Privacy Policy

Introduction

We thank you for the interest you have shown in our company. CABSIS Consulting Ltd pays particular attention to the protection of your data, which has been above all else the core of its profession for many years. You can use the CABSIS Consulting Ltd website without providing personal data. However, the processing of personal data may be necessary for anyone wishing to use specific products and services offered by our company from our website. If the processing of personal data is required and there is no legal basis for such processing, we generally ask the consent of the data subject.
Protection Regulation (GDPR) and the 2017 Mauritian Data Protection Act as it applies to CABSIS Consulting Ltd. Through this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use, and process. In addition, this privacy policy makes it possible to inform data subjects of their rights.
CABSIS Consulting Ltd, as data controller, has taken extensive technical and organizational measures aimed at ensuring the most secure protection possible of personal data processed on this site. The transmission of data over the Internet can, however, by its nature, present security vulnerabilities of such a nature that absolute protection can not be guaranteed. Because of this, data subjects may elect to communicate their personal data to us through different means, such as by telephone for example.
CABSIS Consulting Ltd stores all personal data in electronic format on servers located in France and Mauritius. The data is only transferred to another country by CABSIS Consulting Ltd in case of absolute necessity for the provision of service, and provided that the country concerned provides a sufficient level of protection compared to France. If data protection provisions are not equivalent, CABSIS Consulting Ltd enters into a "data processing contract" with the provider in question.
The provisions of this Privacy Policy and the Law in force in Mauritius regarding data protection are applicable to the transfer of personal data within CABSIS Consulting Ltd, but CABSIS Consulting Ltd is not required to obtain consent for such transfer.

Article 1 - Definitions

The CABSIS Consulting Ltd Privacy Policy is based on the terminology used by the European legislature and regulatory authority upon the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the general public as well as for our clients and business partners. This is why we wish to first explain the terminology used.
In particular, we use the following terms within the framework of this privacy policy:

a) Personal data: "Personal data" means any information relating to an identified or identifiable natural person (herein referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject: The term "data subject" refers an identified or identifiable natural person whose personal data is processed by the controller.
c) Processing: "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing: "Restriction to processing" means the marking of stored personal data with the aim of limiting its processing in the future.
e) Profiling: "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation: "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller: "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor: "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient: "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party: "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent: "Consent" means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Article 2 - Name and address of the controller

We thank you for any questions, comments and inquiries you may have regarding this privacy policy and the processing we apply to your personal data. You can contact our data protection officer by sending an email to

This email address is being protected from spambots. You need JavaScript enabled to view it.

CABSIS Consulting Ltd
109 rue des Pailles en Queue
Blue Bay 50802
Phone (230) 631 9417
Phone (33) 9 7229 858

Article 3 - Information you provide to us

This is the information about you that you send to us by:

filling out forms on our website (or any other form we ask you to fill out),
handing out a business card (or similar),
corresponding with us by phone, mail, email or other medium of communication.

This may, for example, include your last name, first name, postal address, e-mail address, and phone number, information about your business relationship with CABSIS Consulting Ltd, or any information about your position, your career, or your professional interests.

Article 4 - Other information

We may also collect information from other sources such as:

If we have a professional relationship with the organization you represent, your colleagues or other sales representative may provide us with information about you, such as your contact information or details about your role in the business relationship.
Sometimes we collect information from third parties or publicly available sources in the context of anti-money-laundering, background checks, or other similar purposes, in order to protect our business and meet our legal and regulatory obligations.

Article 5 - Cookies

The pages on our website use cookies. Consult our Cookie Management policy.

Article 6 - Collection of general data and information

The CABSIS Consulting Ltd website collects a set of data and general information whenever the website is visited by a data subject or an automated system. This data and general information is stored in the server log files. Cookies can collect
(1) the type and version of web browser used,
(2) the operating system used by the access terminal,
(3) the Internet page from which an access terminal has arrived at our site (its reference URL),
(4) sub-sites accessible via an access terminal from our website,
(5) the date and time the website is viewed,
(6) the Internet Protocol (IP) address,
(7) the Internet access provider of the access terminal, and
(8) any other similar data and information used in the case of an attack on our computer systems.

