Privacy Notice


Contents

    1    Introduction

    2    Who we are

    3    The data we collect

         3.1    Collection of personal data

         3.2    Data on minors

         3.3    Lawful basis for processing your personal data

         3.4    Collection of Non-Personal data

    4    Cookies Policy

         4.1    What is a cookie?

         4.2   Why do we use cookies?

         4.3    How are third party cookies used?

         4.4    How do I reject and delete cookies?

    5    How we use your data

    6    Disclosure of personal data

    7    International transfers

    8    Personal data security

    9    Your data protection rights

         9.1    Your right to erasure of your personal data

         9.2    Your right of access to your personal data

         9.3    Your right to rectification of your personal data

         9.4    Your right to restriction of processing

         9.5    Your right to object to processing

         9.6    Your right to data portability

    10    Withdrawal of consent

    11    Definition of personal data

    12    Amendments

    13    How to contact us

 

1   Introduction

We respect the privacy of everyone to whom we provide our services. As a result, we would like to inform you regarding the way we would use your personal data. We recommend you read this Privacy
Notice so that you understand our approach towards the use of your personal data. By submitting your personal data to us, you will be treated as having given your permission – where necessary and
appropriate – for disclosures referred to in this policy. By using this web site, you acknowledge that you have reviewed the terms of this Privacy Notice (hereafter the “Privacy Notice”) and agree that we may collect, use and transfer your personal data in accordance therewith.
This Privacy Notice englobes our Hotels operated by Tropical Paradise Co. Ltd. and Hotel Chambly Limited (hereafter referred to as “Indigo”).
This Privacy Notice shall be governed by and construed in accordance with the relevant laws. This Privacy Notice explains how we obtain, use and disclose your personal data, as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”) and the Mauritius Data
Protection Act 2017 (hereafter the “DPA”). Indigo Hotels is committed to protecting your privacy impact and to ensure that your personal data is collected and used properly, lawfully and openly.

 

2  Who we are

More than 20 years of owning and managing five unique properties has placed the Indigo Hotels at the forefront of hospitality, offering the modern day traveller a distinctive lifestyle experience. Hotel, which is a fully owned subsidiary of Tropical Paradise Co Ltd.

Furthermore, we, as data controller, are responsible for deciding how we hold and use personal data about you. We are required under the GDPR and the DPA to notify you of the information contained in this Privacy Notice.

 

3  The data we collect


3.1   Collection of personal data

We collect and process your personal data mainly to provide you with access to our services, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose and we may share the data within Indigo.

We collect data directly from employees, suppliers and clients. It includes collection of your personal details, for example when you purchase or supply a product or services to or from us or when you submit enquiries to us or contact us. Where possible, we will inform you what data you are required to provide to us and what data is optional.

The types of personal data that are collected and processed may include:

Categories of personal Data Details:
Contact details First name, surname, user name, user ID, postal address, physical
address, billing address, email address, office phone, cell phone,
fax number
Individual details Sex (male/female), photo, nationality, birth, age, language,
qualifications, employment history, marital status
Identification details Identification numbers issued by government bodies or agencies
such as your passport number, identity card number and driving \
licence number
Financial information Financial history and well-being, pay details, pension details, tax
details, bank details
Credit risk and anti-fraud details Information which you need to collect in order to assess the risk in
providing a service and provide a quote. This may include data
relating to criminal convictions, credit history, purchase history,
credit score, and information received from various anti-fraud
databases or other special categories of personal data.
Special categories of personal data Certain categories of personal data which have additional
protection under the DPA and GDPR. The categories are physical
health, mental health, ethnicity, disability, medical history,
pregnancy status, biometric information, under 16 years
records or criminal convictions.

 

3.2   Data on minors

We may collect personal data on persons under 18 years of age. This will include name, nationality and date of birth and shall be supplied o us only by a parent or guardian. We recommend that your children do not send us any personal data without your prior consent.

 

3.3   Lawful basis for processing your personal data

We only process your personal data in accordance with the data protection laws and based on a lawful ground. Depending on the purpose of processing, we may process your personal data for more than one lawful ground. Please contact our DPC, should you have any queries on the lawful basis we are relying in order to process your personal data.

What are the lawful ground we are relying to process your personal data?

Lawful basis for processing Our Activity
i. Consent Any freely given specific, informed and unambiguous
indication of your wishes with regards to processing of your
personal data, for instance we will request your consent
before collecting any sensitive information on you
ii. Contract It is where we shall process your personal data in relation to
the perfomance of a contract, for instance registration as a
client and including registration on our online booking system.
iii. Legal obligation It is where the processing is necessary in order to comply with
the law, for instance when it comes to the retention period of
your personal data, we will assess what the laws require from
us
iv. Vital interest It implies the protection of your lives, for instance asking for
personal data, such as pregnancy status and other health
information, on you before you may use our spa in order to
ensure your vital interest.
v. Legitimate interest Where the processing is necessary for our legitimate
interests, for instance where we collect data analytics to
improve our website, services and marketing activities.

 

3.4   Collection of Non-Personal data

We may automatically collect non-personal data about you such as the type of internet browsers you use or the website from which you linked to our website. We may also aggregate details which you have submitted to the site (for example, the products or services you are interested in). You cannot be identified from this data and it is only used to assist us in providing an effective service on this web site. We may from time to time supply third parties with this non-personal or aggregated data for uses in connection with this website.

 

4   Cookies Policy

Our website uses cookies to distinguish you from other users and to improve your experience when accessing this site.

 

4.1   What is a cookie?

Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

 

4.2   Why do we use cookies?

We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer. Below is a list of the cookies we use:
- Sessions Cookies
- Third Party Marketing Cookies
- Third Party Statistics Cookies

 

4.3   How are third party cookies used?

For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third party websites for data regarding their use of cookies.

