PRIVACY NOTICE
IBL Ltd, trading as BrandActiv (thereafter "BrandActiv", "we", "us", "our", “the Company”), respects your privacy, and is committed to protecting the privacy, confidentiality and security of the personal data you provide us when you use our mobile application Mo’KaBa (“Mo’KaBa”, “application”) or when you otherwise interact with us.
Please read this privacy notice carefully as it contains important information on how BrandActiv, as a registered data controller under IBL Ltd, treat the personal data that you provide us.
If you do not agree with these terms and you choose not to provide your personal data, this will impact on our ability to enroll you with Mo’KaBa application and services. This Notice forms part of our Terms and Conditions and such shall be governed by and construed in accordance with the relevant laws.
1. Who are we?
BrandActiv which forms part of IBL Ltd (a public company incorporated in Mauritius and listed on the stock exchange of Mauritius) is specialized in the commercialization of a wide variety of fast-moving consumer goods in Mauritius, Madagascar and Seychelles. Our commercial activity is split into three business categories, namely Food & Beverage, Frozen & Chilled and Personal & Home Care.
Our registered office is situated at IBL House, Caudan Waterfront, Port Louis, Mauritius and our principal place of business is situated at IBL Complex No 2, Riche Terre, Mauritius.
2. Our Services
BrandActiv provides the mobile application Mo’KaBa (as defined in the Terms & Conditions) through its software application installed on your smartphone.
When you register to Mo’KaBa and use the Services, you will earn points/ discounts off products and services on selected products. When using Mo’KaBA, you also give us the opportunity to learn more about your purchase preferences and habits and provide you with personalised information and/or promotions.
By accepting the Terms and Conditions and Privacy Notice of Mo’KaBa, you also consent to the processing of your personal data as described in Our Services, section 2.
2. Which personal data we collect?
Personal data, or personal information, means any information about a living individual from which, that individual can be directly or indirectly identified.
When you interact with us, we may process different types of personal data about you such as:
|
Type of personal data: |
Details: |
|
your name, surname and nickname; |
Mandatory upon registration |
|
your national identity card number; |
Mandatory upon registration |
|
your residential address; |
Optional |
|
your contact details (phone, email addresses); |
Mandatory upon registration |
|
your photos and videos; |
optional |
|
your shops preferences; |
Mandatory upon registration |
|
your food preferences ; |
Mandatory upon registration |
|
your preferences for personal and home care; |
Mandatory upon registration |
|
Your Allergens factor |
Mandatory upon registration |
|
any other personal data necessary to fulfil your special requests; and |
Optional |
3. How and why we use your personal data?
We use your personal data in the course of our business activities and interaction with you for the following purposes:
· To render our Services as defined in Terms and Conditions;
· To carry out our obligations arising from any contracts entered into between you and us pursuant to the Services;
· To notify you about changes to our Services;
· To inform you about any Services downtime, new features or promotions;
· Offer you the opportunity to take part in competitions or promotions;
· Collect data about the device you are using for the application, so as to ensure that the application presents the best experience for you;
· Evaluate the use of the application, products and services;
· For monitoring and auditing application usage;
· fulfilling our legitimate commercial interests;
· Suggest products or services (including those of relevant third parties) which we think may be of interest to you;
· To conduct market or customer satisfaction research or for statistical analysis;
· To confirm and verify your identity or to verify that you are an authorized customer for security purposes;
· To promote our activities and services on our communication platforms including Facebook, Instagram, LinkedIn, any printed documents or reports;
· To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
· To analyze your purchase habits and provide you with relevant information or promotions
· We may also use your personal data to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law.
· complying with any legal or regulatory obligations imposed on us;
· performing an internal and/or police investigation regarding a suspected fraud or other offence which may been committed;
5. Direct Marketing
When you choose to receive our marketing communications (including newsletters, promotional and special offers), we ask that you provide us with your email address and consent to receive notifications. The provision of this information is purely voluntary, and you may opt out of receiving our marketing communications and notifications at any time by unsubscribing to these communications or opting out on your Mo’KaBa application directly.
