Last updated: September 24, 2025
This Privacy Policy ('Policy') applies to the processing of Personal Data when individuals access Website at www.octafx.com and use Services as described in Terms of Use. Processing of Personal Data is carried out by UNI FIN INVEST ('Company', 'We', or 'Us').
Please read this Privacy Policy carefully. By accessing or using our Website and Services, you acknowledge that you have read and understood its provisions and agree to be legally bound by them. If you do not agree with this Privacy Policy or any part of it, you must stop using our Website and Services.
We are committed to respecting your privacy, recognising its importance, and protecting the confidentiality and integrity of your Personal Data. All Personal Data processing is carried out in accordance with applicable laws and with the principles outlined in this Privacy Policy. To ensure lawful and secure processing, we implement and maintain technical and organisational measures that are appropriate to the nature of our processing and the risks to individuals, and that meet applicable legal requirements in the jurisdictions in which we process Personal Data.
This Privacy Policy establishes the key principles and responsibilities that govern our processing of Personal Data, providing transparency and accountability throughout. For any questions or concerns about this Privacy Policy or our data handling practices, you may contact us at [email protected].
1. Definitions
For this Privacy Policy, the following terms shall have the meanings set out below:
1.1. Company/Us/We/Our — UNI FIN INVEST, including its parents, affiliates, and subsidiaries, acting as Data Controller in relation to the processing of Personal Data described herein.
1.2. Consent — any freely given, specific, informed, and unambiguous indication of the User's wishes by which they signify agreement to the processing of their Personal Data.
1.3. Data Controller — the natural or legal person who determines the purposes and means of the Personal Data processing. For this Privacy Policy, Company acts as Data Controller unless otherwise specified.
1.4. Data Processor — a natural or legal person which processes Personal Data on behalf of the Data Controller.
1.5. Data Subject — any individual whose Personal Data is processed by Company.
1.6. KYC/AML Checks — procedures carried out by Company or authorised third parties to verify User identity, assess risk, and comply with anti-money laundering and counter-terrorist financing obligations. This may include processing of passport or ID details, social security or tax identifiers, source of wealth, reasons for using corporate or trust structures, employment information (including public-office roles), and results of politically exposed person (PEP) checks, sanctions screening, and adverse media searches.
1.7. Personal Data — any information relating to an identified or identifiable natural person, including but not limited to name, contact details, identification information, financial information, and trading history.
1.8. Processing — any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, storage, use, disclosure, and deletion.
1.9. Relevant Legislation — the Data Protection Act 2017 of Mauritius, as amended from time to time. It also includes any related rules, regulations, and binding guidance issued by the Data Protection Commissioner of Mauritius, as well as any other privacy laws that apply in countries where the Company operates or offers its Services.
1.10. Sensitive Personal Data — special categories of Personal Data that, due to their nature, require enhanced protection and are generally recognised as sensitive under Relevant Legislation. This includes, for example, data relating to health, genetics, biometrics, criminal records, racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership, or other categories designated as sensitive or special by applicable laws.
1.11. Services — all products, features, applications, content, and functionalities offered by Company, including but not limited to trading platforms, educational resources, and customer support.
1.12. Terms of Use — the rules that govern how users access and use the Services, as published on the Website.
1.13. Third Party / Service Provider — any external natural or legal person engaged by Company to provide services, support operations, or otherwise process Personal Data under Company's instructions.
1.14. User/You/Your — any natural person who accesses the Website or uses the Services provided by Company, whether as a visitor, applicant, or client.
1.15. Website — the website operated by Company at www.octafx.com and any subdomains.
2. Data protection principles
2.1. As Data Controller, Company determines the purposes and means of processing Personal Data and is responsible for ensuring compliance with Relevant Legislation in jurisdictions where Company operates or where such laws apply to Users.
2.2. Applicability of data-protection obligations depends on the nature and context of processing, including whether it occurs in the context of an establishment within a given territory, whether We intentionally target or monitor individuals there, and any extraterritorial effect of local law. We apply the relevant data-protection requirements whenever these conditions are met, regardless of the User's location, and implement appropriate measures while respecting the corresponding rights set out in this Policy and the Terms.