General data and information is not used by CABSIS Consulting Ltd for the purpose of profiling the data subject. This information is required
(1) for the content of our website to be displayed correctly,
(2) to optimize the contents of our website and their promotion
(3) to ensure the continued functioning of our systems and our website's technology, and
(4) to provide the judicial authorities with necessary information for a criminal procedure in case of cyber attack.
This anonymously collected data and information is thus assessed statistically and thoroughly by CABSIS Consulting Ltd in order to increase data protection and security within our company and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.

Article 7 - Contacting us via the website

In accordance with legal provisions, the CABSIS Consulting Ltd website contains references, such as a general email address. This makes it possible for users to contact us directly and more quickly. If a data subject contacts the controller by e-mail or via a contact form, the personal data provided by the data subject will be stored automatically. This personal data, voluntarily transmitted by the data subject to the controller, is stored for the purpose of processing or contacting the data subject. This personal data is not subject to being transferred to third parties.

Article 8 - Registering on our website

The data subject may choose to register on the controller's website and provide personal data. The personal data submitted to the controller is derived from each of the data entry forms used during the registration process. The personal data entered by the data subject is collected and stored by the controller solely for the controller's internal use and own needs. The controller may initiate the transfer of personal data to one or more processors, for example a messaging service, which may also use the personal data solely for internal use, and which use is attributable to the controller.
When registering on the controller's website, the IP address assigned to the data subject by the Internet Service Provider (ISP), as well as the date and time of registration, are stored. This data is recorded in order to prevent misuse of our services and, if need be, to provide evidence of offenses committed. In this context, storing of this data is necessary to protect the controller. In general, this data is not subject to being transferred to third parties except if the legislation in force obliges it to be transmitted or disclosed.
The registration of the data subject, using personal data provided voluntarily to the controller, enables the controller to provide the data subject with content or services which, by their nature, can be offered only to registered users. Registrants are free at any time to modify personal data provided at registration or to have it deleted entirely from the controller's database.
Data subjects may at any time and upon request obtain from the controller the personal data stored concerning them. In addition, the data controller shall correct or delete the personal data at the request or simple wish of the data subject, insofar as this does not contravene legal conservation obligations. All members of the controller's staff are, in this context, interlocutors at the data subject's disposal.

Article 9 - Use of Google Analytics

Google Analytics uses cookies and generally stores them outside the EU / EFTA area. Google uses this information to evaluate the use of the CABSIS Consulting Ltd website and to compile website activity and internet usage reports. In addition, Google transmits this information by its own terms to third parties, either if required by law or if third parties are in charge of processing such data on behalf of Google. The IP address transmitted by your browser as part of Google Analytics will not be linked to other Google data. Users can prevent the registration of cookies (see "Cookies"). In addition, users may prevent the transmission to Google of the data generated by the cookie and by their use of the website (including the IP address) as well as the processing of such data by Google.

Simply download and install the available browser module for Microsoft Internet Explorer 11, Chrome, Mozilla Firefox, Apple Safari, or Opera.

Article 10 - Use of Social Plugins

The plugins of social networks, which are operated exclusively by Facebook, Twitter and LinkedIn, are each recognizable by the logo of the respective social network. When viewing a website that incorporates one or more of the aforementioned plugins, the browser establishes a direct connection to the server of the social network. The content of the button is then directly transferred from the social network to your Internet browser, which integrates it into the website visited. By integrating the button, the social network receives information signaling that the corresponding website has been consulted. If the user is connected to the social network at the time of the visit, the social network can associate the visit to the user's account. By clicking on a button, the corresponding information is transmitted directly by the browser to the social network and saved there. The purpose and scope of data collection, subsequent processing and use of data by the social networks, and the corresponding rights of the user and setting options to protect the privacy of the user can be found in the privacy policy of the social network. The user can prevent the social network from collecting data on the sites visited by disconnecting from it before visiting the website.

