Ferney Privacy Policy

Privacy Statement

Ferney Ltd and its subsidiaries (hereinafter referred to as “Ferney”, “we”, “us”, “our”) are committed to protecting your privacy and personal data. This Privacy Notice outlines how we collect, use, disclose, and protect personal data in accordance with the Data Protection Act 2017 of Mauritius and other applicable laws.

    We ask that you read this privacy notice (the “Privacy Notice”) carefully as it contains important information on:

    • Who We Are
    • The Categories of Personal Data that We Collect
    • The Purpose & Lawful Basis for Collecting Your Personal Data
    • With Whom We Share Your Personal Data
    • The Period for which We Retain Your Personal Data
    • Our Commitment to Data Security
    • Your Rights relating to Your Personal Data being Processed by Us
    • Changes to this Privacy Notice
    • How to Contact Us

    By engaging with us, accessing our websites, using our services, or interacting with our staff, you agree to the terms of this Privacy Notice.

Who we are

Ferney Trail Limited is a private company incorporated in Mauritius and is part of the CIEL Group (CIEL Go Beyond).  Our registered office and principal place of business is situated at 5th Floor, Ebene Skies, Rue de L’institut, Ebene.

We are engaged in the following activities:

  • Organisation and management of running events in Mauritius

We act as the controller of your personal data as we determine the purposes and means of the processing of your personal data. We are registered with the Data Protection Office of Mauritius.

The Categories of Personal Data that We Collect

We may collect the following personal data from you in the course of our interactions:




Categories of personal data Examples
Identification data

• First name, Maiden name, Last name, Username or similar identifier

• Date of birth

• Gender

• Marital status

• Occupation

• Signature

• National Identity Card number, Passport number
Contact Information

• Email address, telephone numbers, fax numbers

• Business and home address
Financial and Transactional data

• Purchase and transaction history

• Payment details
Marketing data

• Preferences and interests

• Feedback and survey responses

• Photos/videos from corporate events (with consent)
AML/CFT data • Occupation, proof of address, ID verification documents (where applicable)
Security Videos where we operate CCTV surveillance systems
Special categories of personal data • Health and safety data of employees (e.g insurance and pension purposes) and customers / guests (for events organisation) – with consent.


Personal data of children

We do not knowingly collect personal data relating to a child under 16 years unless we have obtained the parent’s or guardian’s consent.

If you are a child under 16 years, please ensure you have received authorisation from your parent or legal guardian as we may request proof of that authorisation.

Third party information

If you share third party information to us, you confirm that you have obtained the necessary permission of such person to the reasonable use of their information in accordance to this Privacy Notice or as otherwise permitted for you to give us this information on their behalf.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting our Data Protection Officer (Please check How to Contact Us below).

The Purpose & Lawful Basis for Collecting Your Personal Data

(i) Purpose

We collect and process your personal data for the following main purposes:

  • To provide and manage our services;
  • To process bookings, payments, and customer service interactions;
  • To recruit, manage, and retain employees and contractors;
  • To comply with our legal obligations, including tax, health and safety, AML/CFT requirements
  • To ensure safety and security of our operations and premises (e.g. CCTV, emergency contact info)
  • To manage, protect and enhance our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • To manage supplier and partner relationships;
  • To improve our services through customer feedback and analytics;
  • To conduct marketing and promotional activities (with your consent)
  • To promote our corporate initiatives (events, cocktails etc..) on our websites and social medias;
  • To respond to requests, queries or complaints; and
  • To fulfil such other purposes as may be related, directly or indirectly to our activities and objects.

 

Direct Marketing

We may, from time to time, send you either via emails, post, or social media, information that we think may be of interest to you, including about our events, products and services offered by our subsidiaries and affiliates, including offers and promotions and surveys but we can only do so with your consent.

You may opt-out from receiving marketing communications at any time, free of charge, by following the unsubscribe instructions contained in each of our marketing communications to you or by contacting our Data Protection Officer (Please check How to Contact Us below).

(ii) Lawful basis

We will only collect, use and process your personal data where we are satisfied that we have an appropriate legal basis to do this, for instance:

  • where you have provided your consent to us using the personal data for specified purposes; or
  • where the processing is necessary:
    • to attend to your requests, deliver the services you requested from us or for the performance of our contract with you;
    • to fulfill our statutory obligations with our regulators, tax officials, law enforcement bodies or otherwise to comply with our legal obligations; or
    • for the pursuance of our legitimate interests (e.g improving our services and managing our websites effectively), so long as the processing does not override your own rights, freedoms and interests.

With Whom We Share Your Personal Data

Except as described in this Privacy Notice, we will not, without your consent, share, sell or trade your personal data with other companies outside CIEL Group for marketing purposes.

