Voir le contenu
Privacy Policy

PRIVACY POLICY

Ce site web est la propriété de Automobiles Citroën. Il est exploité par Automobiles Citroën, société par actions simplifiée dont le siège social est situé en France, 2-10 boulevard de l’Europe 78300 Poissy, RCS Versailles B 642 050 199. Ce site web est hébergé en Europe par les services informatiques de Stellantis.

Veuillez lire attentivement cette politique avant de naviguer et d’utiliser ce site web car elle vous explique les modalités de traitement de vos données à caractère personnel. Votre navigation sur ce site web indique que vous acceptez cette politique.

1. Who are we?
Axess Limited or any subsidiary of ENL Limited, endorsing and referring to this Privacy Policy (hereinafter referred to as “ENL”, “we”, “us”), is part of the ENL Group. We act as the controller of your personal data as we determine the purposes and means of the processing of your personal data. We are registered as controller with the Data Protection Office in Mauritius.
2. Privacy Statement
We value the privacy of our data subjects and commit to protect their personal data in accordance with the Applicable Laws.
3. Applicability

This privacy policy (“Privacy Policy”) applies to any processing by us of personal data of all our natural stakeholders, including but not limited to our employees, suppliers, creditors, clients, customers, job applicants, shareholders, investors and web users (hereinafter referred to as “data subjects” or “you”).

 

We invite you to read this Privacy Policy which explains the context in which we process your personal data and explains your rights as data subjects and our obligations when we do so. Please click here to access the Glossary for the meaning of some of the terms used in this Privacy Policy.

 

This Privacy Policy should be read together with any other privacy policy or fair processing notice we may provide on specific occasions when we process your personal data so that you are fully aware of how and the purpose for which we use your personal data. This Privacy Policy supplements the other policies and notices and is not intended to override them.

  

Nous communiquons vos données à caractère personnel aux destinataires suivants pour les raisons indiquées ci-dessous :

  

A. Pour les finalités liées à l'exécution d'un contrat ou liées à des mesures pré-contractuelles prises à la demande de la personne concernée avant la conclusion d'un contrat conformément à l'art. 6(1)(b) du Règlement général sur la protection des données (RGPD)

4. How to contact us?

We have appointed a Data Protection Officer, whose duty is to provide guidance and advice to and oversee data protection compliance at ENL Limited and its subsidiaries. Should you have any questions in relation to the processing of your personal data, you may contact our Data Protection Officer as follows –

 

Data Protection Officer

ENL House

Business Park, Moka

Mauritius

Email: dataprotectionofficer@enl.mu

5. what personal datawe collect about you?

The personal data we collect include and are grouped as follows –

 

Contact Information:

Such as your first name, maiden name, last name, title, address, telephone number, mobile phone number, job title, name of employer, fax number and email address, and business information which includes identification and your relationship to a person. Address may include both business address and home address where you have provided that to us.

 

Personal Information:

Such as your date of birth or passport number, or any other identity document details, or signature (whether in ink or electronic form) to enable us to check and verify your identity.

 

Financial Data:

Such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, bank account and payment card details including security code numbers and other related billing information, as well as, where applicable, information relating to the source of funds and source of revenue.

 

Transaction Data:

Includes details about payments to and from you and other details of services you have purchased from us.

 

Technical Data (if applicable):

Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.

 

  1. the presence of COVID-19 symptoms;
  2. confirmation of the individual’s travel to a particular country;
  3. indication of any close contact that the individual may have had with persons who may (i) have visited a particular country; or (ii) be showing COVID-19 symptoms [added April 2020]
  4. whether the individual is vaccinated or not against COVID-19 [added July 2021]

 

Profile Data:

Includes your username and password, your interests, preferences, your psychometric assessment, your feedback and survey responses.

 

Usage Data:

Includes information about how you use our website and services.

 

Marketing and Communications Data:

Such as your preferences in receiving marketing from us and our third parties and your communication preferences.

 

Information collected from publicly available resources and credit agencies:

 or any other information needed to enable us to undertake a credit or other financial checks on you.

 

Location data such as your geolocation, location or tracking of your device captured through a system or network.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

 

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

 

We do not usually collect ‘sensitive personal data’ also known as Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data and any information about your criminal convictions and offences, if any).

 

In the context of coronavirus containment, relevant Special Categories of Personal Data is being collected to evaluate the risk that an individual carries the virus and to take proportionate risk-based measures. Accordingly, the information collectable from any individual could be:

 

In limited cases where we do seek to collect sensitive personal data (for example your health condition) we will do so in accordance with the Applicable Laws.

 

Personal data of children

We do not knowingly collect personal data relating to a child under 16 years unless we have obtained the parent’s or guardian’s consent. If you are a child under 16 years, please ensure you have received authorisation from your parent or guardian as we may request proof of that authorisation.

