fbpx

Privacy Policy

1. Introduction

2. Who we are

3. Personal data we may collect about you

4. Cookies

5. How we use your personal data

6. Disclosure of personal data

7. International transfers

8. Personal data security

9. Your data protection rights

10. Changes to this privacy notice

11. Contact details

ANNEX A: CATEGORIES OF PERSONAL DATA PROCESSED AND RECORDS RETENTION SCHEDULE

ANNEX B: PURPOSE & LEGAL BASIS OF PROCESSING

 

1. Introduction

1.1        This website is owned by Les Gaz Industriels Ltd (hereafter “LGI”, “we”, “us”, and “our”) and is operated and maintained by OXO Agency.

1.2        This notice applies where we are acting as a data controller with respect to the personal data of our website visitors, customer, suppliers, shareholders, directors, physical site visitors and potential job candidates that we process.

1.3         We are committed to protecting your personal data. As a result, we would like to inform you regarding the way we would use your personal data, as is required by the European Union General Data Protection Regulation (hereafter the “GDPR”) where applicable and the Data Protection Act 2017 (hereafter the “DPA”).
We recommend you read this Privacy Notice so that you understand our approach towards the use of your personal data.

1.4         Our Privacy Notice sets out the types of personal data we collect, how we collect and process that data, who we may share this information with and the rights you have in this respect.

1.5         By using our website, you acknowledge that you have read and understood the terms of this Privacy Notice.

2. Who we are

2.1        Les Gaz Industriels Limited (LGI), founded in 1952 in Mauritius, manufactures, sells, and distributes medical and industrial gases in bulk and cylinders, as well as welding products.

2.2        We are registered in Mauritius under registration number 2128306.

2.3        Our principal place of business is at Bell Village, Pailles Road, GRNW

2.4        LGI is registered with the Data Protection Office and appears on the Data Protection Office Register as a controller of personal data and this registration is valid for a period of 3 years. The Registration Number of LGI is C44.

2.5         Our principal place of business is at Bell Village, Pailles Road, GRNW.

3. Personal data we may collect about you

3.1        Personal data is any data from which you can be identified, and which relates to you. It includes (but is not limited to) your name, email address, date of birth, national identification number, bank details, CV, qualifications and sensitive personal data.

3.2        The type of data we collect will depend on the purpose for which it is collected and used. We will only collect data that we need for that purpose.

3.3        We may collect your personal data in the following ways:

(a)        When you give it to us directly for e.g., for using our products and services, you participate in our marketing campaigns, correspond with us and provide us with your information via email, via the Contact Us form on our website or via WhatsApp, you act as or in the representation of LGI’s corporate shareholder and/or director, when you apply for a job at LGI or you visit our premises.

(b)        When we obtain it indirectly such as through social media platforms and when information is shared with us by third parties. In the latter case, the third party must confirm that you have consented to the disclosure of your personal data to us.

(c)        When it is publicly available. For example, on your website or other online sources (i.e., information relating to your contact details).
(d) When you browse and/or interact on our website.

3.4        The types of personal data that we may collect and process are detailed in Annex A.

4. Cookies

We use cookies on our website. Insofar as those cookies are not strictly necessary for the proper functioning of our website and for the provision of our services, we will ask you to consent to our use of cookies when you first visit our website.
Please refer to our Cookie Policy,which covers in detail the aspects of cookie usage and the purposes for which we use cookies.

5. How we use your personal data

5.1        LGI will only use your personal data for the purposes for which it was collected or agreed with you. We will not use your personal data for any automated individual decision-making which will have a significant impact on you.

5.2        We have set out below the legal basis of processing for each purpose. All purposes of processing and their legal basis are detailed in Annex B.

5.3        In addition to any specific purposes for which we may process your personal data, we may also process any of your personal data where such processing is necessary for compliance with legal and regulatory requirements which apply to us, or when it is otherwise allowed by law, or when it is in connection with legal proceedings.

6. Disclosure of personal data

6.1        We may need to share your personal data with third parties which assist us in fulfilling our responsibilities regarding our business relationship with you and for the purposes listed above. LGI may disclose your personal data to the following third parties:

a)        We may also make certain personal data available to third-party service providers and agents who provide services to us (such as our cloud service providers and, marketing companies). When we share with these third parties, we do so on a need-to-know basis and under clear contractual terms and instructions for the processing of your personal data. These include:

• Microsoft for Microsoft Office apps, cloud storage, email and communications;
• Oxo Agency as our Marketing service providers; and
• Sage, which provides us with our accounting software necessary for conducting our financial reporting.

b)        We may also be required to disclose your personal data to other third parties such as lawyers, bankers, consultants, insurers, auditors as well as public and government authorities for purposes mentioned in Section 5 or where:

• We have a duty or a right to disclose in terms of law or for national security and/or law enforcement purposes;
• We believe it is necessary to protect our rights;
• We need to protect the rights, property, or personal safety of any member of the public or a customer of our company or the interests of our company; or
• You have given your consent.

