What this Notice covers

Your Island Voyage Mauritius is committed to protecting the privacy and security of your personal information.

This Privacy Notice describes how we collect and use personal information about our customer during and after the time we are providing our services to you in accordance with the General Data Protection Regulation (GDPR) and data protection legislation.

It applies to all current and former Customers.

Identity of the data controller

Your Island Voyage Mauritius is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

This notice does not form part of any contract. We may update this notice at any time.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Categories of personal data we process

We will collect, store, and use the following categories of personal information about you:

– Personal contact details such as name, title, addresses, telephone numbers, personal email addresses; date of birth; gender
– Next of kin and emergency contact information
– Bank Card details
– CCTV footage
– Photographs
– Information about your health, including any medical condition, health and sickness records and details of any disability for which we may need to make reasonable adjustments

Sources of personal data

We collect personal information about you to enable us to provide you our service, we will gather the information either directly from you or from online booking on our website.

We also collect additional personal information in the course of providing the service to you throughout the period we provide the service to you.

Our lawful bases for processing your data

We will use your personal information in the following circumstances:

  • Where we need to perform the agreement we have entered into with you.
  • Where we need to comply with a legal obligation.
  • Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests.

Our purposes for processing your data

  • Making a decision about your appointment
  • Determining the terms of the agreement and the level of service you will require
  • Liaising with third parties on your behalf such as next of kin
  • To ensure your health and wellbeing and liaising with medical team
  • Business management and planning, including accounting and auditing
  • Gathering evidence for possible investigations into alleged incidents
  • Complying with health and safety obligations
  • To prevent fraud
  • Equal opportunities monitoring
  • Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information

Security of your data

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

How we decide how long to retain your data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have the right to:

  • Request access to, and a copy of, your personal information
  • Request correction of the personal information that we hold about you
  • Request erasure of your personal information.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

If you believe the Company has not complied with your rights, you can complain to

The Data Protection Commissioner
Data Protection Office
5th Floor
SICOM Tower
Wall Street
Ebene
Email: dpo@govmu.org

What if you do not provide personal data?

If you do not provide personal data, it is likely to be impossible for the Your Island Voyage Mauritius to enter into an agreement.

Automated decision-making

The Company may make use of electronic automated decision-making systems. we would only do so in the following circumstances:

  • where we have notified you of the decision and given you 21 days to request reconsideration.
  • where it is necessary to perform the contract with you and appropriate measures are in place to safeguard your rights.
  • in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.

Employment decisions are not based solely on automated decision–making.

Changes to this Privacy Notice

The Company reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.