AFRINIC Privacy Policy (v4)

 

 

AFRINIC is committed to protecting your privacy, confidentiality and security of the data you provide us when using our website, contacting our office, or interacting with us.

Please read this privacy statement carefully, as it contains essential information on how AFRINIC treats the personal data you provide us as a controller.

 


 

 

1. Why and how do we use your data?

We use your data in the course of our organisational activities and interaction with you for the following purposes:

  1. Performing our agreement with you;
  2. Assisting you with your queries or concerns;
  3. Treating your applications for specific job vacancies or on a spontaneous basis;
  4. Ensuring the security of our offices and people;
  5. Keeping an accurate evacuation list in case of emergency;
  6. Complying with any legal or regulatory obligations imposed on us;
  7. Enabling your attendance at our corporate events, including community meetings and any other meetings, howsoever held;
  8. Promoting our corporate initiatives (like events and cocktails) on AFRINIC social media; and
  9. Sending you communications if you have consented to receive the same and for any other purposes for which we have your consent.

 

2. Which personal data do we collect?

To fulfil our role as a Regional Internet Registry, AFRINIC collects information through its websites, the MyAFRINIC member portal, the New Member Registration Portal systems, WHOIS services, mailing lists and interactions with individuals.

Thus, when interacting with us, we may collect the following personal data for our organisational activities (refer to section 1 above)

  1. your name and surname;
  2. your national identity card number;
  3. your passport details; 
  4. your residential address;
  5. your contact details (phone and fax numbers, email addresses);
  6. CV, pictures and qualifications details when you either spontaneously apply for a job at AFRINIC or respond to a vacancy notice;
  7. your photos and videos when you participate in corporate events, cocktails, and sports events organised by AFRINIC;
  8. your name, surname, signature and national identity card details in our visitors’ logbook when you visit us;
  9. your IP address;
  10. any other personal data necessary to fulfil your special requests; and
  11. any other personal data that you choose to provide to us.

When participating in our virtual meetings, the personal data that Zoom (our current software provider for virtual meetings) or any of other similar contractors whose services that AFRINIC may retain from time to time will collect from you, to function correctly, will include:

  1. your name;
  2. your IP address
  3. your location
  4. your telephone number

The personal data that will be transmitted to Zoom or any other similar contractors from your device (e.g. mobile phone, tablet, laptop, etc.) may include:

  1. image/video (if you join via a video link and your device camera is switched on)
  2. voice (if you speak)
  3. name, as entered (if joining via a video link) or extract the telephone number (if joining via telephone and not withholding your number).

Also, when you choose to receive our campaign communications, we ask that you provide us with your email address. The provision of this information is purely voluntary, and you may opt out of receiving our campaign communications at any time by unsubscribing to these communications.

 

2.1 Virtual Meeting Recording and Broadcasting

Our corporate events and meetings may be broadcast on the Internet to enable the public to see the meeting and may also be recorded to aid the production of the minutes. The following information will be broadcast/collected: -

  1. image/video (if you join via a video link and your device camera is switched on);
  2. voice (if you speak);
  3. name, as entered (if joining via a video link) or extract the telephone number (if joining via telephone and not withholding your number).

As both the transmission and recording of the images and voice of individuals can reveal information about them, the following particular category data may also be collected: -

  • Race and ethnic origin
  • Religious or philosophical beliefs-
  • Biometric data used to identify an individual
  • Health data
  • Data related to sexual preferences, sex life, or sexual orientation.

Whatever data is shared is determined by participants, i.e. whatever you say during a live-streamed and recorded meeting will be broadcast and recorded.

You can read more about Zoom’s privacy policy at https://zoom.us/privacy, how it collects and stores data and its cookies policy at https://zoom.us/cookie-policy.

Whenever AFRINIC retains the services of any other software providers for virtual meetings for its corporate events, you will be communicated with the latter’s privacy policy and other related policies to facilitate your participation therein.

 

3. To whom do we disclose personal data?

Your data may be shared as follows:

  • between and among members of AFRINIC as may be relevant for the purposes set out in section 1 above, but we shall only do so on a strictly need-to-know basis;
  • with our employees for purposes of fulfilling our organisational activities, treating job applications or conducting internal analysis to improve our company and services; and
  • with our agents, advisers, accountants, auditors, lawyers, other professional advisors, contractors or third-party service providers (e.g. software providers for virtual meetings)to assist us in managing better, supporting or developing our business and complying with our legal and regulatory obligations.

AFRINIC ensures that your data is always safe. Only designated staff will access your information to fulfil our agreement, treatment job applications, or promote our professional relationship with you. Also, third parties with whom we share your data will be contractually obliged to safeguard all personal data to which they have access.

Please note that some disclosures will not require your consent; this happens when we share your data with;

  1. law enforcement bodies/agencies and other statutory authorities, if required by law and
  2. if required or authorised by law or if we suspect any unlawful activities on your part.

If we have collected your data for a third party, that data will be under their privacy policy, for which AFRINIC will not be responsible.

 

4. Overseas transfers of your information

In some cases, we may need to transfer your data with organisations located in countries outside our territorial limits to provide our services to you. We will secure the data transfer.

Our current virtual meetings provider, Zoom, hosts services from the USA. Limited personal information, such as your IP address, may be transferred. Still, it is given the same technical and legal protection level as within Mauritius and the European Economic Area.

 

5. Communications

Occasionally, we could use your name and contact information to send you emails, posts, or social media information that we think may interest you, including stories, events, products and services offered by AFRINIC. However, we can only do so with your consent.

You can also opt-out from receiving such communications at any time, free of charge, by contacting us following the section “Contact Us” below.

