Terms & Conditions of Access

1. Introduction

This policy is grounded on H2H EVENTS LTD’s compliance with its legal obligations with the Data Protection Act 2017 (“DPA”). H2H EVENTS LTD or the “Company” is an independent entity that collects personal data of its customers, clients, and the general public to deliver the ranges of services that it offers.
H2H EVENTS LTD is an independent entity and acts as a Data Controller when processing these personal data. This policy applies to personal data relating to identifiable individuals as defined by the DPA.
All terms used in this policy are as referenced from the DPA. This policy covers key provisions of the DPA. This does not exclude the need for compliance to other Articles of the legislation not specifically mentioned.
All annexes of this policy constitute an integral part of this policy.

2. Purpose of Policy

H2H EVENTS LTD is committed to the promotion of the rights of all data subjects who have shared their personal data with the Company. This policy helps H2H EVENTS LTD to achieve the following purpose: (i) protection of data subjects’ rights; clear communication of the Company’s stand on the DPA; (iii) compliance with the DPA; and (iv) ensure best practices with regards to data protection.

3. Policy statement

Through this policy, the Company, commits:

  1. a) to process the personal data in respect with the accountability principles of lawfulness, fairness, transparency, purpose
    limitation, data minimisation, data accuracy, storage limitation and data confidentiality and integrity;
    b) take all necessary, proportionate and legal measures to ensure that all personal data is kept safe.
    c) protect the fundamental rights of the data subject;
    d) ensure transparency when using personal data;
    e) Provide training and support for all staff who handle personal data;
    f) ensure data security;
    g) Ensuring accuracy of data; and
    h) provide individuals control over their personal data.

4. H2H EVENTS LTD Commitment as Data Controller

As Data Controller, H2H EVENTS LTD will adhere to:
a) the six principles of processing of personal data as covered in Article 21 of the DPA by implementing controls which evaluate
compliance with these principles.
b) at least one of the six conditions under Article 23 of the DPA for lawful processing when collecting personal data by
implementing controls which evaluate the extent to which these lawfulness requirements are respected.
c) the conditions for consent under Article 24 of the DPA in all areas where consent is required for the processing of personal data
d) The conditions for consent under Article 30 of the DPA for the processing of personal data of minors by obtaining the consent of
the Parent of Guardian of a child before processing persona data.
e) The conditions for processing of special categories of data under Articles 29 and 34 of the DPA where applicable by
implementing controls which evaluate the extent to which special categories of personal data processing is expected.

5. Rights of Data Subjects

a) Transparent information, communication and modalities for exercising data subject rights. H2H EVENTS LTD will ensure that its privacy notice, will be clear and easily accessible to data subjects, in accordance with Article 37 of the DPA by implementing controls which ensure compliance with Articles 37, 38 and 39 of the DPA in support of data subject rights, including the use of fair processing procedures.
b) Information to be provided where personal data are collected from data subject. H2H EVENTS LTD will ensure that data subjects will be informed of the purpose of processing via privacy notice which will be available at the time data is collected, in alignment with Article 37 of the DPA.
c) Right of access. H2H EVENTS LTD will ensure that the right of access by the data subject will be respected in accordance with Article 37 of the DPA where applicable. The company shall, upon written request of a data subject, provide, at reasonable intervals, without excessive delay and free of charge confirmation as to whether the personal data relating to the data subject is being processed and forward a copy per request. The company may request further information to confirm the identity of the person making the request.
d) Right to rectification. H2H EVENTS LTD will ensure that the right to rectification by the data subject will be respected in accordance with Article 39 of the DPA. Upon request from the data subject, all personal data shall be rectified without undue delay. This policy commitment will be supported by procedural measures to facilitate the submission of data subject requests for rectification, including monitoring that those requests are responded to within the limits allowed.
e) Right to erasure. H2H EVENTS LTD will ensure that the right to erasure of personal data will be respected in accordance with Article 39 of the DPA. The company shall balance the need to respect data subject requests with the need to retain records for legitimate purposes. Upon request from the data subject and depending on the purposes of the data processing, the company will erase the personal data of the data subject without undue delay.
f) Right to restriction of processing. H2H EVENTS LTD will ensure that the right to restriction of processing will be respected in terms of the valid reasons which are covered under Article 39 of the DPA. This policy commitment will be supported by procedural measures to facilitate the restriction of processing, including monitoring that those requests are responded to within the limits allowed.

