top of page

Data Protection and Privacy Policy

Effective Date: July 2025

1. Introduction and Controller Information
Inventure Ltd  ("Inventure", "we", "us", or "our"), with registered office at SpaceUS, 2nd Floor, The Trademark Telfair Mauritius, is the data controller responsible for your personal data collected through www.inventure.mu and related services.

This Data Protection and Privacy Policy (the "Policy") governs the collection, processing, storage, and disclosure of personal data in accordance with:
•    The Data Protection Act 2017 (Mauritius)
•    General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable
•    Other applicable data protection laws and regulations
Data Protection Officer Contact: dpo@inventure.mu

 

2. Scope and Application
This Policy applies to all personal data processed by Inventure Ltd through:
•    Our website www.inventure.mu
•    Email communications and newsletters
•    Client interactions and service delivery
•    Marketing and business development activities
•    Any other touchpoints with our organization

 

3. Categories of Personal Data Collected
We collect and process the following categories of personal data:
a) Identity Data: Full name, title, professional designation, company affiliation, photographs b) Contact Data: Email addresses, telephone numbers, postal addresses, social media handles c) Technical Data: IP addresses, browser types and versions, operating systems, device identifiers, location data, time zone settings d) Usage Data: Website navigation patterns, page views, session duration, referral sources, search queries e) Marketing Data: Communication preferences, engagement metrics, behavioral data f) Transactional Data: Service inquiries, project details, commercial communications g) Special Categories: With explicit consent only, where legally required for service provision

 

4. Methods of Data Collection
Personal data is collected through:
•    Direct provision: Forms, registrations, inquiries, surveys, subscriptions
•    Automated collection: Cookies, web beacons, analytics tools, server logs
•    Third-party sources: Business partners, public directories, social media platforms (where legally permissible)
•    Legitimate business interactions: Networking events, conferences, professional referrals


5. Data Sharing and Third-Party Disclosure
We may disclose personal data to:
a) Service Providers: IT support, hosting, analytics, marketing automation (under strict data processing agreements)

b) Professional Advisors: Legal counsel, auditors, consultants (under professional privilege)

c) Regulatory Authorities: Data Protection Commissioner, tax authorities, business registries

d) Law Enforcement: When legally compelled or to protect legal rights

e) Business Transfers: In case of merger, acquisition, or asset sale (with appropriate safeguards)
Third-Party Safeguards: All third parties are contractually bound to implement appropriate technical and organizational measures and process data only as instructed.

 

6. International Data Transfers
Where personal data is transferred outside Mauritius or the European Economic Area, we ensure adequate protection through:
•    Adequacy Decisions: Transfers to countries with adequate data protection
•    Standard Contractual Clauses: EU Commission-approved contractual safeguards
•    Binding Corporate Rules: For intra-group transfers
•    Certification Schemes: Recognition under approved data protection frameworks
•    Explicit Consent: Where other safeguards are not available

​

7. Data Security and Protection Measures
We implement state-of-the-art security measures including:
•    Technical Safeguards: SSL/TLS encryption, firewalls, intrusion detection, access controls
•    Organizational Measures: Staff training, access protocols, incident response procedures
•    Physical Security: Secure premises, locked storage, visitor controls
•    Data Minimization: Collection and retention limited to necessary purposes
•    Pseudonymization and Encryption: Where technically feasible and appropriate

 

8. Data Retention Periods
Personal data is retained according to the following schedule:
•    Client data: Duration of relationship plus 7 years (or as required by law)
•    Marketing data: Until consent withdrawal or 3 years of inactivity
•    Website analytics: 26 months maximum
•    Legal compliance data: As required by applicable laws and regulations

 

9. Individual Rights and Remedies
You have the following rights regarding your personal data:
a) Right of Access: Obtain confirmation of processing and copies of data b) Right to Rectification: Correct inaccurate or incomplete data c) Right to Erasure: Request deletion in specific circumstances d) Right to Restrict Processing: Limit processing in certain situations e) Right to Object: Object to processing based on legitimate interests f) Right to Data Portability: Receive data in structured, machine-readable format g) Right to Withdraw Consent: Where processing is based on consent h) Right to Lodge Complaints: With the Data Protection Commissioner or relevant supervisory authority
Exercise of Rights: Submit requests to privacy@inventure.mu with identification verification. We will respond within one month (extendable by two months for complex requests).

 

10. Cookies and Tracking Technologies
We use the following types of cookies:
•    Strictly Necessary: Essential website functionality
•    Performance: Analytics and website optimization
•    Functional: Enhanced user experience and preferences
•    Marketing: Targeted advertising and behavioral tracking
Cookie Management: Use our cookie preference center or browser settings to control cookie usage. Disabling certain cookies may affect website functionality.

 

11. Automated Decision-Making and Profiling
We do not engage in automated decision-making that produces legal or similarly significant effects. Any profiling activities are conducted with appropriate safeguards and human oversight.
 

12. Data Protection Impact Assessments
We conduct Data Protection Impact Assessments for high-risk processing activities and implement appropriate mitigation measures.
 

13. Breach Notification
We maintain incident response procedures and will notify relevant authorities and affected individuals of data breaches within legally prescribed timeframes.
 

14. Policy Updates and Changes
This Policy may be updated to reflect legal, operational, or technological changes. Significant changes will be communicated through:
•    Website notification for 30 days
•    Email notification to registered users
•    Version control with effective dates maintained

 

15. Contact Information and Complaints
Data Protection Inquiries: privacy@inventure.mu General Contact: info@inventure.mu Postal Address: SpaceUS, 2nd Floor, The Trademark, Telfair, Moka 
Supervisory Authority: Office of the Data Protection Commissioner, Mauritius Website: dataprotection.govmu.org
 

bottom of page