Privacy Policy

You may object to our processing of your personal data for direct marketing purposes. You may do so by not ticking certain opt-in boxes on the forms we use to collect your personal data, or by utilising the unsubscribe link such as in e-mails we send to you, or by having your personal data removed from our database at any time by contacting us on our contact details which can be found at the end of this document.

If you no longer wish to receive our latest news or marketing information, let us know by contacting us or click on the "Unsubscribe" link at the bottom of our email sent to you and you will be redirected to a confirmation page that confirms you have been unsubscribed. Upon confirmation, you will be removed from our contact list for direct marketing purposes. It may happen that you are still interested in receiving latest news or marketing information in respect of specific brands within the Group and their Associated Companies. If this is the case, you may also have the option to customise your choice to receive latest news and marketing information from specific (and not all) entities within the Group and their Associated Companies, by contacting us through our Data Protection Officer.

Note that we will retain minimum personal data (for example, personal data provided to us as a result of previous service experience) as a record that you unsubscribed and to avoid contacting you again.

This part explains to you how we handle and process your personal data (including location data) when such data is captured through our CCTV surveillance system and/or through our security measures on our premises.

To ensure the safety and security of individuals, property and assets, we may implement one or more of the following security measures on our premises which involve the processing of personal data:

• Each visitor filling in and signing our log book (including name, contact details, time-in and time-out);
• Visitor identification/Issue and presentation of a visitor’s pass;
• Access control systems through the use of: swipe card access, biometric data ID validation (such as fingerprint and/or facial recognition), Pin-Code access for restricted zones.

Such processing shall be in accordance with Applicable Laws. Personal data captured through our security measures may, where necessary, be shared with other property owners and/or tenants of premises that are the subject of those security measures.

We have installed CCTV cameras and other security devices which are located at strategic points on our premises including but not limited to,  at the entrances, receptions, the gates and parking to the site within which our premises are found, in common areas and in certain production areas. Signs will inform employees and visitors that CCTV cameras are in operation, the purpose for such processing and who to contact for further information. If you require any information, please contact us through our Data Protection Officer.

To enhance security, other biometric devices such as fingerprint and facial recognition devices may be used and will be located at the entrance to the premises and/or secured locations on the premises. We will only process such data with your  consent, except where otherwise permitted or required by Applicable Laws.

When sharing your personal data, whether this involves transferring your personal data outside Mauritius, we ensure this is done in accordance with the Applicable Laws.

Kindly note that when we transfer data abroad, some countries may not have the same degree of protection under their laws, however we impose contractual obligations on the recipients of the data to ensure a similar degree of security and protection is afforded to it. For further details, please contact us through our Data Protection Officer.

We maintain organisational, physical and technical security measures: (i) to prevent your personal data from unauthorised access, alteration, disclosure, accidental loss, and destruction, and (ii) based on the nature of the personal data, to protect your personal data from the harm that may result in unauthorised access, alteration, disclosure, destruction of the data and its accidental loss.

In particular, our preventive and protective measures may include, but is not limited to: (i) the Pseudonymisation and encryption of personal data; and (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

Unfortunately, despite our best efforts, the transmission of data via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the absolute security of your personal data transmitted over the internet. Any transmission is undertaken at your own risk.

We require all our service providers to implement and maintain  appropriate security measures in place to treat your personal data securely, in compliance with Applicable laws.

Where we have provided you with or you have chosen a password enabling you to access a personalised area on our website, you are solely responsible for keeping this password confidential and preventing unauthorised access. We strongly advise you not to share it with anyone.

We limit access to your personal data to our and our Associated Companies’ employees, agents, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We also maintain robust procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you have any concerns regarding the security of your personal data, please contact our Data Protection Officer.
 

Unless otherwise stated by the Applicable Laws, you have the right to:

Request access to your personal data. This enables you to receive a copy of the personal data we hold about you, free of charge unless the request is manifestly excessive, and to check that we are lawfully processing it.

Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. We may ask you for an identification number such as your national identity card number or your passport number.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the Applicable Laws. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a  legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for  direct marketing or profiling for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds which override your rights and freedoms or other lawful grounds (not requiring your consent, for example statutory requirements) to process your information.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the personal data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it and request restriction of its use instead; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.

Refuse to be subject to a decision based solely on automated processing including profiling, which produces legal effects concerning you or significantly affects you. We shall not process your personal data in such a way as to subject you to a decision that is based solely on automated processing unless the decision: (i) is necessary for us to enter into or perform a contract with you; (ii) is authorised by a law to which we are subject and which lays down suitable measures to safeguard your rights, freedoms and legitimate interests; or (iii) is based on your explicit  consent. Some psychometric assessments, namely in job recruitment processes, involve automated processing and profiling, but our screening and decision-making in respect of a job candidate will not be based solely on that psychometric assessment.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out by us before you withdraw your consent. If for example, you provide your consent to publish your photograph or image in an article on our website or publicly available mediums, and subsequently withdraw your consent, it is likely that we will have a compelling legitimate interest to continue processing your photograph or image that is already being used or published prior to you withdrawing your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Lodge a complaint at any time with the Data Protection Commissioner of Mauritius (the “Commissioner”) whose office is at Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Mauritius, by emailing any complaint to dpo@govmu.org. Where the GDPR is applicable, you have the right to lodge a complaint with the regulatory authority of the country of your residence, work place or where the data breach has occurred.