g) Right to object. H2H EVENTS LTD will support the right to object to processing of personal which will be subject to the purposes for which the data is processed in accordance with Article 39 of the DPA.

6. Data Controller Responsibilities

a) Responsibility of the Controller. H2H EVENTS LTD will fulfil all of its responsibilities as outlined in Article 22, including implementing policies such as this document and related policies. The company will ensure that those acting under its authority, including employees and Processors will receive clear instructions on the processing of personal data. The company may make use of Data Transfer Agreements where personal data is transferred to a processor, stipulating the terms and conditions to be adhered to during processing.
b) Records of processing activities. H2H EVENTS LTD will ensure that an appropriate record of processing activities is kept and made available to relevant authorities as required under Article 33 of the DPA.
c) Cooperation with the Data Protection Authority. H2H EVENTS LTD will co-operate at all times with the relevant Authorities as required. The company shall be registered as a Data Controller as required under Article 14 of the DPA and shall oblige to the requests of the Mauritius Data Protection Commissioner.
d) Security of Processing. H2H EVENTS LTD will implement appropriate organisational and technical measures to ensure a level of security appropriate to the risk of processing of personal data in line with Article 31 of the DPA. These measures will also prevent the unauthorised access to, alteration, disclosure, accidental loss and destruction of personal data.
e) Notification of a Personal Data Breach to the Data Protection Authority. H2H EVENTS LTD will ensure that there are organisational measures to support notification of a personal data breach to the data protection office in accordance with Article 25 of the DPA. The data breach process and procedures will be adequately documented and communicated.
f) Notification of a Personal Data Breach to a Data Subject. H2H EVENTS will notify a data subject of a data breach within 72 hours after becoming aware of the breach in accordance with Article 29 of the DPA. The company will ensure that there are organisational measures to support notification of a personal data breach to the data subject. The data breach process and procedures will be adequately documented and communicated.
g) Data Protection Impact Assessment. H2H EVENTS LTD will conduct a Data Protection Impact Assessment (DPIA) where the processing of personal data is likely to result in a high risk to the rights and freedoms of natural persons, in accordance with Article 34 of the DPA.
h) Prior Consultation. H2H EVENTS LTD will consult the Data Protection Commissioner prior to processing where a DPIA under Article 35 indicates that the processing would result in a high risk in the absence of measures taken by the company to mitigate the risk.

7. Transfers of Personal Data to Outside Mauritius

H2H EVENTS LTD do not transfer personal data outside the territory of Mauritius. However, in the event that there is a cross border data transfer, the Company will ensure that the general principle for transfers is respected by implementing appropriate measures in accordance with Article 36 of the DPA. The company will incorporate appropriate contractual measures, including the use of standard data protection clauses to uphold the data subject’s rights in accordance with Article 36 of the DPA.

8. CONTACT H2H EVENTS LTD

CONTACT OF THE COMPANY FOR DATA PROTECTION QUERIES
contact@h2hevents.com
+230 5252 2280
Royal Road, l’Amitié, Rivière du Rempart

Address

© Copyright H2H Events Ltd. All rights reserved. The text, images, graphics, sound files, animation files, video files, and their arrangement on this website are all subject to copyright and other intellectual property protection. These objects may not be copied for commercial use or distribution, nor may these objects be modified or reposted to other sites. This website may contain images whose copyrights are attributable to third parties.

© 2024 All Rights Reserved.