GED AFRICA – PRIVACY NOTICE

1. PRIVACY NOTICE
1.1 At GED Africa Ltd (“GED Africa”, “we”, “us” or “our”) we prioritize the privacy of our visitors. This Privacy Notice (the “Privacy Notice”) summarises what personal data GED Africa collects and how it uses, stores, discloses or otherwise processes personal data of individuals who visit the website of GED Africa located at https://gedafrica.com/ or who contacts us or interacts with us for information and/or such services. The individuals contacting/interacting with us and those who visit GED Africa’s website are referred to as the “data subjects”, “you” or “your”.
1.2 This Privacy Notice is provided in compliance with the Data Protection Act 2017 (“DPA”) as implemented by the Republic of Mauritius (“Mauritius”) and should be read in conjunction with our Data Protection Policy.
1.3 Please read this Privacy Notice and our Data Protection Policy carefully before using GED Africa’s website or services. By accessing our website, you represent that you have the requisite legal capacity and indicate your agreement to be bound to all terms, conditions and notices contained or referenced in this Privacy Notice.
1.4 The interpretation and enforcement of this Privacy Notice shall be governed and construed in accordance with the laws of Mauritius.

2. THE INFORMATION WE COLLECT
2.1 For purposes of the DPA, GED Africa constitutes a data “controller”.
2.2 We will collect personal data on the GED Africa website only:
2.2.1 if it is directly provided to us by you the user, e.g. your email address, name, home or work address and telephone number, and therefore has been provided by you with your consent; or
2.2.2 as part of our analytical and statistical tools that monitor details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (but this data will not identify you personally).

3. HOW WE USE YOUR INFORMATION
3.1 We may hold and process personal data provided by you to us in accordance with the provisions of the DPA and our Data Protection Policy.
3.2 The information that we collect and store relating to you is primarily used to enable us to provide our services to you. In addition, we may use the information for the following purposes:
3.2.1 to notify you about any changes to our website, such as improvements or service/product changes, that may affect our service;
3.2.2 where you have consented to receive our e-newsletters, from time to time to provide that to you;
3.2.3 to enable the fulfilment of services, consider your project, perform background and due diligence checks, respond to your requests and deliver the services which you have required from us; and
3.2.4 to comply with legal and other requirements, such as record-keeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public authorities, responding to legal process such as subpoenas, sharing information with government authorities, law enforcement and private parties where we have a good faith belief that it is necessary.

4. DISCLOSURE OF YOUR INFORMATION
4.1 We may appoint sub-contractor data processors as required to operate the website and/or deliver services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers IT support service providers, and document and information service providers, who will process personal data on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
4.2 Further, we may appoint external data controllers where necessary to deliver any requisite services. When doing do, we will comply with our legal and regulatory obligations in relation to the personal data including, but without limitation, putting appropriate safeguards in place.
4.3 We may also share personal data with a variety of the following categories of third parties as necessary:
4.3.1 government and/or regulatory authorities;
4.3.2 third party service providers to assist us with client insight analytics; and/or
4.3.3 any third party that we are ordered to disclose personal data to by a court of competent jurisdiction in Mauritius or abroad.
4.4 In certain instances, GED Africa may be called upon to disclose and transfer personal data to certain jurisdictions which do not afford or guarantee that appropriate safeguards are in place to protect such personal data. In that regard, by providing us with your consent to such disclosure and transfer, you understand and expressly agree that there may be risks involved in such disclosure and transfer being made.

5. RECEIPT AND TRANSFER OF PERSONAL DATA
5.1 GED Africa is headquartered in Mauritius but has subsidiary companies, namely Groupe Européen de Développment Congo SARLU (“GED Congo”) and GED Projects Africa Zambia Limited (“GED Zambia”), which companies are located in the Democratic Republic of the Congo and the Republic of Zambia respectively.
5.2 Notwithstanding the above, the GED Africa website is hosted in the Republic of South Africa (“South Africa”). When you submit your personal data to us, we will receive the data and process same in South Africa whereafter it will be transferred for further processing to Mauritius or any other jurisdiction as may be required to provide you with your mandated services.
5.3 We understand and are fully committed to the protection of your privacy and personal information and recognise the importance of ensuring that the processing of your personal information is done responsibly, within the ambit of the applicable law and our ethical duties to you as a company. To the extent that any of your personal data is processed in South Africa it will be done in accordance with the provisions of the relevant South African legislation being the Protection of Personal Information Act, 4 of 2013.
5.4 When your personal data is transferred outside of South Africa or Mauritius, the GED Africa will ensure that the following rules apply:
5.4.1 the recipient must maintain a data protection level, at least equivalent to GED Africa’s Data Protection Policy;
5.4.2 if the data is transmitted by a third party to GED Africa, the data must be used for the intended purpose; and
5.4.3 if the data is transferred from GED Africa to another company within the GED Group, the company to which the data is transferred is obligated to cooperate with any inquiries made by the relevant supervisory authority in the country in which the company receiving the data has its registered office, and to comply with any observations made by the supervisory authority with regard to the processing of the transmitted data. The same applies to a data transmission by a company in the GED Group from other countries.
5.5 GED Africa will provide any aggrieved user, who claims that his or her rights to privacy have been violated by any company in the GED Group with reasonable support in establishing the facts of the matter and to assert his/her rights against the company that has exported the data.

6. RETENTION OF PERSONAL DATA AND DATA SECURITY
6.1 The retention periods for personal data collected under this Privacy Notice are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which we collected the information, as set out in this Privacy Notice, and any other permissible, related purposes. Unless instructed otherwise or required by applicable law, we will retain personal data you have supplied to us for the purposes specified in this Privacy Notice.
6.2 We are committed to keeping personal data secure and we have implemented and maintain appropriate technical, administrative, physical, and procedural security measures including appropriate information security policies and rules consistent with local and international information practices designed to protect the personal data that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. Please note that no transmission over the internet is completely secure or error-free, and that the information security policies, rules and technical measures utilized and maintained by us may be subject to compromise.
6.3 All of our partners, employees, consultants, workers and data processors (i.e., those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.

7. CHILDREN’S INFORMATION
GED Africa endeavours to protect children using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. GED Africa’s website does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will to promptly attempt to remove such information from our records.

8. COOKIES AND WEB BEACONS
8.1 Like any other website, GED Africa’s website uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
8.2 Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on GED Africa’s website, which are sent directly to users’ browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.
8.3 Note that GED Africa’s website has no access to or control over the cookies that are used by third-party advertisers.

9. THIRD PARTY PRIVACY POLICIES
GED Africa’s website Privacy Notice does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers’ respective websites.

10. USER RIGHTS
10.1 Should you believe that any personal data we hold relating to you is incorrect or incomplete, you may request to see this information, rectify it or have it deleted.
10.2 If you have any questions, concerns, complaints or inquiries regarding our Privacy Notice or Data Protection, please contact us at kimberley@gedafrica.com. We are committed to addressing any issues promptly and ensuring transparency in our data protection practices.
10.3 In the event that you are unhappy with the manner in which your complaint (if any) has been handled, and/or you feel that your personal data has not been handled appropriately according to the law, you may contact the Data Protection Officer at lana.sowanyuen@axis.mu and file a complaint in accordance with the process outlined in our Data Protection Policy.

11. CHANGES TO THIS PRIVACY NOTICE
We may make changes to this Privacy Notice and our Data Protection Policy from time to time, to reflect changes in our practices. We may also make changes as required to comply with changes in applicable law or regulatory requirements. Where we materially change this Privacy Notice, we will take steps to notify you (such as by posting a notice on the GED Africa’s website), and where required by applicable law to obtain your consent.