Privacy Notice
This Privacy Notice explains how Copernico Capital, (“we”, “us”, or “our”), collects, uses, stores, and otherwise processes personal data. This includes personal data relating to individuals who are our clients, prospective clients, intermediaries, service providers, business partners, or other third parties with whom we interact, as well as individuals connected to such parties.
This Privacy Notice has been prepared in accordance with applicable data protection legislation, including:
- The Financial Services Act 2007 of the Financial Services Commission, Mauritius (FSC)); and
- The Mauritius Data Protection Act 2017 (“MU DPA”),
(together referred to as “Data Protection Legislation” or “DPL”).
Should you have any questions about this Privacy Notice, how we handle your personal data, or if you wish to exercise your data protection rights, please contact our Data Protection Officer (“DPO”).
We may update this Privacy Notice from time to time in order to clarify its content or to reflect changes in applicable laws, regulations, regulatory guidance, or our business operations and practices. Where such changes are material, we will take reasonable steps to notify you, including by publishing a notice on our website and/or through relevant service documentation. The most current version of this Privacy Notice will at all times be available on our website.
Sources of Personal Data
We collect most of your personal data directly from you, whether in person, by telephone, email, text message, or through our website and related digital platforms.
In certain circumstances, we may also obtain and process personal data from other lawful sources, including:
- Publicly available sources, such as company registries, regulatory filings, press publications, internet websites, and social media platforms.
- Reputable information service providers, including providers of sanctions screening, politically exposed persons (PEP) databases, adverse media/negative publicity databases, credit reference agencies, and anti-fraud databases.
- Third parties connected to you, such as your bank(s), broker(s), accountant(s), auditor(s), legal advisers, or other professional advisers, where you have provided your consent or where otherwise permitted by applicable law; and
- Our internal systems and website technologies, including information collected through cookies and similar tracking technologies. For further details, please refer to our Cookies Notice.
Provision of Personal Data
You are not under a statutory obligation to provide us with your personal data. However, if you choose not to provide certain information requested by us, we may be unable to establish or continue a business relationship with you or provide you with our services.
In particular, in order to comply with our legal and regulatory obligations, including those relating to know-your-customer (KYC), anti-money laundering and counter-terrorist financing (AML/CFT), and source of funds/source of wealth requirements (as defined below), we are required to verify your identity and obtain information regarding your status, financial background, and transactional activity. Compliance with these obligations necessarily requires the collection and processing of your personal data.
Sensitive or Special Category Personal Data
In certain circumstances, the personal data we process may include ‘sensitive’ or ‘special category’ data, such as information relating to your race, ethnicity, religion, political opinions, biometric or genetic identification, health, sexual orientation, criminal record, or alleged criminal activity. The processing of such data generally requires your explicit consent, which you may withdraw at any time.
The legal bases for processing sensitive personal data include:
- Your consent, where you have voluntarily provided such data;
- Compliance with legal obligations; and/or
- Legal claims or proceedings, including regulatory investigations.
Where you voluntarily provide sensitive personal data that may be relevant to the services we provide to you, or for relationship management purposes, you are deemed to have consented to our processing of such data to the extent necessary and appropriate.
Uses of Personal Data
The purposes for which we process your personal data, and the corresponding lawful bases under applicable data protection legislation, are as follows:
- Relationship Management, Service Provision, and Contract Performance
We process your personal data where necessary to:- Establish and manage our client relationship with you;
- Perform a contract with you relating to our services; or
- Take steps at your request prior to entering into such a contract
- Compliance with Legal and Regulatory Obligations
As a regulated financial services entity, we are subject to statutory and regulatory obligations that may require the collection, storage, or disclosure of personal data, including across jurisdictions (EU/UK/MU). These include, but are not limited to:
- Know-your-customer (KYC), anti-money laundering (AML), and counter-terrorist financing (CTF) requirements;
- Regulatory or criminal investigations, or disclosure orders; and
- Tax reporting or other requirements imposed by public authorities.
- Pursuit of Our Legitimate Interests
Where necessary, we may process personal data to pursue our legitimate interests or those of third parties, provided such interests are not overridden by your privacy rights. Examples include:
- KKYC, AML/CTF, creditworthiness checks, and prevention or detection of financial crime;
- Client and vendor relationship management, risk management, and operational efficiency;
- Recording telephone calls and/or monitoring electronic communications for compliance purposes;
- Information and premises security, including the use of audio or video recordings;
- Development and marketing of products and services (unless you have withheld consent); and
- Investigations, audits, or legal proceedings, including the recovery of debts, where your personal data may be relied upon in pursuing or defending claims
- Consent-Based Purposes
We may also process personal data for any other purposes that have been explicitly agreed by you or for which you have provided consent. You may withdraw such consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal, but it may impact our ability to provide services in the same manner as before.
Data Transfers
We may share your personal data with authorities, financial institutions, service providers, advisors, or affiliates when necessary to provide our services or comply with the law.
- Your data is only shared with parties who are required to protect it and use it for legitimate purposes.
- If your data needs to be transferred outside Mauritius, we will ensure it is protected by law or contract, and in some cases your consent is assumed by using our services.
- Transfers to the US follow official GDPR-approved safeguards (Standard Contractual Clauses).
- We will never share your data with unrelated third parties or without proper protection measures.
Retention
We retain your personal data only as long as needed to fulfil these purposes or meet legal requirements. Once no longer needed, your data is securely destroyed, unless retention is required for audits, taxes, or legal reasons.
You have rights over your personal data, including to:
- Access, correct, or delete your data
- Restrict processing or transfer your data to another provider
- Withdraw consent at any time
- Object to certain types of processing, including marketing.
Requests can be made to our DPO. We may ask you to verify your identity and will respond within 30 days. Limiting processing may affect the services we can provide to you.
Privacy Complaint
If you are not satisfied with how our DPO handles your complaint regarding your personal data, you can contact the Mauritius Data Protection Office:
Data Protection Office
5th Floor, SICOM Tower, Wall Street
Ebene Cybercity, Mauritius
Phone: +230 460 0251
Email: dpo@govmu.org
Website: https://dataprotection.govmu.org
