WEBSITE PRIVACY NOTICE

 

1. Introduction

• • • This website is owned and maintained by JurisTax Holdings Ltd. The hosting is done by Woho Solutions.
    • JurisTax is committed to safeguarding the privacy of its website visitors, physical site visitors, prospects, customers, service providers and their representatives.
    • As a result, we would like to inform you regarding the way we would use your personal data, as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”) and the Data Protection Act 2017 (hereafter the “DPA”), where applicable. We recommend you read this Privacy Notice so that you understand our approach towards the use of your personal data. 
    • Our Privacy Notice sets out the types of personal data we collect, how we collect and process that data, who we may share this information with and the rights you have in this respect.  
    • This notice applies where we are acting as a data controller with respect to the personal data of our website visitors, physical site visitors, prospects, customers, service providers and their representatives, among others. As data controller, we determine the purposes and means of the processing of that personal data. We also comply with our obligations as a data processor under the GDPR and the DPA, where applicable.  
    • For those interested in a career with JurisTax, we have developed a specific Group Recruitment Privacy Notice which should be read in addition to this notice and can also be found when you apply for a job on our website.
    • By using our website, you acknowledge that you have read and understood the terms of this Privacy Notice.  
    • In this notice, JurisTax refers to JurisTax Holdings Ltd, including its subsidiaries and affiliates (also referred to as “we”, “us” and “our”).

 

2. Who we are

• • • JurisTax is made up of different legal entities, details of which can be found below:

Company Name

Company Number

Registered Address

JurisTax Holdings Ltd

C151277

Level 3, Ebene House, 33 Hotel Avenue, Cybercity, Ebene, 72201, Republic of Mauritius

JurisTax Ltd

C080123

JT Outsourcing Ltd

C151437

JurisTax Services Ltd

C119730

JurisTax (Rwanda) Ltd

108203364

Muhima, Nyarugenge

Umujyi wa Kigali

Rwanda

JurisTax MENA FZ – LLC

0000004031618

T112-1-8
RAKEZ Amenity Center

Al Hamra Industrial Zone-FZ

RAK, United Arab Emirates

• JurisTax entities specialise in a range of multijurisdictional corporate, fiduciary, fund, advisory and training services.
• This notice does not cover the AFRICAN INSTITUTE OF TRAINING & DEVELOPMENT (AITD) Ltd, one of our subsidiaries in Rwanda. For more details on how JurisTax Holdings Ltd and its entities collects and processes your information, visit www.aitd.education.

 

3. Personal data we may collect about you  

• • • • Personal data is any data from which you can be identified and which relates to you. 
      • The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose. 
      • We may collect your personal data in the following ways:  
        • • • When you give it to us directly for e.g. you use any of our services, you provide or offer to provide services to us, you correspond with us and provide us with your information, you visit our premises or your enrol in our webinar sessions.
            • When we obtain it indirectly for e.g. information is shared with us by third parties. In such a case, the third party must confirm that you have consented to the disclosure of your personal data to us.
            • When it is available publicly for e.g. depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook or LinkedIn).
      • The types of personal data that are collected and processed may include:
        Categories of Personal Data
        Details
        Contact details
        
        First name, surname, aliases, current and permanent address, email address, office phone number, mobile number, fax number
        
        Individual details
        
        Gender, nationality, date of birth, age, language, marital status, photograph
        
        National identification details
        
        Passport number, identity card number, driving license number
        
        Educational and professional background
        
        CV, academic and professional qualifications, employment history
        
        Financial information
        
        Source of wealth and funds, financial history and well-being, pay details, bank details, pension plans
        
        Physical security information
        
        CCTV footage, information recorded in our visitors’ logbook including organisation name, date and time of visit
        
        Risk and anti-fraud details
        
        Information which we need to collect in order to assess the risk in providing a product/service and provide a quote. This may include sanctions and criminal offences, and information received from due diligence databases relating to you
        
        Special categories of personal data
        
        Certain categories of personal data which have additional protection under the GDPR and the DPA. The categories are criminal convictions
        
        Other
        
        Other due diligence information gathered from searching information in the public domain including the internet and social media

4. Pixels

• We use pixels on our website.

 

5. How we use your personal data

• JurisTax will only use your personal data for the purposes for which it was collected or agreed with you. We will not use your personal data for any automated individual decision making which will have a significant impact on you.
• We have set out below the legal basis of processing for each purpose. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data.
  • • • Purpose of processing
        Legal basis
        For the purposes of assessing the risk in providing a product or service and performing customer due diligence
        
        For compliance with a legal obligation to which we are subject to, such as money laundering and terrorist financing
        
        For the purposes of offering and selling relevant services to you
        
        Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
        
        Legitimate interests, namely the proper administration of services
        
        For procurement and invoicing purposes
        
        Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract
        
        For the purposes of audit and record keeping
        
        For compliance with a legal obligation to which we are subject to
        
        For the purpose of monitoring compliance with our policies and standards
        
        For compliance with a legal obligation to which we are subject to, such as money laundering and terrorist financing, internal audits.
        