2.3. This Policy is governed by the fundamental principles of data protection established under the Relevant Legislation. Accordingly, Company ensures that Personal Data is:
(a) processed lawfully, fairly, and in a transparent manner;
(b) collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
(c) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date, with all reasonable steps taken to ensure that inaccurate Personal Data is erased or rectified without delay;
(e) retained in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the data is processed;
(f) processed in accordance with the rights of Data Subjects.
2.4. In line with these principles, Company is committed to:
(a) ensuring transparency, fairness, and accountability in all processing activities;
(b) implementing appropriate technical and organisational measures to safeguard Personal Data against unauthorised or unlawful processing, accidental loss, destruction, or damage;
(c) limiting the collection and processing of Personal Data strictly to what is necessary for the specified purposes;
(d) ensuring that Personal Data remains accurate and up to date, and rectifying or erasing inaccuracies without undue delay;
(e) applying clear retention limits and destroying or anonymising Personal Data once the purposes for which they were collected have been achieved;
(f) ensuring that third parties engaged in processing on behalf of the Company are bound by written agreements and comply with contractual and legal obligations related to data protection.
2.5. Services are not intended for individuals under eighteen (18) years of age, or below the age of legal majority in their respective jurisdiction, whichever is greater. Company does not knowingly collect Personal Data from such individuals. If Company becomes aware that Personal Data of a minor has been collected, it will be deleted without undue delay. Company reserves the right to restrict access to Services if it reasonably believes that a User is under the applicable legal age.
2.6. Certain categories of Personal Data are mandatory for compliance with legal and regulatory obligations (including KYC/AML checks) and for the establishment of a client relationship. Failure to provide such data may prevent Company from providing services.
2.7 Additional rights or obligations may apply depending on the User's jurisdiction.
3. Data processed
3.1. Legal Grounds. Company relies on the following legal grounds for processing of Personal Data:
- (a) Consent. Company obtains User's consent to the processing of Personal Data in accordance with this Policy through consent forms or explicit actions within Services.
- (b) Contractual necessity. Company processes Personal Data to perform obligations under agreements concluded between Company and User.
- (c) Legitimate interests. Company processes Personal Data to operate, secure, and improve Services, as described in Terms of Use.
- (d) Legal obligations. Company processes Personal Data where required to comply with applicable laws.
3.2. Categories of Personal Data Company processes the following types of Personal Data:
| No. | Category of data | Purpose | Legal ground |
|---|---|---|---|
| (a) | Identity information (name, date and place of birth, age, gender, marital status, citizenship, tax residency, occupation) | Identify User, assess suitability for services, comply with legal and regulatory obligations | Contractual necessity; Legal obligations |
| (b) | Government identifiers and supporting documents (passport and ID numbers, national insurance/tax identifiers, passport scans, ID cards, utility bills, bank statements, power of attorney/agent details) | Verify identity, comply with AML/KYC and financial regulations | Legal obligations; Contractual necessity |
| (c) | Contact details (postal address, email, phone number, messenger accounts) | Communicate with User, provide updates, verify identity | Contractual necessity; Legitimate interests |
| (d) | Account and access data (usernames, passwords, account credentials) | Provide secure access to Website and Services | Contractual necessity; Legitimate interests |
| (e) | Trading and transaction data (account history, trading activity, orders, demo accounts, simulators, learning tools, transaction reporting references) | Execute trades, deliver Services, and meet reporting obligations | Contractual necessity; Legal obligations |
| (f) | Financial and background information (bank account number, sort code, payment details, income, source of funds, source of wealth, assets, liabilities, employer details, job title) | Process payments, assess suitability, and comply with AML and financial regulations | Contractual necessity; Legal obligations |
| (g) | Suitability and risk assessment (trading knowledge and experience, questionnaire results, risk appetite indicators, capacity for loss) | Evaluate appropriateness of Services, fulfil regulatory requirements | Legal obligations (primary); Legitimate interests (where those obligations do not apply) |
| (h) | Compliance screening results (PEP checks, sanctions screening, adverse media checks) | Comply with AML, counter-terrorist financing, and sanctions requirements | Legal obligations |
| (i) | Communication records (phone call recordings, chat transcripts, emails) | Record and store communications for customer service, verification, complaint handling, compliance monitoring, and dispute resolution. Recordings are processed based on legitimate interest and/or legal obligation, retained for the period necessary to meet regulatory and evidential requirements, and protected through access controls and encryption. | Legal obligations; Legitimate interests |
| (j) | Technical and device data (IP address, device ID, phone type, operating system, browser type, GUID, Google 360 ID, IDFA, GAID) | Ensure security, prevent fraud, optimise system performance, and marketing attribution | Legitimate interests; Consent (where required by law) |
| (k) | Cookies, analytics, and usage data (cookie ID, local storage data, web analytics, marketing tags such as UTM/GCLID/FBCLID, platform/app usage information) | Optimise Website, measure marketing effectiveness, analyse engagement and improve Services | Legitimate interests; Consent (where required by law) |
| (l) | Other information voluntarily provided by User (feedback, inquiries, suggestions) | Respond to inquiries, enhance Services | Legitimate interests; Consent (where voluntarily provided) |
| (m) | Biometric data (facial images, liveness verification) | Verify identity during onboarding, only where required by law or necessary for compliance | Legal obligations; Consent (where applicable) |
| (n) | Geolocation information | Restrict access from prohibited jurisdictions, ensure compliance with licensing requirements | Legal obligations; Legitimate interests |
3.3. Company does not process Special Category Data except where permitted by law and strictly necessary for stated purposes, for example, biometric data used for identity verification during onboarding. In such cases, We apply suitable safeguards, including data minimisation, access controls, limited retention, and, where required, prior assessments and explicit consent. Processing relating to vulnerable client circumstances occurs only where permitted by law, limited to what is necessary, and subject to the same safeguards.
4. Your personal data rights and controls
4.1. As a Data Subject, You may be entitled to exercise specific rights in relation to Your Personal Data under Relevant Legislation. Company undertakes to respect these rights and to provide clear and effective means for their exercise. In particular, You may:
| No. | Action | Description |
|---|---|---|
| (a) | Request access | Obtain confirmation of whether Company processes Personal Data relating to You, and receive details about categories of data, methods of processing, and purposes for which data is used. Where required by Relevant Legislation, this may include information about disclosures of Personal Data made within a specified period. |
| (b) | Request correction | Ask Company to amend or update Personal Data that is inaccurate, incomplete, or outdated. |
| (c) | Request erasure | Request the deletion of Personal Data where permitted by law. |
| (d) | Request restriction | Request that processing of Your Personal Data be suspended in whole or in part under circumstances permitted by law. |
| (e) | Request data portability | Request a copy of Your Personal Data in a structured, commonly used, and machine-readable format and, where technically possible, request its transfer to another controller. |
| (f) | Object / Opt-Out | Object to or opt out of processing of Your Personal Data where such processing is based on legitimate interests or public interest, including but not limited to direct marketing and related profiling. |
| (g) | Withdraw consent | Withdraw any consent previously provided for the processing of Your Personal Data; withdrawal shall not affect the legality of processing performed before such withdrawal. Company will cease processing affected Personal Data unless continued processing is permitted under Relevant Legislation (for example, for compliance with AML obligations). |
| (h) | Submit a complaint | Raise a complaint with the Data Protection Authority of the Union of the Comoros (or, where applicable, the competent authority in Your jurisdiction). |
4.2. How to exercise rights. You may exercise Your rights by contacting Us at [email protected]. Company will review and respond to requests in accordance with Relevant Legislation and within required timeframes. To protect Your Personal Data, Company may request additional information to confirm identity before responding. Certain rights apply only in specific territories or circumstances. We will explain any limitations when responding.
4.3. Scope and limitations. Certain rights may be restricted under the law. For example, Company may need to retain specific Personal Data to comply with statutory duties, meet record-keeping obligations, or defend legal claims. Company may also refuse requests where providing access would adversely affect the rights or freedoms of other individuals, where data is subject to legal privilege, or where erasure or portability is not compatible with applicable retention and compliance obligations.
4.4. Verification of requests. Where a request relates to access, deletion, or correction of Personal Data, Company may require details linked to Your account to verify identity. If You do not hold an account, Company may be unable to associate the request with prior interactions, and in such cases may not be able to act on the request. Additionally, Company may charge a reasonable fee or refuse to act on a request where it is manifestly unfounded, excessive, or repetitive, in accordance with Relevant Legislation.
4.5. Representation by agents. You may authorise another person to act on Your behalf by providing written authorisation or a valid power of attorney in accordance with local laws. Such representatives must provide proof of authority, and Company may also require direct confirmation from You to ensure the authenticity of the request.