6.2        We require our service providers and other third parties to keep your personal data confidential and that they only use the personal data in furtherance of the specific purpose for which it was disclosed We intend to have written agreements in place with our processors to ensure that they comply with these privacy terms.

7. International transfers

7.1        We may transfer personal data outside Mauritius as may be necessary for the purposes mentioned above. LGI uses the services of a cross-border recipients, Microsoft Azure, to store our back up data and archives. Microsoft is an EU GDPR complaint company and has all the appropriate security measures in place to protect your personal data.

7.2        If you would like further details on the transfer of your personal data outside Mauritius, please contact our Data Protection Officer by referring to Section 11.

8. Personal data security

8.1        We are legally obliged to provide adequate protection for the personal data we hold. We have put in place appropriate security measures to prevent your personal data from being subject to any accidental or unlawful destruction, loss, alteration, and any unauthorised disclosure or access.

8.2        We have also put in place procedures to deal with any suspected data security breach and will notify you and the Data Protection Office of a suspected breach where we are legally required to do so.

8.3        We will, on an ongoing basis, continue to review our security controls and related processes to ensure that your personal data is secure.

8.4        Our security policies and procedures cover:

• Access to personal data
• Encryption
• Computer and network security
• Backup of data
• Incident management
• Use and misuse of IT assets
• Physical security
• Protection of physical records

8.5        When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that the personal data that we remain responsible for is kept secure.

8.6        We will ensure that anyone to whom we pass your personal data agrees to treat your data with the same level of protection as we are obliged to.

9. Your data protection rights

Under the GDPR and the DPA, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

9.1        Your right of access to your personal data
You have the right to request a copy of the personal data we hold about you. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

9.2        Your right to rectification of your personal data
You have the right to ask us to update or correct your personal data if you think it is inaccurate or incomplete. We will take all reasonable steps to confirm your identity before making changes to the personal data we may hold about you.

9.3        Your right to erasure of your personal data

You have the right to ask us to delete your personal data in certain circumstances:

• When we no longer need your personal data;
• If you initially consented to the use of your personal data, but have now withdrawn your consent;
• If you have objected to us using your personal data, and your interests outweigh ours;
• If we have collected or used your personal data unlawfully; and
• If we have a legal obligation to erase your data.
Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons. Upon the determined expiry date, we will securely destroy your personal data. Retention periods are indicated in Annex A.

9.4        Your right to restriction of processing

Subject to exceptions, you have the right to ask us to limit how we use your data. If necessary, you may also stop us from deleting your data.

9.5        Your right to object to processing

Subject to exceptions provided under GDPR and DPA, you also have the right to object to us processing your personal data for example for direct marketing purposes.

9.6         Your right to data portability

The right to data portability allows you to ask for transfer of your personal data from one organisation to another, or to you. The right only applies if we are processing information based on your consent or performance of a contract with you, and the processing is automated.

9.7        Your right to withdraw consent

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
To obtain more information on your rights under the DPA and GDPR and/or to exercise the privacy rights available to you, please contact our Data Protection Officer (refer to Section 11).

10. Changes to this privacy notice

We may update this notice from time to time to reflect best practices in data management, security and control and to ensure compliance with any changes or amendments made to the DPA and any laws or regulations thereof. The latest version will be available of this Privacy Notice on our website.

11. Contact details

11.1        The primary point of contact for questions relating to this privacy notice, including any requests to exercise your legal rights, is our Data Protection Officer who can be contacted:

(a) by post, to Pailles Road, GRNW, Mauritius ;

(b) by telephone, on 2128306

(c) by email, at [email protected]

11.2        If you believe we have not handled your request in an appropriate manner, you have the right to complain to the Data Protection Office.

 

ANNEX A: CATEGORIES OF PERSONAL DATA PROCESSED AND RECORDS RETENTION SCHEDULE

 

As a general rule, the maximum retention period is [7] years.

The table below sets the different types of personal data being processed by LGI and their retention period:

 

1. Customer

Categories of Personal DataTypes of Personal DataRetention Period
Contact detailsFirst name, surname, home/ business address, email address, office phone number, cell phone number.7 years
Individual detailsDate of birth, death certificate (case to case basis)7 years
Identification detailsIdentification numbers issued by government bodies or agencies such as your identity card number, utility bills.7 years
Financial informationBank details.7 years
Others

Doctor’s prescription

Signature

7 years

 

2. Supplier

Categories of Personal DataDetailsRetention Period
Contact details First name, surname, physical address, email address, office phone and cell phone, fax number.7 years
Identification details Identification numbers issued by government bodies or agencies such as your identity card number, BRN, VAT, certificate of incorporation.7 years
Financial information Bank details, Tax details7 years

 

3. Website User

Categories of Personal DataDetailsRetention Period
Contact details First name, surname, email address7 years
IT InformationCookiesRefer to our Cookie Policy for periods of retention of our cookies
OtherComplaints, enquiries, and other correspondence with you3 years

 

4. Shareholder/Director

Categories of Personal DataDetailsRetention Period
Shareholder/Directors Records/ Shareholder/Directors related information

Occupation or profession, CV and employment history, nature of ownership or control and related financial information (share purchases, dividend entitlements and payments, shareholder options), date on which you became a beneficial owner, or you ceased to be a beneficial owner of LGI.