Article 11 - Rights of the data subject

If you wish to exercise any of the following rights, please contact us as described in paragraph 3.
You can also file a complaint about the processing of your personal data with the Data Protection Office.

a) Right of confirmation

Any data subject has the right, introduced by the European legislature and the regulatory authority, to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. If a data subject wishes to make use of this right of confirmation, he or she may at any time contact an employee of the controller.

b) Right to information

Any data subject concerned by the processing of personal data has the right, guaranteed by the European legislature and the regulatory authority, to obtain from the controller, at any time and free of charge, information on personal data recorded about him or her as well as a copy of such information. In addition, the European legislature and the regulatory authority have granted the data subject the right to obtain information about the following subjects:

the purposes of processing
the categories of personal data concerned
the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations
if possible, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period
the existence of the right to request from the controller the rectification or erasure of personal data or the restriction of processing of personal data concerning the data subject, or the right to object to such processing
the right to lodge a complaint with a supervisory authority
when the personal data is not collected from the data subject, any available information as to the source
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
In addition, the data subject has a right of access concerning the possible transmission of his or her personal data to a third country or an international organization. If such is the case, the data subject has the right to obtain information on the appropriate guarantees with respect to this transfer.

If a data subject wishes to make use of this right to information, he or she may at any time contact an employee of the controller.

c) Right to rectification

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, to obtain immediate rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to make use of this right of rectification, he or she may at any time contact an employee of the controller.

d) Right to erasure ("right to be forgotten")

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, to obtain from the controller immediate erasure of personal data concerning him or her, unless one of the following reasons is fulfilled, and to the extent that processing is not necessary:

the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no compelling legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR
the personal data has been unlawfully processed
the personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
the personal data has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR
If one of the above reasons is fulfilled and a data subject wishes to obtain the deletion of personal data held by CABSIS Consulting Ltd, he or she may at any time contact an employee of the controller. The CABSIS Consulting Ltd employee will make provisions so that the request for erasure will be fulfilled immediately.

When CABSIS Consulting Ltd has made personal data public, if our company takes steps in its position as manager and in accordance with Article 17, paragraph 1 to delete said data, then CABSIS Consulting Ltd will take reasonable measures, including technical ones, and taking into account technologies available and cost of implementation, to inform the controllers who process such personal data that the data subject requested the deletion by those controllers of any link to such personal data, or any copy or reproduction thereof, to the extent that such processing is necessary.
The employee of CABSIS Consulting Ltd will make the necessary arrangements on a case by case basis.

e) Right to restriction of processing

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
the data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Insofar as any of the above applies and a data subject wishes to obtain the restriction of personal data registered with CABSIS Consulting Ltd, he or she may at any time contact an employee of the controller. The employee of CABSIS Consulting Ltd will take steps to limit the processing.

f) Right to data portability

Any data subject concerned by the treatment of personal data has the right, conferred by the European legislature and regulatory authority, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where: the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, to the extent that the processing is necessary for the performance of a mission of public interest or in the exercise of official authority vested in the controller.
In addition, the data subject concerned by the exercise of his right to portability of data pursuant to Article 20(1) of the GDPR shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible, and provided that right does not adversely affect the rights and freedoms of others.
In order to assert his or her right to the portability of data, the data subject may at any time contact an employee of CABSIS Consulting Ltd.

g) Right of opposition

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.
CABSIS Consulting Ltd shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of rights in court.
Where personal data is processed by CABSIS Consulting Ltd for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing by CABSIS Consulting Ltd for direct marketing purposes, the personal data shall no longer be processed for such purposes by CABSIS Consulting Ltd.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, has the right to object to processing of personal data concerning him or her, unless the processing by CABSIS Consulting Ltd is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise his or her right of opposition, the data subject may directly contact any employee of CABSIS Consulting Ltd. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Automated individual decision-making, including profiling

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This does not apply if the decision

(1) is necessary for entering into, or performance of, a contract between the data subject and a data controller; or

(2) ) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests; or

(3) is based on the data subject's explicit consent.

If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and a data controller or is based on the explicit consent of the data subject, CABSIS Consulting Ltd shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. If a data subject wishes to make use of this right relative to automated individual decision-making, he or she can at any time contact an employee of the controller.

i) Right to revoke consent to the processing of personal data

Any data subject concerned by the processing of personal data has the right, conferred by the European legislature and the regulatory authority, to revoke at any time his or her consent to the processing of personal data.
If the data subject wishes to assert his right to revoke consent, he or she may at any time contact an employee of the controller.