In relation to the purposes for which we collect your personal data, we may have to share your personal data with:

  • Our subsidiaries and affiliates (CIEL Group) as may be relevant for the purposes set out above and to facilitate our business activities or relationship, to treat job applications, conduct internal analysis with a view to improving our company and services, for group-level reporting but we shall only do so on a strictly need to know basis and where possible, data is anonymised or aggregated;
  • Our employees for purposes of managing our operations, delivering our services and fulfilling our objectives;
  • Our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors or third-party service providers for the purpose of assisting us to better manage, support or develop our operations, meet our objectives and comply with our legal and regulatory obligations;
  • Authorities and regulatory bodies for purposes of complying with our statutory obligations; and
  • with any other party at your consent or at your

Overseas Transfers of Your Personal Data

We may need to share your personal data with organisations outside Mauritius when we use service providers located overseas to perform a function on our behalf. The data collected may also be stored on servers which are hosted outside of Mauritius (Microsoft servers for instance).

When personal data is transferred outside of Mauritius, we enter into contractual arrangements to ensure that your data is protected in line with the data privacy legislation applicable in Mauritius.

The Period for which We Retain Your Personal Data

We retain your personal data for as long as necessary to fulfil the purposes for which we collected it or for purposes required by law.

The legal prescription period in Mauritius (i.e., the period during which one party may sue another party or be sued after the happening of an event) is 10 years for non-immovable-property-related matters (‘actions personnelles’). Depending on the nature of our relationship with you, we may, in this context, also choose to keep your personal data after our last transaction with you, for at least the legal prescription period to be able to defend or enforce our rights or for such number of years according to the applicable laws.

You can contact us for further details on retention periods for different aspects of your personal data.

In some circumstances, you can ask us to erase or destroy your personal data: Please check Your Right to request erasure of your personal data below for further information.

We may also anonymise your personal data by pseudonymisation or encryption, such that the personal data can no longer be associated with you, for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Our Commitment to Data Security

We maintain technical, physical and organisational measures to protect your personal data from unlawful or unauthorised access, alteration, disclosure, accidental loss and destruction.

These measures are subject to ongoing review and monitoring, and include:

  • the pseudonymisation and encryption of personal data;
  • the ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services; and
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.

We also require our third-party service providers to take reasonable precautions to keep your personal data secure, and to act at all times in compliance with applicable data protection laws.

Where we have provided you with or you have chosen a password enabling you to access a personalised area on our websites, you are responsible for keeping this password confidential. We advise you not to share it with anyone.

We restrict access to your personal data to employees, agents, and service providers of our organisation and of our subsidiaries and affiliates on a need-to-know basis. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We also maintain procedures to deal with any suspected personal data breach and will notify you and any relevant supervisory authority of a breach where we are legally required to do so.

Our websites may contain links to other websites, apps, content, services or resources on the internet which are operated by third parties. If you access other websites, apps, content, services or resources using the links provided, please be aware they may have their own privacy policy, and we do not accept any responsibility or liability for these policies or for any personal data which may be collected through these sites. Please check these policies before you submit any personal data to these sites.

Your Rights relating to Your Personal Data being Processed by Us

Under applicable data protection laws (including the Data Protection Act 2017 of Mauritius and the EU-General Data Protection Regulations), you have important rights which you are entitled to exercise by writing to our Data Protection Officer (Please check How to Contact Us below)

.

These rights include:

  • Right of access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Right to request the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with the applicable laws. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Right to Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Right to lodge a complaint at any time with the Data Protection Commissioner of Mauritius (DPC) at:

The Data Protection Office
5th floor, SICOM Tower
Wall Street
Ebène, Mauritius

Where the GDPR applies, the complaint may be lodged with the relevant supervisory authority in the European Union.

We would appreciate the opportunity to deal with your concerns in the first instance before you approach the Data Protection Commissioner or the relevant supervisory authority.

  • If the GDPR applies to our processing of your personal data, you have the right of portability that is the right to receive your personal data, which you have previously provided in a structured, commonly used and machine readable format and have the right to transmit that data to another controller, for so long as such rights do not violate any third party fundamental rights and freedom, and subject to such other exceptions set forth under the GDPR.

To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your government issued identification card, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will strive to grant these rights within one (1) month. but our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, or if we consider that your request is unfounded, excessive or repetitive in which case we reserve the right to charge a fee.

There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim.

To make these requests, or if you have any questions or complaints about how we handle your personal data or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer (Please check How to Contact Us below).

Changes to this Privacy Notice

We may modify this Privacy Notice from time to time. Any changes to this Privacy Notice will be posted to our websites so that you are always informed of the way we collect and use your personal data.

We encourage you to review this Privacy Notice whenever you access our websites or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.

How to Contact Us

We have appointed a Data Protection Officer, whose duty is to ensure data protection compliance at CIEL Foundation.

Should you have any questions in relation to the processing of your personal data or about this Privacy Notice, you may contact our Data Protection Officer as follows:

Data Protection Officer

Ferney Limited

3rd Floor, Ebène Skies,

Rue de l’Institut Ebène, Mauritius

Tel: 4042200

Email: grabaud@cielgroup.com

Last Updated: 08 April 2025