Data Protection Clauses

for operational agreements

1. The parties will comply with all applicable requirements of the Data Protection Legislation (to be defined as DPA under Mauritius laws) and shall at all times adhere to the Data Processing Terms set out in the Privacy Policy of the Company.

2. The parties acknowledge that for the purposes of the Data Protection Legislation, the Company is the Controller and where applicable, the I61 Foundation may be the Processor.

3. Unless covered by any lawful exception/exemption, the parties will ensure that all necessary consents and notices are in place to enable lawful transfer of the Personal Data to the I61 Foundation for the duration and purposes of this agreement.

4. The I61 Foundation may collect, use, store, transfer or otherwise process (“Process”) information relating to data subjects, and/or Company Clients’ directors, shareholders, agents and authorised representatives (as applicable), which is provided to the I6Foundation by the Company under this Agreement, or otherwise acquired by the Company (“Personal Information” or “Personal Data”),”), for the purposes of administering the terms of this Agreement, client on-boarding, anti-money laundering, credit checking, complying with legal and regulatory obligations, and marketing financial services and products by the Company (the “Purpose”).

5. The I61 Foundation shall not transfer any Personal Data outside of Mauritius unless prior consent of the Data Subject and/or Data Protection Commissioner has been obtained and the following conditions are fulfilled:

6. Express consent for the transfer is first obtained from the Company in terms of clause 24;

7. The I61 Foundation accepts that the data subject have enforceable rights and effective legal remedies;

8. The I61 Foundation complies with obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred;

9. The I61 Foundation facilitates any request in relation to the enforcement of data subject rights under the Data Protection Legislation;

10. The I61 Foundation notifies the data subject and the Company, without undue delay, on becoming aware of a Personal Data Breach; and

11. The I61 Foundation maintains complete and accurate records and information to demonstrate our compliance with this agreement.

12. Save and except for exceptions under the Data Protection Legislation, the I61 Foundation remains liable to obtain the necessary consent to disclose Personal Data when required to do so to any governmental authority, regulator, law enforcement agency, court or tribunal; to any exchange and/or clearing house; as required by any applicable laws and regulations; to any of our affiliates, service providers, brokers, dealers, custodians, agents, bankers, auditors and professional advisers; or in the public interests or where it is necessary for the Purpose.

13. The I61 Foundation must ensure it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).