In order for us to process your instructions or requests, personal information may be provided by you to us. We respect your privacy and your personal information and for this reason, we take all reasonable measures, in accordance herewith, to protect personal information provided to us by you and to keep it confidential and as such undertake that:
We will only disclose, collate and process ("use") your personal information with your express permission unless legally required to do so or as expressly denoted, and will only electronically use such information for the lawful purpose for which it is required.
We will also keep a record of that personal information and the specific purpose for which we collect it.
We will not use your personal information for any other purpose, other than that which we disclosed to you, unless you give us your express written permission to do so, or unless we are permitted to do so by law.
Governing Law and Jurisdiction
Like many web sites, this web site may use and set cookies to enhance your user experience - to remember your personal settings, for instance.
The African Alliance Group is held by African Alliance Limited (incorporated in the Isle of Man under registration number 79171C). African Alliance Limited (and its subsidiaries) does not carry on any operational or regulated activities in, or from, the Isle of Man as defined by the Financial Services Act 2008 (Act of Tynwald). Accordingly it is not, nor is it required to be, licensed or authorised by the Financial Supervision Commission or any other regulatory body in the Isle of Man. The African Alliance Group has no permanent place of business in the Isle of Man and does not hold itself out to carry on any regulated activities in, or from, the Isle of Man.
A reference to “us”, “we” and “our” shall be a reference to the African Alliance Limited Group of Companies.
In providing services to its clients, African Alliance group companies (African Alliance Group, also referred to as “us”, “we” or “the group”) may control and/or process personal information that clients provide to any of the group’s affiliates in the conduct of its business.
For the purposes of EU General Data Protection Regulation (“GDPR”), this policy applies when we act as the controller and/or processor of personal data of EU residents and it improves the way we handle private information, for the benefit of all our clients.
In general, the majority of the personal data collected on our clients is provided by you directly (or by your intermediary), and typical data provided by third parties may include the results of checks on your identity or address.
All personal data referred to above is collected, stored and processed for purposes of giving effect to the mandates entered into with each of our clients.
As a result of the services which any member of the African Alliance Group (“African Alliance” or “Group”) provides, or has provided, to you, we may need or have needed, to share information containing personal data on you with various third parties, including banks, custodians, lawyers, accountants, auditors, third party entities engaged by yourself or any other African Alliance Group company for giving effect to mandated services. All data shared within the African Alliance Group is purely to facilitate any dealings you may have with the other entities within the Group.
This policy does not apply to information collected, stored, shared, or distributed by third-party sites.
Data Protection Policy
African Alliance is committed to protecting your personal data and to informing you of your rights with respect to your personal data.
This document sets out how we process your personal data to give you transparency. It also informs you of your rights regarding your personal data and how you can control the use of your personal data.
General Data Protection Regulation
The European General Data Protection Regulation 2016/679 (the “GDPR”) effective 25 May 2018 applies across the European Union (the “Union”) and is also applicable to controllers and/or processors outside the Union where goods or services are offered to data subjects in the Union.
What is personal data?
Personal data is defined as information relating to a living individual who can be identified or identifiable from that data.
Personal data includes, among other data, your name(s), address(es), email address(es), telephone number(s), bank account number(s), and passport number(s).
What is processing?
Data controllers are those companies within the Group which, alone or jointly with others, determines the purposes and means of the processing of personal data. Data controllers are responsible for ensuring that your personal data is processed in compliance with data protection laws and to provide you with our privacy notice and policy.
When we collect, store, transfer or use in any way for any purpose or delete your personal data, we are processing it.
As a result of administration services provided by Pivot Limited (Pivot), an African Alliance Group subsidiary, Pivot is a data controller and processor registered with the Data Protection Office of Mauritius, and is subject to the rules as set out in the Data Protection Act 2017 in the collection, storage or processing of personal data in Mauritius.
What personal data do we collect?
In order for African Alliance to provide services to its clients, run its business and discharge regulatory and legal obligations it needs to process client personal data. Without processing this personal data we may not be in a position to provide our services and administer the business.
In general African Alliance commonly collects:
Photographic ID & documents to verify both your identity and residential address in order to satisfy applicable anti-money laundering regulations, including but not limited to that of shareholders and persons authorised to represent you (where applicable);
Your contact details, including but not limited to, telephone numbers, address and email address in order to communicate with you;
Where, as part of our services to you, we are remitting funds we will take your bank details;
Beneficiary details in the event of investments;
Where we collect additional personal data you will be informed of that at the time we collect it, together with the reasons why.
Where we later process your personal data for reasons not already communicated to you, we will notify you in advance.
We usually collect personal information about you from you directly but in certain circumstances we may collect personal data on you from other sources such as third parties, your advisors, or from publicly or privately available records. In particular, we may use third party risk assessment vetting as part of our anti-money laundering screening process to comply with anti-money laundering legislation at or around the time we take on a client and periodically thereafter.
