Data Privacy | wiiv Rewards

Data Privacy

IBL LTD

PRIVACY NOTICE FOR wiiv REWARDS PROGRAMME

1. Introduction

IBL Ltd (BRN: C07001778) (“IBL”, “we”, “us”) is committed to protecting your privacy and to ensure that your personal data is collected and processed lawfully. As a result, we would like to inform you regarding the way we would use and process your personal data when you become a member of IBL Loyalty program (“wiiv rewards programme”, “the Programme”) as defined in the Terms and Conditions. 

We recommend that you read this Privacy Notice (hereafter the “Notice”) so that you understand our approach towards the use of your personal data. Should your personal data being processed other than for the purposes of the wiiv rewards programme, you will be required to give your consent to such processing.

If you do not agree with these terms, you choose not to provide your personal data and this will impact on our ability to enroll you with the wiiv rewards programme. This Notice forms part of our Terms and Conditions and such shall be governed by and construed in accordance with the relevant laws. 

This Notice has been designed in compliance with the provisions of the Mauritius Data Protection Act 2017 (hereafter the “MDPA”). 

2. Our Services 

IBL provides the wiiv rewards programme (as defined in the Terms & Conditions) through its website https://www.wiivrewards.com Website”) and the software application installed on your smartphone (“[wiiv] App”).
When you register to the wiiv reward programme and use the wiiv Card, you will Earn points/ discounts off products and services at selected Partners. When using wiiv card, you also give us the opportunity to learn more about your purchase habits and provide you with personalised information and/or promotions. The more you Earn points, the more we can treat you.
By accepting the Terms and Conditions and Privacy Notice of the wiiv rewards programme, you also consent to the processing of your personal data as described in Our Services, section 2.

3. Collection of Personal data 

We collect and process your personal data mainly upon registration to provide you with access to our Services, to support our contractual relationship with you and while using your wiiv card as part of the Programme. In certain instances, we may process your personal data for certain other purposes as detailed below and for this, your consent shall be sought beforehand.

We collect personal information of members of the Programme while they use their wiiv card at the Partners’ outlets, via an external registration loyalty cloud platform & administration system. 

The types of personal data that are collected and processed include:

Types of personal data:

Details:

Name, surname and title

Mandatory upon registration

Date of birth

Mandatory upon registration

Email address

Mandatory upon registration

Mobile number

Mandatory upon registration

National Identity Card number or Residential Permit number

Mandatory upon registration

City

Mandatory upon registration

Number of children

Optional

Member purchasing preference

Optional

Purchase details (products, prices and outlets)

Mandatory upon use of wiiv card

Membership number

Mandatory upon registration and delivery of wiiv card

Points balances

Mandatory upon use of wiiv card

4. Cookies policy

Our website uses cookies.

a) What is a cookie?

Cookies are small data files that your browser places on your computer or device.  Cookies help your browser navigate a website and the cookies themselves cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

b) Why do we use cookies?

We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer. The types of cookies we use are the following:

Session cookies – to allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new page you visit.

Technical cookies – These cookies are required for the proper functioning and operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, to manage your bookings etc.

Functional cookies - Used to recognise you when you return to our website. This enables us to remember your preferences, such as language or region, which remain as your default settings when you revisit the website.

c) How are third party cookies used?

For some of the functions within our websites we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third party websites for data regarding their use of cookies. For further details on the third party cookies that we use, please read our page on cookie types.

d) How do I reject and delete cookies?

We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.

You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For data on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our websites but some of the functions may not work correctly.

5. How we use your data

We will use your personal data only for the purposes for which it was collected or agreed with you, for instance:

  • To render our Services as defined in Terms and Conditions;
  • To carry out our obligations arising from any contracts entered into between you and us pursuant to the Services;
  • To notify you about changes to our Services;
  • To respond to your queries or comments;
  • To allow IBL Companies, partners of the Programme, to contact you in relation with service rendered; To assist to your queries when you call the Call Center of the wiiv Programme;
  • To inform you about any Services downtime, new features or promotions; 
  • Offer you the opportunity to take part in competitions or promotions;
  • Collect data about the device you are using to view the site, such as your IP address or the type of Internet browser or operating system you are using, and link this to your personal data so as to ensure that the site presents the best web experience for you;
  • Evaluate the use of the site, products and services;
  • For audit and record keeping purposes;
  • For market research purposes;
  • For monitoring and auditing site usage;
  • Help speed up your future activities and experience on the site. For example, a site can recognise that you have provided your Personal data and will not request the same data a second time;
  • In connection with legal proceedings;
  • Make the site easier to use and to better tailor the site and our products to your interests and needs;
  • Personalise your website experience, as well as to evaluate (anonymously and in the aggregate) statistics on website activity, such as what time you visited it, whether you’ve visited it before and what site referred you to it; 
  • Suggest products or services (including those of relevant third parties) which we think may be of interest to you;
  • To assist with business development of the Partners of the Loyalty Programme;
  • To conduct market or customer satisfaction research or for statistical analysis 
  • To confirm and verify your identity or to verify that you are an authorised customer for security purposes;
  • To contact you regarding products and services which may be of interest to you, provided you have given us consent to do so or you have previously requested a product or service from us and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws.
  • To analyse your purchase habits and provide you with relevant information or promotions

We may also use your personal data to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law.