 

6. How long do we keep your information?

Your data will be stored for as long as required to fulfil our organisational purposes and for the period required by law. As per legal requirements, we will take reasonable steps to secure and anonymise your data and destroy it when retention is no longer necessary for legal or organisational goals (as stated in section 1 of this statement).

 

7. Processing of personal data must be justified

We will only process your data where we are satisfied that we have an appropriate legal basis to do so, such as

  1. for the performance of a contract between us;
  2. where you have provided us with your express consent to process your data for a specific purpose;
  3. our use of your information is necessary to fulfil our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities;
  4. our use of your data is in our legitimate interest as a Regional Internet Registry;
  5. for historical, statistical or scientific research.
  6. Security of personal information

AFRINIC has reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your data and to keep your data confidential. These measures are subject to ongoing review and monitoring.

We cannot guarantee that our website will function without disruptions. We shall not be liable for damages that may result from;

  • the uses of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications,
  • interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

 

9. Links to other websites

Our website may contain links to other websites, apps, content, services or resources on the Internet. If you access those websites, apps, content, services or resources using the links provided, please be aware that they may have their privacy policy.

We do not accept any responsibilities or liabilities for their policies or any data they may collect through their sites. Please check these policies before submitting personal information to these other websites.

 

10. Access to your data

You have the right to request a copy of the personal data we hold about you. To do this, contact our Data Protection Officer and specify your preferred information. We will take all reasonable steps to confirm your identity before providing details of your data.

You will not have to pay a fee to access your data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

 

11. Correction of your data

You have the right to ask us to update, correct or delete your data. We will take all reasonable steps to confirm your identity before making changes to the personal data we may hold about you.

We would appreciate it if you would take steps to notify us of any changes with your data accuracy that we need to know.

 

12. Withdrawal of consent and request for deletion of personal data

You may also withdraw your consent to receiving information from us, or more generally to our processing of your data, at any time. In certain circumstances, you may ask us to delete your data. However, we may not be able to fulfil our contractual obligations towards you if you entirely withdraw your consent or ask us to delete your data entirely. To protect your data, we shall require you to first prove your identity at the time of the request, for instance, by providing a copy of your national identification card, contact details or answering some other security questions to satisfy our authentication process, before we may proceed with your request(s).

We will strive to grant these rights within 30 days whenever reasonably possible and required. However, our response time will depend on the complexity of your requests. We will respond to your requests free of charge unless your request involves processing or retrieving a significant volume of data or if we consider that your application is unfounded, excessive or repetitive, in which case we reserve the right to charge a fee (as mentioned above regarding access).

There may be circumstances where we are not able to comply with your requests, typically concerning a request to erase your data or where you object to the processing of your information for a specific purpose or where you request that we restrict the use of your data where we need to keep your data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about how we handle your data or would like us to update the information we maintain about you and your preferences, please contact our Data Protection Officer at the address set out under section 16 below.

 

13. Cookies policy

Our website uses cookies.

 

13.1) What is a cookie?

Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website; the cookies cannot collect any data stored on your computer or your files. When a server uses a web browser to read cookies, it can help a website deliver a more user-friendly service. For your privacy, the browser lets a website access cookie that it has already sent to you.

13.2) Why do we use cookies?

We use cookies to learn more about how you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. We use Session cookies, which enable you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new page you visit. The Session Cookies only last until you close your browser.

13.3) How are third-party cookies used?

For some of the functions within our websites, we use third-party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third-party suppliers) may contain third-party cookies, and you may wish to consult the policies of these third-party websites for data regarding their use of cookies.

13.4) How do I reject and delete cookies?

We will not use cookies to collect personally identifiable data about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third-party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies, so if you do not wish cookies to be used, you may need to delete or block the cookies actively.

You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further data on cookies generally. For data on the use of cookies in mobile phone browsers and for more information on rejecting or deleting such cookies, please refer to your handset manual. Note, however, that if you decline the use of cookies, you will still be able to visit our websites, but some of the functions may not work correctly.

 

14. Amendments to this Privacy Statement

AFRINIC may amend this privacy statement from time to time. We will publish all amendments on our website for your information regarding how we collect and use your data. Any changes to this privacy statement will become effective upon posting the revised privacy statement on the website. Use of our website following such changes constitutes your acceptance of the revised privacy statement than in effect, but to the extent, such changes have a material impact on your rights or obligations as regards our handling of your data, such changes will only apply to personal data after the changes are applied.

 

15. Miscellaneous

This privacy statement is governed by and shall be construed following the laws of the Republic of Mauritius. This privacy statement is in English, and we may translate it into other languages. If there is any inconsistency between the English version and the translated version of this privacy statement, the English version shall prevail.

 

16. How to contact us?

We have appointed a Data Protection Officer to oversee compliance with any questions concerning this statement. If you have any questions about this statement, including any requests to exercise your legal rights, please email us at dpc@afrinic.net or contact our Data Protection Officer using the details set out below:

 

The Data Protection Officer,
AFRINIC,
11th Floor, Standard Chartered Tower
72201, Cybercity Ebène
Republic of Mauritius

 

17. Complaints

If you believe that we have not handled your request appropriately, you may complain to the Mauritius Data Protection Office at the following address:

 

Data Protection Commissioner (DPC)
The Data Protection Officer,
5th floor, SICOM Tower,
Wall Street Ebène, Mauritius

 

However, we ask that you please try to resolve any issues with us first before referring your complaint to the DPC.

 

 


 

Versions
Version 4 (Active) 6 August 2020
Version 3 21 November 2019
Version 2 19 December 2015
Version 1 May 2012
Last Modified on -