 

Third party information

If you share third party information to us, you confirm that you have obtained the necessary permission of such person to the reasonable use of their information in accordance to this Privacy Policy or as otherwise permitted for you to give us this information on their behalf.

 

It is important that the personal data we hold about you is accurate and current. Please keep us informed, if your personal data changes during your relationship with us.

6. Why we process your personal date?

We process your personal data for various purposes including:

 

  • To manage our employment relationship with you;
  • To manage our business relationship with you as client, customer, supplier, service provider or investor;
  • The use your signature (whether in ink or electronic format), where you are an authorised signatory;
  • To provide you our products and/or services and those of our Associated Companies;
  • To respond to your request, query or complaint when you fill out a ‘contact us’ form;
  • To consider your application where you have applied for a position with us;
  • To comply with any legal obligations and statutory reporting requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius or the Financial Services Commission;
  • To prevent or detect abuse of our products and/or services;
  • To confirm your identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
  • To personalise your experience on your repeated visits to our website by delivering relevant website content and advertisement to you;
  • To keep a database of customers/clients and potential customers/clients to communicate with in respect of our products and/or services and matters related thereto;
  • To enable us to carry out statistical and other analysis to provide better customer service and measure the effectiveness of our communications to you;
  • To pursue direct marketing and advertising;
  • To use data analytics to improve our website, products, services, customer/client relationships and experiences;
  • To administer and protect our businesses;
  • To ensure security and safety on our premises;
  •  To administer and protect our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • Use of photographs/image for communication regarding our business activities in the ENL Group; and
  • To fulfil such other purposes as may be related, directly or indirectly to our business activities.

We have described the purposes for which we may use your personal data. We will only use your personal data when the law allows us to and where it is necessary. The lawful bases we rely on when processing your personal data can be:

 

  1. Where you have given your consent; or
  2. The processing is necessary:
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for compliance with our legal obligations, for example any statutory reporting or record-keeping requirements towards authorities and regulators such as the Mauritius Revenue Authority, Registrar of Companies;;
  • for the pursuance of our legitimate interests or those of a third party;
  • for the purpose of historical, statistical and/or scientific research; or
  • for the establishment, exercise or defence of legal claims or proceedings

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights, freedoms and interests. Examples of such ‘legitimate interests’ are data processing activities performed: for the better running of our business; (ii) for the provision and administration and improvement of IT services and network security; (iii) for a better identification on the types of customers we have and a study on their use of our services in order to develop our marketing strategy accordingly; (iv) for the prevention fraud or crime.

 

We will process your personal data for the purposes mentioned above based on your prior consent, to the extent such consent is required under Applicable Laws.

 

If you send to us a ‘spontaneous job application’ for any future job, you may be contacted by us regarding job vacancies within the ENL Group that could be of interest to you. We do not share your job applications and associated personal data with other entities in the ENL Group without your consent unless there is another lawful ground for doing so. When applying for a position with us, whether for a specific job or as part of a spontaneous job application, we will hold onto your personal data provided to us, for future job openings (please refer to Paragraph 8 below).

 

Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data, or you fail to provide that data when requested. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Policy, in particular, we or you may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

 

We will not use your personal data for purposes that are incompatible with the purposes for which they were collected, and of which you have been informed, unless it is required or authorised by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.

 

We may process your personal data without your knowledge or consent, where this is required or permitted by law. For example, in order to prevent fraud and other illegal activity, and for verification process of any payment transaction or online payment.

 

We take cautionary measures to ensure we do not collect any personal data from you which we do not need in order to provide our products and services to you.

 

We shall pass on your personal information to our Associated Companies: i) only where you agree, so that they may offer you their products and services; or ii) where we are able to do so in accordance with Applicable Laws.

7. For how long do we store your personal data?

We only retain your personal data for as long as necessary to fulfil the purposes for which they were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 

 

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

 

 

Your information we use for marketing purposes will be kept with us until you unsubscribe or notify us that you no longer wish to receive our marketing offers or emails and request to destroy your personal information.

 

 

 

By law, we have to keep basic information about you including your Contact Data, Financial Data, and Transaction Data for ten (10) years or such number of years according the applicable laws, after you cease being our data subjects for statutory, tax and other judicial purposes.

 

 

 

Please contact us for further details on retention periods for different aspects of your personal data.

 

 

 

In some circumstances, you can ask us to erase or destroy your personal data: see Request erasure below for further information.

 

 

 

We may also anonymise your personal data (pseudonymisation) so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

8. Who the intended recipients of your personal data are?

We do not share, sell or trade your personal data with other companies outside ENL Group for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.