        Legitimate interests, namely of monitoring and improving our business and services
        
        For the purposes of managing our relationships with customers, communicating with customers and keeping records of those communications
        
        Legitimate interests, namely for the proper management of our customer relationships
        
        For the purposes of confirming and verifying your identify when you request to access, rectify, restrict or delete the information we hold on you
        
        For compliance with a legal obligation to which we are subject to, that is, to verify the identity of a data subject who requests access
        
        For the purposes of replying to any requests, complaints, comment or enquiries you submit to us regarding our services and notifying you about changes to our service
        
        Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
        
        Legitimate interests namely for proper administration of our business and communication with you
        
        For the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice
        
        Legitimate interests, namely the proper protection of our business against risks
        
        For collecting and recovering money or additional charges owed to us
        
        Legitimate interests, namely to recover debts due to us
        
        For the purposes of ensuring the security of our website and services and maintaining back-ups of our database
        
        Legitimate interests, namely the proper administration of our website and business
        
        For the purposes of direct marketing with our business contacts/existing customers  such as sending emails and text messages, collecting contact details from business cards, providing similar products or services in the context of a customer relationship interests, namely promoting our business and communicating marketing messages and offers to our business contacts and existing customers
        
        For the purposes of marketing goods and/or services which may be of interest to you (including third party suppliers of goods and services identified on our website)
        
        Consent
        For the purposes of subscribing to our email notifications or newsletters
        
        Consent
        – Processing CCTV footage captured on our premises for the purposes of:
        – protecting our premises and property,
        – protecting your personal safety when you are on our premisses
        –  identifying any misconduct or disciplinary infringements in our compound,
        – assisting in providing evidence for such misconduct,
        – for investigating, detecting or preventing crime, and
        – for apprehending and prosecuting offenders.
        
        Legitimate interests of ensuring physical security and proper conduct on our premises
        
        
• In addition to the above-mentioned specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in connection with legal proceedings.  

 

6. Disclosure of personal data 

1. We may need to share your personal data with third parties which assist us in fulfilling our responsibilities regarding our business relationship with you and for the purposes listed above. JurisTax may disclose your personal data to the following third parties: 
   • We may disclose your personal data to another member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this notice. 
   • We may also make certain personal data available to third party service providers and agents who provide services to us. When we share with these third parties, we do so on a need-to-know basis and under clear contractual terms and instructions for the processing of your personal data. 
   • We may also make certain personal data available to third party companies that provide us due diligence and financial crime screening database, such as World-Check.
   • We may also be required to disclose your personal data to other third parties such as lawyers, bankers, consultants, insurers, auditors as well as public and government authorities for purposes mentioned in Section 5 or where:
     • • • We have a duty or a right to disclose in terms of law or for national security and/or law enforcement purposes;
         • We believe it is necessary to protect our rights; 
         • We need to protect the rights, property or personal safety of any member of the public or a customer of our company or the interests of our company; or
         • You have given your consent.
2. We require our service providers and other third parties to keep your personal data confidential and that they only use the personal data in furtherance of the specific purpose for which it was disclosed. We have written agreements in place with our processors to ensure that they comply with these privacy terms.

 

7. International transfers

• JurisTax entities established in Mauritius do not transfer personal data outside Mauritius. JurisTax entities established outside Mauritius may transfer certain personal information to JurisTax entities in Mauritius in accordance with applicable law. If we transfer your personal data across geographical borders to JurisTax entities in other countries working on our behalf, we will ensure that there are appropriate safeguards in place with regard to the protection of your personal data. 
• Those transfers would always be made in compliance with the GDPR and the DPA, where applicable. Data transfers do not change any of our commitments to safeguard your privacy and your personal data remains subject to existing confidentiality obligations. 

 

8. Personal data security

• We are legally obliged to provide adequate protection for the personal data we hold. We have put in place appropriate security measures to prevent your personal data from being subject to any accidental or unlawful destruction, loss, alteration, and any unauthorised disclosure or access. 
• We have also put in place procedures to deal with any suspected data security breach and will notify you and the Data Protection Office of a suspected breach where we are legally required to do so.
• Our security policies and procedures cover:
  • • • • Access to personal data
        • Encryption
        • Computer and network security
        • Backup of data
        • Incident management
        • Use and misuse of IT assets
        • Physical security
        •  Protection of physical records
• When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal data that we remain responsible for is kept secure. 
• We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.

 

9. Your data protection rights

Under the GDPR and the DPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

1. Your right to erasure of your personal data
   You have the right to ask us to delete your personal data in certain circumstances:
   • • • • When we no longer need your personal data;
         • If you initially consented to the use of your personal data, but have now withdrawn your consent; 
         • If you have objected to us using your personal data, and your interests outweigh ours;
         • If we have collected or used your personal data unlawfully; and
         • If we have a legal obligation to erase your data.
           
           Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. Upon the determined expiry date, we will securely destroy your personal data. Retention periods are indicated in Annex A’s Group Records Retention and Disposal Schedule. When we delete data from our servers, no residual copies remain on our servers. Data is back up on tapes and are put beyond use in a secured offsite storage location with limited access. The data which are held within our back up tapes are not used for any other purpose. The data contain in back-ups will only be deleted at a later time in line with an established retention schedule.

 

1. Your right of access to your personal data 
   You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Group Data Protection Officer (refer to Section 11) and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data. 
   You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
2. Your right to rectification of your personal data 
   You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes, we need to be aware of.
3. Your right to restriction of processing
   You have the right to ask us to limit how we use your data. If necessary, you may also stop us from deleting your data. To exercise your right to restriction, simply contact our Group Data Protection Officer (refer to Section 11), say what data you want restricted and state your reasons. You may request us to restrict processing of your personal data in the following circumstances:
   • • • If you have contested the accuracy of your personal data, for a period to enable us to verify the accuracy of the data;
       • If you have made an objection to the use of your personal data;
       • If we have processed your personal data unlawfully but you do want it deleted; 
       • If we no longer need your personal data but you want us to keep it in order to create, exercise or defend legal claims.
4. Your right to object to processing
   You also have the right to object to us processing your personal data where your data is being used:
   • • • For a task carried out in the public interest;
       • For our legitimate interests;For scientific or historical research, or statistical purposes; or 
       • For direct marketing.
         
         Among the above, we currently process personal data for our legitimate interests and direct marketing. You should contact our Group Data Protection Officer (refer to Section 11) to inform that you are objecting to any more processing of your personal data and state in your objection why you believe we should stop using your data in this way. Unless we believe we have strong legitimate reasons to continue using your data in spite of your objections, we will stop processing your data as per the objection raised.
         
         
5. Your right to data portability
   The right to data portability allows you to ask for transfer of your personal data from one organisation to another, or to you. The right only applies if we are processing information based on your consent or performance of a contract with you, and the processing is automated. You can exercise this right with respect to information you have given us by contacting our Group Data Protection officer (refer to Section 11). We will ensure that your data is provided in a way that is accessible and machine-readable.
6. Your right to withdraw consent
   To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
   If you wish to exercise any of the rights set out above, please contact our Group Data Protection Officer (refer to Section 11).

 

10. Changes to this privacy notice

1. We keep our privacy notice under regular review. We reserve the right to change our privacy notice at any time thus we encourage you to periodically review this notice to be informed of how we are using and protecting your personal data. We will notify you of significant changes by email or through automatic pop-ups on our website. This version was last updated on 22nd July 2021.

 

11. Contact details

1. The primary point of contact for questions relating to this privacy notice, including any requests to exercise your legal rights, is our Group Data Protection Officer who can be contacted:
   • • • by post, to Level 3, Ebene House, 33 Hotel Avenue, Cybercity, Ebene, 72201, Republic of Mauritius;
       • using our website contact form;
       • by telephone, on 465 5526; or
       • by email, at dpo@juristax.com.
2. If you believe we have not handled your request in an appropriate manner, you have the right to complain to the Data Protection Office at dpo@govmu.org.

 

ANNEX A: GROUP RECORDS RETENTION AND DISPOSAL SCHEDULE

As a general rule, the maximum retention period is at least 7 years for the JurisTax entities in Mauritius, 10 years for the JurisTax entity in Rwanda and at least 7 years for the JurisTax entity in UAE.

The tables below set specific retention requirements:

Categories of Personal Data

Purpose of processing

Retention period

Mauritius

Rwanda

UAE

Contact details

Individual details

National identification details

Educational and professional background

Financial information

Risk and anti-fraud details

Special category of personal data (namely criminal convictions)

Customer due diligence

Monitoring compliance

At least 7 years from date of completion of a transaction or termination of business relationship

10 years from date of completion of a transaction or termination of business relationship

At least 7 years from ceasing to be the registered agent of that body corporate and the date of that body corporate’s winding up, striking off or liquidation

Contact details

Individual details

National identification details

Financial information

Offering and selling relevant services

Communication with customers

At least 7 years after termination of contract

10 years after termination of contract

At least 7 years after termination of contract

Contact details

Direct marketing to potential customers

1 year post-campaign

Contact details

Direct marketing with business contacts and existing customers

At least 7 years after termination of contract

10 years after termination of contract

At least 7 years after termination of contract

Contact details

Subscription to newsletters and email updates

Immediately on subscription database after withdrawal of consent

Immediately on subscription database after withdrawal of consent

Immediately on subscription database after withdrawal of consent

Contact details

National identification details

Data Subject Access Requests

2 years after the Data Subject Access Request has been closed

Financial information

Invoicing to service providers and customers

At least 7 years after termination of contract

10 years after termination of contract

At least 7 years after termination of contract

CCTV footage

Security

Identifying disciplinary infringement

Investigation, detection & prevention of crime

4 Weeks after CCTV recording

Not applicable

Not applicable