If you wish to exercise any of the rights set out above, please fill in the form here and send it to our Data Protection Officer on dataprotectionofficer@ergroup.mu.

We try to respond to all legitimate requests within one (1) month. However, it may take us longer than one (1) month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated on the progress of your request.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can lodge a complaint with the Commissioner by writing to dpo@govmu.org. 

We would appreciate the chance to deal with your concerns before you approach the Commissioner or any other regulatory authority, so please contact us in the first instance and we will do our best to resolve the matter promptly.

All websites designed and managed by the Company and/or the Group may feature links to other sites operated by third parties websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for the privacy practices or the content of such websites.

While every precaution has been taken, we cannot ensure that a third party will not unlawfully access private details and we strongly advise you to take all necessary precautions and suggest that you do not permit others to access your personal data including sharing your access credentials. When you leave our website, we encourage you to read the privacy notice of every website you visit to understand how your data may be collected, used and protected.
 

A cookie is a piece of data stored on the user's computer tied to information about the user. Usage of a cookie alone is in no way linked to any personally identifiable information while on our website.

We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the user's hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file instructions.

These are the types of cookies collected:
Category 1 - Strictly Necessary Cookies: These cookies are essential in order to enable you to move around our website and use its features, such as accessing secure areas of our website.

Category 2 - Performance Cookies: These cookies collect information about how visitors use our website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how our website works.

Category 3 - Functionality Cookies: These cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise.

Category 4 - Targeting Cookies or Marketing Cookies: These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of our advertising campaigns.

Please click on the following link to have access to our Cookie Policy. 
 

This Privacy Notice may change from time to time.

We will not make changes that will materially reduce your rights under this Privacy Notice without notifying you, and we expect such changes to be minor. Regardless, we will communicate in our company or post on our website any changes to this Privacy Notice and, if the changes are significant, we will provide a more prominent notice (including, for certain services, publication in our company or email notification of Privacy Notice changes).

We encourage you to periodically review this Privacy Notice to stay informed about how we process and protect your personal data.

For any questions or concerns about changes to this Privacy Notice, please contact our Data Protection Officer.

REVISION HISTORY
Authorised changes made to this document have been summarised in the revision history as shown:

Version 1.0

Date published: 22 July 2025

COPYRIGHT NOTICE AND DISCLAIMER
All contents featured on our website (including but not limited to photos, design, codes, texts, logos and trademarks) are the sole and exclusive property of the Group. Any reproduction, distribution, modification or use of these materials – whether in digital, printed or on any other type of support, is strictly prohibited without the prior written consent of the Company. Should you have any query, please do not hesitate to contact us through our website.

ALL PICTURES, VIDEOS AND PLANS ARE PROVIDED FOR ON THIS WEBSITE ARE FOR ILLUSTRATIVE AND INFORMATIONAL PURPOSES ONLY AND THEY DO NOT CONSTITUTE ANYCONTRACTUAL COMMITMENT.
 

Associated Company means any company related to, or associate of, NewENLRogers Limited and related shall be construed in accordance with the Companies Act 2001 while associate shall mean those companies disclosed as associates in the audited financial statements of NewENLRogers Limited;

Applicable Laws means for the purpose of this Privacy Notice, the Data Protection Act 2017 of Mauritius, and any regulations that may come thereunder, the GDPR and any other applicable laws;

Biometric data means any personal data relating to the physical, physiological or behavioural characteristics of an individual which allow his unique identification, including facial images or dactyloscopic data;

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to;

Consent means any freely given specific, informed and unambiguous indication of the wishes of a data subject, either by a statement or a clear affirmative action, by which he signifies his agreement to personal data relating to him being processed;

Controller means a person who or public body which, alone or jointly with others, determines the purposes and means of the processing of personal data and has decision making power with respect to the processing;

Direct marketing means the communication of any advertising or marketing material which is directed to any particular individual;

Group means NewENLRogers Limited and its Associated Companies;

Encryption means the process of transforming data into coded form;

GDPR means the European Union General Data Protection Regulation 2016/679, which came into force in 25 May 2018;

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interest. We do not use your personal data for activities where the impact the processing has on you overrides our interests (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interest against any potential impact on you in respect of specific activities by contacting us;

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;

Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data);

Processing means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Processor means a person who, or public body which processes personal data on behalf of the controller;

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information and the additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual;

Third party means a person or public body other than a data subject, a controller, a processor or a person who, under the direct authority of a controller or processor, who or which is authorised to process personal data;

Traffic data means any data relating to a communication by means of a computer system and generated by the system that form part in the chain of communication, indicating the communication’s origin, destination, route, time, date, size, duration, or type of underlying service.

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

The contact details of the Data Protection Officer of the Group are as follows: