For European Union Citizens
Last Updated: 15 December 2025
1. Scope and Application
This policy applies to personal data of individuals located in the European Economic Area (EEA) processed by Mauritius Hiking Guide.
2. Data Controller
Mauritius Hiking Guide
Contact: contact@mauritiushikingguide.com
Phone: +230 5773 0465
3. Data Protection Principles
We process personal data in accordance with GDPR principles:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
4. Lawful Bases for Processing
We rely on the following lawful bases:
4.1 Contract: Processing necessary for tour provision
4.2 Legal Obligation: Compliance with Mauritian laws
4.3 Vital Interests: Protecting life or health
4.4 Consent: For marketing communications and photos
4.5 Legitimate Interests: Business operations and safety
5. Data Subject Rights
5.1 Right to Information: Clear, transparent information about data processing.
5.2 Right of Access: Receive confirmation and copy of personal data.
5.3 Right to Rectification: Correct inaccurate or incomplete data.
5.4 Right to Erasure (“Right to be Forgotten”): Request deletion under certain conditions.
5.5 Right to Restrict Processing: Limit processing under specific circumstances.
5.6 Rights Related to Automated Decision-Making: Not applicable as we don’t use automated decision-making.
6. Consent Management
6.1 Explicit Consent: Required for:
- Marketing communications
- Photo/video publication
- Special category data (health information)
6.2 Withdrawal: Consent can be withdrawn at any time via email.
6.3 Record Keeping: We maintain records of consents obtained.
7. Special Category Data
7.1 Safeguards: Additional security measures for sensitive data.
8. Data Protection Measures
8.1 Technical: Encryption, access controls, secure systems.
8.2 Organizational: Staff training, data protection policies, confidentiality agreements.
8.3 Regular Reviews: Annual security assessments and updates.
9. Data Breach Procedures
9.1 Detection and Assessment: Immediate investigation of suspected breaches.
9.2 Notification: Report to supervisory authority within 72 hours if risk to rights and freedoms.
9.3 Communication: Inform affected individuals without undue delay if high risk.
9.4 Documentation: Maintain breach register as required.
10. International Data Transfers
10.1 Primary Processing: Data processed in Mauritius.
10.2 EU Transfers: When transferring to EU, we ensure:
- Adequacy decisions
- Appropriate safeguards
- Binding corporate rules
- Standard contractual clauses
11. Data Protection Officer (DPO)
Responsibilities: Monitor compliance, provide advice, handle requests.
12. Record of Processing Activities
We maintain records including:
- Processing purposes
- Data categories
- Recipient categories
- Retention periods
- Security measures
13. Data Protection Impact Assessments
Conducted for high-risk processing activities including:
- Large-scale processing of special category data
- Systematic monitoring of public areas
- Innovative technology use
14. Training and Awareness
Annual GDPR training for all staff
Regular policy updates
Confidentiality agreements for all employees
15. Third-Party Processors
We ensure all processors provide sufficient GDPR guarantees through:
- Data processing agreements
- Security requirement audits
- Compliance monitoring
16. Individual Rights Procedure
16.1 Request Submission: Via email to contact@mauritiushikingguide.com
16.2 Verification: Identity verification required
16.3 Response Time: Within 30 days (extendable to 60 for complex requests)
16.4 Fees: No charge unless requests are manifestly unfounded or excessive
17. Supervisory Authority
EEA residents may lodge complaints with their national supervisory authority.
18. Policy Review
Annual review and update of this policy.
GDPR Contact Information:
- Email: contact@mauritiushikingguide.com
- Phone: +230 5773 0465
- Postal: Mauritius Hiking Guide, MU, 20 Morcellement La Nouvelle Industrie, Long Mountain 20812, Mauritius