JULY 2021



  1. Introduction

At Aptis Group, we are committed to protecting and respecting your data and privacy rights. We have a Group Privacy Policy in place describing how personal information is collected and handled to meet the organisation’s data protection standards and comply with the law.


  1. Controller

Our companies are registered with the Data Protection Office as Controller, which means that they determine the purposes and means of the processing of personal data and have decision making power with respect to the processing.


Aptis Services Company Ltd – BRN C19162742

Aptis Property Company Ltd – BRN C19162801

TNS Tobacco Company Ltd – BRN C09085660


Registered office: Aptis House, INOVA Riche Terre Business Park, Riche Terre, Mauritius

Phone number: [230] 249 2409


For Resiglas and RACSO, please refer to their websites.


  1. Data Collection

    i) What data do we collect from data subject?

Personal data collected includes (but is not limited to): your name, postal address, telephone number, email address, ID number, bank account number (for individual suppliers and employees).

          ii) Why are we collecting your data?

We must have a valid lawful basis in order to process your personal data. We process your data either on the basis of your consent, for the performance of a contract, for compliance to a legal obligation or for the purpose of a legitimate interest.


  1. How do we process your data?

We collect your data either face to face, by phone, by email or through our website and process your data on our information systems. All personal data are processed in our offices.


Your personal data shall not be retained for a period longer than necessary for the purposes highlighted above. Your personal data shall be retained for at least a period of 7 years after the completion of a transaction, in line with regulatory requirements in Mauritius.


  1. Data Disclosure

All information provided to us is strictly confidential and are not disclosed to any person or party whatsoever unless we are legally required to do so to a regulatory body or a court of jurisdiction in Mauritius.


In certain circumstances, the Data Protection Act 2017 allows personal data to be shared among public sector agencies without the consent of the data subject. For compliance to a legal obligation or performance of a contract, we provide your personal data to:

  • Regulatory bodies
  • Services providers (including auditors)
  • Our employees (for the provision of services)
  • Other third Parties upon your request or consent


  1. Data Security

We are committed to ensuring that your information is adequately secured with us and with the third parties to whom the data is disclosed.


We have implemented appropriate security measures to prevent your personal data from being lost, misused, accessed, or disclosed in an unauthorised manner.

We have the appropriate confidentiality clauses in employees and service providers’ contracts and our employees are trained on data protection and information security.


The computers storing the information are kept in a secure environment with restricted physical access. We use secure firewalls and other measures to restrict electronic access. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data.


  1. What are your rights? (Data Subjects’ rights)

As per the Data Protection Act 2017, all individuals who are the subject of personal data held by the controller are entitled to

  • request access to their personal data.
  • request rectification or erasure of their personal data.
  • request restriction of processing of their personal data.
  • object to the processing of their personal data.
  • request withdrawal of consent.

You have the right to access your data, to obtain a copy of your data, to request their erasure or rectification and the right not to be subject to a purely automated decision without having your views taken into consideration. You also have the right to object to the processing, withdraw your consent and lodge a complaint with the Data Protection Office, should you consider that this data processing is in violation of the law.


You have the right to lodge a complaint with the Data Protection Commissioner at the address below:


Data Protection Office

5th Floor, SICOM Tower, Wall Street, Ebene

You may contact our Independent Data Protection Officer with your requests. We must answer your request within one month, but if your request is too complex or we receive too many other requests we will inform you that this period may be extended by a further two months.


Data Protection Officer

Name: Aurelie Sevene (SmarTree Consulting Ltd)

Address: Digital House, Arsenal Road, Calebasses, Mauritius

Email address: [email protected]

Phone number: [230] 52527501


  1. Links to another website

Our website may contain links to other websites of interest. However, once you use such links to leave the site, we do not have any control over that other website. Therefore, Aptis Group cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.


  1. Use of cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our website www.aptis.mu, we may collect information from you automatically through cookies.


We use cookies in a range of ways to improve your experience on our website. Our website uses the following types of cookies:


  • Necessary
  • Functionality
  • Advertising
  • Tracking and performance


You can set your browser not to accept cookies and the website tells you how to remove cookies from your browser.


  1. Compliance with Data Protection Act 2017

All processing of personal data will be done in compliance with the Data Protection Act 2017.


  1. Conclusion

We update our privacy notice as and when required to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 2017. This notice was last updated in July 2021.