Notifications:
04/12/25
Intelligence Artificielle : Promotion et Gouvernance — Une publication stratégique du Directors Forum du MIoD et PwC Mauritius
19/11/25
Le MIoD lance le programme accrédité « Climate Governance Pathway » et formalise un partenariat avec le Gouvernement du Royaume-Uni (FCDO) pour une mise en œuvre efficace et mesurable
06/11/25
Deuxième édition de la MIoD Expert Series : Repenser la culture organisationnelle à l’ère de la Génération Z
09/10/25
Le MIoD et KPMG lancent l’Audit Committee Forum Position Paper 12 : Placer l’éthique au cœur de la gestion des données
Linkedin Facebook Youtube Twitter

Data Privacy Policy

1. Introduction

At the Mauritius Institute of Directors, we are committed to protecting and respecting your data protection and privacy rights. We respect and value the privacy of all of our service users and only collect and use personal data in ways described herein. All personal data gathered will be processed in accordance with our obligations, the provisions of the Data Protection Act 2017 and all other application Data Protection regulations.

This Privacy Policy describes how the Institution processes your personal data and how in doing so, we comply with our legal obligations.

2. Who are we?

The Mauritius Institute of Directors is a privately-owned institution which provides a professional forum for directors and improving corporate governance practices in Mauritius. The Mauritius Institute of Directors is registered with the Data Protection Commissioner as Controller and is situated at 6th Floor, Building A5, Hyvec Business Park, 15 Wall Street – Ebène 72201, Mauritius.

The business registration number of the Institution is C08077130.

3. Queries and complaints

If you have any questions about this Privacy Policy and our privacy practices, including any requests to exercise your legal rights, please contact our Data Protection Officer by email or telephone on 4681015. The Company’s address is at 6th Floor, Building A5, Hyvec Business Park, 15 Wall Street – Ebène 72201, Mauritius.

You have the right to make a complaint relating to the processing of your personal data at any time to the Data Protection Commissioner, the supervisory authority for data protection issues. You also have the option of lodging a complaint with us concerning the processing of your personal data. The complaint must be made in writing, addressed to our Data Protection Officer and sent by email.

4. What personal data do we collect for employees?

As an employee, you are required to provide personal data in order to enable us to perform our obligations and exercise our rights with regards to your employment. The personal data processed by the Institution (in paper and electronically) includes:

  • Your full name, date of birth, gender, address, phone number, and email address
  • National ID number
  • Payroll information and banking details
  • Emergency contact details (name, phone number, address)
  • Certificate of character (for certain position)
  • Date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, and training records
  • Letters of offer and acceptance of employment
  • References and interview notes
  • Information captured on security systems, including Closed Circuit Television (“CCTV”)
  • Biometric data for Time Attendance System

The disclosure of your personal data is necessary for the performance of the Institution and/or your obligations in relation to your employment.

If,you do not provide requested information, this could hinder your employment, as well as your and/or the company’s ability to meet its legal obligations and to perform its obligations under the employment contract. As such, failure or refusal to provide any information which may be required for the purposes of your employment may render your employment impossible and/or amount to a breach of the terms and conditions of your employment.

5. What personal data do we collect for membership applicants?

The Mauritius Institute of Directors processes personal data, relating to membership applicants as part of the onboarding process. This includes:

  • your name, residential address, residential phone number and business details, including company name, company postal address, email address and telephone number
  • National ID number
  • Job title
  • details of your qualifications, skills, experience and employment history

The supply of these information, is necessary to enable us to consider your application. A consent form, will be signed by you for all new applications.

Once your application has been approved, depending on the membership category, you may be listed on Directors register.

The Institution has a legitimate interest in processing personal data, during the onboarding process and for keeping records of the process. Processing data from applicants allows us to manage, assess and confirm a member’s suitability for onboarding.

Membership related personal data will be shared without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

6. What personal data do we collect for job applicants?

The Mauritius Institute of Directors processes personal data, relating to job applicants as part of our recruitment process. This includes:

  • your name, address and contact details, including email address and telephone number
  • details of your qualifications, skills, experience and employment history
  • information from interviews and phone-screenings you may have
  • information about your current level of remuneration, including benefit entitlements

The supply of these information is necessary to enable us to consider your application. A consent form will be signed by you for all new applications.

We may collect this information in a variety of ways. For example, data might be contained in application forms or CVs (including when these are sent to us as part of speculative applications or queries), obtained from your national ID or other identity documents, or collected through interviews or other methods of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties, only once a job offer has been made to you.

The institution has a legitimate interest in processing personal data, during the recruitment process and for keeping records of the process. Processing data from job applicants, allows us to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job.

With regards to personal data collected from unsuccessful job applicants, the data shall be deleted as soon as possible and not later than [30 days] from the date of notification of the rejection of the application.

8. How is the data being used?

The information about you, is processed in connection with the contract and/ or membership application including the following:

  • For the preparation and/or execution of the terms and conditions of contracts of employment
  • For the payment of the salaries and other monetary benefits
  • For contributions to the National Pensions Scheme;
  • For compliance with all the relevant statutory provisions and regulations
  • For sending correspondence by email and/or post or contacting you by telephone
  • Due to the nature of some positions, the organisation is obliged to seek information about criminal convictions and offences. Where the organisation seeks this information, it does so because it is necessary for it to carry out its obligations and exercise specific rights in relation to employment.
  • For disciplinary actions and investigations
  • For workforce management (including planning, recruitment, performance management, learning and development)
  • For onboarding process
  • Compliance with the Document Retention and Destruction Policy.

