About Services Enterprise Solutions Financial Institutions Private Clients Fintech Solutions UAE Offering Insights Case Studies Jurisdiction Finder Contact
Home/GDPR Policy

Legal

GDPR Policy

Your rights and our obligations under the General Data Protection Regulation

1. Introduction

Aurevya Wealth is committed to protecting the personal data of all individuals with whom we interact. Although we are headquartered in Port Louis, Mauritius, and operate under the Data Protection Act 2017 of Mauritius, we process the personal data of persons located in the European Economic Area (EEA). Accordingly, we comply with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) in respect of such processing. This policy sets out how we collect, use, store, and protect your personal data, and explains the rights available to you.

2. Data Controller

The data controller responsible for your personal data is Aurevya Wealth, headquartered in Port Louis, Mauritius. If you have any questions about how we handle your data or wish to exercise your rights, you may contact us at byappointment@aurevya.com.

3. What Data We Collect

In the course of operating our website and providing our services, we may collect the following categories of personal data: your full name, email address, phone number, country of residence, the nature of your enquiry, and any financial information you provide voluntarily. We also collect website usage data through cookies and similar technologies. We do not collect sensitive personal data (such as health information or political opinions) unless specifically required to do so by our regulatory obligations.

4. Legal Basis for Processing

We process your personal data on the following legal bases. Where you have given us explicit consent — for example, by submitting our contact form — we rely on that consent as our legal basis. We also process personal data on the basis of our legitimate interests, which include responding to enquiries, maintaining business records, and continually improving our services. In addition, where we are required to do so by the Financial Services Commission of Mauritius, applicable AML/CFT laws, or other regulation, we process personal data to fulfil our legal obligations.

5. How We Use Your Data

We use the personal data we collect to respond to enquiries and to onboard clients where appropriate. We also use it to comply with our Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations as required by applicable law. Where you have consented or where we have a legitimate interest in doing so, we may use your contact information to send you service-related communications. We additionally use aggregated and anonymised website usage data to improve the functionality and content of our website.

6. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected. Enquiry data submitted through our contact form is retained for a period of 12 months. Client records are retained for a minimum of 7 years in accordance with Mauritius regulatory requirements. Website analytics data is retained for a period of 26 months, after which it is deleted or anonymised.

7. International Data Transfers

Your personal data may be transferred to, and processed by, service providers located outside the European Economic Area. Where such transfers occur, we take all necessary steps to ensure that appropriate safeguards are in place to protect your data. These safeguards may include Standard Contractual Clauses approved by the European Commission, or other mechanisms recognised under the GDPR as providing an adequate level of protection.

8. Your Rights Under GDPR

If you are located in the EEA, you have a number of rights in relation to your personal data. You have the right to access the personal data we hold about you and to receive a copy of it. You have the right to request the rectification of any inaccurate data. Subject to applicable legal retention obligations, you have the right to request the erasure of your data (the "right to be forgotten"). You may also request that we restrict the processing of your data, and you have the right to data portability where processing is carried out by automated means. You have the right to object to processing carried out on the basis of our legitimate interests, and where we rely on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal. To exercise any of these rights, please contact us at byappointment@aurevya.com. You also have the right to lodge a complaint with the data protection authority in your country of residence.

9. Security

We implement appropriate technical and organisational measures designed to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure. These measures are reviewed and updated regularly to reflect best practices and the evolving nature of information security risks.

10. Changes to This Policy

We may update this GDPR Policy from time to time to reflect changes in applicable law, our business practices, or the way in which we process personal data. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

11. Contact

For any questions or concerns relating to this GDPR Policy, or to exercise your data protection rights, please contact us at byappointment@aurevya.com.

Effective date: 1 January 2025