CONFIDIS LTD
Data Protection Policy
Data Protection Policy – Confidis Ltd
Last Updated: 19/12/2025
1. Purpose
This Data Protection Policy outlines how Confidis Ltd ensures the confidentiality, integrity, and security of personal data processed in the course of delivering consulting, compliance, and market expansion services.
2. Scope
This policy applies to:
All employees, consultants, and partners of Confidis
All personal data processed by Confidis in Mauritius, Seychelles, or internationally
All systems and technologies handling personal data
3. Data Protection Principles
Confidis adheres to internationally recognised data protection principles:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
4. Types of Data Processed
Confidis may process:
Identification information (name, ID where required, contact details)
Professional information
Compliance-related information (for AML/CFT or due-diligence purposes)
Business-related documents shared by clients
Where legally required, enhanced security and confidentiality measures are applied.
5. Data Collection
Personal data is collected through:
Website contact forms
Email communication
Client onboarding processes
AML/CFT and compliance documentation
Meetings and consultations
6. Data Usage
Data may be used to:
Deliver consulting and compliance services
Conduct risk assessments and due diligence
Meet AML/CFT regulatory obligations
Maintain client accounts
Improve services and internal processes
7. Data Storage and Security
We maintain strict security protocols, including:
Encrypted storage systems
Access control and role-based permissions
Secure communication channels
Regular system monitoring
Confidis prohibits unauthorized access, disclosure, alteration, or destruction of personal data.
8. Data Sharing
Data is shared only when necessary and only with:
Regulatory authorities
External auditors
Trusted third-party service providers
Internal team members under confidentiality obligations
All partners are contractually bound to maintain confidentiality.
9. Data Retention
Data is retained only for the duration required by:
Legal and regulatory frameworks (including AML/CFT retention periods)
Contractual requirements
Business operations
When data is no longer required, it is securely deleted.
10. Data Breach Management
In the event of a data breach:
Immediate internal reporting is required
An investigation will be conducted
Affected parties and authorities will be notified where legally required
11. Rights of Individuals
Data subjects may request:
Access
Correction
Deletion
Restriction of processing
Objection
Portability
Requests must be sent to info@confidisltd.com.
12. Compliance and Training
All employees receive data protection training and must comply with this policy as part of their contractual obligations.
13. Contact
For any data protection queries:
📧 info@confidisltd.com