9. Purpose

We may process your personal information:

  • for the purposes described in this Privacy Policy; or
  • for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent, in respect of the processing or disclosure of your personal information.

We may use your personal information, without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.

10. How do you keep my data secure and confidential?

We are committed to ensuring that your information is adequately secure with us and with the third parties who act on our behalf. We have a number of security precautions in place, to prevent the unauthorised access, unlawful disclosure, loss, misuse, alteration or destruction of your information. All staff working for the Mauritius Institute of Directors have a legal duty to keep information about you confidential and all staff are trained in information security and confidentiality. The Institution has strict information security policies and procedures in place to ensure that your information (whether held in paper or electronic format) is at all times processed in a secure, lawful and fair manner.

11. To whom will the data be disclosed?

Employee related information will be shared internally, in the business area in which you work, if access to the data is necessary for performance of their roles and of their supervisory powers. Furthermore, we may in the performance of our obligations and duties as employer, share your personal data with external third parties, namely (i) banks (for disbursement of salaries), (ii) National Pension Fund (iii) service providers based in Mauritius acting as processors who provide IT and system administration services, accounting services, company secretarial services and other relevant services provided to the MIoD (iv) professional advisers based in Mauritius acting amongst others as insurers, lawyers and auditors (iii) the Mauritius Revenue Authority, regulators and other authorities who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data, for specified purposes and in accordance with our instructions. We limit access to your personal data to those employees, agents, contractors and other third parties who are authorised to process your personal data. They will only process your personal data,on our instructions and they are subject to a duty of confidentiality.

With respect to the institute’s service providers, a data processing agreement will be executed with those service providers. This would be in compliance to section 31(4)(b) of the Act and may be coupled with a confidentiality agreement.

12. For how long will your data be retained?

Your personal data, shall not be retained for a period longer than necessary for the purposes highlighted at clause 8 above.
Your personal data will not be kept once the purpose for keeping your personal data has lapsed. Once, this is the case, we will take all reasonable steps to destroy, or erase the personal data from our systems.

13. What are your legal rights?

You have the following rights under data protection laws in relation to your personal data. If you wish to exercise any of these rights, please contact our Data Protection Officer by email, phone, or by letter.

  • Request access to your personal data (commonly known as a “data subject access request”). This includes details of what information we hold about you and a copy of that information. The information will be provided free of charge and, unless there are grounds for extending the deadline, the information will be provided to you within one month of receipt of your request. If, we have reasonable doubts with regards, to the identity of the person making the request, we may require the provision of additional information to confirm the identity of the data subject.
  • Request rectification of your personal data. This enables you, to have any incomplete or inaccurate data we hold about you completed or corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you, to ask us to delete or remove personal data if:
    • the processing of your personal data is subject to your consent and you withdraw your consent;
    • you object to the processing of your personal data.
  • We reserve our right, to reject your request in circumstances, for instance, whereby there are other legal grounds for the processing of your personal data and/or there are overriding legitimate grounds for the processing of your personal data and/or, where it is necessary to keep your information for the purposes of establishing, making or defending legal claims.
  • Restriction of processing of your personal data. This enables you, to ask us to suspend the processing of your personal data in the following scenarios:
    • You contest the accuracy of personal data, in which case, the processing will be restricted for a period enabling us to verify the accuracy of the data.
    • Where the processing is unlawful but you do not want us to erase it.
    • Where you need us to hold the data ,even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If, you withdraw your consent, we may not, in view of your decision, be in a position to comply with our obligations and duties with regards, to your employment. We will advise you if this is the case at the time you withdraw your consent.

Request for disclosure and/or confirmation that your personal data is being processed,will normally be entertained free of charge. However, we may charge a reasonable fee, if your request is manifestly excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Any request in relation to your personal data, whether entertained favourably or unfavourably, will normally be entertained within one month, you will be informed accordingly in writing. The delay of one month, may be extended where necessary.

Please note that, upon a request being made, we will generally also ask for confirmation of your identity and may need further information from you in order to locate the information, in which case the time period starts from the date we have that detail.

Please note that, in some cases we may not be able to comply fully with your request, such as in circumstances wherein your request also involves the disclosure of personal data relating to someone else or where confidentiality needs to be maintained.

14. Revision to this policy

We may from time to time make changes to this Privacy Policy, to reflect changes in our legal or regulatory obligations or in the manner in which, we deal with your personal information. We will where appropriate, communicate any revised version of this Privacy Policy. Any changes to this Privacy Policy, will be effective from the time they are communicated, provided that any change that relates to the purpose of processing of your personal information will not apply to you, where your consent is required to such processing, until we have obtained your consent to such change.

  • 6th Floor, Building A5, Hyvec Business Park, 15 Wall Street, Ebène 72201, Mauritius
  • +230 468 1015
  • +230 468 1017
  • info @ miod.mu

Site Plan

Quick Links

Subscribe to our newsletter

Follow Us

Linkedin Facebook Youtube Twitter

© 2022. The Mauritius Institute of Directors. Business Reg. Number: C08077130. All Rights Reserved

Privacy Policy  |  Cookie Policy  |  Terms & Conditions