4.6. Review of decisions. If a request is rejected, You may, where provided by Relevant Legislation, appeal against Company's decision using procedures applicable in Your jurisdiction.
5. Purposes of processing personal data
5.1. Company processes Personal Data for the following purposes in compliance with Relevant Legislation:
(a) Onboarding and account management to consider applications, verify identity, perform KYC/AML checks, establish and manage User accounts, and check User instructions.
(b) Provision of services to deliver requested Services and products, enable access to Website and platforms, execute transactions, provide customer support, and respond to inquiries.
(c) Risk and compliance to perform risk assessments, monitor suitability, comply with legal and regulatory obligations (including transaction reporting, tax, and licensing requirements), and cooperate with competent authorities.
(d) Customer relationship administration to manage and maintain the client relationship, address complaints, provide evidence in disputes, recover amounts payable, and resolve queries or issues.
(e) Security and fraud prevention to detect, investigate, and prevent fraud, unauthorised access, or other illegal activity, and to ensure the integrity and security of Services.
(f) Internal purposes to train staff, improve customer service, conduct research, undertake product development, and analyse the use of Services to enhance performance.
(g) Communications to provide service-related notices, security alerts, and updates, and, where permitted by law, to send marketing materials and promotional content, subject to User rights to object or withdraw consent. Marketing communications may be delivered through channels such as email, telephone, SMS, push notifications, and, where used by Company, messaging applications (for example, Telegram or Viber).
(h) Business operations to fulfil contractual obligations with partners, contractors, and service providers, including reporting, integrations, and operational support.
(i) Payment processing and chargebacks to monitor transactions, detect irregularities, manage chargebacks, and prevent misuse of payment methods.
(j) Legal claims and proceedings to assert legal rights, defend against claims, and comply with court orders or lawful directions from competent authorities.
(k) Vulnerable clients to assess and, where necessary, take into account personal circumstances or characteristics that may indicate vulnerability to ensure fair treatment, provide suitable safeguards, and deliver outcomes in line with Relevant Legislation.
(l) Suitability and appropriateness assessments to conduct suitability and appropriateness tests, client classification, and risk assessments required under applicable requirements.
(m) Communication records to record and retain telephone or electronic communications (including calls, chats, and emails) for purposes of compliance, verification, quality monitoring, complaint handling, and dispute resolution, in accordance with applicable laws. Recordings are stored securely with restricted access, retained only for the period necessary to meet statutory or regulatory requirements, and may be disclosed to competent authorities where legally required.
(n) Compliance analytics and monitoring to conduct surveillance and analytics aimed at detecting market abuse, suspicious activity, or other misuse of Services, limited to what is necessary and proportionate.
(o) Service diagnostics and telemetry to collect and analyse technical logs and telemetry for uptime, performance, error investigation, and service reliability, using minimisation and retention limits.
5.2. Restrictions. Company does not use Personal Data for purposes incompatible with those listed above, unless required by law or with User's consent.
6. Disclosing your personal data
6.1. Company may share Personal Data with authorised third parties when necessary to deliver Services, comply with legal obligations, or pursue legitimate interests. Categories of recipients include:
(a) Company group entities — parent companies, affiliates, and subsidiaries of Company, to ensure consistent operations, compliance, and delivery of Services.
(b) Payment service providers and financial institutions — entities that process payments, deposits, withdrawals, and refunds, and assist with fraud detection, chargeback management, and reconciliation.
(c) Service providers and business partners — trusted third-party service providers engaged to support operations, including IT hosting, cloud infrastructure, payment service providers, banks and financial institutions, identity verification and AML/KYC screening providers, customer support platforms, analytics and search engine providers, and marketing partners. Such providers act only under Company's instructions and are bound by contractual confidentiality and data protection obligations.
(d) Professional advisers, auditors, and credit agencies — legal, financial, and regulatory advisers, auditors, and credit reference or verification agencies engaged to provide professional services, conduct audits, or support KYC/AML checks.
(e) Regulatory, supervisory, and reporting authorities — regulators, courts, law enforcement, tax authorities, trade repositories, and other competent bodies, to comply with laws, investigations, reporting, and enforcement requirements, including lawful requests by public authorities, whether or not disclosure is legally compelled.
(f) Business transfers — parties involved in a merger, acquisition, restructuring, or sale of assets, subject to confidentiality obligations.