Article 12 - Data protection in applications and in the processing of applications

The controller collects and processes personal data of applicants for the purpose of processing applications. Processing can also be done electronically. This is especially the case if an applicant electronically submits to the controller documents corresponding to the application, for example by e-mail or via an attachment form available on the website. If the controller concludes a work contract with a candidate, the transmitted data will be stored for the purpose of executing the employment relationship in accordance with legal requirements. If no contract of employment is concluded with the applicant by the controller, the requested documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion causes the exclusion of other legitimate interests of the controller.

Article 13 - Legitimate grounds for processing

Our company uses point (a) of Article 6(1) of the GDPR as a legitimate basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, in the context of processing operations requiring the delivery of goods or the provision of any benefit or service, the processing is based on point (b) of Article 6(1) of the GDPR. The same applies to processing operations necessary for the performance of pre-contractual measures, for example in the case of requests concerning our products or services. If our company is subjected to a legal obligation requiring the processing of personal data, such as the respect of fiscal obligations, the treatment is based on point (c) of Article 6(1) of the GDPR. In rare cases, the processing of personal data may be necessary to safeguard the vital interests of the data subject or of another individual. This would be the case, for example, if a visitor on our premises was injured and his name, age, health insurance information or other vital information was passed on to a doctor, hospital or a third party. In such case, the processing is based on point (d) of Article 6(1) of the GDPR. Finally, processing operations could be based on point (f) of Article 6(1) of the GDPR. Processing operations not covered by any of the above legal grounds, where the processing is necessary for the legitimate interests of our company or a third party unless the interests or the fundamental rights and freedoms of the data subject prevail, are based on this legal foundation. Such treatments are notably allowed because they have been specifically mentioned by the European legislature. In that regard, it is considered that a legitimate interest could be allowed where the person concerned was a client of the controller (considering phrase 2 of paragraph 47 of the GDPR).

Article 14 - Legitimate interests pursued by the controller or by a third party

If the processing of personal data is based on point (f) of Article 6(1) of the GDPR, our legitimate interest is to conduct our business in a manner that encourages the well-being of all our employees and shareholders.

Article 15 - Legal or contractual provisions for the provision of personal data; Necessity for conclusion of the contract; Obligation of the data subject to provide personal data; Potential consequences in case of absence of this data

Here we explain to you that providing personal data is required in part by law (eg fiscal regulations) or may be the result of contractual provisions (such as data of a party to a contract). At times it may be necessary to conclude a contract when a data subject provides us with personal data, which we will subsequently be obliged to process. For example, the data subject is required to provide us with personal data when our company enters into a contract with him or her. The absence of personal data would make it impossible to conclude the contract with the data subject. Before providing personal data, the data subject should contact one of our employees. If there exists an obligation to provide personal data, our employee will inform data subjects on a case-by-case basis whether the provision of personal data is prescribed legally or contractually, or necessary for the conclusion of a contract, and the consequences that would result from the absence of these data.

Article 16 - Existence of automated decision-making

Certain data that we collect is processed automatically and on the basis of the prior consent of the data subject or the performance of a contract previously concluded.

Article 17 - Litigation and conflict resolution

Any dispute to which the privacy policy may give rise, in particular regarding its validity, its interpretation and execution, their consequences and their aftermath, shall be submitted to the competent courts of Port Louis, Republic of Mauritius.

Article 18 - Modification

We would like to inform you that this privacy policy may be modified or amended at any time by CABSIS Consulting Ltd, in particular to comply with any legislative, regulatory, jurisprudential or technological developments. Any changes to our privacy policy will be published on the website and, if applicable, communicated by e-mail.

Article 19 - Governing Law and Language

The Privacy Policy is governed by Mauritian law and written in French. Only the French text will prevail in case of dispute, if they are translated into several languages. The nullity of a clause does not entail the nullity of the privacy policy. The temporary or permanent non-application of one or more clauses by CABSIS Consulting Ltd may not constitute a waiver by it of the other clauses herein, which continue to have effect.