 

In relation to the purposes for which we collect your personal data, we may have to share your personal data to:

 

  • Our employees on a need-to-know basis;
  • Third parties such as our preferred service providers (such as IT systems suppliers and support, and other service providers) from whom we require (i) to respect the security of your personal data, and to treat it in accordance with the law, (ii) not to use your personal data for their own purposes, and (ii) only to process your personal data for specified purposes and in accordance with our instructions;
  • Our Associated Companies, for statutory or business purposes, to build up a centralised client database to better identify your needs regarding our different products and services offered across ENL Group and to share your CVs which could match positions advertised within ENL Group.
  • Our business partners such as franchisors, principals, tenants.
  • Our professional advisors that is our accountants, auditors, lawyers, insurers, and bankers;
  • Any public or enforcement authority such as The Mauritius Revenue Authority, Registrar of Companies, Stock Exchange of Mauritius Ltd, Financial Services Commission in Mauritius or such similar authorities abroad to comply with our legal obligation, or in case of a court, administrative or governmental order.
9. How do we use your personal data for security at and access to our premises?

This part explains to you how we handle and process your personal data (including location data) when such data is captured through our CCTV surveillance system and/or through our security measures on our premises.

 

 Security measures on our premises may include any one or more of the following:

 

Each visitor filling in and signing our log book (including name, contact details, time-in and time-out);

  • Issue and presentation of a visitor’s pass;
  • Swipe card access;
  • Biometric data ID validation (such as fingerprint and/or facial recognition);
  • Pin-Code access.

Such processing shall be in accordance with Applicable Laws. Personal data captured through our security measures may where necessary be shared with other property owners and/or tenants of premises that are the subject of those security measures.

 

CCTV cameras and other security devices are located at strategic points on our premises, namely at the entrances, receptions, the gates and parking to the site within which our premises are found, in common areas and in certain production areas. Signs will inform employees and visitors that CCTV cameras are in operation and who to contact for further information. If you require any information, please contact us through our Data Protection Officer.

 

Other devices namely fingerprint, and facial recognition devices will be located at the entrance to the premises and/or secured locations on the premises.

10. How we use your personal data for customer experience purposes?

We may use your personal data –

 

  • to send you customer satisfaction survey as part of the performance of the contract to assess your experience with us and how we may improve to offer you a better service in the future;
  • to send you reminders such as servicing reminders which is a continuity of service we offer when you purchase a product with us;
11. What are your rights in respect of Marketing communications?

You may object to our processing of your personal data for direct marketing purposes. You may do so by not ticking certain opt-in boxes on the forms we use to collect your personal data, or by utilising the unsubscribe link such as in e-mails we send to you, or by having your personal data removed from our database at any time by contacting us.

 

If you no longer wish to receive our latest news or marketing information, let us know by contacting us or click on the “Unsubscribe” link at the bottom of our email sent to you and you will be redirected to a confirmation page that confirms you have been unsubscribed. Upon confirmation, you will be removed from our contact list for direct marketing purposes. It may happen that you are still interested in receiving latest news or marketing information in respect of specific brands within ENL Group. If this is the case, you may also have the option to customise your choice to receive latest news and marketing information from specific (and not all) entities within the ENL Group, by contacting us through our Data Protection Officer or clicking here.

 

Note that we will retain minimum personal data (for example, personal data provided to us as a result of previous service experience) as a record that you unsubscribed and to avoid contacting you again.

12. How we collect your personal data?

We collect most of your personal data from our direct interactions with you in the course of our business, whether when you enter into an employment or business relationship with us, when you apply for a job with us, when you contact us through our contact form or by email and request information about our products, services and offers, engage with our staff for business related purposes, you sign up to receive information from us, or when you browse or use our website.

 

We may also collect information from third party sources including our Associated Companies within ENL Group, our referrals and agents, our suppliers, principals, franchisors and public authorities, public websites and social media.

 

We may also collect information via our automated IT systems.The latter may also include mobile phone applications, such as for our customers. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns, traffic data. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see how we use cookies below for further details.

 

When wanting to apply for a job with us, you will either be:

 

  • directed to register on and apply through our website platform; or 
  • directed to register on and apply through a third-party platform, subject to the terms and conditions of that platform. The said third-party will share with us or grant us access to your relevant personal data for the purposes of the specific job vacancy that you have applied for; or
  • able to submit a printed copy of your application to our office.

You may also send to us a ‘spontaneous job application’ for any future job openings.

13. How we use your personal data for Marketing purposes?

With your express consent, we may send you occasional notifications of new products and services from our company or those of ENL Group only, or important product updates, special offers and promotions. When you subscribe to receive email communications, we may track the actions you have taken regarding the emails, such as whether you opened the mail, or clicked on a specific link or your location when you opened the mail based on IP address. We may then use your Contact Data, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide, which services and promotions may be of interest for you. We may also send you marketing material where you have requested a quote or information about our product and/services, entered into a contractual relationship, participated in a competition with us or subscribing on our website.

 

We may obtain our marketing data through our direct interactions with you, through our automated technologies or through our Associated Companies.