(g) Advertising, marketing, and authentication providers — with consent where required, selected partners assisting with personalised promotions, campaign performance, and User authentication through third-party platforms (e.g., Google, Apple).
(h) Dispute resolution and enforcement — legal representatives, advisers, or relevant third parties in the context of disputes, enforcement of agreements and policies, or where necessary to protect the rights, property, or safety of Company, Users, or others.
(i) Publicly shared data — Services include community or social features, and certain information, such as Usernames, avatars, trading activity, or performance metrics, may be made visible to other Users. Company ensures that only information necessary for the operation of such features is disclosed, and Users are informed of such visibility.
(j) Consent-based sharing — any other third parties where User has provided explicit consent.
6.2. Company requires third parties receiving Personal Data to be subject to confidentiality and data-protection obligations consistent with Relevant Legislation. It takes reasonable steps to verify that they implement appropriate safeguards to protect Personal Data. Company does not sell Personal Data to third parties. Personal Data is only shared in accordance with this Policy and Relevant Legislation.
6.3. Anonymised or aggregated data. Company may share anonymised or aggregated information, which does not directly identify Users, with third parties for research, statistical, or business purposes.
6.4. Analytics and Advertising Data. Company may process device-based identifiers (including Google Advertising ID and Apple IDFA), cookie IDs, and clickstream data to perform analytics, measure campaign effectiveness, and deliver interest-based advertising. Such processing may involve pseudonymised data sharing with advertising and analytics partners in accordance with Relevant Legislation.
7. Data retention
7.1. Company retains Personal Data only as long as necessary to fulfil the purposes for which it was collected and to comply with statutory, regulatory, contractual, and business obligations. Retention periods depend on the category of Personal Data and requirements under Relevant Legislation.
7.2. Client data. Personal Data collected as part of KYC/AML procedures, trades, and transactions is retained for a minimum of seven (7) years after the termination of the client relationship or completion of the transaction, in accordance with Section 17F of the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA), or longer where required by Relevant Legislation. Data necessary to defend legal claims may be retained until expiry of the applicable statutory limitation period.
7.3. Account and service data. Personal Data linked to User accounts is retained while the account is active and for a limited period after closure to enable account recovery, resolve disputes, and comply with record-keeping obligations.
7.4. Applications, demo accounts, and leads. Where a User has submitted an account application but no client relationship has been established, Personal Data is retained for up to one hundred eighty (180) days from submission. For demo accounts, webinar registrations, or other leads, Personal Data is retained for up to ninety (90) days, unless renewed interest is shown. Where renewed interest is demonstrated (for example, login activity or re-submission of an application) within these periods, retention may be extended by an additional thirty (30) days from the date of renewed activity. Extensions may be applied multiple times during the initial retention period.
7.5. Marketing data. Personal Data used for marketing is retained until consent is withdrawn or opt-out rights are exercised. Minimal data may be kept solely to record such preferences and prevent further communications. Where a User opts out of marketing communications, Company may retain minimal Personal Data (for example, email address or phone number) on a suppression list solely to record such preference and to ensure that no further marketing communications are sent.
7.6. Backup and archival data. Personal Data stored in encrypted backups for disaster recovery is retained in line with internal retention schedules and overwritten or deleted automatically after a maximum of twelve (12) months, unless restoration is required in case of emergency.
7.7. Notwithstanding a User's right to request erasure of Personal Data, the Company is required under applicable laws, including Section 17F of the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA), to retain certain records for a minimum of seven (7) years after the termination of the business relationship or completion of the relevant transaction. Where such statutory obligations apply, the Company will retain Personal Data solely for compliance purposes and will securely delete or anonymise it once the applicable retention period has expired.
8. Data security and safeguards
8.1. Company applies appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, disclosure, alteration, or destruction.
8.2. Company regularly tests, assesses, and evaluates the effectiveness of technical and organisational measures to ensure ongoing security, confidentiality, and resilience of processing systems.
8.3. Such measures may include:
(a) encryption of Personal Data in transit and, where appropriate, at rest;
(b) firewalls and secure server infrastructure;
(c) role-based access controls, authentication, and monitoring of system access;
(d) incident response procedures and logging of administrative access;
(e) staff training and confidentiality undertakings;
(f) vendor due diligence and contractual obligations requiring service providers to maintain equivalent safeguards;
(g) encrypted backups and disaster recovery procedures to ensure business continuity.
