder shall input his/her card details) and the bank’s gateway shall send a message back to the Website / Customer Portal (landing page) showing if the payment was successful or not.  Both our Website/Customer Portal and the bank’s payment Site use encrypted Secure Socket Layer connections to keep all information secure.

 

Job applicants

If you are a job seeker and sending your job application to us, we will collect and hold your information, including information you provide to us in your application, or provided to us by recruitment agencies, as well as information on you from any referees you provide.

We use this as necessary to enter into an employment contract with you, and for our legitimate interests in evaluating candidates and recording our recruitment activities, and as necessary to exercise and perform our employment law obligations.

If you are successful in your application, your information will be used and kept in accordance with our internal policies.  If you are not successful in your application, your information will be held for up to 12 months after the relevant round of recruitment has finished, in order to notify you of any future vacancies within the SICOM Group which we think may be of interest to you.

If you are listed as a referee by an applicant, we will hold your name, contact details, professional information about you (such as your employer and job title) and details of your relationship with the applicant.  We will use this information as necessary for our legitimate interests in evaluating candidates and as necessary to exercise and perform our employment law obligations and rights.  Your information will be kept alongside the applicant’s information.

If you are listed as an emergency contact by someone who is employed by us, we will hold your name, contact details and details of your relationship with that employee.  We will use this to contact you as necessary to carry out our obligations under employment law, to protect the vital interests of that employee, and for our legitimate interests in administering our relationship with that employee.  Your information will be kept until it is updated by that employee, or we no longer need to contact that employee after they have stopped working for us.

 

Personal data of third party

If, in the course of your relationship with us, you submit to us the personal data of another person, we shall assume that you have obtained the prior explicit authorisation of that person, e.g. consent of parent or guardian required for child below the age of 16 years, including for the transfer/storage of his/her personal data overseas or in the Cloud outside Mauritius where the servers are hosted.

 

Cookies

Cookies are small text files which are transferred from our Website/Customer Portal and stored on your device.  We use cookies to help us provide you with a personalised service, and to help make our Website/Customer Portal better for you.

Our cookies may be session cookies (temporary cookies that identify and track users within our Website/Customer Portal which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our Website/Customer Portal  to ‘remember’ who you are and to remember your preferences within our Website/Customer Portal and which will stay on your computer or device after you close your browser or leave your session in the application or service).

You may be able to configure your browser or our website/Customer Portal to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our Website/Customer Portal.

 

Third party links

You might find links to third party websites on our Website / Customer Portal.  These websites should have their own privacy policies which you should check before interacting with them.   We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

 

Marketing

We will only contact you for marketing purposes with your consent.  You will always have the right to ‘opt out’ of receiving our marketing materials.  You can exercise the right at any time by contacting us at compliance@sicom.intnet.mu.  If we send you any marketing emails, we will always provide an unsubscribe option to allow you to opt out of any further marketing emails.

If you ‘opt-out’ of our marketing materials, you will be added to our suppression list to ensure we do not accidentally send you further marketing.  Where you unsubscribe from any postal marketing, you may initially still receive some content which has already been printed or sent, but we will remove you from any future campaigns.  We may still need to contact you for administrative or operational purposes, but we will make sure that those communications do not include direct marketing.

We never share your name or contact details with third parties for marketing purposes.  We do use third party service providers to send out our marketing, but we only allow them to use that information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

 

Your rights

The Act gives you a number of rights when it comes to personal data we hold about you.  The key rights, as applicable and subject to our legal obligations, are set out below:

  • Request access to your personal data - this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.  You will not have to pay a fee to access your personal data.  However, we may charge a reasonable fee if your request for access is excessive.  Alternatively, we may refuse to comply with the request in such circumstances.
  • Request rectification of your personal data - this enables you to have any incomplete or inaccurate information we hold about you rectified.
  • Request restriction of processing of your personal data - this enables you to ask us to suspend the processing of your personal data, e.g. if you want us to establish its accuracy or the reason for processing it.
  • Request erasure of your personal data - this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, however we may need to continue using your personal data to comply with our legal obligations.  You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a legitimate basis for doing so which overrides your rights, interests and freedoms (e.g. we may need it to defend a legal claim).  You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Withdraw consent - in the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we have another legitimate interest in doing so.
  • Object to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
  • Lodge a complaint - if you think that we are using your personal data in a way which breaches data protection law, you have the right to lodge a complaint with the Data Protection Officer.

 

If you want to make any of the above requests, please contact us at compliance@sicom.intnet.mu.  We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information.

We will respond to your request as soon as we can.  Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.

 

Maintenance of this Policy

We may change this Policy as and when required.  Such changes will be posted on this page and, where appropriate, notified to you by email or otherwise.  Please check back frequently to see any updates or changes to this Policy.

 

Contacting us

If you have any questions regarding this Policy, please contact us at compliance@sicom.intnet.mu.