14. Transfer of your personal data
When sharing your personal data, whether this involves transferring your personal data outside Mauritius, we ensure this is done in accordance with the Applicable laws. Kindly note that when we transfer data abroad, some countries may not have the same degree of protection under their laws, however we impose contractual obligations on the recipients of the data to ensure a similar degree of security and protection is afforded to it. For further details, please contact us through our Data Protection Officer.
15. The steps we take to protect your personal data

We maintain organisational, physical and technical security measures 

 

(i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and 

 

(ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.

 

In particular, our preventive and protective measures may include (i) the pseudonymisation and encryption of personal data; and (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

 

Unfortunately the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted over the internet. Any transmission is at your own risk.

 

We require all our service providers to have appropriate measures in place to treat your personal data securely.

 

Where we have provided you with or you have chosen a password enabling you to access a personalised area on our website, you are responsible for keeping this password confidential. We advise you not to share it with anyone.

 

We limit access to your personal data to our and our Associated Companies’ employees, agents, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

We also maintain procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

16. Your rights in respect of the processing of your personal data

Unless otherwise stated by the Applicable laws, you have the right to:

 

Request access:

To your personal data. This enables you to receive a copy of the personal data we hold about you, free of charge unless the request is excessive, and to check that we are lawfully processing it.

 

Request correction:

Of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may ask you for an identification number such as your passport number.

 

Request erasure:

Of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the Applicable Laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

 

Object to processing:

Of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing or profiling for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms or other lawful grounds (not requiring your consent, for example statutory requirements) to process your information.

 

Request restriction:

Of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it and request restriction of its use instead; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

 

Refuse to be subject to a decision based solely on automated processing:

Including profiling, which produces legal effects concerning you or significantly affects you. We shall not process your personal data in such a way as to subject you to a decision that is based solely on automated processing unless the decision: (i) is necessary for us to enter into or perform a contract with you; (ii) is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) is based on your explicit consent. Some psychometric assessments, namely in job recruitment processes, involve automated processing and profiling, but our screening and decision-making in respect of a job candidate will not be based solely on that psychometric assessment.

 

Withdraw consent:

At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out by us before you withdraw your consent. If for example, you provide your consent to publish your photograph or image in an article on our website or publicly available mediums, and subsequently withdraw your consent, it is likely that we will have a compelling legitimate interest to continue processing your photograph or image that is already being used or published prior to you withdrawing your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

 

Lodge a complaint:

At any time with the Data Protection Commissioner of Mauritius (the “Commissioner”) whose office is at Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Mauritius, by emailing any complaint to dpo@govmu.org. Where the GDPR is applicable, you have the right to lodge a complaint with the regulatory authority of the country of your residence, work place or where the data breach has occurred.

 

If you wish to exercise any of the rights set out above or need any clarification thereon, please write to our Data Protection Officer on dataprotectionofficer@enl.mu.

 

We try to respond to all legitimate requests within one (1) month. Occasionally it may take us longer than one (1) month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can lodge a complaint with the Commissioner by writing to dpo@govmu.org.                                                                                                                            

 

We would appreciate the chance to deal with your concerns before you approach the Commissioner or any other regulatory authority, so please contact us in the first instance.

17. Use of third party links to websites and programmes

All websites designed and managed by Axess and/or ENL may feature links to other sites operated by third parties websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We are not responsible for the privacy practices or the content of such websites.

 

While every precaution has been taken, we cannot ensure that a third party will not unlawfully access private details and we advise you to take all necessary precautions and suggest that you do not permit others to access your personal data. When you leave our website, we encourage you to read the privacy policy/statement of every website you visit.

19. Change to this privacy policy
This Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without notifying you, and we expect such changes to be minor. Regardless, we will communicate in our company or post on our website any changes to this Privacy Policy and, if the changes are significant, we will provide a more prominent notice (including, for certain services, publication in our company or email notification of Privacy Policy changes).
20. Revision History
Authorised changes made to this document have been summarised in the revision history as shown:
Revision ref Date Description of changes
Version 1.1 April 2020 Clause 5 amended - new paragraph
Version 1.2 July 2021

Clauses 1, 3, 5, 6, 7, 8, 9, 10 and 11 amended.

New Clause 12 added.

Newly numbered Clauses 15, 17 and 18 amended.

Version 1.2

 

Date published: July 2021

 

COPYRIGHT NOTICE AND DISCLAIMER

 

All contents featured on our website (including photos, design, codes, texts, logos and trademarks) are the sole property of [Name of Company] and cannot be used on any type of support without the prior consent of [Name of company]. Should you have any query, please do not hesitate to contact us through our website.

PICTURES, VIDEOS AND PLANS ARE PROVIDED FOR INDICATIVE PURPOSES ONLY AND ARE NON-CONTRACTUAL.