8.4. While Company takes reasonable steps to protect Personal Data, no system or transmission can be guaranteed as fully secure. Company maintains processes to detect and respond to potential security incidents in line with Relevant Legislation.
8.5. In the event of a data breach, Company will take appropriate steps in accordance with Relevant Legislation. Where required by law, this may include notifying competent authorities and affected Users within applicable timeframes.
9. Transfers to other countries
9.1. Due to the global nature of Company operations, Personal Data may be transferred to and processed in countries outside the User's country of residence. Such transfers may involve Company group entities, subcontractors, and trusted partners as described in this Privacy Policy.
9.2. Company ensures that international transfers of Personal Data are carried out in compliance with Relevant Legislation. This includes verifying that the recipient country or organisation ensures an adequate level of protection or implementing additional safeguards where required.
9.3. Safeguards applied by Company to international transfers may include:
(a) encryption of Personal Data during transmission (HTTPS/TLS) and storage (disk-level encryption);
(b) role-based access controls and authentication procedures ensuring only authorised staff may access Personal Data;
(c) logging and monitoring of administrative access to systems handling Personal Data;
(d) intra-group data transfer agreements or internal corporate binding rules requiring all Company entities to apply consistent standards of confidentiality and security;
(e) contractual safeguards obliging service providers and partners to maintain equivalent levels of protection;
(f) limiting transfers to the minimum categories of Personal Data necessary for the intended purpose.
9.4. Depending on the nature of the transfer, Company may also:
(a) segregate operational and backup data storage environments;
(b) apply data minimisation and pseudonymization before transfer, where appropriate;
(c) review and, where necessary, challenge government requests for access to Personal Data that appear unlawful or disproportionate.
9.5. Where no adequacy decision or approved safeguards exist, transfers may take place only with the explicit consent of User after being informed of possible risks, or where such transfer is necessary for the performance of a contract with User, for the establishment, exercise or defence of legal claims, for reasons of public interest, or to protect the vital interests of User or another person, in accordance with Relevant Legislation.
10. Cookies and tracking technologies
10.1. Company uses cookies and similar technologies to enhance User experience, analyse usage, and deliver personalised content or advertisements. Details of the types of cookies used, their purposes, and how Users can manage preferences are provided in Company's separate Cookie Policy, available at Our Website.
11. Miscellaneous
11.1. Automated decision-making and profiling. Company does not rely on fully automated decision-making processes that produce legal or similarly significant effects for Users. Where profiling or automated analysis is used (for example, in fraud monitoring, risk assessment, or personalisation of marketing), such processing is subject to human oversight and conducted in accordance with Relevant Legislation.
In line with Relevant Legislation, Users retain the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning them.
11.2. Third-party websites and services. Services may contain links to websites, applications, or services operated by third parties. Company is not responsible for the privacy practices, content, or security of such third parties. Users are encouraged to review the privacy policies of those external platforms before providing any Personal Data.
11.3. Changes to this policy. Company may update Policy from time to time to reflect changes in operations, requirements, or guidance. The updated version will be available on Website and will indicate the last updated date. For changes that materially affect Users' rights or how Personal Data is processed, We may provide prominent notice in advance and, where required by law, obtain renewed consent. Continued use of Services after the effective date signifies acknowledgement of the updated Policy, except where consent is required.
11.4. Governing law and jurisdiction. This Privacy Policy shall be governed by and construed in accordance with the laws applicable to Company, without prejudice to mandatory data protection rights granted under Relevant Legislation in the User's jurisdiction.
11.5. Severability. If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable under applicable law, the remaining provisions shall remain in full force and effect.
11.6. Prevailing language. This Privacy Policy may be translated into other languages for convenience. In the event of any inconsistency or conflict between the English version and a translated version, the English version shall prevail.
12. Contact and data protection officer
12.1. All inquiries related to this Privacy Policy or the processing of Personal Data must be submitted to the Company's support team. After receiving a request, the support team will forward it for review to the Data Protection Officer (DPO) in accordance with the established procedure.
12.2. Users may contact Company regarding this Privacy Policy or the processing of Personal Data at:
(a) E-mail: [email protected]
(b) Registered address: Rue De La Democratie, office 306, 3rd floor, Ebene Junction, Ebene 72201, Mauritius.
(c) Business address: 90 St Jean Road, Office no. 104, Palm Court Offices, 1st floor, Quatre Bornes, Mauritius