6. To whom do we disclose personal data?
Your personal data may be shared as follows:
· between and among subsidiaries and affiliates of the IBL Group as may be relevant for specific purposes set out in section 3 above and to facilitate our business activities or relationship, but we shall only do so on a strictly need to know basis;
· with our employees for purposes of fulfilling our business activities, organizing events and lottery games, treating job applications or conducting internal analysis with a view to improving our company and services;
· with our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors or third-party service providers for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
· trusted third parties who help us operate our mobile application or fulfill our contractual obligations or conduct our business, as long as such parties agree to keep this information confidential;
· We believe it is necessary to share information with law enforcement bodies/agencies in order to investigate, prevent or take actions regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms and conditions, or when required by law.
We will ensure that your personal data is kept safely. Only designated persons will have access to your personal data on a strictly need-to-know basis for the purposes of fulfilling our agreement, treating job applications or promoting our business relationship with you. In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.
Some disclosures do not require your consent. This happens when we share your personal data with (i) law enforcement bodies/agencies and other statutory authorities, if required by law and (ii) if required or authorized by law or if we suspect any unlawful activities on your part.
Where we have collected your personal data on behalf of another party, the use of your personal data by that party is governed by their privacy policy for which we are not responsible. We may also disclose aggregate or de-identified/anonymized/encrypted data that is not personally identifiable with third parties, including our commercial and strategic partners.
7. Overseas transfers of your personal data
In some cases, we may need to transfer your personal data with organizations located in countries outside our territorial limits in order to provide our services to you. We will take appropriate safeguards in order to secure the personal data being transferred.
Please note that personal data collected through our application is transferred to servers based in Ireland.
8. How long do we keep your information?
Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. In order to protect data from accidental or malicious destruction, when we delete data from our servers we may not immediately delete residual copies from our servers or remove data from our backup systems.
All Registration Data (as defined in Terms & Conditions) collected will be deleted 1 year after termination of your registration or 1 year after the account has been classified inactive Data (as defined in Terms & Conditions) will be anonymized and kept for statistical purposes and to preserve the integrity of the data base.
9. Processing of personal data must be justified
We will only process your personal data where we are satisfied that we have an appropriate legal basis to do so, such as (i) for the performance of a contract between us; (ii) where you have provided us with your express consent to process your personal data for a specific purpose; (iii) our use of your personal data is necessary to fulfill our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities; (iv) our use of your personal data is in our legitimate interest as a commercial organization.
10. Security of personal data
BrandActiv has in place reasonable physical, technical and organizational measures to prevent unauthorized or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential. These measures are subject to ongoing review and monitoring.
We cannot guarantee that our application will function without disruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.
11. Children and Minors
Our application is not accessible to minors, since there will be online games that we could organize from time to time, which is only for people above 18 years old.
12. Links to other websites
Our application may contain links to other websites, apps, content, services or resources on the internet which are operated by subsidiaries and affiliates of IBL or third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these other websites.
13. Access to your personal data
You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Data Protection Officer and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
14. Correction of your personal data
You have the right to ask us to update, correct or delete your personal data. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of.
15. Withdrawal of consent and request for deletion of personal data
You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to fulfil our contractual obligations to you if you entirely withdraw your consent or ask us to delete your personal data entirely. To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).
Whenever reasonably possible and required, we will strive to grant these rights within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee (as mentioned above regarding access).
There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about how we handle your personal data, or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer at the address set out under section 19 below.
16. Amendments to this Privacy Notice
We may amend this privacy notice from time to time. Any amendment will be posted on Mo’KaBa application so that you are always informed of the way we collect and use your personal data. Any changes to this privacy notice will become effective upon posting of the revised privacy notice on the application. Use of our application following such changes constitutes your acceptance of the revised privacy notice then in effect but, to the extent such changes have a material effect on your rights or obligations as regards our handling of your personal data, such changes will only apply to personal data after the changes are applied.
17. Miscellaneous
This privacy notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This privacy notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this privacy notice, the English version shall prevail.
18. How to contact us?
We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this notice. If you have any questions about this notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below:
The Data Protection Officer
IBL LTD
IBL House, Caudan Waterfront
Port Louis, Mauritius
DPofficer@iblgroup.com
203 2000
19. Complaints
If you believe we have not handled your personal data or attended to your request in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.
Version dated 24 June 2021