The purpose of this Privacy Policy is to inform you of the manner in which the Roman Catholic Diocèse of Port Louis (“we”/ “us”) collect, process, and share your personal data when you visit the Coup De Pouce À Mon Église website at https://coupdepouceamoneglise.mu/ (« our Website ») or when you make a donation
on our Website (the “Transaction”).

By using our Website, you consent to the Processing of your Personal Data as described in this Privacy Policy.

Unless otherwise provided for, terms and expressions used with capitalised initials shall have in this Privacy Policy: (a) the meanings ascribed to them in this Privacy Policy or (b) when they are not defined herein, the one ascribed to them in the Terms and Conditions of Service – Coup De Pouce À Mon Église.

We respect your privacy and are committed to protecting your Personal Data, as defined in the data protection laws in force in Mauritius, that is the Data Protection Act, 2017 (the “Act”), as amended from time to time. This Privacy Policy also conforms to the provisions of the General Data Protection Regulation
(“GDPR”) to the extent that Act is aligned to the GDPR.

2.1. Personal Data: Any information relating to an identified or identifiable natural person.

2.2. Processing: Any operation or set of operations which is performed on Personal Data or on sets of Personal Data.

2.3. Data subject: A natural person whose Personal Data is being Processed.

We only collect the information that we actually need. We collect and process your Personal Data mainly for the Transaction performed on our Website. When you visit our Website, we automatically collect some information about your device, including information about your web browser, your IP address, your time
zone and some cookies that are installed on your device. This information is automatically collected and is referred to as the “Device Information”.

We collect Device Information using the following technologies:

Cookies are data files that are placed on your device or computer and often include an anonymous unique
identifier.

Log files track actions occurring on our Website, and collect data including your IP address, browser type, internet service provider, referring/exit pages, and date/time stamps.

In addition, when you make or attempt to make a Transaction through our Website, we collect some information about you, including your name, billing address, payment information (including your credit/debit card number, Juice details and internet banking details) your e-mail address and your phone numbers. This
information collected is referred to as “Order Information”.

When we use the term “Personal Data” in this Privacy Policy, we are referring to both the Device Information and the Order Information.

We will only use your Personal Data when the law allows us to: (i) on contractual necessity, (ii) on legitimate grounds that may override your data protection interests/rights, and/or (iii) with your Consent.

We use the Order Information that we collect generally to process the Transaction effected on Website (including processing your payment information and providing you with invoices and/or order confirmations).

Additionally, we use this Order Information to:

• Communicate with you;
• Screen our orders for potential risk or fraud;
• When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services;
• Where we need to perform the contract we are about to enter into or have entered into with you;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
• Where we need to comply with a legal obligation.

We use the Device Information (especially your IP address) that we collect to evaluate potential fraud or risksand, more generally, to improve and optimise our Website (for example, by generating analyses on how ourusers navigate and interact with our Website, and to evaluate the success of our advertising and marketing campaigns).

We do not share your Personal Data with any third parties other than our partners for marketing purposes, but should this be the case, we will get your express opt-in consent before we proceed.

We may require to share your Personal Data to external third parties such as: (i) our employees (ii) our professional advisors who may include our accountants, auditors, lawyers, insurers and bankers, (iii) our preferred service providers (such as IT systems suppliers and support), and (iv) any public or enforcement authority in Mauritius or elsewhere, or in case of a court, administrative or governmental order to do so.

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In particular, our preventive and protective measures include:

i.    the pseudonymisation and encryption of Personal Data; and
ii.   the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services through our disaster recovery management procedure.

In addition, we limit access to your Personal Data to those persons who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The security of your Personal Data is important to us. However, it is important to note that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

7.1. You have the right to:

7.1.1. Request access to your Personal Data. This enables you to receive a copy of
the Personal Data we hold on you and to check that we are lawfully processing it.

7.1.2. Request correction of the Personal Data that we hold on you. This enables
you to have any incomplete or inaccurate data we hold on you corrected.

7.1.3. Request erasure of your Personal Data. This enables you to ask us to delete
or remove, where there is no good reason for us continuing to process your
Personal Data. You also have the right to request us to delete or remove your
Personal Data where you have successfully exercised your right to object to
processing (see below), where we may have processed your information
unlawfully or where we are required to erase your Personal Data to comply with
local laws. However, please note that we may not always be able to comply with
your request of erasure for specific legal reasons which will be notified to you, if
applicable, at the time of your request.

7.1.4. Object to processing of your Personal Data where we are relying on a
legitimate interest and there is something about your particular situation which
makes you want to object to processing on this ground as you feel it impacts on
your fundamental rights and freedoms. You also have the right to object where
we are processing your Personal Data for direct marketing purposes. In some
cases, we may demonstrate that we have compelling legitimate grounds to
process your information which override your rights and freedoms.

7.1.5. Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following
scenarios:

•  If you want us to establish the data’s accuracy.
• Where our use of the data is unlawful but you do not want us to erase it.
• Where you need us to hold the data even if we no longer require it as you
  need it to establish, exercise or defend legal claims.
• You have objected to our use of your data but we need to verify whether
  we have overriding legitimate grounds to use it.

7.1.6. Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Data. This right
only applies to automated information which you initially provided consent for us
to use or where we used the information to perform a contract with you.

7.1.7. Withdraw consent at any time where we are relying on consent to process
your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. We will try to respond to all legitimate requests within one (1) month. Occasionally, it could take us longer than one (1) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

7.1.8. Lodge a complaint at any time with the Data Protection Commissioner of

Mauritius (“DPC”).

7.2. If you wish to exercise any of the rights set out above or need any clarification thereon, please contact us. We would appreciate the chance to deal with any of your concerns before you approach the Data Protection Commission, so please contact us in the first instance. We will try to respond to all legitimate requests within 1 (one) month. It may take us longer than 1 (one) month if the request is particularly complex or if you made

When you proceed with a Transaction on our Website, we keep the information regarding the Transaction for our records, unless and until you ask us to delete it.

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve these purposes through other means, and the applicable legal, regulatory, tax, accounting or reporting
requirements.

We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there is a prospect of litigation in respect to our relationship with you.

Where you have consented to receive updates and similar materials from us, any Personal Data held by us for that purpose will be kept by us until such time that you notify us otherwise.

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit and application you use.

We use cookies and/or similar technologies to analyse customer behaviour, administer our Website, track users’s movements around our Website, and to collect relevant information about users to assist with current or future transactions. This is done to personalise and enhance your experience of using our Website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly.

Our Website does not target anyone under the age of 18 (“Children”) with our services. We do not intend to collect or knowingly collect Personal Data from Children.

If you are located outside Mauritius and choose to provide your Personal Data to us, please note that we will protect your Personal Data in accordance with the applicable laws in Mauritius.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We do not transfer your personal data outside Mauritius.

If you have any questions about our Privacy Policy, including any requests to exercise your legal rights, please contact our Data Protection Officer, Mme Christiane Tadebois, on the following:

Phone: 208 3068
Email: coupdepouce@diocesepl.mu
Address: Rue Mgr Gonin, Port-Louis

This Privacy Policy shall be construed, interpreted and applied in accordance with, and shall be governed by the laws applicable in the Republic of Mauritius.

The formation, interpretation and performance of the present Privacy Policy shall be governed by the laws of Mauritius. Any disputes, controversy or claim arising out of or relating to these Privacy Policy, or the breach, or invalidity thereof shall be resolved by an appropriate court of law in Mauritius. The Parties hereto expressly agree to the jurisdiction and venue of such courts in Mauritius.

We reserve the right to update this Privacy Policy from time to time.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on our Website.