 

4.4   How do I reject and delete cookies?

We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.


You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For details on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.

 

5   How we use your data

We will use your personal data only for the purposes for which it was collected or agreed with you,for instance:
To analyse the effectiveness of our advertisements, competitions and promotion;
To collect data about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your personal data so as to ensure that the site presents the best web experience for you;
• To evaluate the use of the site, products and services.
• For audit and record keeping purposes;
• For recruitment purposes;
• For credit rating;
• For monitoring and auditing site usage;
• In connection with legal proceedings;
• For marketing purposes;
• To assist with business development;
• Suggest products or services (including those of relevant third parties) which we think may be of interest to you.
• To carry out our obligations arising from any contracts entered into between you and us.
• To notify you about changes to our service.
• To respond to your queries or comments.
• To comply with legal and regulatory requirements to which we subscribe or which apply to us, or when it is otherwise allowed by law.

 

6   Disclosure of personal data

We may disclose your personal data to our business partners who are involved in the delivery of services to you. We have agreements in place to ensure that they comply with these privacy terms.

We may share your personal data with, and obtain data about you from:
• Third parties for the purposes listed above (including lawyers, bankers and auditors who provide consultancy, banking, legal and accounting services);
• Other companies in Eclosia Group for the purposes listed above when we believe it will enhance the services we can offer to you, but only where you have not objected to such sharing;
• Other third parties from whom you have chosen to receive marketing data.

We may also disclose your data:
• Where we have a duty or a right to disclose in terms of law;
• Where we believe it is necessary to protect our rights.

 

7   International transfers

The third parties to whom we may disclose your personal data may be located outside of Mauritius. Those transfers would always be made in compliance with the GDPR and the DPA.

If you would like further details of how your personal data would be protected if transferred outside of Mauritius, please contact our Data Protection Committee (hereafter the “DPC”) by referring to section 13.



8   Personal data security

We are legally obliged to provide adequate protection for the personal data we hold and to stop unauthorised access and use of personal data. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal data is secure.

Our security policies and procedures cover:
• Access to personal data;
• Computer and network security;
• Governance and regulatory issues;
• Monitoring access and usage of personal data;
• Physical security;
• Retention and disposal of data;
• Secure communications;
• Security in contracting out activities or functions

When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal data that we remain responsible for, is kept secure.

We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.

 

9   Your data protection rights

Under the GDPR/DPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

9.1    Your right to erasure of your personal data

You have the right to ask us to delete your personal data in certain circumstances:
• When we no longer need your personal data;
• If you initially consented to the use of your personal data, but have now withdrawn your consent;
• If you have objected to us using your personal data, and your interests outweigh ours;
• If we have collected or used your personal data unlawfully; and
• If we have a legal obligation to erase your data.

Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. In order to protect data from accidental or malicious destruction, when we delete data from our services we may not immediately delete residual copies from our servers or remove data from our backup systems.


9.2    Your right of access to your personal data

Your right of access to your personal data contact our DPC (refer to section 13) and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.


9.3    Your right to rectification of your personal data

You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.



9.4    Your right to restriction of processing

You have the right to ask us to limit how we use your data. If necessary, you may also stop us from deleting your data. To exercise your right to restriction, simply contact our DPC (refer to section 13), say what data you want restricted and state your reasons. You may request us to restrict processing of your personal data in the following circumstances:
• If you have contested the accuracy of your personal data, for a period to enable us verify the accuracy of the data;
• If you have made an objection to the use of your personal data;
• If we have processed your personal data unlawfully but you do want it deleted;
• If we no longer need your personal data but you want us to keep it in order to create, exercise or defend legal claims.



9.5    Your right to object to processing

You also have the right to object to us processing your personal data where your data is being used:
• For a task carried out in the public interest;
• For our legitimate interests;
• For scientific or historical research, or statistical purposes; or
• For direct marketing.

You should contact our DPC (refer to section 13) to inform that you are objecting to any more processing of your personal data and state in your objection why you believe we should stop using your data in this way. Unless we believe we have strong legitimate reasons to continue using your data in spite of your objections, we will stop processing your data as per the objection raised.

 

9.6    Your right to data portability

The right to data portability allows you to ask for transfer of your personal data from one organisation to another, or to you. The right only applies if we are processing information based on your consent or performance of a contract with you, and the processing is automated. You can exercise this right with respect to information you have given us by contacting our DPC (refer to section 13). We will ensure that your data is provided in a way that is accessible and machine- readable.

 

10    Withdrawal of consent

Furthermore, you may withdraw your consent provided to Indigo Hotels as regards to the disclosure &processing of your personal data for any particular purposes at any time. Should you avail yourself of this right, you will need to notify Indigo Hotels in writing at Caudan Waterfront, P.O Box 91, Port- Louis, Mauritius or at dpo@indigohotels.com .

If you withdraw your consent, we might not be able to provide you certain products or services and you will be informed accordingly. However, notwithstanding the withdrawal of your consent, your personal data may still be processed by Indigo Hotels in the performance of its statutory duties.

You can further opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the data and means necessary to opt out.


Please download the Data Subject Acess Request Form here.

 

11    Definition of personal data

Personal data is any data from which you can be identified and which relates to you.

 

12    Amendments

We reserve the right to make any changes to this Privacy Policy at any time. We therefore recommend that you consult it regularly and whenever you are using our websites and services.

 

13    How to contact us

We have appointed a DPC to oversee compliance with and questions in relation to this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact us using the details set out below on +(230) 202 4000 or at

dpo@indigohotels.com

You have the right to complain to with a supervisory authority if you believe we have not handled your request in an appropriate manner.

 

 

Please fill in the form to book your stay.