If you have consented to receiving marketing communications from us, you have the possibility to opt out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the data and means necessary to opt out.

6. Retention of your personal data

Where we collect personal data for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we have to keep it for legitimate business or legal reasons.  In order to protect data from accidental or malicious destruction, when we delete data from our servers we may not immediately delete residual copies from our servers or remove data from our backup systems.

All Member Registration Data (as defined in Terms & Conditions) collected will be deleted 1 year after termination of your membership or 1 year after the account has been classified inactive All Transactional Data (as defined in Terms & Conditions) will be anonymised and kept for statistical purposes and to preserve the integrity of the data base. 

7. Disclosure of personal data 

We may disclose your personal data to our business partners who are involved in the delivery of our Services such as Loyalty Program service providers, the Partners defined in the Terms and Conditions, data analyst service providers, our Partners’ Customer services, our call center service provider, outsourced promoters. We also share your personal data with all companies of IBL Group in order to regularly update your member’s status (as an employee of IBL Group if applicable) and allow you to benefit from relevant reduction assigned to your status

We will ensure that your personal data is kept safely. Only designated persons will have access to your personal data on a strictly need-to-know basis for the purposes of fulfilling our agreement or promoting our business relationship with you. In addition, third parties with whom we share your personal data will be contractually obliged to safeguard all personal data to which they have access.

Some disclosures do not require your consent. This happens when we share your personal data with (i) law enforcement bodies/agencies and other statutory authorities, if required by law and (ii) if required or authorized by law or if we suspect any unlawful activities on your part.

Where we have collected your personal data on behalf of another party, the use of your personal data by that party is governed by their privacy policy for which we are not responsible. We may also disclose aggregate or de-identified/anonymized/encrypted data that is not personally identifiable with third parties, including our commercial and strategic partners

8. Transfer of personal data abroad

In some cases, we may need to transfer your personal data with organisations located in countries outside our territorial limits in order to provide our Services to you. We will take appropriate safeguards in order to secure the personal data being transferred.

When personal data is transferred outside of Mauritius, contractual arrangements are entered into to ensure that your personal data is protected in line with the MDPA (as may be updated).

Information that we collect will be stored and processed via the registration & administration platform of loyalty cloud which is situated in Germany.

Personal information that you publish on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

You expressly agree to the transfers of personal information described in this section 3.

9. Processing of personal data must be justified

We will only process your personal data where we are satisfied that we have an appropriate legal basis to do so, such as (i) for the performance of a contract between us; (ii) where you have provided us with your express consent to process your personal data for a specific purpose; (iii) our use of your personal data is necessary to fulfill our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities; (iv) our use of your personal data is in our legitimate interest as a commercial organisation.

10. Security of personal data

IBL has in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential.  These measures are subject to ongoing review and monitoring. 

We cannot guarantee that our website will function without disruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

11. Children and Minors 

We do not knowingly collect personal data from minors. If you are a minor, you may only use our website and services with the permission of your parent or guardian.

12. Links to other websites 

Our website may contain links to other websites, apps, content, services or resources on the internet which are operated by subsidiaries and affiliates of IBL or third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal information to these other websites.

13. Access to your personal data 

You have the right to request a copy of the personal data we hold about you. To do this, simply contact our Data Protection Officer (whose contact details are specified at Clause 18) and specify what data you would like. We will take all reasonable steps to confirm your identity before providing details of your personal data. 

You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

14. Correction of your personal data 

You have the right to ask us to update, correct or delete your personal data. We will take all reasonable steps to confirm your identity before making changes to personal data we may hold about you. We would appreciate it if you would take the necessary steps to keep your personal data accurate and up-to-date by notifying us of any changes we need to be aware of. You can notify us either in writing or verbally by calling one of our representative and going through the identification process.

15. Withdrawal of consent and request for deletion or personal data

You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to fulfil our contractual obligations to you if you entirely withdraw your consent or ask us to delete your personal data entirely. To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will strive to grant these rights within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee (as mentioned above regarding access).

There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about how we handle your personal data or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer at the address set out under section 18 below.

16. Changes to this notice 

We reserve the right to amend this Notice from time to time to reflect changing legal requirements or our processing practices. 

This version is dated 15th May 2019. 

17. Miscellaneous 

This Notice is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This Notice is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Notice, the English version shall prevail.

18. How to contact us 

We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this Notice. If you have any questions about this Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below: 

Data Protection Officer
IBL Ltd
IBL House, Caudan Waterfront, Port Louis
dpofficer@iblgroup.com
203 2000

19. Complaints

If you believe we have not handled your request in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (DPC) (The Data Protection Office, 5th floor, SICOM Tower, Wall Street Ebène, Mauritius). However, we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.

An IBL Group Company © 2019 . All rights reserved.