Privacy Policy

GAMMATECH LTD

PRIVACY POLICY FOR CHECKSA REWARDS PROGRAM

 

1.       Introduction

GAMMATECH Ltd (BRN: C164220) (“GAMMATECH”, “the Company”, “we”, “us”) is committed to protecting your privacy and to ensure that your personal data is collected and processed lawfully.

This Privacy Policy sets out the way your personal data is processed and used by the Company when you become a member of GAMMATECH Loyalty program (“CHECKSA rewards program”, “the Program”) as defined in the Company’s Terms and Conditions. 

We recommend that you read this Privacy Policy (hereafter referred to as the “Policy”) so that you understand the approach towards the use of your personal data. Should your personal data be processed otherwise than for the purposes of the CHECKSA rewards program, your consent will be required prior to such processing.

If you do not agree with the present Privacy Policy and/ or refuse to provide your personal data, the Company will be unable to enrol you in the CHECKSA rewards program.

This Policy forms part of GAMMATECH Terms and Conditions and is governed by and construed in accordance with the relevant laws. 

This Policy has been designed in compliance with the provisions of the Mauritius Data Protection Act 2017 (hereafter the “MDPA 2017”). 

 

2.       Our Services 

GAMMATECH provides the CHECKSA rewards program (as defined in the Terms & Conditions) through the software application installed on your smartphone (“CHECKSA App”).

When you register to the CHECKSA rewards program and use the CHECKSA App, you will earn/redeem points at selected participants. It will also give us the opportunity to better understand your purchase habits so that to better service you with personalised information and/or promotions. The more points you earn, the more treats will be available to you.

By accepting the Terms and Conditions and Privacy Policy of the CHECKSA rewards program, you also consent to the processing of your personal data as described in above paragraph.

 

3.       Access to user’s mobile phone 

To ease the registration and login process, we have implemented a functionality that will auto-fill the OTP fields once an SMS is received. It requires user’s permission.

User has right to accept or deny it.

Checksa app will have access to the following on your mobile phone:

 

Types of personal data:

Device ID or unique identifier

Device Type

Files on your device

Google Service configuration

Wi-Fi and network connection information

Phone contact details

 

4.       Collection of Personal Data 

GAMMATECH collects and processes personal data mainly upon registration to provide you with access to our services and to better support our contractual relationship while using our CHECKSA App as part of the Program.

In certain instances, we may be required to process your personal data for certain purposes as detailed below and for this, your prior consent shall be sought.

The types of (mandatory) personal data that are collected and processed include:

 

Types of personal data:

Title, Name, surname

Email address

Mobile number

Date of Birth

National Identity Card number or Passport number

City

5.       How Your Data Is Used?

Your personal data shall be used solely for the purposes for which it was collected or agreed with you, for instance:

·                To render the Services as defined in Terms and Conditions;

·                To carry out the obligations arising from any contracts entered into between you and GAMMATECH pursuant to the Services;

·                To notify you of changes to the Services, as and when effected;

·                To respond to your queries and assist you whenever required;

·                To allow participants of the Program to contact you in relation to the Services rendered;

·                To inform you about new features, promotions or any services downtime;

·                To offer you the opportunity to take part in competitions or promotions;

·                To collect data about the device you are using to view the site, such as your IP address, the type of Internet browser or the operating system you are using, and to link this to your personal data to ensure that the site presents the best web experience for you;

·                To evaluate the use of the site, products, and services;

·                For audit and record keeping purposes;

·                For market research purposes;

·                For monitoring and auditing site usage;

·                To help speed up your future activities and experience during onboarding on other related sites/Apps. For example, a site can recognise that you have provided your personal data and will not request the same data a second time;

·                In connection with any possible legal proceedings;

·                To make the CHECKSA App easier to use and to better tailor the App with our products to your interests and needs;

·                To personalise your website experience, as well as to evaluate (anonymously and in the aggregate) statistics on website activity, such as what time you visited it, whether you’ve visited it before and what site referred you to it;

·                To suggest products or services (including those of relevant third parties) which may be of interest to you;

·                To assist with business development of the participants of the CHECKSA rewards program;

·                To conduct market or customer satisfaction research or for statistical analysis;

·                To confirm and verify your identity or to verify that you are an authorised customer for security purposes;

·                To contact you regarding products and services which may be of interest to you, provided that you have duly given your consent to do so, or you have previously requested for a product or service from us, and the communication is relevant or related to that prior request and made within any timeframes established by applicable laws; and

·                To analyse your purchase habits so that we may provide you with relevant information and/ or promotions

Your personal data may also be used by GAMMATECH to comply with legal and regulatory requirements or industry codes to which the Company has subscribed, or which apply to it, or when it is otherwise allowed by law.

If you have consented to receiving marketing communications from us, you have the possibility to opt out of receiving such communications at any time. Any direct marketing communications that we send to you, will contain details on how to opt out.

 

6.       Retention of Your Personal Data

Whenever your personal data are collected for a specific purpose, same shall not be retained unnecessarily except for fulfilling such purpose, unless if such data must be retain for legitimate business and/ or legal reasons.  

All Member Registration Data (as defined in Terms & Conditions) collected will be deleted 1 (one) year after termination of your membership or 1 (one) year after the account has been classified as inactive.

All Transactional Data (as defined in Terms & Conditions) will be anonymised and kept for statistical purposes only and to preserve the integrity of GAMMATECH’s data base. 

 

7.       Disclosure of Personal Data 

Your personal data may be disclosed to our business participants who are involved in the delivery of our services such as Loyalty Program service providers, the participants defined in the Terms and Conditions, data analyst/scientist service providers, our participants’ customer services, our call centre service provider and outsourced promoters.

We will ensure that your personal data is kept safely at all times. Only designated persons will have access to your personal data on a strictly need-to-know basis for the purposes of fulfilling our agreement or promoting our business relationship with you. In addition, third parties with whom your personal data will be shared, shall be contractually obliged to safeguard all personal data to which they have access.

Some disclosures may not require your consent for sharing of your personal data, namely (i) with law enforcement bodies/agencies and other statutory authorities, if required by law and (ii) if required, authorized by law and/ or in case of reasonable suspicion of unlawful activities on your part.

Whenever your personal data are collected by GAMMATECH on behalf of another party, the use of your personal data by that party shall be governed by that party’s privacy policy without any responsibility of GAMMATECH.

We may also disclose aggregate or de-identified/anonymized/encrypted data that is not personally identifiable with third parties, including our commercial and strategic participants.

 

8.       Transfer of Personal Data

Upon registration you will allow CHECKSA to collect and link your personal information from trusted partners which are participating in this reward program. The partners will not be held liable once your personal data have been transferred to CHECKSA as from the moment you have created an account on CHECKSA.

GAMMATECH may be required to transfer your personal data to organisations located outside our territorial limits while providing our services to you. Appropriate safeguards will be taken in order to secure the personal data being transferred.

When personal data is transferred outside of Mauritius, contractual arrangements are entered into with relevant parties to ensure that your personal data is protected in line with the Mauritius Data Protection Act 2017 (as may be updated). Information so collected will be stored and processed via the registration and administration platform of loyalty cloud which is situated overseas.

 

9.       Justification for Processing of Personal Data

GAMMATECH shall process your personal data only where we are satisfied that there is an appropriate legal basis to do so, such as (i) for the performance of a contract between us; (ii) where you have provided us with your express consent to process your personal data for a specific purpose; (iii) our use of your personal data is necessary to fulfil our statutory obligations with relevant authorities (regulators, tax officials, law enforcement bodies) or otherwise meet our legal responsibilities; (iv) our use of your personal data is in our legitimate interest as a commercial organisation.

 

10.       Security of Personal Data

GAMMATECH has put in place reasonable technical and organisational measures to prevent unauthorised or accidental access, processing, erasure, loss or use of your personal data and to keep your personal data confidential.  These measures are subject to ongoing review and monitoring. 

We cannot guarantee that our website/App will always function without disruptions. We shall not be liable for damages that may result from the use of electronic means of communication, including, but not limited to, damages resulting from the failure or delay in delivery of electronic communications, interception, or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses.

 

11.    Access To Your Personal Data 

You have the right to request a copy of your personal data held by the Company for free, by contacting Data Protection Officer (Refer to Contact Us section below) and specifying the data you would like to have. We will take all reasonable steps to confirm your identity before providing such details. 

However, a fee may be charged in case of excessive requests made at regular intervals.

 

12.    Google ML Kit Policy 

We use Google Machine Learning (ML) Kit Technology for auto extracting information from your NIC/Passport to fill the registration form. This process fully happens on-device, and ML Kit does not send any data to Google servers.  

For more details please visit:    Terms & Privacy | ML Kit | Google for Developers

 

13.    Correction of Your Personal Data 

You have the right to request that your personal data be updated, corrected or deleted. All reasonable steps will be taken to confirm your identity before making changes to your personal data held by the Company.

To ensure that your personal data are always updated and accurate, you must notify us of any relevant changes required to your personal data, either in writing or verbally by calling one of our representative and going through the identification process.

 

15.    Withdrawal of Consent and Request for Deletion of Personal Data

You may also withdraw your consent to receiving direct marketing communications, or more generally to our processing of your personal data, at any time, and you may in certain circumstances ask us to delete your personal data. However, we may not be able to fulfil our contractual obligations to you if you withdraw your consent or ask us to delete your personal data in its entity.

To protect your personal data, we shall require that you first prove your identity to us at the time the request is made, for instance by providing a copy of your national identification card number or passport number, contact details or answering some other security questions to satisfy ourselves of your identity before we may proceed with your request(s).

Whenever reasonably possible and required, we will strive to attend to your request within 30 days, but our response time will depend on the complexity of your requests. We will generally respond to your requests free of charge unless if your request involves processing or retrieving a significant volume of data, we reserve the right to charge a fee (as mentioned above regarding access).

There may be circumstances where we are not able to comply with your requests, typically in relation to a request to erase your personal data or where you object to the processing of your personal data for a specific purpose or where you request that we restrict the use of your personal data where we need to keep your personal data to comply with a legal obligation or where we need to use such information to establish, exercise or defend a legal claim. To make these requests, or if you have any questions or complaints about the way we handle your personal data or would like us to update the data we maintain about you and your preferences, please contact our Data Protection Officer at the address mentioned below.

 

14.    Changes to This Policy 

We reserve the right to amend this Policy from time to time to reflect changes in the law and/ or changes to our processing practices. 

This version is dated 28 November 2023. 

 

16.    Miscellaneous 

This Policy is governed by and shall be construed in accordance with the laws of the Republic of Mauritius. This Policy is written in the English language and may be translated into other languages. In the event of any inconsistency between the English version and the translated version of this Policy, the English version shall prevail.

 

17.    How to Contact Us 

We have appointed a Data Protection Officer to oversee compliance with and questions in relation to this Policy. If you have any questions about this Policy, including any requests to exercise your legal rights, please send us an email to admin@checksa.app or you may contact us on the following address:

GAMMATECH Ltd

Royal Road, Chapman Hill,

Beau Bassin

403-8000

 

18.    Complaints

If you believe that your request has not been dealt in an appropriate manner, you may lodge a complaint with the Data Protection Commissioner (“DPC”) at the Data Protection Office, 5 thfloor, SICOM Tower, Wall Street Ebène, Mauritius.

 

–    END    –