Votes, exercise conditions, shareholder agreement, electronic signature

A copy of information processed for organising annual and special meetings (and reported in minutes)

Information required to fill in KYC forms, credit history, source of funds/wealth, and information received from anti-fraud databases (where applicable)

7 years after directorship and/or termination of shareholder contract
OtherComplaints, enquiries, and other correspondence with you3 years

 

5. Physical site visitors

Categories of Personal DataTypes of Personal DataRetention Period
Physical security information

In case you visit our office premises:

CCTV footage, visitors’ logbook, vehicle registration number

1 month
OthersComplaints, enquiries, and other correspondence with you3 years

 

6. Job Candidate

Categories of Personal DataTypes of Personal DataRetention Period
Contact details First name, surname, email address, telephone number1 year
Individual detailsSex (male/female), age, marital status1 year
Educational and professional backgroundCV/ resumé, academic and professional qualifications, employment history.1 year
National identification detailsIdentity card number, driving license number1 year
Financial informationInformation about your current level of remuneration, including benefit entitlements and salary expectations1 year
Special categories of personal data/Personal data on vulnerable persons

Certificate of character containing information about criminal convictions/ allegations and offences (only for vetting purposes, where permissible and in accordance with applicable law)

Data concerning your health.

Data concerning your race and ethnic origins.

 

1 year

OtherInformation you choose to share with us such as your hobbies and social preferences.

 

1 year

 

ANNEX B: PURPOSE & LEGAL BASIS OF PROCESSING

The table below sets out the legal basis for processing for each purpose.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. To have more information on the purpose and legal basis for processing your personal data, you may contact our Data Protection Officer (refer to section 11 above).

Purpose of processing                      Legal basis                     

For the purposes of offering, supplying and selling relevant goods and/or services to you, sale and pre-sale purposes as well as for portfolio follow-up

 

·      Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

·      Legitimate interests, namely the proper administration of services.

For payment and billing purposesPerformance of a contract between you and us and/or taking steps, at your request, to enter into such a contract
To make statutory returns with the MRAFor compliance with a legal obligation to which we are subject to
For the purposes of record-keepingFor compliance with a legal obligation to which we are subject to, such as internal/external audit and retention periods
For the purposes of communications with customersLegitimate interests, namely for the proper management of our customer relationships
For the purposes of marketing goods and/or services which may be of interest to you (including third party suppliers of goods and services identified on our website)Consent
For the purposes of subscribing to our email notifications or newsletters and offering you the opportunity to take part in competitions or promotions Consent

For the purposes of conduct market or customer satisfaction research, for statistical analysis, or for analysing the effectiveness of our advertisements, competitions and promotions.

For analysing the use of our website and services

 

Legitimate interests, namely the proper administration of our website and business

 

For the purposes of ensuring the security of our website and services and maintaining back-ups of our databasesLegitimate interests, namely the proper administration of our website and business
To process Data Subject Access RequestsFor compliance with a legal obligation to which we are subject to, that is, to verify the identity of a data subject who makes a subject rights request
For the purposes of replying to any requests, complaints, comment or enquiries you submit to us regarding our services and notifying you about changes to our service

·      Performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract

·      Legitimate interests namely for proper administration of our business and communication with users.

Processing CCTV footage captured on our premises.Legitimate interests of ensuring physical security and proper conduct on our premises.

To manage your shareholder interest in LGI and our relationship with you, including:

–       for screening and due-diligence obligations,

–       to allow you to exercise your rights and powers as per your functions,

–       to make dividend payments,

–       to communicate with you, and

to produce and maintain shareholder records, reports, and other statements.

·      Performance of a contract between the shareholder and us

·      For compliance with a legal obligation to which we are subject to, for instance under the Companies Act 2001

·      Legitimate interests of LGI to conduct its business effectively.

 

As required for the recruitment process at LGI:

·   for communicating with you,

·   to analyse your qualifications and references,

·   to conduct candidate screening and assess candidate credibility

·   to set out your job conditions,

·   to know whether there are previous criminal convictions recorded against you,

·   to assess whether you are medically fit for duty, and

·   to cater for special accommodations in case you provide us with additional data about your health condition

 

·   Consent for collecting past employment references and for performing psychometric test.

·   The processing is necessary to fulfil a contract or to take steps at your request, before entering into a contract, namely your contract of employment.

·   For our legitimate interests, namely for the proper administration of our business and to ensure appropriate job candidates are being recruited.

·   The processing is necessary for the assessment of the working capacity of an employee.

 

Contacting you for future job opportunitiesConsent

TECHNICAL SHEETS

Click on the links below to download the Technical Sheets

TECHNICAL SHEETS

Click on the links below to download the Technical Sheets

TECHNICAL SHEETS

Click on the links below to download the Technical Sheets