We limit the circumstances under which we may collect special categories of personal data, to the extent applicable or required to provide services, such as the data subject’s physical or mental health condition but in the event that such data needs to be collected or and/or processed, we will provide such additional protection as is prescribed under the applicable laws.
In the event that personal data relating to a child under the age of 16 is provided to us, especially in cases where the data being provided does not enable us to readily ascertain that it relates to a child, you should ensure that verifiable consent is given by the child’s parent or guardian.
Why do we process your personal data?
We will collect and use your personal data where:
The processing is necessary for the performance of a mandate or contract with you;
The processing is necessary for us to comply with a relevant legal obligation;
The processing is in our legitimate interests such as managing our relationships with clients, monitoring data security with clients, and managing our compliance and legal obligations; and/or
You have consented to the processing.
How do we use personal data?
We process personal data primarily for the purpose of providing a contracted service(s) to you or an entity to which you are connected (or, where you provide a service to African Alliance we will process contact details of your representatives, agents or employees in order to communicate with you/them) and depending on the services you require of us we process your personal data:
To perform due diligence and comply with legal and/or regulatory obligations (including anti money laundering legislation);
To perform our client take on process and client reviews;
For keeping documents in safe custody;
To instruct or give effect to payments, trades and investments;
At termination of any relationship involving a data subject;
To conduct internal reviews and compile internal reports;
For record keeping purposes;
To generate reports for you or in compliance with any request from an auditor, or a regulatory or supervisory body;
In the establishment of bank accounts and interaction with banks;
To communicate with you regarding the services we provide to you (for example any changes);
To otherwise fulfil your instructions, provide the service that we are engaged to provide, or comply with our obligations.
In the event you refuse to provide us with your personal data, we would likely not be able to provide you with our services.
Storing and deleting your personal data
Your personal data will be kept securely by African Alliance. This information will be held for the period stated in applicable law and/or for as long as is required to perform our contract with you, after which it will be securely destroyed. We may keep it longer where:
There is litigation or an investigation or has been requested by a supervisory body or other law enforcement agency;
It may be required to assist with the mitigation of any future tax or regulatory query into the transactions or other affairs undertaken by an entity or trust to which we provide services, (ensuring that rights and freedoms of our clients, our staff as well as African Alliance and its Members are safeguarded);
Further retention is at your request (in which case there may be a charge).
We may be required by the Anti Money Laundering Directive to retain personal data processed for our due diligence on you and your financial transactions history for a period of five years after our business relationship ends. Where regulatory requirements require us to keep data on you for a longer period we will do so.
Using your personal data for marketing
Where we market our services and/or products, we strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You may receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
We may contact you by email, telephone, or post with regard to your activities with us.
Your right to access and correct your personal data
You have a right to access the personal data that we hold on you, as provided in applicable legislation. If you would like a copy of the personal information that we hold on you please email us your request or write to us at the address below. You also have a right to require that any inaccurate personal data that we hold on you is corrected. If you find that any of your personal data is incorrect please email us or write to us at the address below and we will correct it without delay.
Your right for your personal data ‘to be forgotten’
You have the right to obtain the erasure of personal data without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
you withdraw consent on which the processing is based, and where there is no other legal ground for the processing;
you object to the processing and there are no overriding legitimate grounds for the processing;
your personal data has been unlawfully processed;
your personal data has to be erased for compliance with a legal obligation to which the controller is subject;
Where we have made the personal data public and are obliged pursuant to the above to erase the personal data, we shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.
The above shall not apply to the extent that processing is necessary, inter alia:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
for the establishment, exercise or defence of legal claim;
For further information on your rights including the “right to be forgotten” or if you wish to exercise your right to make a complaint to a regulatory authority please refer to the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Sharing and transferring your personal data
We will never sell your personal data.
We may share your personal data within the African Alliance Group, or with various third parties, including banks, custodians, lawyers, accountants, auditors, outsourced IT service providers, third party entities engaged by yourself or any other African Alliance Group company, and regulatory or legal authorities for the purpose of providing our contracted services to you or as required by regulations or law.
We take all reasonable steps to ensure that personal data transfers are kept confidential and secure as required by data protection laws.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will diligently comply with your reasonable requests to transfer your personal data to other service provider(s).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
In the provision of our services, we may have to transfer your personal data to external third parties in other countries.
Whenever we transfer your personal data to other countries, we ensure that the required degree of protection is afforded to it under the laws of that country. We ensure that any of our third party service providers to whom a data transfer is made has appropriate safeguards in place to protection your personal information.
We have taken appropriate safeguards to require that your personal information will constantly remain protected in accordance with this policy.
Data Protection Officer and how to contact us
Data Protection Officer
1st Floor, 32 Ebène Heights, Cybercity, Ebène, Mauritius
Alternatively, please feel free to discuss with your key account manager.